如何测试Spring Boot中的CORS?当我尝试使用MockMvcBuilders时,尽管Origin错误,它总是返回200

时间:2017-10-11 00:03:23

标签: spring spring-boot junit mockito mockmvc

以下测试(我包括两个类来查看是否有一个工作)都没有调用控制器的问题。我希望它拒绝CORS问题,因为我没有添加任何CORS配置。 (然后我想用CORS配置进行测试,然后通过)。

如何强制CORS失败?

第一次尝试:

import com.testing.Application;
import com.testing.config.ControllerConfig;
import com.testing.controller.MyController;
import com.testing.dto.TestDateResponse;
import com.testing.exception.GlobalExceptionHandler;
import com.testing.service.TestService;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.InjectMocks;
import org.mockito.MockitoAnnotations;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.MediaType;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.context.ConfigurableWebApplicationContext;

import java.time.LocalDate;

import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.junit.Assert.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@RunWith(SpringJUnit4ClassRunner.class)
@SpringBootTest(classes = Application.class)
@WebAppConfiguration
public class TestCORS
{
    @Autowired
    private ConfigurableWebApplicationContext context;

    private MockMvc mockMvc;
    private ObjectMapper objectMapper;

    @InjectMocks
    private MyController myController;

    @Autowired
    private RestTemplate restTemplate;

    @Before
    public void setup()
    {
        //Initialize our injected mocks
        MockitoAnnotations.initMocks(this);

        //Create a controller
        myController = new MyController( new TestService(), restTemplate );

        //Create an environment for it
        mockMvc = MockMvcBuilders
            .webAppContextSetup(context)
            .dispatchOptions(true)
            .build();

        //Create our marshaller
        objectMapper = new ObjectMapper();
    }

    /**
     * Tests that we fail when trying to access cross origin
     * @throws Exception if json unmarshaller cannot parse the response
     */
    @Test
    public void testValidRequest() throws Exception
    {
        String request = "{\"asOfDate\":\"20170210\"}";

        //Call to test a date
        ResultActions actions = mockMvc.perform(
            post("/v1/testdate")
                .contentType(MediaType.APPLICATION_JSON)
                .content(request)

                //CORS HEADERS
                .header("Access-Control-Request-Method", "DELETE")
                .header("Origin", "https://evil.com")
        );

        actions.andExpect(status().isOk())
            .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8));

        TestDateResponse response = objectMapper.readValue(actions.andReturn().getResponse().getContentAsString(), TestDateResponse.class);
        assertThat(response, notNullValue());
        // verify date has returned back correctly
        assertThat(response.getRetDate(), equalTo(LocalDate.of(2017, 02, 10)));
    }
}

第二次尝试:

import com.testing.config.ControllerConfig;
import com.testing.controller.MyController;
import com.testing.dto.TestDateResponse;
import com.testing.exception.GlobalExceptionHandler;
import com.testing.service.TestService;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.MockitoAnnotations;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.ResultActions;
import org.springframework.test.web.servlet.setup.MockMvcBuilders;
import org.springframework.web.client.RestTemplate;

import java.time.LocalDate;

import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.junit.Assert.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(classes = {ControllerConfig.class})
public class TestCORS
{
    private MockMvc mockMvc;
    private ObjectMapper objectMapper;
    private MyController myController;

    @Autowired
    private RestTemplate restTemplate;

    @Before
    public void setup()
    {
        //Initialize our injected mocks
        MockitoAnnotations.initMocks(this);

        //Create a controller
        myController = new MyController( new TestService(), restTemplate );

        //Create an environment for it
        mockMvc = MockMvcBuilders.standaloneSetup(myController)
            .setControllerAdvice(new GlobalExceptionHandler())
            .build();

        //Create our marshaller
        objectMapper = new ObjectMapper();
    }

    /**
     * Tests that we fail when trying to access cross origin
     * @throws Exception if json unmarshaller cannot parse the response
     */
    @Test
    public void testValidRequest() throws Exception
    {
        String request = "{\"asOfDate\":\"20170210\"}";

        //Call to test a date
        ResultActions actions = mockMvc.perform(
            post("/v1/testdate")
                .contentType(MediaType.APPLICATION_JSON)
                .content(request)

                //CORS HEADERS
                .header("Access-Control-Request-Method", "GET")
                .header("Origin", "http://www.someurl.com")
        );
        actions.andExpect(status().isOk())
            .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8));

        TestDateResponse response = objectMapper.readValue(actions.andReturn().getResponse().getContentAsString(), TestDateResponse.class);
        assertThat(response, notNullValue());
        // verify date has returned back correctly
        assertThat(response.getRetDate(), equalTo(LocalDate.of(2017, 02, 10)));
    }
}

1 个答案:

答案 0 :(得分:1)

CORS不能那样工作。

要检查CORS,必须对URL进行预检调用。 这不是POST,而是针对具有CORS头的相同URL的OPTIONS请求。

通过该呼叫,如果允许或不允许真实呼叫(对DELETE),您将收到CORS响应。

这样的事情应该有效:

    ResultActions actions = mockMvc.perform(
        options("/v1/testdate")    
            .contentType(MediaType.APPLICATION_JSON)
            //CORS HEADERS
            .header("Access-Control-Request-Method", "DELETE")
            .header("Origin", "https://evil.com")
    );

然后简单地断言预期的响应头。

相关问题
最新问题