Merge pull request #4318 from mhajas/KEYCLOAK-3297

KEYCLOAK-3297 Add test for Access-Control-Expose-Headers

testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/index.html

@@ -97,6 +97,7 @@
         </div>
 
     </div>
+    <div id="headers">{{headers}}</div>
 </div>
 </body>
 </html>

testsuite/integration-arquillian/test-apps/cors/angular-product/src/main/webapp/js/app.js

@@ -73,9 +73,9 @@ module.controller('GlobalCtrl', function($scope, $http) {
     $scope.realm = [];
     $scope.version = [];
     $scope.reloadData = function() {
-        $http.get(getAppServerUrl("localhost-db") + "/cors-database/products").success(function(data) {
+        $http.get(getAppServerUrl("localhost-db") + "/cors-database/products").success(function(data, status, headers, config) {
             $scope.products = angular.fromJson(data);
-
+            $scope.headers = headers();
         });
 
     };

testsuite/integration-arquillian/test-apps/cors/database-service/src/main/java/org/keycloak/example/oauth/ProductService.java

@@ -19,9 +19,11 @@ package org.keycloak.example.oauth;
 
 import org.jboss.resteasy.annotations.cache.NoCache;
 
+import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -31,6 +33,10 @@ import java.util.List;
  */
 @Path("products")
 public class ProductService {
+
+    @Context
+    private HttpServletResponse response;
+
     @GET
     @Produces("application/json")
     @NoCache
@@ -39,6 +45,8 @@ public class ProductService {
         rtn.add("iphone");
         rtn.add("ipad");
         rtn.add("ipod");
+
+        response.addHeader("X-Custom1", "some-value");
         return rtn;
     }
 }

testsuite/integration-arquillian/test-apps/cors/database-service/src/main/webapp/WEB-INF/keycloak.json

@@ -5,5 +5,6 @@
   "auth-server-url": "http://localhost-auth:8180/auth",
   "bearer-only" : true,
   "ssl-required": "external",
-  "enable-cors": true
+  "enable-cors": true,
+  "cors-exposed-headers": "X-Custom1"
 }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/AngularCorsProductTestApp.java

@@ -66,6 +66,8 @@ public class AngularCorsProductTestApp extends AbstractPageWithInjectedUrl {
 
     @FindBy(id = "output")
     private WebElement outputArea;
+    @FindBy(id = "headers")
+    private WebElement headers;
 
     public void reloadData() {
         reloadDataButton.click();
@@ -99,5 +101,9 @@ public class AngularCorsProductTestApp extends AbstractPageWithInjectedUrl {
         return outputArea;
     }
 
+    public WebElement getHeaders() {
+        return headers;
+    }
+
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/cors/AbstractCorsExampleAdapterTest.java

@@ -94,6 +94,7 @@ public abstract class AbstractCorsExampleAdapterTest extends AbstractExampleAdap
         waitUntilElement(angularCorsProductPage.getOutput()).text().contains("iphone");
         waitUntilElement(angularCorsProductPage.getOutput()).text().contains("ipad");
         waitUntilElement(angularCorsProductPage.getOutput()).text().contains("ipod");
+        waitUntilElement(angularCorsProductPage.getHeaders()).text().contains("\"x-custom1\":\"some-value\"");
 
         angularCorsProductPage.loadRoles();
         waitUntilElement(angularCorsProductPage.getOutput()).text().contains("user");