Additional unit tests. Also added a configuration parameter to specify whether multiple Set-Cookie headers should be consolidated into a single header - RFC2109 is not support in all clients but API Gateway can only return a single header per key. These changes try to address concerns in issue #51

Author: sapessi

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/model/ContainerConfig.java

@@ -2,7 +2,7 @@
 
 
 /**
- * Configuration paramters used by the <code>RequestReader</code> and <code>ResponseWriter</code> objects.
+ * Configuration parameters for the framework
  */
 public class ContainerConfig {
     public static final String DEFAULT_URI_ENCODING = "UTF-8";
@@ -11,6 +11,7 @@ public static ContainerConfig defaultConfig() {
         ContainerConfig configuration = new ContainerConfig();
         configuration.setStripBasePath(false);
         configuration.setUriEncoding(DEFAULT_URI_ENCODING);
+        configuration.setConsolidateSetCookieHeaders(true);
 
         return configuration;
     }
@@ -22,6 +23,7 @@ public static ContainerConfig defaultConfig() {
     private String serviceBasePath;
     private boolean stripBasePath;
     private String uriEncoding;
+    private boolean consolidateSetCookieHeaders;
 
 
     //-------------------------------------------------------------
@@ -33,6 +35,11 @@ public String getServiceBasePath() {
     }
 
 
+    /**
+     * Configures a base path  that can be strippped from the request path before passing it to the frameowkr-specific implementation. This can be used to
+     * remove API Gateway's base path mappings from the request.
+     * @param serviceBasePath The base path mapping to be removed.
+     */
     public void setServiceBasePath(String serviceBasePath) {
         // clean up base path before setting it, we want a "/" at the beginning but not at the end.
         String finalBasePath = serviceBasePath;
@@ -51,6 +58,11 @@ public boolean isStripBasePath() {
     }
 
 
+    /**
+     * Whether this framework should strip the base path mapping specified with the {@link #setServiceBasePath(String)} method from a request before
+     * passing it to the framework-specific implementations
+     * @param stripBasePath
+     */
     public void setStripBasePath(boolean stripBasePath) {
         this.stripBasePath = stripBasePath;
     }
@@ -61,7 +73,30 @@ public String getUriEncoding() {
     }
 
 
+    /**
+     * Sets the charset used to URLEncode and Decode request paths.
+     * @param uriEncoding The charset. By default this is set to UTF-8
+     */
     public void setUriEncoding(String uriEncoding) {
         this.uriEncoding = uriEncoding;
     }
+
+
+    public boolean isConsolidateSetCookieHeaders() {
+        return consolidateSetCookieHeaders;
+    }
+
+
+    /**
+     * Tells the library to consolidate multiple Set-Cookie headers into a single Set-Cookie header with multiple, comma-separated values. This is allowed
+     * by the RFC 2109 (https://tools.ietf.org/html/rfc2109). However, since not all clients support this, we consider it optional. When this value is set
+     * to true the framework will consolidate all Set-Cookie headers into a single header, when it's set to false, the framework will only return the first
+     * Set-Cookie header specified in a response.
+     *
+     * Because API Gateway needs header keys to be unique, we give an option to configure this.
+     * @param consolidateSetCookieHeaders Whether to consolidate the cookie headers or not.
+     */
+    public void setConsolidateSetCookieHeaders(boolean consolidateSetCookieHeaders) {
+        this.consolidateSetCookieHeaders = consolidateSetCookieHeaders;
+    }
 }

aws-serverless-java-container-core/src/main/java/com/amazonaws/serverless/proxy/internal/servlet/AwsHttpServletResponse.java

@@ -12,6 +12,8 @@
  */
 package com.amazonaws.serverless.proxy.internal.servlet;
 
+import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -410,7 +412,22 @@ byte[] getAwsResponseBodyBytes() {
     Map<String, String> getAwsResponseHeaders() {
         Map<String, String> responseHeaders = new HashMap<>();
         for (String header : getHeaderNames()) {
-            responseHeaders.put(header, headers.getFirst(header));
+            // special behavior for set cookie
+            // RFC 2109 allows for a comma separated list of cookies in one Set-Cookie header: https://tools.ietf.org/html/rfc2109
+            if (header.equals(HttpHeaders.SET_COOKIE) && LambdaContainerHandler.getContainerConfig().isConsolidateSetCookieHeaders()) {
+                StringBuilder cookieHeader = new StringBuilder();
+                for (String cookieValue : headers.get(header)) {
+                    if (cookieHeader.length() > 0) {
+                        cookieHeader.append(",");
+                    }
+
+                    cookieHeader.append(" ").append(cookieValue);
+                }
+
+                responseHeaders.put(header, cookieHeader.toString());
+            } else {
+                responseHeaders.put(header, headers.getFirst(header));
+            }
         }
 
         return responseHeaders;

aws-serverless-java-container-jersey/src/main/java/com/amazonaws/serverless/proxy/jersey/JerseyResponseWriter.java

