From 081c3ac44f0bc156f238a041b3cd6869d80ce615 Mon Sep 17 00:00:00 2001 From: Juergen Hoeller Date: Wed, 24 Aug 2016 12:46:30 +0200 Subject: [PATCH] Polishing --- .../org/springframework/http/HttpHeaders.java | 4 +- .../web/cors/CorsConfiguration.java | 37 +++-- .../web/cors/DefaultCorsProcessorTests.java | 141 ++++++++++-------- .../handler/AbstractHandlerMapping.java | 13 +- 4 files changed, 110 insertions(+), 85 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/http/HttpHeaders.java b/spring-web/src/main/java/org/springframework/http/HttpHeaders.java index 2585d56695e..fe1de32f462 100644 --- a/spring-web/src/main/java/org/springframework/http/HttpHeaders.java +++ b/spring-web/src/main/java/org/springframework/http/HttpHeaders.java @@ -548,8 +548,8 @@ public class HttpHeaders implements MultiValueMap, Serializable /** * Set the (new) value of the {@code Access-Control-Request-Method} request header. */ - public void setAccessControlRequestMethod(HttpMethod requestedMethod) { - set(ACCESS_CONTROL_REQUEST_METHOD, requestedMethod.name()); + public void setAccessControlRequestMethod(HttpMethod requestMethod) { + set(ACCESS_CONTROL_REQUEST_METHOD, requestMethod.name()); } /** diff --git a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java index 76daa33bbc8..04c52985a2f 100644 --- a/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java +++ b/spring-web/src/main/java/org/springframework/web/cors/CorsConfiguration.java @@ -1,11 +1,11 @@ /* - * Copyright 2002-2015 the original author or authors. + * Copyright 2002-2016 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -21,6 +21,7 @@ import java.util.Collections; import java.util.List; import org.springframework.http.HttpMethod; +import org.springframework.util.CollectionUtils; import org.springframework.util.ObjectUtils; import org.springframework.util.StringUtils; @@ -86,10 +87,10 @@ public class CorsConfiguration { return this; } CorsConfiguration config = new CorsConfiguration(this); - config.setAllowedOrigins(combine(this.getAllowedOrigins(), other.getAllowedOrigins())); - config.setAllowedMethods(combine(this.getAllowedMethods(), other.getAllowedMethods())); - config.setAllowedHeaders(combine(this.getAllowedHeaders(), other.getAllowedHeaders())); - config.setExposedHeaders(combine(this.getExposedHeaders(), other.getExposedHeaders())); + config.setAllowedOrigins(combine(getAllowedOrigins(), other.getAllowedOrigins())); + config.setAllowedMethods(combine(getAllowedMethods(), other.getAllowedMethods())); + config.setAllowedHeaders(combine(getAllowedHeaders(), other.getAllowedHeaders())); + config.setExposedHeaders(combine(getExposedHeaders(), other.getExposedHeaders())); Boolean allowCredentials = other.getAllowCredentials(); if (allowCredentials != null) { config.setAllowCredentials(allowCredentials); @@ -137,7 +138,7 @@ public class CorsConfiguration { */ public void addAllowedOrigin(String origin) { if (this.allowedOrigins == null) { - this.allowedOrigins = new ArrayList(); + this.allowedOrigins = new ArrayList(4); } this.allowedOrigins.add(origin); } @@ -179,7 +180,7 @@ public class CorsConfiguration { public void addAllowedMethod(String method) { if (StringUtils.hasText(method)) { if (this.allowedMethods == null) { - this.allowedMethods = new ArrayList(); + this.allowedMethods = new ArrayList(4); } this.allowedMethods.add(method); } @@ -213,7 +214,7 @@ public class CorsConfiguration { */ public void addAllowedHeader(String allowedHeader) { if (this.allowedHeaders == null) { - this.allowedHeaders = new ArrayList(); + this.allowedHeaders = new ArrayList(4); } this.allowedHeaders.add(allowedHeader); } @@ -230,7 +231,7 @@ public class CorsConfiguration { if (exposedHeaders != null && exposedHeaders.contains(ALL)) { throw new IllegalArgumentException("'*' is not a valid exposed header value"); } - this.exposedHeaders = (exposedHeaders == null ? null : new ArrayList(exposedHeaders)); + this.exposedHeaders = (exposedHeaders != null ? new ArrayList(exposedHeaders) : null); } /** @@ -251,7 +252,7 @@ public class CorsConfiguration { throw new IllegalArgumentException("'*' is not a valid exposed header value"); } if (this.exposedHeaders == null) { - this.exposedHeaders = new ArrayList(); + this.exposedHeaders = new ArrayList(4); } this.exposedHeaders.add(exposedHeader); } @@ -333,14 +334,18 @@ public class CorsConfiguration { if (requestMethod == null) { return null; } - List allowedMethods = - (this.allowedMethods != null ? this.allowedMethods : new ArrayList()); - if (allowedMethods.contains(ALL)) { - return Collections.singletonList(requestMethod); + + List allowedMethods = this.allowedMethods; + if (!CollectionUtils.isEmpty(allowedMethods)) { + if (allowedMethods.contains(ALL)) { + return Collections.singletonList(requestMethod); + } } - if (allowedMethods.isEmpty()) { + else { + allowedMethods = new ArrayList(1); allowedMethods.add(HttpMethod.GET.name()); } + List result = new ArrayList(allowedMethods.size()); boolean allowed = false; for (String method : allowedMethods) { diff --git a/spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java b/spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java index 56ab6166f4b..04fa6a4a76b 100644 --- a/spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java +++ b/spring-web/src/test/java/org/springframework/web/cors/DefaultCorsProcessorTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2015 the original author or authors. + * Copyright 2002-2016 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.web.cors; +import javax.servlet.http.HttpServletResponse; + import org.junit.Before; import org.junit.Test; @@ -24,8 +26,6 @@ import org.springframework.http.HttpMethod; import org.springframework.mock.web.test.MockHttpServletRequest; import org.springframework.mock.web.test.MockHttpServletResponse; -import javax.servlet.http.HttpServletResponse; - import static org.junit.Assert.