Skip to content

Commit ca97184

Browse files
mscibiliamscibilia
committed
refactor: Removed hard-coding of h2 console path and used H2ConsoleProperties instead.
1 parent 77d625e commit ca97184

File tree

4 files changed

+89
-31
lines changed

4 files changed

+89
-31
lines changed

src/main/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriter.java

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -46,9 +46,6 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
4646

4747
private static final String ADD_IMAGE_PAGE_PATTERN = "/series/(add|\\d+|\\d+/(ask|image))";
4848

49-
// see also spring.h2.console.path in application-test.properties and SecurityConfig
50-
private static final String H2_CONSOLE_PATTERN = "/console/";
51-
5249
// default policy prevents loading resources from any source
5350
private static final String DEFAULT_SRC = "default-src 'none'";
5451

@@ -156,6 +153,8 @@ class ContentSecurityPolicyHeaderWriter implements HeaderWriter {
156153
private final boolean useSingleHost;
157154
private final boolean hasH2Console;
158155
private final String host;
156+
private final String h2ConsolePath;
157+
159158

160159
@Override
161160
public void writeHeaders(HttpServletRequest request, HttpServletResponse response) {
@@ -168,7 +167,7 @@ public void writeHeaders(HttpServletRequest request, HttpServletResponse respons
168167
protected String constructDirectives(String uri) {
169168
boolean onCollectionInfoPage = uri.startsWith(COLLECTION_INFO_PAGE_PATTERN);
170169
boolean onAddSeriesPage = uri.equals(SeriesUrl.ADD_SERIES_PAGE);
171-
boolean onH2ConsolePage = hasH2Console && uri.startsWith(H2_CONSOLE_PATTERN);
170+
boolean onH2ConsolePage = hasH2Console && uri.startsWith(h2ConsolePath);
172171

173172
StringBuilder sb = new StringBuilder();
174173

src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@
1919

2020
import org.springframework.beans.factory.annotation.Autowired;
2121
import org.springframework.beans.factory.annotation.Qualifier;
22+
import org.springframework.boot.autoconfigure.h2.H2ConsoleProperties;
2223
import org.springframework.boot.web.servlet.FilterRegistrationBean;
2324
import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
2425
import org.springframework.context.ApplicationListener;
@@ -72,6 +73,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
7273
@Autowired
7374
private SiteService siteService;
7475

76+
@Autowired
77+
private H2ConsoleProperties h2ConsoleProperties;
78+
7579
@Override
7680
@SuppressWarnings("PMD.SignatureDeclareThrowsException")
7781
public void configure(WebSecurity web) throws Exception {
@@ -90,7 +94,7 @@ protected void configure(HttpSecurity http) throws Exception {
9094
String hostname = usePublicHostname ? SiteUrl.PUBLIC_URL : SiteUrl.SITE;
9195

9296
ContentSecurityPolicyHeaderWriter cspWriter =
93-
new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hasH2Console, hostname);
97+
new ContentSecurityPolicyHeaderWriter(useCdn, useSingleHost, hasH2Console, hostname, h2ConsoleProperties.getPath());
9498

9599
http
96100
.authorizeRequests()
@@ -141,7 +145,7 @@ protected void configure(HttpSecurity http) throws Exception {
141145
// Allow unsecured requests to H2 consoles.
142146
// See also spring.h2.console.path in application-test.properties and
143147
// ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN
144-
.ignoringAntMatchers("/console/**", SiteUrl.CSP_REPORTS_HANDLER)
148+
.ignoringAntMatchers(h2ConsoleProperties.getPath() + "/**", SiteUrl.CSP_REPORTS_HANDLER)
145149
.and()
146150
.rememberMe()
147151
// FIXME: GH #27

src/main/resources/application-test.properties

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ spring.datasource.driver-class-name: org.h2.Driver
77
spring.datasource.initialization-mode: NEVER
88

99
spring.h2.console.enabled: true
10-
# see also SecurityConfig and ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN
10+
# see also SecurityConfig
1111
spring.h2.console.path: /console
1212

