added tests

Author: dschadow

security-header/pom.xml

@@ -26,6 +26,16 @@
             <groupId>com.google.code.gson</groupId>
             <artifactId>gson</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>

security-header/src/test/java/de/dominikschadow/javasecurity/header/filter/CSP2FilterTest.java

@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2026 Dominik Schadow, dominikschadow@gmail.com
+ *
+ * This file is part of the Java Security project.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.dominikschadow.javasecurity.header.filter;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static org.mockito.Mockito.*;
+
+/**
+ * Tests for the CSP2Filter class.
+ *
+ * @author Dominik Schadow
+ */
+class CSP2FilterTest {
+    private CSP2Filter csp2Filter;
+
+    @Mock
+    private ServletRequest request;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private FilterChain filterChain;
+
+    @Mock
+    private FilterConfig filterConfig;
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.openMocks(this);
+        csp2Filter = new CSP2Filter();
+    }
+
+    @Test
+    void doFilter_setsContentSecurityPolicyHeader() throws Exception {
+        csp2Filter.doFilter(request, response, filterChain);
+
+        verify(response).setHeader("Content-Security-Policy", "default-src 'self'; frame-ancestors 'none'; reflected-xss block");
+    }
+
+    @Test
+    void doFilter_callsFilterChain() throws Exception {
+        csp2Filter.doFilter(request, response, filterChain);
+
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void doFilter_setsHeaderAndContinuesChain() throws Exception {
+        csp2Filter.doFilter(request, response, filterChain);
+
+        verify(response).setHeader("Content-Security-Policy", "default-src 'self'; frame-ancestors 'none'; reflected-xss block");
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void init_doesNotThrowException() {
+        csp2Filter.init(filterConfig);
+
+        verifyNoInteractions(filterConfig);
+    }
+
+    @Test
+    void destroy_doesNotThrowException() {
+        csp2Filter.destroy();
+    }
+}

security-header/src/test/java/de/dominikschadow/javasecurity/header/filter/CSPFilterTest.java

@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2026 Dominik Schadow, dominikschadow@gmail.com
+ *
+ * This file is part of the Java Security project.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.dominikschadow.javasecurity.header.filter;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static org.mockito.Mockito.*;
+
+/**
+ * Tests for the CSPFilter class.
+ *
+ * @author Dominik Schadow
+ */
+class CSPFilterTest {
+    private CSPFilter cspFilter;
+
+    @Mock
+    private ServletRequest request;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private FilterChain filterChain;
+
+    @Mock
+    private FilterConfig filterConfig;
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.openMocks(this);
+        cspFilter = new CSPFilter();
+    }
+
+    @Test
+    void doFilter_setsContentSecurityPolicyHeader() throws Exception {
+        cspFilter.doFilter(request, response, filterChain);
+
+        verify(response).setHeader("Content-Security-Policy", "default-src 'self'; report-uri CSPReporting");
+    }
+
+    @Test
+    void doFilter_callsFilterChain() throws Exception {
+        cspFilter.doFilter(request, response, filterChain);
+
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void doFilter_setsHeaderAndContinuesChain() throws Exception {
+        cspFilter.doFilter(request, response, filterChain);
+
+        verify(response).setHeader("Content-Security-Policy", "default-src 'self'; report-uri CSPReporting");
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void init_doesNotThrowException() {
+        cspFilter.init(filterConfig);
+
+        verifyNoInteractions(filterConfig);
+    }
+
+    @Test
+    void destroy_doesNotThrowException() {
+        cspFilter.destroy();
+    }
+}

security-header/src/test/java/de/dominikschadow/javasecurity/header/filter/CSPReportingFilterTest.java

@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2026 Dominik Schadow, dominikschadow@gmail.com
+ *
+ * This file is part of the Java Security project.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.dominikschadow.javasecurity.header.filter;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static org.mockito.Mockito.*;
+
+/**
+ * Tests for the CSPReportingFilter class.
+ *
+ * @author Dominik Schadow
+ */
+class CSPReportingFilterTest {
+    private CSPReportingFilter cspReportingFilter;
+
+    @Mock
+    private ServletRequest request;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private FilterChain filterChain;
+
+    @Mock
+    private FilterConfig filterConfig;
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.openMocks(this);
+        cspReportingFilter = new CSPReportingFilter();
+    }
+
+    @Test
+    void doFilter_setsContentSecurityPolicyReportOnlyHeader() throws Exception {
+        cspReportingFilter.doFilter(request, response, filterChain);
+
+        verify(response).setHeader("Content-Security-Policy-Report-Only", "default-src 'self'; report-uri CSPReporting");
+    }
+
+    @Test
+    void doFilter_callsFilterChain() throws Exception {
+        cspReportingFilter.doFilter(request, response, filterChain);
+
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void doFilter_setsHeaderAndContinuesChain() throws Exception {
+        cspReportingFilter.doFilter(request, response, filterChain);
+
+        verify(response).setHeader("Content-Security-Policy-Report-Only", "default-src 'self'; report-uri CSPReporting");
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void init_doesNotThrowException() {
+        cspReportingFilter.init(filterConfig);
+
+        verifyNoInteractions(filterConfig);
+    }
+
+    @Test
+    void destroy_doesNotThrowException() {
+        cspReportingFilter.destroy();
+    }
+}

security-header/src/test/java/de/dominikschadow/javasecurity/header/filter/CacheControlFilterTest.java

@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2026 Dominik Schadow, dominikschadow@gmail.com
+ *
+ * This file is part of the Java Security project.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.dominikschadow.javasecurity.header.filter;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.Mock;
+import org.mockito.MockitoAnnotations;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static org.mockito.Mockito.*;
+
+/**
+ * Tests for the CacheControlFilter class.
+ *
+ * @author Dominik Schadow
+ */
+class CacheControlFilterTest {
+    private CacheControlFilter cacheControlFilter;
+
+    @Mock
+    private ServletRequest request;
+
+    @Mock
+    private HttpServletResponse response;
+
+    @Mock
+    private FilterChain filterChain;
+
+    @Mock
+    private FilterConfig filterConfig;
+
+    @BeforeEach
+    void setUp() {
+        MockitoAnnotations.openMocks(this);
+        cacheControlFilter = new CacheControlFilter();
+    }
+
+    @Test
+    void doFilter_setsCacheControlHeader() throws Exception {
+        cacheControlFilter.doFilter(request, response, filterChain);
+
+        verify(response).addHeader("Cache-Control", "no-cache, must-revalidate, max-age=0, no-store");
+    }
+
+    @Test
+    void doFilter_setsExpiresHeader() throws Exception {
+        cacheControlFilter.doFilter(request, response, filterChain);
+
+        verify(response).addDateHeader("Expires", -1);
+    }
+
+    @Test
+    void doFilter_callsFilterChain() throws Exception {
+        cacheControlFilter.doFilter(request, response, filterChain);
+
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void doFilter_setsAllHeadersAndContinuesChain() throws Exception {
+        cacheControlFilter.doFilter(request, response, filterChain);
+
+        verify(response).addHeader("Cache-Control", "no-cache, must-revalidate, max-age=0, no-store");
+        verify(response).addDateHeader("Expires", -1);
+        verify(filterChain).doFilter(request, response);
+    }
+
+    @Test
+    void init_doesNotThrowException() {
+        cacheControlFilter.init(filterConfig);
+
+        verifyNoInteractions(filterConfig);
+    }
+
+    @Test
+    void destroy_doesNotThrowException() {
+        cacheControlFilter.destroy();
+    }
+}