*; /** @@ -33,6 +33,7 @@ import static org.junit.Assert.*; * * @author Sebastien Deleuze * @author Rossen Stoyanchev + * @author Juergen Hoeller */ public class DefaultCorsProcessorTests { @@ -56,22 +57,25 @@ public class DefaultCorsProcessorTests { this.processor = new DefaultCorsProcessor(); } + @Test public void actualRequestWithOriginHeader() throws Exception { this.request.setMethod(HttpMethod.GET.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); + assertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus()); } @Test public void actualRequestWithOriginHeaderAndNullConfig() throws Exception { this.request.setMethod(HttpMethod.GET.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.processor.processRequest(null, request, response); + + this.processor.processRequest(null, this.request, this.response); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -79,12 +83,13 @@ public class DefaultCorsProcessorTests { this.request.setMethod(HttpMethod.GET.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.conf.addAllowedOrigin("*"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("*", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals("*", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE)); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -95,12 +100,13 @@ public class DefaultCorsProcessorTests { this.conf.addAllowedOrigin("http://domain2.com"); this.conf.addAllowedOrigin("http://domain3.com"); this.conf.setAllowCredentials(true); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("http://domain2.com", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals("http://domain2.com", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); - assertEquals("true", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals("true", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -109,12 +115,13 @@ public class DefaultCorsProcessorTests { this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.conf.addAllowedOrigin("*"); this.conf.setAllowCredentials(true); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("http://domain2.com", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals("http://domain2.com", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); - assertEquals("true", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals("true", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -122,9 +129,10 @@ public class DefaultCorsProcessorTests { this.request.setMethod(HttpMethod.GET.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.conf.addAllowedOrigin("http://DOMAIN2.com"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -134,13 +142,14 @@ public class DefaultCorsProcessorTests { this.conf.addExposedHeader("header1"); this.conf.addExposedHeader("header2"); this.conf.addAllowedOrigin("http://domain2.com"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("http://domain2.com", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals("http://domain2.com", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS)); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header1")); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS).contains("header2")); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -149,8 +158,9 @@ public class DefaultCorsProcessorTests { this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.conf.addAllowedOrigin("*"); - this.processor.processRequest(this.conf, request, response); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + + this.processor.processRequest(this.conf, this.request, this.response); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -159,8 +169,9 @@ public class DefaultCorsProcessorTests { this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "DELETE"); this.conf.addAllowedOrigin("*"); - this.processor.processRequest(this.conf, request, response); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); + + this.processor.processRequest(this.conf, this.request, this.response); + assertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus()); } @Test @@ -169,18 +180,20 @@ public class DefaultCorsProcessorTests { this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.conf.addAllowedOrigin("*"); - this.processor.processRequest(this.conf, request, response); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); - assertEquals("GET", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)); + + this.processor.processRequest(this.conf, this.request, this.response); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); + assertEquals("GET", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)); } @Test public void preflightRequestTestWithOriginButWithoutOtherHeaders() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); + assertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus()); } @Test @@ -188,112 +201,119 @@ public class DefaultCorsProcessorTests { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); + assertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus()); } @Test public void preflightRequestWithRequestAndMethodHeaderButNoConfig() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); - this.processor.processRequest(this.conf, request, response); + this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); + + this.processor.processRequest(this.conf, this.request, this.response); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); + assertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus()); } @Test public void preflightRequestValidRequestAndConfig() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.conf.addAllowedOrigin("*"); this.conf.addAllowedMethod("GET"); this.conf.addAllowedMethod("PUT"); this.conf.addAllowedHeader("header1"); this.conf.addAllowedHeader("header2"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("*", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals("*", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)); - assertEquals("GET,PUT", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)); + assertEquals("GET,PUT", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS)); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test