Java tutorial
/* * Copyright 2012 SURFnet bv, The Netherlands * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package nl.surfnet.coin.selenium; import nl.surfnet.coin.api.client.internal.OpenConextApi20ClientCredentials; import org.apache.http.HttpResponse; import org.apache.http.client.ClientProtocolException; import org.apache.http.client.HttpClient; import org.apache.http.client.ResponseHandler; import org.apache.http.client.methods.HttpOptions; import org.apache.http.client.methods.HttpUriRequest; import org.apache.http.impl.client.DefaultHttpClient; import org.junit.Test; import org.scribe.builder.ServiceBuilder; import org.scribe.model.*; import org.scribe.oauth.OAuthService; import java.io.IOException; import static org.hamcrest.core.IsEqual.equalTo; import static org.junit.Assert.*; import static org.junit.matchers.JUnitMatchers.containsString; public class CorsHeaderTestSelenium { private static final String OAUTH_KEY = "https://testsp.dev.surfconext.nl/shibboleth"; private static final String OAUTH_SECRET = "mysecret"; private static final String USER_ID = "urn:collab:person:test.surfguest.nl:oharsta"; private static final String OS_URL = "social/rest/people/" + USER_ID + "/@self"; private final static String OAUTH_OPENCONEXT_API_READ_SCOPE = "read"; private String getApiBaseUrl() { return System.getProperty("selenium.test.url", "http://localhost:8095/api/"); } @Test public void preflight() throws Exception { HttpClient client = new DefaultHttpClient(); HttpUriRequest req = new HttpOptions(getApiBaseUrl() + OS_URL); req.setHeader("Origin", "localhost"); client.execute(req, new ResponseHandler<Object>() { @Override public Object handleResponse(HttpResponse response) throws ClientProtocolException, IOException { assertThat("response header Access-Control-Allow-Methods should contain 'GET'", response.getFirstHeader("Access-Control-Allow-Methods").getValue(), containsString("GET")); assertThat("No content should be served on a preflight request", response.getEntity().getContentLength(), equalTo(0L)); return null; } }); } @Test public void corsHeader() throws Exception { OAuthService service = new ServiceBuilder().provider(new OpenConextApi20ClientCredentials()) .apiKey(OAUTH_KEY).apiSecret(OAUTH_SECRET).scope(OAUTH_OPENCONEXT_API_READ_SCOPE).callback("oob") .signatureType(SignatureType.QueryString).debug().build(); OAuthRequest req = new OAuthRequest(Verb.GET, getApiBaseUrl() + OS_URL); Token accessToken = service.getAccessToken(new Token("", ""), new Verifier("")); service.signRequest(accessToken, req); Response response = req.send(); assertNotNull("Response should contain CORS-header", response.getHeaders().get("Access-Control-Allow-Origin")); assertTrue("CORS-header should be '*'", response.getHeaders().get("Access-Control-Allow-Origin").equals("*")); } }