1313
# required for using /console with CSP because we have many hashes as a workaround

src/test/java/ru/mystamps/web/support/spring/security/ContentSecurityPolicyHeaderWriterTest.java

Lines changed: 79 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,8 @@ public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
3838
private static final int NUMBER_OF_DIRECTIVES_ON_ADD_SERIES_PAGE = 7;
3939
private static final int NUMBER_OF_DIRECTIVES_ON_INFO_SERIES_PAGE = 7;
4040
private static final int NUMBER_OF_DIRECTIVES_ON_H2_CONSOLE_PAGE = 7;
41-
41+
private static final String H2_CONSOLE_PATH = "/console/";
42+
4243
@Rule
4344
public TogglzRule togglz = TogglzRule.allEnabled(Features.class);
4445

@@ -49,8 +50,13 @@ public class ContentSecurityPolicyHeaderWriterTest implements WithAssertions {
4950
@Test
5051
public void writeContentSecurityPolicyHeader() {
5152
// given
52-
ContentSecurityPolicyHeaderWriter writer =
53-
new ContentSecurityPolicyHeaderWriter(bool(), bool(), bool(), Random.host());
53+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
54+
bool(),
55+
bool(),
56+
bool(),
57+
Random.host(),
58+
H2_CONSOLE_PATH
59+
);
5460
HttpServletRequest request = new MockHttpServletRequest();
5561
HttpServletResponse response = new MockHttpServletResponse();
5662

@@ -76,8 +82,12 @@ public void writeContentSecurityPolicyHeader() {
7682

7783
@Test
7884
public void onIndexPageWithLocalResources() {
79-
ContentSecurityPolicyHeaderWriter writer =
80-
new ContentSecurityPolicyHeaderWriter(false, true, bool(), SiteUrl.SITE);
85+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
86+
false,
87+
true,
88+
bool(),
89+
SiteUrl.SITE, H2_CONSOLE_PATH
90+
);
8191
String[] directives = writer.constructDirectives("/").split(";");
8292

8393
assertThat(directives)
@@ -91,11 +101,16 @@ public void onIndexPageWithLocalResources() {
91101
)
92102
.hasSize(NUMBER_OF_DIRECTIVES_ON_STANDARD_PAGES);
93103
}
94-
104+
95105
@Test
96106
public void onIndexPageWithResourcesFromCdn() {
97-
ContentSecurityPolicyHeaderWriter writer
98-
= new ContentSecurityPolicyHeaderWriter(true, false, bool(), SiteUrl.PUBLIC_URL);
107+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
108+
true,
109+
false,
110+
bool(),
111+
SiteUrl.PUBLIC_URL,
112+
H2_CONSOLE_PATH
113+
);
99114
String[] directives = writer.constructDirectives("/").split(";");
100115

101116
assertThat(directives)
@@ -125,8 +140,13 @@ public void onIndexPageWithResourcesFromCdn() {
125140

126141
@Test
127142
public void onCollectionInfoPageWithLocalResources() {
128-
ContentSecurityPolicyHeaderWriter writer =
129-
new ContentSecurityPolicyHeaderWriter(false, true, bool(), Random.host());
143+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
144+
false,
145+
true,
146+
bool(),
147+
Random.host(),
148+
H2_CONSOLE_PATH
149+
);
130150
String[] directives = writer.constructDirectives("/collection/user").split(";");
131151

132152
// test only the directives that differ from the index page
@@ -152,8 +172,13 @@ public void onCollectionInfoPageWithLocalResources() {
152172

153173
@Test
154174
public void onCollectionInfoPageWithResourcesFromCdn() {
155-
ContentSecurityPolicyHeaderWriter writer =
156-
new ContentSecurityPolicyHeaderWriter(true, false, bool(), Random.host());
175+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
176+
true,
177+
false,
178+
bool(),
179+
Random.host(),
180+
H2_CONSOLE_PATH
181+
);
157182
String[] directives = writer.constructDirectives("/collection/user").split(";");
158183

