Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Fix] Fixing CORS not working for cordova apps

This commit is contained in:
Robert von Burg 2017-03-01 01:41:59 +01:00
parent 37562fdc27
commit 70e4214915
3 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
li.strolch.rest/src/main/java/li/strolch/rest/filters/AccessControlResponseFilter.java
View File

@ -33,6 +33,7 @@ import org.slf4j.LoggerFactory;
@Priority(Priorities.HEADER_DECORATOR)
public class AccessControlResponseFilter implements ContainerResponseFilter {
private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; //$NON-NLS-1$
private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; //$NON-NLS-1$
private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; //$NON-NLS-1$
@ -79,7 +80,8 @@ public class AccessControlResponseFilter implements ContainerResponseFilter {
// and set the allowed HTTP headers and methods
headers.add(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, Origin, X-Requested-With, Content-Type"); //$NON-NLS-1$
headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Location, Content-Disposition"); //$NON-NLS-1$
headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Authorization, Location, Content-Disposition"); //$NON-NLS-1$
headers.add(ACCESS_CONTROL_ALLOW_METHODS, "POST, PUT, GET, DELETE, HEAD, OPTIONS"); //$NON-NLS-1$
headers.add(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); //$NON-NLS-1$
}
}

24
li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationRequestFilter.java → li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationRequestFilter.java
View File

@ -18,8 +18,9 @@ package li.strolch.rest.filters;
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
@ -43,12 +44,14 @@ import li.strolch.utils.helper.StringHelper;
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@Provider
public class AuthenicationRequestFilter implements ContainerRequestFilter {
public class AuthenticationRequestFilter implements ContainerRequestFilter {
private static final Logger logger = LoggerFactory.getLogger(AuthenicationRequestFilter.class);
private static final Logger logger = LoggerFactory.getLogger(AuthenticationRequestFilter.class);
protected List<String> getUnsecuredPaths() {
List<String> list = new ArrayList<>();
private Set<String> unsecuredPaths;
protected Set<String> getUnsecuredPaths() {
Set<String> list = new HashSet<>();
list.add("strolch/authentication");
return list;
}
@ -59,7 +62,14 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
// we allow unauthorized access to the authentication service
if (matchedURIs.stream().anyMatch(s -> getUnsecuredPaths().contains(s))) {
if (this.unsecuredPaths == null)
this.unsecuredPaths = getUnsecuredPaths();
if (matchedURIs.stream().anyMatch(s -> this.unsecuredPaths.contains(s))) {
return;
}
// we have to allow OPTIONS for CORS
if (requestContext.getMethod().equals("OPTIONS")) {
return;
}
@ -93,7 +103,7 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
Certificate certificate = sessionHandler.validate(sessionId);
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
} catch (Exception e) {
logger.error(e.getMessage(), e);
logger.error(e.getMessage());
requestContext.abortWith(
Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
.entity("User cannot access the resource.").build()); //$NON-NLS-1$

2
li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenicationResponseFilter.java → li.strolch.rest/src/main/java/li/strolch/rest/filters/AuthenticationResponseFilter.java
View File

@ -32,7 +32,7 @@ import li.strolch.privilege.model.Certificate;
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@Provider
public class AuthenicationResponseFilter implements ContainerResponseFilter {
public class AuthenticationResponseFilter implements ContainerResponseFilter {
@Override
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)