Package net.shibboleth.utilities.java.support.net

Class SameSiteCookieHeaderFilterTest

java.lang.Object

net.shibboleth.utilities.java.support.net.SameSiteCookieHeaderFilterTest

public class SameSiteCookieHeaderFilterTest
extends Object

Tests for SameSiteCookieHeaderFilter.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
class	SameSiteCookieHeaderFilterTest.TestOutputStreamServlet	Servlet that opens an output stream on the response.
class	SameSiteCookieHeaderFilterTest.TestPrintWriterServlet	Servlet that opens a print writer on the response.
class	SameSiteCookieHeaderFilterTest.TestRedirectServlet	Servlet that initiates a redirect on the response.

Field Summary

Fields

Modifier and Type	Field	Description
private MockHttpServletRequest	request
private MockHttpServletResponse	response

Constructor Summary

Constructors

Constructor	Description
SameSiteCookieHeaderFilterTest()

Method Summary

Modifier and Type	Method	Description
void	setUp()
void	tearDown()
void	testDuplicateInitValues()	Test failure on duplicated cookie names
void	testEmptyCookieNameInitValue()	Test an empty cookie name is not added to the internal map.
void	testEmptySameSiteCookieMap()	Test empty SameSite cookie map, which should not trigger an exception, and just copy over the existing cookies.
void	testEmptySameSiteCookieMapAndNullDefault()	Test empty SameSite cookie map and Null default, which should not trigger an exception, and just copy over the existing cookies.
void	testEmptySameSiteCookieMapWithDefault()	Test empty SameSite cookie map, which should not trigger an exception, and should apply a default.
private void	testExpectedHeadersInResponse(String sameSiteValue, MockHttpServletResponse response, List<String> cookiesWithSamesite, List<String> cookiesWithoutSameSite, int numberOfHeaders)	Test the Set-Cookie headers in the response contain the SameSite=<sameSiteValue> attribute if they are named in the cookiesWithSamesite list, and do not if named in the cookiesWithoutSameSite list.
void	testGetOutputStreamResponse()	Test the samesite filter works correctly when an output stream is written to and flushed.
void	testInitValues()	Test the correct number of cookies are added to the internal filter cookie map.
void	testNullInitValues()	Test a null init value, which should not trigger an exception.
void	testPrintWriterResponse()	Test the samesite filter works correctly when the response print writer is written to and closed.
void	testRedirectResponseSameSiteLax()	Test the samesite filter works correctly with Lax values when a redirect response is issued.
void	testRedirectResponseSameSiteNone()	Test the samesite filter works correctly with None values when a redirect response is issued.
void	testRedirectResponseSameSiteNoneWithDefault()	Test the samesite filter works correctly with None values when a redirect response is issued.
void	testRedirectResponseSameSiteStrict()	Test the samesite filter works correctly with Strict values when a redirect response is issued.
private void	testSameSiteMapSize(String fieldName, int expectedSize, javax.servlet.Filter filter)	Get the field from the filter (even if private), check the field is of type Set, and compare the size of the set to the expected size.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

request

private MockHttpServletRequest request

response

private MockHttpServletResponse response

Constructor Detail

SameSiteCookieHeaderFilterTest

public SameSiteCookieHeaderFilterTest()

Method Detail

setUp

@BeforeMethod
public void setUp()

tearDown

@AfterMethod
public void tearDown()

testNullInitValues

public void testNullInitValues()

Test a null init value, which should not trigger an exception.

testEmptyCookieNameInitValue

public void testEmptyCookieNameInitValue()

Test an empty cookie name is not added to the internal map.

testInitValues

public void testInitValues()

Test the correct number of cookies are added to the internal filter cookie map.

testDuplicateInitValues

public void testDuplicateInitValues()

Test failure on duplicated cookie names

testEmptySameSiteCookieMap

public void testEmptySameSiteCookieMap()
                                throws IOException,
                                       javax.servlet.ServletException

Test empty SameSite cookie map, which should not trigger an exception, and just copy over the existing cookies.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testEmptySameSiteCookieMapAndNullDefault

public void testEmptySameSiteCookieMapAndNullDefault()
                                              throws IOException,
                                                     javax.servlet.ServletException

Test empty SameSite cookie map and Null default, which should not trigger an exception, and just copy over the existing cookies.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testEmptySameSiteCookieMapWithDefault

public void testEmptySameSiteCookieMapWithDefault()
                                           throws IOException,
                                                  javax.servlet.ServletException

Test empty SameSite cookie map, which should not trigger an exception, and should apply a default.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testRedirectResponseSameSiteNone

public void testRedirectResponseSameSiteNone()
                                      throws IOException,
                                             javax.servlet.ServletException

Test the samesite filter works correctly with None values when a redirect response is issued.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testRedirectResponseSameSiteNoneWithDefault

public void testRedirectResponseSameSiteNoneWithDefault()
                                                 throws IOException,
                                                        javax.servlet.ServletException

Test the samesite filter works correctly with None values when a redirect response is issued.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testRedirectResponseSameSiteLax

public void testRedirectResponseSameSiteLax()
                                     throws IOException,
                                            javax.servlet.ServletException

Test the samesite filter works correctly with Lax values when a redirect response is issued.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testRedirectResponseSameSiteStrict

public void testRedirectResponseSameSiteStrict()
                                        throws IOException,
                                               javax.servlet.ServletException

Test the samesite filter works correctly with Strict values when a redirect response is issued.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testGetOutputStreamResponse

public void testGetOutputStreamResponse()
                                 throws IOException,
                                        javax.servlet.ServletException

Test the samesite filter works correctly when an output stream is written to and flushed.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testPrintWriterResponse

public void testPrintWriterResponse()
                             throws IOException,
                                    javax.servlet.ServletException

Test the samesite filter works correctly when the response print writer is written to and closed.

Throws:

IOException - if something bad happens

javax.servlet.ServletException - if something bad happens

testSameSiteMapSize

private void testSameSiteMapSize(String fieldName,
                                 int expectedSize,
                                 javax.servlet.Filter filter)

Get the field from the filter (even if private), check the field is of type Set, and compare the size of the set to the expected size.

Parameters:

fieldName - the name of the field on the object of type Map.

expectedSize - the expected size of the map.

filter - the filter with the field to get.

testExpectedHeadersInResponse

private void testExpectedHeadersInResponse(String sameSiteValue,
                                           MockHttpServletResponse response,
                                           List<String> cookiesWithSamesite,
                                           List<String> cookiesWithoutSameSite,
                                           int numberOfHeaders)

Test the Set-Cookie headers in the response contain the SameSite=<sameSiteValue> attribute if they are named in the cookiesWithSamesite list, and do not if named in the cookiesWithoutSameSite list.

Also checks the number of Set-Cookie headers matches numberOfHeaders. This makes sure the filter is not adding or removing headers during operation - it should only ever append the SameSite attribute to existing cookies.

Parameters:

sameSiteValue - the value of samesite to check for.

response - the http servlet response.

cookiesWithSamesite - the list of cookies that should have the SameSite=None attribute set.

cookiesWithoutSameSite - the list of cookies that should not have the SameSite attribute set.

numberOfHeaders - the number of Set-Cookie headers expected in the response.