159184
// test only the directives that differ from the index page
@@ -182,8 +207,13 @@ public void onCollectionInfoPageWithResourcesFromCdn() {
182207

183208
@Test
184209
public void onSeriesAddImagePageWithLocalResources() {
185-
ContentSecurityPolicyHeaderWriter writer =
186-
new ContentSecurityPolicyHeaderWriter(false, true, bool(), Random.host());
210+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
211+
false,
212+
true,
213+
bool(),
214+
Random.host(),
215+
H2_CONSOLE_PATH
216+
);
187217

188218
for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
189219
String[] directives = writer.constructDirectives(page).split(";");
@@ -205,8 +235,13 @@ public void onSeriesAddImagePageWithLocalResources() {
205235

206236
@Test
207237
public void onSeriesAddImagePageWithResourcesFromCdn() {
208-
ContentSecurityPolicyHeaderWriter writer =
209-
new ContentSecurityPolicyHeaderWriter(true, false, bool(), Random.host());
238+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
239+
true,
240+
false,
241+
bool(),
242+
Random.host(),
243+
H2_CONSOLE_PATH
244+
);
210245

211246
for (String page : new String[]{"/series/11", "/series/12/ask", "/series/13/image"}) {
212247
String[] directives = writer.constructDirectives(page).split(";");
@@ -238,8 +273,13 @@ public void onSeriesAddImagePageWithResourcesFromCdn() {
238273

239274
@Test
240275
public void onSeriesAddPageWithLocalResources() {
241-
ContentSecurityPolicyHeaderWriter writer =
242-
new ContentSecurityPolicyHeaderWriter(false, true, bool(), Random.host());
276+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
277+
false,
278+
true,
279+
bool(),
280+
Random.host(),
281+
H2_CONSOLE_PATH
282+
);
243283
String[] directives = writer.constructDirectives("/series/add").split(";");
244284

245285
// test only the directives that differ from the index page
@@ -266,8 +306,13 @@ public void onSeriesAddPageWithLocalResources() {
266306

267307
@Test
268308
public void onSeriesAddPageWithResourcesFromCdn() {
269-
ContentSecurityPolicyHeaderWriter writer =
270-
new ContentSecurityPolicyHeaderWriter(true, false, bool(), Random.host());
309+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
310+
true,
311+
false,
312+
bool(),
313+
Random.host(),
314+
H2_CONSOLE_PATH
315+
);
271316
String[] directives = writer.constructDirectives("/series/add").split(";");
272317

273318
// test only the directives that differ from the index page
@@ -297,8 +342,13 @@ public void onSeriesAddPageWithResourcesFromCdn() {
297342

298343
@Test
299344
public void onH2ConsoleWithLocalResources() {
300-
ContentSecurityPolicyHeaderWriter writer =
301-
new ContentSecurityPolicyHeaderWriter(false, true, true, Random.host());
345+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
346+
false,
347+
true,
348+
true,
349+
Random.host(),
350+
H2_CONSOLE_PATH
351+
);
302352
String[] directives = writer.constructDirectives("/console/").split(";");
303353

304354
// test only the directives that are differ from the index page
@@ -325,8 +375,13 @@ public void onH2ConsoleWithLocalResources() {
325375

326376
@Test
327377
public void onH2ConsoleWithResourcesFromCdn() {
328-
ContentSecurityPolicyHeaderWriter writer =
329-
new ContentSecurityPolicyHeaderWriter(true, false, false, Random.host());
378+
ContentSecurityPolicyHeaderWriter writer = new ContentSecurityPolicyHeaderWriter(
379+
true,
380+
false,
381+
false,
382+
Random.host(),
383+
H2_CONSOLE_PATH
384+
);
330385
String[] directives = writer.constructDirectives("/console/").split(";");
331386

332387
assertThat(directives)

0 commit comments

Comments
 (0)