Changes requested within pull request review.
Signed-off-by: Ammar Bikic <ammar.bikic@bosch.io>
This commit is contained in:
@@ -190,7 +190,7 @@ public class SecurityManagedConfiguration {
|
||||
/**
|
||||
* Filter to protect the hawkBit server DDI interface against to many
|
||||
* requests.
|
||||
*
|
||||
*
|
||||
* @param securityProperties
|
||||
* for filter configuration
|
||||
*
|
||||
@@ -306,7 +306,7 @@ public class SecurityManagedConfiguration {
|
||||
/**
|
||||
* Filter to protect the hawkBit server DDI download interface against
|
||||
* to many requests.
|
||||
*
|
||||
*
|
||||
* @param securityProperties
|
||||
* for filter configuration
|
||||
*
|
||||
@@ -396,7 +396,7 @@ public class SecurityManagedConfiguration {
|
||||
/**
|
||||
* Filter to protect the hawkBit server system management interface against
|
||||
* to many requests.
|
||||
*
|
||||
*
|
||||
* @param securityProperties
|
||||
* for filter configuration
|
||||
*
|
||||
@@ -497,7 +497,7 @@ public class SecurityManagedConfiguration {
|
||||
/**
|
||||
* Filter to protect the hawkBit server Management interface against to
|
||||
* many requests.
|
||||
*
|
||||
*
|
||||
* @param securityProperties
|
||||
* for filter configuration
|
||||
*
|
||||
@@ -625,7 +625,7 @@ public class SecurityManagedConfiguration {
|
||||
|
||||
/**
|
||||
* Filter to protect the hawkBit management UI against to many requests.
|
||||
*
|
||||
*
|
||||
* @param securityProperties
|
||||
* for filter configuration
|
||||
*
|
||||
@@ -727,6 +727,11 @@ public class SecurityManagedConfiguration {
|
||||
.logoutSuccessHandler(logoutSuccessHandler);
|
||||
}
|
||||
|
||||
/**
|
||||
* HttpFirewall which enables to define a list of allowed host names.
|
||||
*
|
||||
* @return the http firewall.
|
||||
*/
|
||||
@Bean
|
||||
public HttpFirewall httpFirewall() {
|
||||
final List<String> allowedHostNames = hawkbitSecurityProperties.getAllowedHostNames();
|
||||
@@ -736,7 +741,8 @@ public class SecurityManagedConfiguration {
|
||||
if (!CollectionUtils.isEmpty(allowedHostNames)) {
|
||||
firewall.setAllowedHostnames(hostName -> {
|
||||
LOG.debug("Firewall check host: {}, allowed: {}", hostName, allowedHostNames.contains(hostName));
|
||||
return allowedHostNames.contains(hostName);});
|
||||
return allowedHostNames.contains(hostName);
|
||||
});
|
||||
}
|
||||
return firewall;
|
||||
}
|
||||
|
||||
@@ -24,10 +24,6 @@
|
||||
<groupId>org.springframework.hateoas</groupId>
|
||||
<artifactId>spring-hateoas</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-webmvc</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-json</artifactId>
|
||||
|
||||
@@ -12,6 +12,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
|
||||
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
|
||||
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
|
||||
|
||||
import io.qameta.allure.Description;
|
||||
import org.junit.Test;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.security.web.firewall.RequestRejectedException;
|
||||
@@ -27,17 +28,20 @@ import org.springframework.test.context.TestPropertySource;
|
||||
public class AllowedHostNamesTest extends AbstractSecurityTest {
|
||||
|
||||
@Test
|
||||
@Description("Tests whether a RequestRejectedException is thrown when not allowed host is used")
|
||||
public void allowedHostNameWithNotAllowedHost() {
|
||||
assertThatExceptionOfType(RequestRejectedException.class).isThrownBy(
|
||||
() -> mvc.perform(get("/").header(HttpHeaders.HOST, "www.google.com")));
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests whether request is redirected when allowed host is used")
|
||||
public void allowedHostNameWithAllowedHost() throws Exception {
|
||||
mvc.perform(get("/").header(HttpHeaders.HOST, "localhost")).andExpect(status().is3xxRedirection());
|
||||
}
|
||||
|
||||
@Test
|
||||
@Description("Tests whether request without allowed host name and with ignored path end up with a client error")
|
||||
public void notAllowedHostnameWithIgnoredPath() throws Exception {
|
||||
mvc.perform(get("/index.html").header(HttpHeaders.HOST, "www.google.com"))
|
||||
.andExpect(status().is4xxClientError());
|
||||
|
||||
Reference in New Issue
Block a user