Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Polish HeadersSpec

Fixes: gh-5187
Rob Winch 7 years ago
parent
6729c39905
commit
c67ce144b9
2 changed files with 50 additions and 9 deletions
Split View Show Diff Stats
  1. 26 6
      config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
  2. 24 3
      config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java

+ 26 - 6
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File 

@@ -644,6 +644,11 @@ public class ServerHttpSecurity {
 
 			return ServerHttpSecurity.this;
 
 		}
 
 
+		public ServerHttpSecurity disable() {
 
+			ServerHttpSecurity.this.headers = null;
 
+			return ServerHttpSecurity.this;
 
+		}
 
+
 
 		public CacheSpec cache() {
 
 			return new CacheSpec();
 
 		}
 
@@ -671,27 +676,36 @@ public class ServerHttpSecurity {
 
 		}
 
 
 		public class CacheSpec {
 
-			public void disable() {
 
+			public HeaderSpec disable() {
 
 				HeaderSpec.this.writers.remove(HeaderSpec.this.cacheControl);
 
+				return HeaderSpec.this;
 
 			}
 
 
 			private CacheSpec() {}
 
 		}
 
 
 		public class ContentTypeOptionsSpec {
 
-			public void disable() {
 
+			public HeaderSpec disable() {
 
 				HeaderSpec.this.writers.remove(HeaderSpec.this.contentTypeOptions);
 
+				return HeaderSpec.this;
 
 			}
 
 
 			private ContentTypeOptionsSpec() {}
 
 		}
 
 
 		public class FrameOptionsSpec {
 
-			public void mode(XFrameOptionsServerHttpHeadersWriter.Mode mode) {
 
+			public FrameOptionsSpec mode(XFrameOptionsServerHttpHeadersWriter.Mode mode) {
 
 				HeaderSpec.this.frameOptions.setMode(mode);
 
+				return this;
 
 			}
 
-			public void disable() {
 
+
 
+			public HeaderSpec and() {
 
+				return HeaderSpec.this;
 
+			}
 
+
 
+			public HeaderSpec disable() {
 
 				HeaderSpec.this.writers.remove(HeaderSpec.this.frameOptions);
 
+				return HeaderSpec.this;
 
 			}
 
 
 			private FrameOptionsSpec() {}
 
@@ -706,16 +720,22 @@ public class ServerHttpSecurity {
 
 				HeaderSpec.this.hsts.setIncludeSubDomains(includeSubDomains);
 
 			}
 
 
-			public void disable() {
 
+			public HeaderSpec and() {
 
+				return HeaderSpec.this;
 
+			}
 
+
 
+			public HeaderSpec disable() {
 
 				HeaderSpec.this.writers.remove(HeaderSpec.this.hsts);
 
+				return HeaderSpec.this;
 
 			}
 
 
 			private HstsSpec() {}
 
 		}
 
 
 		public class XssProtectionSpec {
 
-			public void disable() {
 
+			public HeaderSpec disable() {
 
 				HeaderSpec.this.writers.remove(HeaderSpec.this.xss);
 
+				return HeaderSpec.this;
 
 			}
 
 
 			private XssProtectionSpec() {}

+ 24 - 3
config/src/test/java/org/springframework/security/config/web/server/HeaderSpecTests.java
View File 

@@ -60,6 +60,23 @@ public class HeaderSpecTests {
 
 			.add(XXssProtectionServerHttpHeadersWriter.X_XSS_PROTECTION, "1 ; mode=block");
 
 	}
 
 
+	@Test
 
+	public void headersWhenDisableThenNoSecurityHeaders() {
 
+		new HashSet<>(this.expectedHeaders.keySet()).forEach(this::expectHeaderNamesNotPresent);
 
+
 
+		this.headers.disable();
 
+
 
+		assertHeaders();
 
+	}
 
+
 
+	@Test
 
+	public void headersWhenDisableAndInvokedExplicitlyThenDefautsUsed() {
 
+		this.headers.disable()
 
+			.headers();
 
+
 
+		assertHeaders();
 
+	}
 
+
 
 	@Test
 
 	public void headersWhenDefaultsThenAllDefaultsWritten() {
 
 		assertHeaders();
 
@@ -110,7 +127,9 @@ public class HeaderSpecTests {
 
 	@Test
 
 	public void headersWhenFrameOptionsModeThenFrameOptionsCustomMode() {
 
 		this.expectedHeaders.set(XFrameOptionsServerHttpHeadersWriter.X_FRAME_OPTIONS, "SAMEORIGIN");
 
-		this.headers.frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
 
+		this.headers
 
+				.frameOptions()
 
+					.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
 
 
 		assertHeaders();
 
 	}
 
@@ -139,8 +158,10 @@ public class HeaderSpecTests {
 
 
 		Map<String, List<String>> responseHeaders = response.getResponseHeaders();
 
 
-		assertThat(responseHeaders).describedAs(response.toString()).containsAllEntriesOf(
 
-			this.expectedHeaders);
 
+		if (!this.expectedHeaders.isEmpty()) {
 
+			assertThat(responseHeaders).describedAs(response.toString())
 
+					.containsAllEntriesOf(this.expectedHeaders);
 
+		}
 
 		if (!this.headerNamesNotPresent.isEmpty()) {
 
 			assertThat(responseHeaders.keySet()).doesNotContainAnyElementsOf(this.headerNamesNotPresent);
 
 		}