[Fix] Fixing CORS not working for cordova apps
This commit is contained in:
parent
37562fdc27
commit
70e4214915
|
@ -33,6 +33,7 @@ import org.slf4j.LoggerFactory;
|
||||||
@Priority(Priorities.HEADER_DECORATOR)
|
@Priority(Priorities.HEADER_DECORATOR)
|
||||||
public class AccessControlResponseFilter implements ContainerResponseFilter {
|
public class AccessControlResponseFilter implements ContainerResponseFilter {
|
||||||
|
|
||||||
|
private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
|
||||||
private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; //$NON-NLS-1$
|
private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods"; //$NON-NLS-1$
|
||||||
private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; //$NON-NLS-1$
|
private static final String ACCESS_CONTROL_EXPOSE_HEADERS = "Access-Control-Expose-Headers"; //$NON-NLS-1$
|
||||||
private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; //$NON-NLS-1$
|
private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers"; //$NON-NLS-1$
|
||||||
|
@ -79,7 +80,8 @@ public class AccessControlResponseFilter implements ContainerResponseFilter {
|
||||||
|
|
||||||
// and set the allowed HTTP headers and methods
|
// and set the allowed HTTP headers and methods
|
||||||
headers.add(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, Origin, X-Requested-With, Content-Type"); //$NON-NLS-1$
|
headers.add(ACCESS_CONTROL_ALLOW_HEADERS, "Authorization, Origin, X-Requested-With, Content-Type"); //$NON-NLS-1$
|
||||||
headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Location, Content-Disposition"); //$NON-NLS-1$
|
headers.add(ACCESS_CONTROL_EXPOSE_HEADERS, "Authorization, Location, Content-Disposition"); //$NON-NLS-1$
|
||||||
headers.add(ACCESS_CONTROL_ALLOW_METHODS, "POST, PUT, GET, DELETE, HEAD, OPTIONS"); //$NON-NLS-1$
|
headers.add(ACCESS_CONTROL_ALLOW_METHODS, "POST, PUT, GET, DELETE, HEAD, OPTIONS"); //$NON-NLS-1$
|
||||||
|
headers.add(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -18,8 +18,9 @@ package li.strolch.rest.filters;
|
||||||
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
import static li.strolch.rest.StrolchRestfulConstants.STROLCH_CERTIFICATE;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.HashSet;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
import javax.ws.rs.container.ContainerRequestContext;
|
import javax.ws.rs.container.ContainerRequestContext;
|
||||||
import javax.ws.rs.container.ContainerRequestFilter;
|
import javax.ws.rs.container.ContainerRequestFilter;
|
||||||
|
@ -43,12 +44,14 @@ import li.strolch.utils.helper.StringHelper;
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
*/
|
*/
|
||||||
@Provider
|
@Provider
|
||||||
public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
public class AuthenticationRequestFilter implements ContainerRequestFilter {
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(AuthenicationRequestFilter.class);
|
private static final Logger logger = LoggerFactory.getLogger(AuthenticationRequestFilter.class);
|
||||||
|
|
||||||
protected List<String> getUnsecuredPaths() {
|
private Set<String> unsecuredPaths;
|
||||||
List<String> list = new ArrayList<>();
|
|
||||||
|
protected Set<String> getUnsecuredPaths() {
|
||||||
|
Set<String> list = new HashSet<>();
|
||||||
list.add("strolch/authentication");
|
list.add("strolch/authentication");
|
||||||
return list;
|
return list;
|
||||||
}
|
}
|
||||||
|
@ -59,7 +62,14 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||||
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
|
List<String> matchedURIs = requestContext.getUriInfo().getMatchedURIs();
|
||||||
|
|
||||||
// we allow unauthorized access to the authentication service
|
// we allow unauthorized access to the authentication service
|
||||||
if (matchedURIs.stream().anyMatch(s -> getUnsecuredPaths().contains(s))) {
|
if (this.unsecuredPaths == null)
|
||||||
|
this.unsecuredPaths = getUnsecuredPaths();
|
||||||
|
if (matchedURIs.stream().anyMatch(s -> this.unsecuredPaths.contains(s))) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// we have to allow OPTIONS for CORS
|
||||||
|
if (requestContext.getMethod().equals("OPTIONS")) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -93,7 +103,7 @@ public class AuthenicationRequestFilter implements ContainerRequestFilter {
|
||||||
Certificate certificate = sessionHandler.validate(sessionId);
|
Certificate certificate = sessionHandler.validate(sessionId);
|
||||||
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
requestContext.setProperty(STROLCH_CERTIFICATE, certificate);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage());
|
||||||
requestContext.abortWith(
|
requestContext.abortWith(
|
||||||
Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
Response.status(Response.Status.FORBIDDEN).header(HttpHeaders.CONTENT_TYPE, MediaType.TEXT_PLAIN)
|
||||||
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
.entity("User cannot access the resource.").build()); //$NON-NLS-1$
|
|
@ -32,7 +32,7 @@ import li.strolch.privilege.model.Certificate;
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
*/
|
*/
|
||||||
@Provider
|
@Provider
|
||||||
public class AuthenicationResponseFilter implements ContainerResponseFilter {
|
public class AuthenticationResponseFilter implements ContainerResponseFilter {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
|
public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext)
|
Loading…
Reference in New Issue