Changes requested within pull request review.

Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
This commit is contained in:
Ammar Bikic
2021-01-08 19:28:26 +01:00
parent 7434293e27
commit adeabbd442
3 changed files with 16 additions and 10 deletions

View File

@@ -190,7 +190,7 @@ public class SecurityManagedConfiguration {
/**
* Filter to protect the hawkBit server DDI interface against to many
* requests.
*
*
* @param securityProperties
* for filter configuration
*
@@ -306,7 +306,7 @@ public class SecurityManagedConfiguration {
/**
* Filter to protect the hawkBit server DDI download interface against
* to many requests.
*
*
* @param securityProperties
* for filter configuration
*
@@ -396,7 +396,7 @@ public class SecurityManagedConfiguration {
/**
* Filter to protect the hawkBit server system management interface against
* to many requests.
*
*
* @param securityProperties
* for filter configuration
*
@@ -497,7 +497,7 @@ public class SecurityManagedConfiguration {
/**
* Filter to protect the hawkBit server Management interface against to
* many requests.
*
*
* @param securityProperties
* for filter configuration
*
@@ -625,7 +625,7 @@ public class SecurityManagedConfiguration {
/**
* Filter to protect the hawkBit management UI against to many requests.
*
*
* @param securityProperties
* for filter configuration
*
@@ -727,6 +727,11 @@ public class SecurityManagedConfiguration {
.logoutSuccessHandler(logoutSuccessHandler);
}
/**
* HttpFirewall which enables to define a list of allowed host names.
*
* @return the http firewall.
*/
@Bean
public HttpFirewall httpFirewall() {
final List<String> allowedHostNames = hawkbitSecurityProperties.getAllowedHostNames();
@@ -736,7 +741,8 @@ public class SecurityManagedConfiguration {
if (!CollectionUtils.isEmpty(allowedHostNames)) {
firewall.setAllowedHostnames(hostName -> {
LOG.debug("Firewall check host: {}, allowed: {}", hostName, allowedHostNames.contains(hostName));
return allowedHostNames.contains(hostName);});
return allowedHostNames.contains(hostName);
});
}
return firewall;
}

View File

@@ -24,10 +24,6 @@
<groupId>org.springframework.hateoas</groupId>
<artifactId>spring-hateoas</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-json</artifactId>

View File

@@ -12,6 +12,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import io.qameta.allure.Description;
import org.junit.Test;
import org.springframework.http.HttpHeaders;
import org.springframework.security.web.firewall.RequestRejectedException;
@@ -27,17 +28,20 @@ import org.springframework.test.context.TestPropertySource;
public class AllowedHostNamesTest extends AbstractSecurityTest {
@Test
@Description("Tests whether a RequestRejectedException is thrown when not allowed host is used")
public void allowedHostNameWithNotAllowedHost() {
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(
() -> mvc.perform(get("/").header(HttpHeaders.HOST, "www.google.com")));
}
@Test
@Description("Tests whether request is redirected when allowed host is used")
public void allowedHostNameWithAllowedHost() throws Exception {
mvc.perform(get("/").header(HttpHeaders.HOST, "localhost")).andExpect(status().is3xxRedirection());
}
@Test
@Description("Tests whether request without allowed host name and with ignored path end up with a client error")
public void notAllowedHostnameWithIgnoredPath() throws Exception {
mvc.perform(get("/index.html").header(HttpHeaders.HOST, "www.google.com"))
.andExpect(status().is4xxClientError());