ATEST-259:
- adding tests, re-implementing a simpler CORS filter than previously used
This commit is contained in:
@@ -24,12 +24,6 @@ import org.springframework.util.StringUtils;
|
||||
import org.springframework.validation.Validator;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonInclude.Include;
|
||||
import com.fasterxml.jackson.core.JsonFactory;
|
||||
import com.fasterxml.jackson.core.Version;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.module.SimpleModule;
|
||||
|
||||
import ch.psi.daq.cassandra.util.test.CassandraDataGen;
|
||||
import ch.psi.daq.common.json.deserialize.AttributeBasedDeserializer;
|
||||
import ch.psi.daq.common.statistic.StorelessStatistics;
|
||||
@@ -42,12 +36,18 @@ import ch.psi.daq.query.model.Query;
|
||||
import ch.psi.daq.query.model.QueryField;
|
||||
import ch.psi.daq.query.model.impl.AbstractQuery;
|
||||
import ch.psi.daq.queryrest.controller.validator.QueryValidator;
|
||||
import ch.psi.daq.queryrest.filter.SimpleCORSFilter;
|
||||
import ch.psi.daq.queryrest.filter.CorsFilter;
|
||||
import ch.psi.daq.queryrest.model.PropertyFilterMixin;
|
||||
import ch.psi.daq.queryrest.response.JsonByteArraySerializer;
|
||||
import ch.psi.daq.queryrest.response.JsonStreamSerializer;
|
||||
import ch.psi.daq.queryrest.response.ResponseStreamWriter;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonInclude.Include;
|
||||
import com.fasterxml.jackson.core.JsonFactory;
|
||||
import com.fasterxml.jackson.core.Version;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.fasterxml.jackson.databind.module.SimpleModule;
|
||||
|
||||
@Configuration
|
||||
@PropertySource(value = {"classpath:queryrest.properties"})
|
||||
@PropertySource(value = {"file:${user.home}/.config/daq/queryrest.properties"}, ignoreResourceNotFound = true)
|
||||
@@ -180,10 +180,15 @@ public class QueryRestConfig extends WebMvcConfigurerAdapter {
|
||||
public Validator queryValidator() {
|
||||
return new QueryValidator();
|
||||
}
|
||||
|
||||
// @Bean
|
||||
// public Filter regexCORSFilter() {
|
||||
// return new RegexCORSFilter();
|
||||
// }
|
||||
|
||||
@Bean
|
||||
public Filter simpleCORSFilter() {
|
||||
return new SimpleCORSFilter();
|
||||
public Filter corsFilter() {
|
||||
return new CorsFilter();
|
||||
}
|
||||
|
||||
// ==========================================================================================
|
||||
|
||||
@@ -0,0 +1,80 @@
|
||||
package ch.psi.daq.queryrest.filter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
public class CorsFilter extends OncePerRequestFilter {
|
||||
|
||||
private static final String ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
|
||||
|
||||
@Value("${queryrest.cors.allowedorigins}")
|
||||
private String configuredOrigins;
|
||||
|
||||
@Value("${queryrest.cors.forceallheaders}")
|
||||
private boolean forceAllHeaders;
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @{inheritDoc
|
||||
*/
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
|
||||
throws ServletException, IOException {
|
||||
|
||||
Set<String> allowedOrigins = new HashSet<String>(Arrays.asList(configuredOrigins.split(","))
|
||||
.stream()
|
||||
.map(s -> {
|
||||
return s.trim(); })
|
||||
.collect(Collectors.toList()));
|
||||
|
||||
String originHeader = request.getHeader("Origin");
|
||||
if (forceAllHeaders) {
|
||||
// include headers no matter what - good for development
|
||||
if (allowedOrigins.contains(originHeader)) {
|
||||
response.addHeader(ALLOW_ORIGIN_HEADER, originHeader);
|
||||
} else {
|
||||
response.addHeader(ALLOW_ORIGIN_HEADER, "*");
|
||||
}
|
||||
setDefaultCorsHeaders(response);
|
||||
|
||||
} else if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
|
||||
// this is for 'real' Cross-site browser requests
|
||||
if (allowedOrigins.contains(originHeader)) {
|
||||
response.addHeader(ALLOW_ORIGIN_HEADER, originHeader);
|
||||
}
|
||||
setDefaultCorsHeaders(response);
|
||||
}
|
||||
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
|
||||
private void setDefaultCorsHeaders(HttpServletResponse response) {
|
||||
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
|
||||
response.addHeader("Access-Control-Allow-Headers", "Origin, Authorization, Accept, Content-Type");
|
||||
response.addHeader("Access-Control-Max-Age", "1800");
|
||||
}
|
||||
|
||||
|
||||
public void setConfiguredOrigins(String configuredOrigins) {
|
||||
this.configuredOrigins = configuredOrigins;
|
||||
}
|
||||
|
||||
|
||||
public void setForceAllHeaders(boolean forceAllHeaders) {
|
||||
this.forceAllHeaders = forceAllHeaders;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,41 +0,0 @@
|
||||
package ch.psi.daq.queryrest.filter;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.FilterConfig;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletRequest;
|
||||
import javax.servlet.ServletResponse;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class SimpleCORSFilter implements Filter {
|
||||
|
||||
@Value("${queryrest.enableCORS}")
|
||||
private boolean enableCORS;
|
||||
|
||||
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
|
||||
ServletException {
|
||||
|
||||
if (enableCORS) {
|
||||
HttpServletResponse response = (HttpServletResponse) res;
|
||||
response.setHeader("Access-Control-Allow-Origin", "*");
|
||||
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
|
||||
response.setHeader("Access-Control-Max-Age", "3600");
|
||||
response.setHeader("Access-Control-Allow-Headers",
|
||||
"Content-Type, Cache-Control, Accept, Authorization, X-Requested-With");
|
||||
}
|
||||
chain.doFilter(req, res);
|
||||
}
|
||||
|
||||
public void init(FilterConfig filterConfig) {
|
||||
}
|
||||
|
||||
public void destroy() {
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user