Added SslFilterTest

Naming of variables
apache · fpapon · Aug 21, 2020 · Jan 10, 2017 · Jan 15, 2017 · Jan 15, 2017
commit 47434364e53039d2b1a256644d978d32cb66f2b3
diff --git a/web/src/main/java/org/apache/shiro/web/filter/authz/SslFilter.java b/web/src/main/java/org/apache/shiro/web/filter/authz/SslFilter.java
@@ -36,7 +36,11 @@
  * will prevent <b>any</b> communications from being sent over HTTP to the 
  * specified domain and will instead send all communications over HTTPS.
  * </p>
- * <b>Warning:</b> Use this setting only if you plan to enable SSL on every path.
+ * The {@link #getMaxAge() maxAge} property defaults {@code 31536000}, and 
+ * {@link #isIncludeSubDomains includeSubDomains} is {@code false}.
+ * </p>
+ * <b>Warning:</b> Use this setting with care and only if you plan to enable 
+ * SSL on every path.
  * </p>
  * Example configs:
  * <pre>
@@ -100,31 +104,44 @@ protected boolean isAccessAllowed(ServletRequest request, ServletResponse respon
         return super.isAccessAllowed(request, response, mappedValue) && request.isSecure();
     }
 
+    /**
+     * If HTTP Strict Transport Security (HSTS) is enabled the HTTP header
+     * will be written, otherwise this method does nothing.
+     * @param request the incoming {@code ServletRequest}
+     * @param response the outgoing {@code ServletResponse}
+     */
     @Override
-    protected void postHandle(ServletRequest request, ServletResponse response) throws Exception {
+    protected void postHandle(ServletRequest request, ServletResponse response)  {
         if (hsts.enabled) {
-            StringBuilder directives = new StringBuilder(64);
-            directives.append("max-age=").append(hsts.getMaxAge());
+            StringBuilder directives = new StringBuilder(64)
+                    .append("max-age=").append(hsts.getMaxAge());
+
             if (hsts.includeSubDomains) {
                 directives.append("; includeSubDomains");
             }
+
             HttpServletResponse resp = (HttpServletResponse) response;
-            resp.addHeader("Strict-Transport-Security", directives.toString());
+            resp.addHeader(HSTS.HTTP_HEADER, directives.toString());
         }
     }
 
+    /**
+     * Helper class for HTTP Strict Transport Security (HSTS)
+     */
     public class HSTS {
 
-        static final boolean DEFAULT_ENABLED = false;
-        public static final int DEFAULT_EXPIRE_TIME = 31536000; // approx. one year in seconds
+        public static final boolean DEFAULT_ENABLED = false;
+        public static final int DEFAULT_MAX_AGE = 31536000; // approx. one year in seconds
         public static final boolean DEFAULT_INCLUDE_SUB_DOMAINS = false;
 
+        public static final String HTTP_HEADER = "Strict-Transport-Security";
+
         private boolean enabled;
         private int maxAge;
         private boolean includeSubDomains;
 
         public HSTS() {
-            this.maxAge = DEFAULT_EXPIRE_TIME;
+            this.maxAge = DEFAULT_MAX_AGE;
             this.includeSubDomains = DEFAULT_INCLUDE_SUB_DOMAINS;
         }
 
@@ -151,6 +168,5 @@ public boolean isIncludeSubDomains() {
         public void setIncludeSubDomains(boolean includeSubDomains) {
             this.includeSubDomains = includeSubDomains;
         }
-
     }
 }
diff --git a/web/src/test/java/org/apache/shiro/web/filter/authz/SslFilterTest.java b/web/src/test/java/org/apache/shiro/web/filter/authz/SslFilterTest.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.web.filter.authz;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.junit.Test;
+
+import static org.apache.shiro.web.filter.authz.SslFilter.HSTS.*;
+import static org.easymock.EasyMock.*;
+import static org.junit.Assert.*;
+
+public class SslFilterTest {
+
+    @Test
+    public void testDisabledByDefault() {
+        HttpServletRequest request = createNiceMock(HttpServletRequest.class);
+        HttpServletResponse response = createNiceMock(HttpServletResponse.class);
+
+        SslFilter sslFilter = new SslFilter();
+
+        sslFilter.postHandle(request, response);
+        assertNull(response.getHeader(HTTP_HEADER));
+    }
+
+    @Test
+    public void testDefaultValues() {
+        HttpServletRequest request = createNiceMock(HttpServletRequest.class);
+        HttpServletResponse response = createNiceMock(HttpServletResponse.class);
+
+//        String expected = new StringBuilder()
+//                .append(HTTP_HEADER)
+//                .append(": ")
+//                .append("max-age=")
+//                .append(DEFAULT_MAX_AGE)
+//                .toString();
+//        expect(response.addHeader(expected, expected))
+//                .andReturn(expected)
+//                .anyTimes();
+        replay(response);
+//        
+        SslFilter sslFilter = new SslFilter();
+        sslFilter.getHsts().setEnabled(true);
+
+        sslFilter.postHandle(request, response);
+
+        //assertEquals(expected, response.getHeader(HTTP_HEADER));
+    }
+
+}