@@ -13,10 +13,14 @@
 package com.amazonaws.serverless.proxy.jersey;
 
 
+import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
+
 import org.glassfish.jersey.server.ContainerException;
 import org.glassfish.jersey.server.ContainerResponse;
 import org.glassfish.jersey.server.spi.ContainerResponseWriter;
 
+import javax.ws.rs.core.HttpHeaders;
+
 import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
 import java.util.HashMap;
@@ -79,7 +83,18 @@ public OutputStream writeResponseStatusAndHeaders(long contentLength, ContainerR
 
         for (final Map.Entry<String, List<String>> e : containerResponse.getStringHeaders().entrySet()) {
             for (final String value : e.getValue()) {
-                headers.put(e.getKey(), value);
+                // special case for set cookies
+                // RFC 2109 allows for a comma separated list of cookies in one Set-Cookie header: https://tools.ietf.org/html/rfc2109
+                if (e.getKey().equals(HttpHeaders.SET_COOKIE)) {
+                    if (headers.containsKey(e.getKey()) && LambdaContainerHandler.getContainerConfig().isConsolidateSetCookieHeaders()) {
+                        headers.put(e.getKey(), headers.get(e.getKey()) + ", " + value);
+                    } else {
+                        headers.put(e.getKey(), containerResponse.getStringHeaders().getFirst(e.getKey()));
+                        break;
+                    }
+                } else {
+                    headers.put(e.getKey(), value);
+                }
             }
         }
 

aws-serverless-java-container-spark/src/test/java/com/amazonaws/serverless/proxy/spark/HelloWorldSparkTest.java

@@ -7,8 +7,12 @@
 import com.amazonaws.serverless.proxy.internal.testutils.AwsProxyRequestBuilder;
 import com.amazonaws.serverless.proxy.internal.testutils.MockLambdaContext;
 
+import org.junit.BeforeClass;
 import org.junit.Test;
 
+import javax.servlet.http.Cookie;
+import javax.ws.rs.core.HttpHeaders;
+
 import static org.junit.Assert.*;
 import static spark.Spark.get;
 
@@ -18,10 +22,15 @@ public class HelloWorldSparkTest {
     private static final String CUSTOM_HEADER_VALUE = "My Header Value";
     private static final String BODY_TEXT_RESPONSE = "Hello World";
 
+    public static final String COOKIE_NAME = "MyCookie";
+    public static final String COOKIE_VALUE = "CookieValue";
+    public static final String COOKIE_DOMAIN = "mydomain.com";
+    public static final String COOKIE_PATH = "/";
+
     private static SparkLambdaContainerHandler<AwsProxyRequest, AwsProxyResponse> handler;
 
-    @Test
-    public void basicServer_initialize() {
+    @BeforeClass
+    public static void initializeServer() {
         try {
             handler = SparkLambdaContainerHandler.getAwsProxyHandler();
 
@@ -44,11 +53,60 @@ public void basicServer_handleRequest_emptyFilters() {
         assertEquals(BODY_TEXT_RESPONSE, response.getBody());
     }
 
