spring-projects#249 - Add example for Spring Data REST Cross-origin r…

…esource sharing.
wfm0105 · Jan 27, 2017 · 605b90d · 605b90d
1 parent 319d3e1
commit 605b90d
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 0 deletions.
diff --git a/rest/headers/README.adoc b/rest/headers/README.adoc
@@ -38,6 +38,26 @@ HTTP/1.1 304 Not Modified
 ----
 ====
 
+== Cross-Origin Resource Sharing
+
+Client-side JavaScript that issue cross-origin requests require the server to evaluate cross-origin requests and respond appropriately.
+
+.Cross-Origin Request
+====
+[source,bash]
+----
+$ curl 'http://localhost:8080/customers/' -i -H 'Origin: http://localhost'
+----
+
+[source,http]
+----
+HTTP/1.1 200 OK
+Access-Control-Allow-Origin: http://localhost
+Vary: Origin
+Access-Control-Allow-Credentials: true
+----
+====
+
 == Spring RESTDocs
 
 The sample uses https://github.com/wilkinsona/spring-restdocs[Spring RESTDocs] to document the HTTP interaction implemented using the test cases. See `WebIntegrationTests.setUp()` for general setup and the individual test methods with their usage of `….andDo(document(…))`.
diff --git a/rest/headers/src/main/java/example/springdata/rest/headers/CustomerRepository.java b/rest/headers/src/main/java/example/springdata/rest/headers/CustomerRepository.java
@@ -16,11 +16,14 @@
 package example.springdata.rest.headers;
 
 import org.springframework.data.repository.CrudRepository;
+import org.springframework.web.bind.annotation.CrossOrigin;
 
 /**
  * Spring Data repository interface to manage {@link Customer} instances.
  * 
  * @author Oliver Gierke
+ * @author Mark Paluch
  * @soundtrack The Intersphere - Out of phase (Live at Alte Feuerwache Mannheim)
  */
+@CrossOrigin
 public interface CustomerRepository extends CrudRepository<Customer, Long> {}
diff --git a/rest/headers/src/test/java/example/springdata/rest/headers/CrossOriginIntegrationTests.java b/rest/headers/src/test/java/example/springdata/rest/headers/CrossOriginIntegrationTests.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2017 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package example.springdata.rest.headers;
+
+import static org.hamcrest.CoreMatchers.*;
+import static org.springframework.http.HttpHeaders.*;
+import static org.springframework.restdocs.RestDocumentation.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
+
+import java.net.URI;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.restdocs.config.RestDocumentationConfigurer;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+/**
+ * Integration test for Cross-origin resource sharing.
+ *
+ * @author Mark Paluch
+ */
+@RunWith(SpringRunner.class)
+@SpringBootTest
+public class CrossOriginIntegrationTests {
+
+	@Autowired WebApplicationContext context;
+	@Autowired CustomerRepository customers;
+
+	MockMvc mvc;
+
+	@Before
+	public void setUp() {
+
+		this.mvc = MockMvcBuilders.webAppContextSetup(context).//
+				apply(new RestDocumentationConfigurer()).//
+				build();
+	}
+
+	@Test
+	public void executeCrossOriginRequest() throws Exception {
+
+		String origin = "http://localhost";
+		URI uri = URI.create("/customers");
+
+		MockHttpServletResponse response = mvc.perform(get(uri).header(ORIGIN, origin)).//
+				andExpect(header().string(ACCESS_CONTROL_ALLOW_CREDENTIALS, is("true"))).//
+				andExpect(header().string(ACCESS_CONTROL_ALLOW_ORIGIN, is(origin))).//
+				andDo(document("cors")).//
+				andReturn().getResponse();
+	}
+}