Merge remote-tracking branch 'origin/master' into fix_migration_to_new_spring_boot_version_merge_master
Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
This commit is contained in:
@@ -8,6 +8,8 @@
|
||||
*/
|
||||
package org.eclipse.hawkbit.app;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
@@ -23,22 +25,23 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||
/**
|
||||
* Error page controller that ensures that ocet stream does not return text in
|
||||
* case of an error.
|
||||
*
|
||||
*/
|
||||
@Controller
|
||||
// Exception squid:S3752 - errors need handling for all methods
|
||||
@SuppressWarnings("squid:S3752")
|
||||
public class StreamAwareErrorController extends BasicErrorController {
|
||||
public class ErrorController extends BasicErrorController {
|
||||
|
||||
private static final String PATH = "path";
|
||||
|
||||
/**
|
||||
* A new {@link StreamAwareErrorController}.
|
||||
* A new {@link ErrorController}.
|
||||
*
|
||||
* @param errorAttributes
|
||||
* the error attributes
|
||||
* @param serverProperties
|
||||
* configuration properties
|
||||
*/
|
||||
public StreamAwareErrorController(final ErrorAttributes errorAttributes, final ServerProperties serverProperties) {
|
||||
public ErrorController(final ErrorAttributes errorAttributes, final ServerProperties serverProperties) {
|
||||
super(errorAttributes, serverProperties.getError());
|
||||
}
|
||||
|
||||
@@ -48,4 +51,19 @@ public class StreamAwareErrorController extends BasicErrorController {
|
||||
return new ResponseEntity<>(status);
|
||||
}
|
||||
|
||||
@Override
|
||||
@RequestMapping
|
||||
public ResponseEntity<Map<String, Object>> error(final HttpServletRequest request) {
|
||||
final HttpStatus status = getStatus(request);
|
||||
final Map<String, Object> body = getErrorAttributesWithoutPath(request);
|
||||
return new ResponseEntity<>(body, status);
|
||||
}
|
||||
|
||||
private Map<String, Object> getErrorAttributesWithoutPath(final HttpServletRequest request) {
|
||||
final Map<String, Object> body = getErrorAttributes(request, isIncludeStackTrace(request, MediaType.ALL));
|
||||
if (body != null && body.containsKey(PATH)) {
|
||||
body.remove(PATH);
|
||||
}
|
||||
return body;
|
||||
}
|
||||
}
|
||||
@@ -15,6 +15,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
|
||||
import org.eclipse.hawkbit.mgmt.rest.api.MgmtRestConstants;
|
||||
import org.eclipse.hawkbit.repository.test.util.MsSqlTestDatabase;
|
||||
import org.eclipse.hawkbit.repository.test.util.MySqlTestDatabase;
|
||||
import org.eclipse.hawkbit.repository.test.util.PostgreSqlTestDatabase;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
@@ -24,6 +25,7 @@ import org.springframework.security.test.context.support.WithUserDetails;
|
||||
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
|
||||
import org.springframework.test.annotation.DirtiesContext;
|
||||
import org.springframework.test.context.TestExecutionListeners;
|
||||
import org.springframework.test.context.TestExecutionListeners.MergeMode;
|
||||
import org.springframework.test.context.TestPropertySource;
|
||||
import org.springframework.test.context.junit4.SpringRunner;
|
||||
import org.springframework.test.web.servlet.MockMvc;
|
||||
@@ -31,22 +33,22 @@ import org.springframework.test.web.servlet.ResultActions;
|
||||
import org.springframework.test.web.servlet.setup.DefaultMockMvcBuilder;
|
||||
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
|
||||
import org.springframework.web.context.WebApplicationContext;
|
||||
import org.springframework.test.context.TestExecutionListeners.MergeMode;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import io.qameta.allure.Feature;
|
||||
import io.qameta.allure.Story;
|
||||
|
||||
@TestPropertySource(properties = { "hawkbit.server.security.cors.enabled=true",
|
||||
"hawkbit.server.security.cors.allowedOrigins=" + CorsTest.ALLOWED_ORIGIN_FIRST + ","
|
||||
+ CorsTest.ALLOWED_ORIGIN_SECOND })
|
||||
@SpringBootTest(properties = {"hawkbit.dmf.rabbitmq.enabled=false", "hawkbit.server.security.cors.enabled=true",
|
||||
"hawkbit.server.security.cors.allowedOrigins=" + CorsTest.ALLOWED_ORIGIN_FIRST + "," + CorsTest.ALLOWED_ORIGIN_SECOND})
|
||||
@TestExecutionListeners(listeners = { MySqlTestDatabase.class, MsSqlTestDatabase.class },
|
||||
mergeMode = MergeMode.MERGE_WITH_DEFAULTS)
|
||||
@Feature("Integration Test - Security")
|
||||
@Story("CORS")
|
||||
public class CorsTest extends AbstractSecurityTest {
|
||||
|
||||
final static String ALLOWED_ORIGIN_FIRST = "http://test.first.origin";
|
||||
final static String ALLOWED_ORIGIN_SECOND = "http://test.second.origin";
|
||||
|
||||
|
||||
private final static String INVALID_ORIGIN = "http://test.invalid.origin";
|
||||
private final static String INVALID_CORS_REQUEST = "Invalid CORS request";
|
||||
|
||||
@@ -61,15 +63,16 @@ public class CorsTest extends AbstractSecurityTest {
|
||||
.andExpect(status().isForbidden()).andReturn().getResponse().getContentAsString();
|
||||
assertThat(invalidOriginResponseBody).isEqualTo(INVALID_CORS_REQUEST);
|
||||
|
||||
final String invalidCorsUrlResponseBody = performOptionsRequestToUrlWithOrigin(MgmtRestConstants.BASE_SYSTEM_MAPPING, ALLOWED_ORIGIN_FIRST)
|
||||
.andExpect(status().isForbidden()).andReturn().getResponse().getContentAsString();
|
||||
final String invalidCorsUrlResponseBody = performOptionsRequestToUrlWithOrigin(
|
||||
MgmtRestConstants.BASE_SYSTEM_MAPPING, ALLOWED_ORIGIN_FIRST).andExpect(status().isForbidden())
|
||||
.andReturn().getResponse().getContentAsString();
|
||||
assertThat(invalidCorsUrlResponseBody).isEqualTo(INVALID_CORS_REQUEST);
|
||||
}
|
||||
|
||||
private ResultActions performOptionsRequestToRestWithOrigin(final String origin) throws Exception {
|
||||
return performOptionsRequestToUrlWithOrigin(MgmtRestConstants.BASE_V1_REQUEST_MAPPING, origin);
|
||||
}
|
||||
|
||||
|
||||
private ResultActions performOptionsRequestToUrlWithOrigin(final String url, final String origin) throws Exception {
|
||||
return mvc.perform(options(url).header("Access-Control-Request-Method", "GET").header("Origin", origin));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user