View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.myfaces.tobago.internal.config;
21  
22  import org.junit.Assert;
23  import org.junit.Test;
24  import org.xml.sax.SAXException;
25  
26  import javax.xml.parsers.ParserConfigurationException;
27  import java.io.IOException;
28  import java.net.URISyntaxException;
29  import java.net.URL;
30  import java.util.ArrayList;
31  import java.util.List;
32  import java.util.Map;
33  
34  public class TobagoConfigMergingUnitTest {
35  
36    @Test
37    public void testPreventFrameAttacksCascadingDefault()
38        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
39  
40      final TobagoConfigImpl config = loadAndMerge(
41          "tobago-config-merge-0.xml",
42          "tobago-config-merge-1.xml");
43  
44      Assert.assertFalse(config.isPreventFrameAttacks());
45    }
46  
47    @Test
48    public void testPreventFrameAttacks()
49        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
50  
51      final TobagoConfigImpl config = loadAndMerge("tobago-config-merge-0.xml");
52  
53      Assert.assertFalse(config.isPreventFrameAttacks());
54    }
55  
56    @Test
57    public void testPreventFrameAttacksDefault()
58        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
59  
60      final TobagoConfigImpl config = loadAndMerge("tobago-config-merge-1.xml");
61  
62      Assert.assertTrue(config.isPreventFrameAttacks());
63    }
64  
65    @Test
66    public void testContentSecurityPolicy()
67        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
68  
69      final TobagoConfigImpl config = loadAndMerge(
70          "tobago-config-merge-0.xml");
71  
72      Assert.assertTrue(config.getContentSecurityPolicy().getMode() == ContentSecurityPolicy.Mode.ON);
73      Assert.assertEquals(1, config.getContentSecurityPolicy().getDirectiveList().size());
74      Assert.assertEquals("default-src 'self'", config.getContentSecurityPolicy().getDirectiveList().get(0));
75    }
76  
77    @Test
78    public void testContentSecurityPolicyExtend()
79        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
80  
81      final TobagoConfigImpl config = loadAndMerge(
82          "tobago-config-merge-0.xml",
83          "tobago-config-merge-1.xml");
84  
85      Assert.assertTrue(config.getContentSecurityPolicy().getMode() == ContentSecurityPolicy.Mode.REPORT_ONLY);
86      Assert.assertEquals(2, config.getContentSecurityPolicy().getDirectiveList().size());
87      Assert.assertEquals("default-src 'self'", config.getContentSecurityPolicy().getDirectiveList().get(0));
88      Assert.assertEquals("image-src http://apache.org", config.getContentSecurityPolicy().getDirectiveList().get(1));
89    }
90  
91    @Test
92    public void testContentSecurityPolicyOff()
93        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
94  
95      final TobagoConfigImpl config = loadAndMerge(
96          "tobago-config-merge-0.xml",
97          "tobago-config-merge-1.xml",
98          "tobago-config-merge-2.xml");
99  
100     Assert.assertTrue(config.getContentSecurityPolicy().getMode() == ContentSecurityPolicy.Mode.OFF);
101     Assert.assertEquals(2, config.getContentSecurityPolicy().getDirectiveList().size());
102   }
103 
104   @Test
105   public void testMimeTypes()
106       throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
107 
108     final TobagoConfigImpl config = loadAndMerge(
109         "tobago-config-merge-0.xml",
110         "tobago-config-merge-1.xml",
111         "tobago-config-merge-2.xml");
112 
113     final Map<String, String> mimeTypes = config.getMimeTypes();
114     Assert.assertTrue(mimeTypes.size() == 3);
115     Assert.assertEquals("test/one", mimeTypes.get("test-1"));
116     Assert.assertEquals("test/zwei", mimeTypes.get("test-2"));
117     Assert.assertEquals("test/three", mimeTypes.get("test-3"));
118   }
119 
120   public static TobagoConfigImpl loadAndMerge(final String... names)
121       throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
122 
123     final List<TobagoConfigFragment> list = new ArrayList<TobagoConfigFragment>();
124 
125     for (final String name : names) {
126       final URL url = TobagoConfigMergingUnitTest.class.getClassLoader().getResource(name);
127       final TobagoConfigParser parser = new TobagoConfigParser();
128       list.add(parser.parse(url));
129     }
130 
131     final TobagoConfigSorter sorter = new TobagoConfigSorter(list);
132     sorter.sort();
133     return sorter.merge();
134   }
135 }