[Fix] Fixing CORS not working for cordova apps
This commit is contained in:
parent
37562fdc27
commit
70e4214915
|
@ -33,6 +33,7 @@ import org.slf4j.LoggerFactory;
|
|||
@Priority(Priorities.HEADER_DECORATOR)
|
||||
public class AccessControlResponseFilter implements ContainerResponseFilter {
|
||||
|
||||
private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
|
||||
private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; //$NON-NLS-1$
|
||||
private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; //$NON-NLS-1$
|
||||
private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; //$NON-NLS-1$
|
||||
|
@ -79,7 +80,8 @@ public class AccessControlResponseFilter implements ContainerResponseFilter {
|
|||
|
||||
// and set the allowed HTTP headers and methods
|
||||
headers.add(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, Origin, X-Requested-With, Content-Type"); //$NON-NLS-1$
|
||||
headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Location, Content-Disposition"); //$NON-NLS-1$
|
||||
headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Authorization, Location, Content-Disposition"); //$NON-NLS-1$
|
||||
headers.add(ACCESS_CONTROL_ALLOW_METHODS, "POST, PUT, GET, DELETE, HEAD, OPTIONS"); //$NON-NLS-1$
|
||||
headers.add(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); //$NON-NLS-1$
|
||||
}
|
||||
}
|
|
@ -18,8 +18,9 @@ package li.strolch.rest.filters;
|
|||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.ws.rs.container.ContainerRequestContext;
|
||||
import javax.ws.rs.container.ContainerRequestFilter;
|
||||
|
@ -43,12 +44,14 @@ import li.strolch.utils.helper.StringHelper;
|
|||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@Provider
|
||||
public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||
public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(AuthenicationRequestFilter.class);
|
||||
private static final Logger logger = LoggerFactory.getLogger(AuthenticationRequestFilter.class);
|
||||
|
||||
protected List<String> getUnsecuredPaths() {
|
||||
List<String> list = new ArrayList<>();
|
||||
private Set<String> unsecuredPaths;
|
||||
|
||||
protected Set<String> getUnsecuredPaths() {
|
||||
Set<String> list = new HashSet<>();
|
||||
list.add("strolch/authentication");
|
||||
return list;
|
||||
}
|
||||
|
@ -59,7 +62,14 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
|||
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
|
||||
|
||||
// we allow unauthorized access to the authentication service
|
||||
if (matchedURIs.stream().anyMatch(s -> getUnsecuredPaths().contains(s))) {
|
||||
if (this.unsecuredPaths == null)
|
||||
this.unsecuredPaths = getUnsecuredPaths();
|
||||
if (matchedURIs.stream().anyMatch(s -> this.unsecuredPaths.contains(s))) {
|
||||
return;
|
||||
}
|
||||
|
||||
// we have to allow OPTIONS for CORS
|
||||
if (requestContext.getMethod().equals("OPTIONS")) {
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -93,7 +103,7 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
|||
Certificate certificate = sessionHandler.validate(sessionId);
|
||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage(), e);
|
||||
logger.error(e.getMessage());
|
||||
requestContext.abortWith(
|
||||
Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
|
@ -32,7 +32,7 @@ import li.strolch.privilege.model.Certificate;
|
|||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@Provider
|
||||
public class AuthenicationResponseFilter implements ContainerResponseFilter {
|
||||
public class AuthenticationResponseFilter implements ContainerResponseFilter {
|
||||
|
||||
@Override
|
||||
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
|
Loading…
Reference in New Issue