public void preflightRequestCredentials() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.conf.addAllowedOrigin("http://domain1.com"); this.conf.addAllowedOrigin("http://domain2.com"); this.conf.addAllowedOrigin("http://domain3.com"); this.conf.addAllowedHeader("Header1"); this.conf.setAllowCredentials(true); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("http://domain2.com", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals("http://domain2.com", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); - assertEquals("true", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals("true", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS)); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test public void preflightRequestCredentialsWithOriginWildcard() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1"); this.conf.addAllowedOrigin("http://domain1.com"); this.conf.addAllowedOrigin("*"); this.conf.addAllowedOrigin("http://domain3.com"); this.conf.addAllowedHeader("Header1"); this.conf.setAllowCredentials(true); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals("http://domain2.com", response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals("http://domain2.com", this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test public void preflightRequestAllowedHeaders() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2"); this.conf.addAllowedHeader("Header1"); this.conf.addAllowedHeader("Header2"); this.conf.addAllowedHeader("Header3"); this.conf.addAllowedOrigin("http://domain2.com"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1")); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2")); assertFalse(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header3")); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test public void preflightRequestAllowsAllHeaders() throws Exception { this.request.setMethod(HttpMethod.OPTIONS.name()); this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); - this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); + this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS, "Header1, Header2"); this.conf.addAllowedHeader("*"); this.conf.addAllowedOrigin("http://domain2.com"); - this.processor.processRequest(this.conf, request, response); + + this.processor.processRequest(this.conf, this.request, this.response); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); assertTrue(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS)); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header1")); assertTrue(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("Header2")); assertFalse(this.response.getHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS).contains("*")); - assertEquals(HttpServletResponse.SC_OK, response.getStatus()); + assertEquals(HttpServletResponse.SC_OK, this.response.getStatus()); } @Test @@ -302,9 +322,10 @@ public class DefaultCorsProcessorTests { this.request.addHeader(HttpHeaders.ORIGIN, "http://domain2.com"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.conf.addAllowedOrigin("*"); - this.processor.processRequest(null, request, response); + + this.processor.processRequest(null, this.request, this.response); assertFalse(this.response.containsHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); - assertEquals(HttpServletResponse.SC_FORBIDDEN, response.getStatus()); + assertEquals(HttpServletResponse.SC_FORBIDDEN, this.response.getStatus()); } -} \ No newline at end of file +} diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/handler/AbstractHandlerMapping.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/handler/AbstractHandlerMapping.java index 3592458ce1e..3a45ed3f636 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/handler/AbstractHandlerMapping.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/handler/AbstractHandlerMapping.java @@ -64,8 +64,7 @@ import org.springframework.web.util.UrlPathHelper; * @see #setInterceptors * @see org.springframework.web.servlet.HandlerInterceptor */ -public abstract class AbstractHandlerMapping extends WebApplicationObjectSupport - implements HandlerMapping, Ordered { +public abstract class AbstractHandlerMapping extends WebApplicationObjectSupport implements HandlerMapping, Ordered { private int order = Integer.MAX_VALUE; // default: same as non-Ordered @@ -236,6 +235,7 @@ public abstract class AbstractHandlerMapping extends WebApplicationObjectSupport return this.corsConfigSource.getCorsConfigurations(); } + /** * Initializes the interceptors. * @see #extendInterceptors(java.util.List) @@ -339,6 +339,7 @@ public abstract class AbstractHandlerMapping extends WebApplicationObjectSupport return (count > 0 ? mappedInterceptors.toArray(new MappedInterceptor[count]) : null); } + /** * Look up a handler for the given request, falling back to the default * handler if no specific one is found. @@ -480,9 +481,7 @@ public abstract class AbstractHandlerMapping extends WebApplicationObjectSupport } @Override - public void handleRequest(HttpServletRequest request, HttpServletResponse response) - throws IOException { - + public void handleRequest(HttpServletRequest request, HttpServletResponse response) throws IOException { corsProcessor.processRequest(this.config, request, response); } } @@ -497,8 +496,8 @@ public abstract class AbstractHandlerMapping extends WebApplicationObjectSupport } @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, - Object handler) throws Exception { + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { return corsProcessor.processRequest(this.config, request, response); }