-    private void configureRoutes() {
+    @Test
+    public void addCookie_setCookieOnResponse_validCustomCookie() {
+        AwsProxyRequest req = new AwsProxyRequestBuilder().method("GET").path("/cookie").build();
+        AwsProxyResponse response = handler.proxy(req, new MockLambdaContext());
+
+        assertEquals(200, response.getStatusCode());
+        assertTrue(response.getHeaders().containsKey(HttpHeaders.SET_COOKIE));
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_NAME + "=" + COOKIE_VALUE));
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_DOMAIN));
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_PATH));
+    }
+
+    @Test
+    public void multiCookie_setCookieOnResponse_singleHeaderWithMultipleValues() {
+        AwsProxyRequest req = new AwsProxyRequestBuilder().method("GET").path("/multi-cookie").build();
+        AwsProxyResponse response = handler.proxy(req, new MockLambdaContext());
+
+        System.out.println("Cookie: " + response.getHeaders().get(HttpHeaders.SET_COOKIE));
+
+        assertEquals(200, response.getStatusCode());
+        assertTrue(response.getHeaders().containsKey(HttpHeaders.SET_COOKIE));
+        // we compare against 4 because the expiration date of the cookies will also contain a string
+        assertEquals(4, response.getHeaders().get(HttpHeaders.SET_COOKIE).split(",").length);
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_NAME + "=" + COOKIE_VALUE));
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_NAME + "2=" + COOKIE_VALUE + "2"));
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_DOMAIN));
+        assertTrue(response.getHeaders().get(HttpHeaders.SET_COOKIE).contains(COOKIE_PATH));
+    }
+
+    private static void configureRoutes() {
         get("/hello", (req, res) -> {
             res.status(200);
             res.header(CUSTOM_HEADER_KEY, CUSTOM_HEADER_VALUE);
             return BODY_TEXT_RESPONSE;
         });
+
+        get("/cookie", (req, res) -> {
+            Cookie testCookie = new Cookie(COOKIE_NAME, COOKIE_VALUE);
+            testCookie.setDomain(COOKIE_DOMAIN);
+            testCookie.setPath(COOKIE_PATH);
+            res.raw().addCookie(testCookie);
+            return BODY_TEXT_RESPONSE;
+        });
+
+        get("/multi-cookie", (req, res) -> {
+            Cookie testCookie = new Cookie(COOKIE_NAME, COOKIE_VALUE);
+            testCookie.setDomain(COOKIE_DOMAIN);
+            testCookie.setPath(COOKIE_PATH);
+            Cookie testCookie2 = new Cookie(COOKIE_NAME + "2", COOKIE_VALUE + "2");
+            testCookie2.setDomain(COOKIE_DOMAIN);
+            testCookie2.setPath(COOKIE_PATH);
+            res.raw().addCookie(testCookie);
+            res.raw().addCookie(testCookie2);
+            return BODY_TEXT_RESPONSE;
+        });
     }
 }

aws-serverless-java-container-spring/src/test/java/com/amazonaws/serverless/proxy/spring/SpringServletContextTest.java

@@ -7,12 +7,15 @@
 import com.amazonaws.serverless.proxy.internal.servlet.AwsServletContext;
 import com.amazonaws.serverless.proxy.internal.testutils.AwsProxyRequestBuilder;
 import com.amazonaws.serverless.proxy.internal.testutils.MockLambdaContext;
+import com.amazonaws.serverless.proxy.spring.echoapp.ContextResource;
 import com.amazonaws.serverless.proxy.spring.echoapp.CustomHeaderFilter;
 import com.amazonaws.serverless.proxy.spring.echoapp.EchoSpringAppConfig;
 import com.amazonaws.serverless.proxy.spring.echoapp.model.ValidatedUserModel;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
 
 import javax.servlet.DispatcherType;
 import javax.servlet.FilterRegistration;
@@ -97,5 +100,34 @@ public void filter_validationFilter_emptyName() {
         AwsProxyResponse output = handler.proxy(request, lambdaContext);
         assertEquals(HttpStatus.BAD_REQUEST.value(), output.getStatusCode());
     }
+
+    @Test
+    public void exception_populatedException_annotationValuesMappedCorrectly() {
+        AwsProxyRequest request = new AwsProxyRequestBuilder("/context/exception", "GET")
+                                          .stage(STAGE)
+                                          .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+                                          .build();
+
+        AwsProxyResponse output = handler.proxy(request, lambdaContext);
+
+        assertEquals(409, output.getStatusCode());
+        assertTrue(output.getBody().contains(ContextResource.EXCEPTION_REASON));
+    }
+
+    @Test
+    public void cookie_injectInResponse_expectCustomSetCookie() {
+        AwsProxyRequest request = new AwsProxyRequestBuilder("/context/cookie", "GET")
+                                          .stage(STAGE)
+                                          .header(HttpHeaders.ACCEPT, MediaType.APPLICATION_JSON_VALUE)
+                                          .build();
+
+        AwsProxyResponse output = handler.proxy(request, lambdaContext);
+
+
+        assertEquals(200, output.getStatusCode());
+        assertTrue(output.getHeaders().containsKey(HttpHeaders.SET_COOKIE));
+        assertTrue(output.getHeaders().get(HttpHeaders.SET_COOKIE).contains(ContextResource.COOKIE_NAME + "=" + ContextResource.COOKIE_VALUE));
+        assertTrue(output.getHeaders().get(HttpHeaders.SET_COOKIE).contains(ContextResource.COOKIE_DOMAIN));
+    }
 }