alvinalexander.com | career | drupal | java | mac | mysql | perl | scala | uml | unix  

Play Framework/Scala example source code file (SecureFlagSpec.scala)

This example Play Framework source code file (SecureFlagSpec.scala) is included in my "Source Code Warehouse" project. The intent of this project is to help you more easily find Play Framework (and Scala) source code examples by using tags.

All credit for the original source code belongs to Play Framework; I'm just trying to make examples easier to find. (For my Scala work, see my Scala examples and tutorials.)

Play Framework tags/keywords

api, array, basicrequest, get, io, left, map, mvc, none, option, play, play framework, some, string, test, x_forwarded_proto

The SecureFlagSpec.scala Play Framework example source code

/*
 * Copyright (C) 2009-2013 Typesafe Inc. <http://www.typesafe.com>
 */
package play.it.http

import play.api.mvc._
import play.api.test._
import play.api.test.TestServer
import java.io.{File, InputStream}
import javax.net.ssl.{SSLContext, HttpsURLConnection, X509TrustManager}
import java.security.cert.X509Certificate
import scala.io.Source
import java.net.URL

/**
 * Specs for the "secure" flag on requests
 */
object SecureFlagSpec extends PlaySpecification {

  sequential

  /** An action whose result is just "true" or "false" depending on the value of result.secure */
  val secureFlagAction = Action {
    request => Results.Ok(request.secure.toString)
  }

  // this step seems necessary to allow the generated keystore to be written
  new File("conf").mkdir()

  def withServer[T](action: EssentialAction, sslPort: Option[Int] = None)(block: Port => T) = {
    val port = testServerPort
    running(TestServer(port, sslPort = sslPort, application = FakeApplication(
      withRoutes = {
        case _ => action
      }
    ))) {
      block(port)
    }
  }

  "Play https server" should {

  val sslPort = 19943

    "show that requests are secure in the absence of X_FORWARDED_PROTO" in withServer(secureFlagAction, Some(sslPort)) { _ =>
      val conn = createConn(sslPort)
      Source.fromInputStream(conn.getContent.asInstanceOf[InputStream]).getLines().next must_== "true"
    }
    "show that requests are secure in the absence of X_FORWARDED_PROTO" in withServer(secureFlagAction, Some(sslPort)) { _ =>
      val conn = createConn(sslPort)
      Source.fromInputStream(conn.getContent.asInstanceOf[InputStream]).getLines().next must_== "true"
    }
    "show that requests are secure if X_FORWARDED_PROTO is https" in withServer(secureFlagAction, Some(sslPort)) { _ =>
      val conn = createConn(sslPort, Some("https"))
      Source.fromInputStream(conn.getContent.asInstanceOf[InputStream]).getLines().next must_== "true"
    }
    "not show that requests are secure if X_FORWARDED_PROTO is http" in withServer(secureFlagAction, Some(sslPort)) { _ =>
      val conn = createConn(sslPort, Some("http"))
      Source.fromInputStream(conn.getContent.asInstanceOf[InputStream]).getLines().next must_== "false"
    }
  }

  "Play http server" should {
    "not show that requests are secure in the absence of X_FORWARDED_PROTO" in withServer(secureFlagAction) { port =>
      val responses = BasicHttpClient.makeRequests(port)(
        BasicRequest("GET", "/", "HTTP/1.1", Map(), "foo")
      )
      responses.length must_== 1
      responses(0).body must_== Left("false")
    }
    "show that requests are secure if X_FORWARDED_PROTO is https" in withServer(secureFlagAction) { port =>
      val responses = BasicHttpClient.makeRequests(port)(
        BasicRequest("GET", "/", "HTTP/1.1", Map((X_FORWARDED_PROTO, "https")), "foo")
      )
      responses.length must_== 1
      responses(0).body must_== Left("true")
    }
    "not show that requests are secure if X_FORWARDED_PROTO is http" in withServer(secureFlagAction) { port =>
      val responses = BasicHttpClient.makeRequests(port)(
        BasicRequest("GET", "/", "HTTP/1.1", Map((X_FORWARDED_PROTO, "http")), "foo")
      )
      responses.length must_== 1
      responses(0).body must_== Left("false")
    }
  }

  // the following are adapted from SslSpec

  def createConn(sslPort: Int, forwardedProto: Option[String] = None) = {
    val conn = new URL("https://localhost:" + sslPort + "/").openConnection().asInstanceOf[HttpsURLConnection]
    forwardedProto.foreach(proto => conn.setRequestProperty(X_FORWARDED_PROTO, proto))
    conn.setSSLSocketFactory(sslFactory)
    conn
  }

  def sslFactory = {
    val ctx = SSLContext.getInstance("TLS")
    ctx.init(null, Array(MockTrustManager()), null)
    ctx.getSocketFactory
  }

  case class MockTrustManager() extends X509TrustManager {
    val nullArray = Array[X509Certificate]()

    def checkClientTrusted(x509Certificates: Array[X509Certificate], s: String) {}

    def checkServerTrusted(x509Certificates: Array[X509Certificate], s: String) {}

    def getAcceptedIssuers = nullArray
  }

}

Other Play Framework source code examples

Here is a short list of links related to this Play Framework SecureFlagSpec.scala source code file:
... this post is sponsored by my books ...

#1 New Release!
FP Best Seller

 

new blog posts

 

Copyright 1998-2021 Alvin Alexander, alvinalexander.com
All Rights Reserved.

A percentage of advertising revenue from
pages under the /java/jwarehouse URI on this website is
paid back to open source projects.