Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
mvn-jgitflow:merging 'feature/#306-sahi-header' into 'dev'
- Loading branch information
Showing
7 changed files
with
188 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
docs/manual/testdefinition/advanced-topics/sahi-authorization-header.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
|
||
:imagesdir: ../../../images | ||
|
||
[[sahi-authorization-headers]] | ||
===== Sahi removes authorization headers | ||
[#git-edit-section] | ||
:page-path: docs/manual/testdefinition/advanced-topics/sahi-authorization-header.adoc | ||
git-link:{page-path}{git-view} | git-link:{page-path}{git-edit} | ||
|
||
Due to issue https://github.com/ConSol/sakuli/issues/306[Disable Sahi proxy method which remove the authorization header (e.g. Bearer Token) #306] Sahi OS have currently some problems with handling authorization tokens like Bearer Token correctly. This has been also discussed at https://community.sahipro.com/forums/discussion/3941/authorization-header-getting-stripped-out[Sahi Community - Authorization header getting stripped out] and is a Problem of Sahi OS. | ||
|
||
This behavior is not wanted, so the Sakuli team developed a solution which manipulates Sahi by some https://docs.spring.io/spring/docs/4.3.x/spring-framework-reference/html/aop.html[Spring AOP Advice], for some details take look at https://github.com/ConSol/sakuli/blob/feature/%23306-sahi-header/src/core/src/main/java/org/sakuli/aop/SahiHeaderAspect.java#L59[Sahi Header Aspect] | ||
|
||
By default nothing have been changed to avoid unexpected impact to other parts of Sahi OS. To skip the execution of the Sahi action which removes the authorization header , see https://github.com/kevlened/Sahi/blob/744f77462badeb3deddce93ddf6374773f70833f/sahi/src/net/sf/sahi/request/HttpRequest.java#L272[`HttpRequest.removeHeader("Authorization")`], set the following <<property loading mechanism,property>> to `false`: | ||
|
||
sahi.proxy.removeAuthorizationHeader.enabled=false | ||
|
||
|
||
For more details see issue https://github.com/ConSol/sakuli/issues/306[#306]. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 70 additions & 0 deletions
70
src/core/src/main/java/org/sakuli/aop/SahiHeaderAspect.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
/* | ||
* Sakuli - Testing and Monitoring-Tool for Websites and common UIs. | ||
* | ||
* Copyright 2013 - 2015 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.sakuli.aop; | ||
|
||
import org.aspectj.lang.ProceedingJoinPoint; | ||
import org.aspectj.lang.annotation.Around; | ||
import org.aspectj.lang.annotation.Aspect; | ||
import org.sakuli.datamodel.properties.SahiProxyProperties; | ||
import org.sakuli.loader.BeanLoader; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.stereotype.Component; | ||
|
||
import static java.lang.Boolean.FALSE; | ||
|
||
/** | ||
* Aspect for the External Sahi Library {@link net.sf.sahi} | ||
* | ||
* @author tschneck Date: 17.10.13 | ||
*/ | ||
@Aspect | ||
@Component | ||
public class SahiHeaderAspect extends BaseSakuliAspect { | ||
|
||
private final static Logger LOGGER = LoggerFactory.getLogger(SahiHeaderAspect.class); | ||
private static Boolean removeAuthorizationHeader; | ||
|
||
public static boolean getRemoveAuthorizationHeader() { | ||
if (removeAuthorizationHeader == null) { | ||
removeAuthorizationHeader = BeanLoader.loadBaseActionLoader().getSahiProxyProperties().getRemoveAuthorizationHeader(); | ||
if (FALSE.equals(removeAuthorizationHeader)) | ||
LOGGER.info("{}={}: SAHI remove Header 'Authorization' is DISABLED! ", SahiProxyProperties.REMOVE_AUTHORIZATION_HEADER, removeAuthorizationHeader); | ||
} | ||
return removeAuthorizationHeader; | ||
} | ||
|
||
/** | ||
* Aspect to skip the execution of the action {@link net.sf.sahi.request.HttpRequest#removeHeader(String) } functionality for the headerString "Authorization" | ||
* | ||
* @param joinPoint injected joinPoint of the execution | ||
* @param headerString will called with different header values from Sahi | ||
*/ | ||
@Around("execution(* net.sf.sahi.StreamHandler.removeHeader(..)) && args(headerString)") | ||
public void aroundSahiRemoveHeaders(ProceedingJoinPoint joinPoint, String headerString) throws Throwable { | ||
if (FALSE.equals(getRemoveAuthorizationHeader()) && "Authorization".equals(headerString)) { | ||
LOGGER.debug("SAHI skip remove Header '{}'", headerString); | ||
//skip execution of method | ||
return; | ||
} | ||
joinPoint.proceed(); | ||
} | ||
|
||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
72 changes: 72 additions & 0 deletions
72
src/core/src/test/java/org/sakuli/aop/SahiHeaderAspectTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
/* | ||
* Sakuli - Testing and Monitoring-Tool for Websites and common UIs. | ||
* | ||
* Copyright 2013 - 2016 the original author or authors. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.sakuli.aop; | ||
|
||
import net.sf.sahi.request.HttpRequest; | ||
import org.sakuli.datamodel.actions.LogLevel; | ||
import org.sakuli.loader.BeanLoader; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.test.util.ReflectionTestUtils; | ||
import org.testng.annotations.BeforeMethod; | ||
import org.testng.annotations.Test; | ||
|
||
import java.io.ByteArrayInputStream; | ||
import java.io.InputStream; | ||
|
||
/** | ||
* Test for {@link SahiHeaderAspect} | ||
* | ||
* @author tschneck | ||
* Date: 2/25/16 | ||
*/ | ||
public class SahiHeaderAspectTest extends AopBaseTest { | ||
|
||
private final static Logger LOGGER = LoggerFactory.getLogger(SahiHeaderAspect.class); | ||
private HttpRequest testling; | ||
|
||
@BeforeMethod | ||
@Override | ||
public void setUp() throws Exception { | ||
super.setUp(); | ||
initMocks(); | ||
InputStream input = new ByteArrayInputStream(new byte[]{}); | ||
testling = new HttpRequest(input); | ||
} | ||
|
||
@Test | ||
public void testRemoveHeaderDisabeld() throws Exception { | ||
final SahiHeaderAspect sahiHeaderAspect = BeanLoader.loadBean(SahiHeaderAspect.class); | ||
ReflectionTestUtils.setField(sahiHeaderAspect, "removeAuthorizationHeader", false); | ||
LOGGER.debug("SAHI this is not the correct line!"); | ||
testling.removeHeader("Authorization"); | ||
assertLastLine(logFile, "SAHI", LogLevel.DEBUG, "SAHI skip remove Header 'Authorization'"); | ||
} | ||
|
||
@Test | ||
public void testRemoveHeaderNotModiefied() throws Exception { | ||
final SahiHeaderAspect sahiHeaderAspect = BeanLoader.loadBean(SahiHeaderAspect.class); | ||
ReflectionTestUtils.setField(sahiHeaderAspect, "removeAuthorizationHeader", true); | ||
final String controllMessage = "SAHI this is the expected line!"; | ||
LOGGER.debug(controllMessage); | ||
testling.removeHeader("Authorization"); | ||
assertLastLine(logFile, "SAHI", LogLevel.DEBUG, controllMessage); | ||
} | ||
|
||
} |