[New] Added CORS capability as a configuration option

Simply add the property corsEnabled=true and corsOrigin=? to the configuration properties of the RestfulStrolchComponent and then the RestFul API should allow cross origin querying
2014-03-19 20:26:01 +01:00 · 2014-03-19 20:26:01 +01:00 · 337f040a3e
parent 4a0e26d05b
commit 337f040a3e
4 changed files with 82 additions and 3 deletions
--- a/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
+++ b/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
@ -58,10 +58,12 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St

 	@Override
 	public void stop() {
-		for (Certificate certificate : this.certificateMap.values()) {
-			this.privilegeHandler.invalidateSession(certificate);
+		if (this.certificateMap != null) {
+			for (Certificate certificate : this.certificateMap.values()) {
+				this.privilegeHandler.invalidateSession(certificate);
+			}
+			this.certificateMap.clear();
 		}
-		this.certificateMap.clear();
 		this.privilegeHandler = null;
 		super.stop();
 	}
--- a/src/main/java/li/strolch/rest/RestfulStrolchComponent.java
+++ b/src/main/java/li/strolch/rest/RestfulStrolchComponent.java
@ -17,6 +17,8 @@ package li.strolch.rest;

 import li.strolch.agent.api.ComponentContainer;
 import li.strolch.agent.api.StrolchComponent;
+import li.strolch.rest.filters.AccessControlResponseFilter;
+import li.strolch.runtime.configuration.ComponentConfiguration;
 import ch.eitchnet.utils.dbc.DBC;

 /**
@ -34,6 +36,18 @@ public class RestfulStrolchComponent extends StrolchComponent {
 		super(container, componentName);
 	}

+	@Override
+	public void initialize(ComponentConfiguration configuration) {
+
+		if (configuration.getBoolean("corsEnabled", Boolean.FALSE)) {
+			AccessControlResponseFilter.setCorsEnabled(true);
+			String origin = configuration.getString("corsOrigin", null);
+			AccessControlResponseFilter.setOrigin(origin);
+		}
+
+		super.initialize(configuration);
+	}
+
 	@Override
 	public void start() {
 		DBC.PRE.assertNull("Instance is already set! This component is a singleton resource!", instance);
--- a/src/main/java/li/strolch/rest/StrolchRestfulClasses.java
+++ b/src/main/java/li/strolch/rest/StrolchRestfulClasses.java
@ -23,6 +23,7 @@ import li.strolch.rest.endpoint.AuthenticationService;
 import li.strolch.rest.endpoint.EnumQuery;
 import li.strolch.rest.endpoint.Inspector;
 import li.strolch.rest.endpoint.VersionQuery;
+import li.strolch.rest.filters.AccessControlResponseFilter;

 /**
 * @author Robert von Burg <eitch@eitchnet.ch>
@ -41,6 +42,7 @@ public class StrolchRestfulClasses {

 		Set<Class<?>> providerClasses = new HashSet<>();
 		providerClasses.add(StrolchRestfulExceptionMapper.class);
+		providerClasses.add(AccessControlResponseFilter.class);

 		StrolchRestfulClasses.restfulClasses = Collections.unmodifiableSet(restfulClasses);
 		StrolchRestfulClasses.providerClasses = Collections.unmodifiableSet(providerClasses);
--- a/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java
+++ b/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java
@ -0,0 +1,61 @@
+package li.strolch.rest.filters;
+
+import java.io.IOException;
+
+import javax.annotation.Priority;
+import javax.ws.rs.Priorities;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerResponseContext;
+import javax.ws.rs.container.ContainerResponseFilter;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.ext.Provider;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Provider
+@Priority(Priorities.HEADER_DECORATOR)
+public class AccessControlResponseFilter implements ContainerResponseFilter {
+
+	private static final Logger logger = LoggerFactory.getLogger(AccessControlResponseFilter.class);
+
+	private static boolean corsEnabled;
+	private static String origin;
+	private static boolean logged;
+
+	/**
+	 * @param corsEnabled
+	 *            the corsEnabled to set
+	 */
+	public static void setCorsEnabled(boolean corsEnabled) {
+		AccessControlResponseFilter.corsEnabled = corsEnabled;
+	}
+
+	/**
+	 * @param origin
+	 *            the origin to set
+	 */
+	public static void setOrigin(String origin) {
+		AccessControlResponseFilter.origin = origin;
+	}
+
+	@Override
+	public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
+			throws IOException {
+
+		if (!corsEnabled)
+			return;
+
+		if (!logged) {
+			logged = true;
+			logger.info("Enabling CORS for origin: " + origin);
+		}
+
+		MultivaluedMap<String, Object> headers = responseContext.getHeaders();
+
+		headers.add("Access-Control-Allow-Origin", origin);
+		headers.add("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, Content-Type");
+		headers.add("Access-Control-Expose-Headers", "Location, Content-Disposition");
+		headers.add("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, HEAD, OPTIONS");
+	}
+}