View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.myfaces.tobago.internal.config;
21  
22  import org.junit.Assert;
23  import org.junit.Test;
24  import org.xml.sax.SAXException;
25  
26  import javax.xml.parsers.ParserConfigurationException;
27  import java.io.IOException;
28  import java.net.URISyntaxException;
29  import java.net.URL;
30  import java.util.ArrayList;
31  import java.util.List;
32  
33  public class TobagoConfigMergingUnitTest {
34  
35    @Test
36    public void testPreventFrameAttacksCascadingDefault()
37        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
38  
39      final TobagoConfigImpl config = loadAndMerge(
40          "tobago-config-merge-0.xml",
41          "tobago-config-merge-1.xml");
42  
43      Assert.assertFalse(config.isPreventFrameAttacks());
44    }
45  
46    @Test
47    public void testPreventFrameAttacks()
48        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
49  
50      final TobagoConfigImpl config = loadAndMerge("tobago-config-merge-0.xml");
51  
52      Assert.assertFalse(config.isPreventFrameAttacks());
53    }
54  
55    @Test
56    public void testPreventFrameAttacksDefault()
57        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
58  
59      final TobagoConfigImpl config = loadAndMerge("tobago-config-merge-1.xml");
60  
61      Assert.assertTrue(config.isPreventFrameAttacks());
62    }
63  
64    @Test
65    public void testContentSecurityPolicy()
66        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
67  
68      final TobagoConfigImpl config = loadAndMerge(
69          "tobago-config-merge-0.xml");
70  
71      Assert.assertTrue(config.getContentSecurityPolicy().getMode() == ContentSecurityPolicy.Mode.ON);
72      Assert.assertEquals(1, config.getContentSecurityPolicy().getDirectiveList().size());
73      Assert.assertEquals("default-src 'self'", config.getContentSecurityPolicy().getDirectiveList().get(0));
74    }
75  
76    @Test
77    public void testContentSecurityPolicyExtend()
78        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
79  
80      final TobagoConfigImpl config = loadAndMerge(
81          "tobago-config-merge-0.xml",
82          "tobago-config-merge-1.xml");
83  
84      Assert.assertTrue(config.getContentSecurityPolicy().getMode() == ContentSecurityPolicy.Mode.REPORT_ONLY);
85      Assert.assertEquals(2, config.getContentSecurityPolicy().getDirectiveList().size());
86      Assert.assertEquals("default-src 'self'", config.getContentSecurityPolicy().getDirectiveList().get(0));
87      Assert.assertEquals("image-src http://apache.org", config.getContentSecurityPolicy().getDirectiveList().get(1));
88    }
89  
90    @Test
91    public void testContentSecurityPolicyOff()
92        throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
93  
94      final TobagoConfigImpl config = loadAndMerge(
95          "tobago-config-merge-0.xml",
96          "tobago-config-merge-1.xml",
97          "tobago-config-merge-2.xml");
98  
99      Assert.assertTrue(config.getContentSecurityPolicy().getMode() == ContentSecurityPolicy.Mode.OFF);
100     Assert.assertEquals(2, config.getContentSecurityPolicy().getDirectiveList().size());
101   }
102 
103   private TobagoConfigImpl loadAndMerge(final String... names)
104       throws IOException, SAXException, ParserConfigurationException, URISyntaxException {
105 
106     final List<TobagoConfigFragment> list = new ArrayList<TobagoConfigFragment>();
107 
108     for (final String name : names) {
109       final URL url = getClass().getClassLoader().getResource(name);
110       final TobagoConfigParser parser = new TobagoConfigParser();
111       list.add(parser.parse(url));
112     }
113 
114     final TobagoConfigSorter sorter = new TobagoConfigSorter(list);
115     sorter.sort();
116     return sorter.merge();
117   }
118 }