Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix test failures related to response headers

These tests began failing on snapshots after changes in
Spring Framework's `DispatcherServlet` to reset the response
on an error.

For now, we can have these tests operate with a 200 OK response.
An issue was opened in the spring-framework issuer tracker to
discuss this and address `CorsFilter` (and any other filter) that
writes headers that would be cleared on an error.

See spring-projects/spring-framework#31154
Steve Riesenberg 2 years ago
parent
d87d0554ed
commit
ea1ec646b2
3 changed files with 27 additions and 4 deletions
Split View Show Diff Stats
  1. 13 1
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
  2. 1 1
      config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
  3. 13 2
      config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt

+ 13 - 1
config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java
View File 

@@ -31,6 +31,8 @@ import org.springframework.security.config.test.SpringTestContextExtension;
 
 import org.springframework.security.web.SecurityFilterChain;
 
 import org.springframework.security.web.header.HeaderWriterFilter;
 
 import org.springframework.test.web.servlet.MockMvc;
 
+import org.springframework.web.bind.annotation.GetMapping;
 
+import org.springframework.web.bind.annotation.RestController;
 
 
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 
@@ -50,7 +52,7 @@ public class HeadersConfigurerEagerHeadersTests {
 
 
 	@Test
 
 	public void requestWhenHeadersEagerlyConfiguredThenHeadersAreWritten() throws Exception {
 
-		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class).autowire();
 
+		this.spring.register(HeadersAtTheBeginningOfRequestConfig.class, HomeController.class).autowire();
 
 		this.mvc.perform(get("/").secure(true)).andExpect(header().string("X-Content-Type-Options", "nosniff"))
 
 				.andExpect(header().string("X-Frame-Options", "DENY"))
 
 				.andExpect(header().string("Strict-Transport-Security", "max-age=31536000 ; includeSubDomains"))
 
@@ -82,4 +84,14 @@ public class HeadersConfigurerEagerHeadersTests {
 
 
 	}
 
 
+	@RestController
 
+	private static class HomeController {
 
+
 
+		@GetMapping("/")
 
+		String ok() {
 
+			return "ok";
 
+		}
 
+
 
+	}
 
+
 
 }

+ 1 - 1
config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java
View File 

@@ -124,7 +124,7 @@ public class HttpBasicConfigurerTests {
 
 	// SEC-3019
 
 	@Test
 
 	public void httpBasicWhenRememberMeConfiguredThenSetsRememberMeCookie() throws Exception {
 
-		this.spring.register(BasicUsesRememberMeConfig.class).autowire();
 
+		this.spring.register(BasicUsesRememberMeConfig.class, Home.class).autowire();
 
 		MockHttpServletRequestBuilder rememberMeRequest = get("/").with(httpBasic("user", "password"))
 
 				.param("remember-me", "true");
 
 		this.mvc.perform(rememberMeRequest).andExpect(cookie().exists("remember-me"));

+ 13 - 2
config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt
View File 

@@ -31,7 +31,9 @@ import org.springframework.security.config.test.SpringTestContextExtension
 
 import org.springframework.security.web.SecurityFilterChain
 
 import org.springframework.test.web.servlet.MockMvc
 
 import org.springframework.test.web.servlet.get
 
+import org.springframework.web.bind.annotation.GetMapping
 
 import org.springframework.web.bind.annotation.RequestMethod
 
+import org.springframework.web.bind.annotation.RestController
 
 import org.springframework.web.cors.CorsConfiguration
 
 import org.springframework.web.cors.CorsConfigurationSource
 
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource
 
@@ -72,7 +74,7 @@ class CorsDslTests {
 
 
     @Test
 
     fun `CORS when CORS configuration source bean then responds with CORS header`() {
 
-        this.spring.register(CorsCrossOriginBeanConfig::class.java).autowire()
 
+        this.spring.register(CorsCrossOriginBeanConfig::class.java, HomeController::class.java).autowire()
 
 
         this.mockMvc.get("/")
 
         {
 
@@ -149,7 +151,7 @@ class CorsDslTests {
 
 
     @Test
 
     fun `CORS when CORS configuration source dsl then responds with CORS header`() {
 
-        this.spring.register(CorsCrossOriginBeanConfig::class.java).autowire()
 
+        this.spring.register(CorsCrossOriginBeanConfig::class.java, HomeController::class.java).autowire()
 
 
         this.mockMvc.get("/")
 
         {
 
@@ -180,4 +182,13 @@ class CorsDslTests {
 
             return http.build()
 
         }
 
     }
 
+
 
+    @RestController
 
+    private class HomeController {
 
+        @GetMapping("/")
 
+        fun ok(): String {
 
+            return "ok"
 
+        }
 
+    }
 
+
 
 }