1 package it.com.atlassian.rest.header;
2
3 import com.atlassian.plugins.rest.common.security.jersey.AntiSniffingResponseFilter;
4 import com.atlassian.rest.jersey.client.WebResourceFactory;
5 import com.sun.jersey.api.client.ClientResponse;
6 import com.sun.jersey.api.client.WebResource;
7 import org.junit.Before;
8 import org.junit.Test;
9
10 import javax.ws.rs.core.Response;
11
12 import static org.junit.Assert.assertEquals;
13
14 public class AntiSniffingHeaderTest {
15
16 private WebResource authenticatedWebResource;
17 private WebResource anonymousWebResource;
18
19 @Before
20 public void setUp() {
21 authenticatedWebResource = WebResourceFactory.authenticated();
22 anonymousWebResource = WebResourceFactory.anonymous();
23 }
24
25 protected void assertResponseContainsAntiSniffHeader(ClientResponse response) {
26 assertEquals("nosniff", response.getHeaders().getFirst(
27 AntiSniffingResponseFilter.ANTI_SNIFFING_HEADER_NAME));
28 }
29
30 @Test
31 public void testAnonymousRestResponseContainsAntiSniffingHeader() {
32 assertResponseContainsAntiSniffHeader(anonymousWebResource.path(
33 "projects").get(ClientResponse.class));
34 }
35
36 @Test
37 public void testAuthenticatedRestResponseContainsAntiSniffingHeader() {
38 assertResponseContainsAntiSniffHeader(authenticatedWebResource.path(
39 "projects").get(ClientResponse.class));
40 }
41
42 @Test
43 public void testErrorPageRestResponseContainsAntiSniffingHeader() {
44 ClientResponse clientResponse = anonymousWebResource.path(
45 "somepaththatdoesntexist").get(ClientResponse.class);
46 assertResponseContainsAntiSniffHeader(clientResponse);
47 assertEquals(Response.Status.NOT_FOUND.getStatusCode(),
48 clientResponse.getStatus());
49 }
50 }