ATEST-259:

- adding tests, re-implementing a simpler CORS filter than previously
used
This commit is contained in:
Zellweger Christof Ralf
2015-10-28 12:52:32 +01:00
parent 6aa5801491
commit cd72af733a
9 changed files with 225 additions and 84 deletions
@@ -24,12 +24,6 @@ import org.springframework.util.StringUtils;
import org.springframework.validation.Validator;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import com.fasterxml.jackson.annotation.JsonInclude.Include;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
import ch.psi.daq.cassandra.util.test.CassandraDataGen;
import ch.psi.daq.common.json.deserialize.AttributeBasedDeserializer;
import ch.psi.daq.common.statistic.StorelessStatistics;
@@ -42,12 +36,18 @@ import ch.psi.daq.query.model.Query;
import ch.psi.daq.query.model.QueryField;
import ch.psi.daq.query.model.impl.AbstractQuery;
import ch.psi.daq.queryrest.controller.validator.QueryValidator;
import ch.psi.daq.queryrest.filter.SimpleCORSFilter;
import ch.psi.daq.queryrest.filter.CorsFilter;
import ch.psi.daq.queryrest.model.PropertyFilterMixin;
import ch.psi.daq.queryrest.response.JsonByteArraySerializer;
import ch.psi.daq.queryrest.response.JsonStreamSerializer;
import ch.psi.daq.queryrest.response.ResponseStreamWriter;
import com.fasterxml.jackson.annotation.JsonInclude.Include;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.Version;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule;
@Configuration
@PropertySource(value = {"classpath:queryrest.properties"})
@PropertySource(value = {"file:${user.home}/.config/daq/queryrest.properties"}, ignoreResourceNotFound = true)
@@ -180,10 +180,15 @@ public class QueryRestConfig extends WebMvcConfigurerAdapter {
public Validator queryValidator() {
return new QueryValidator();
}
// @Bean
// public Filter regexCORSFilter() {
// return new RegexCORSFilter();
// }
@Bean
public Filter simpleCORSFilter() {
return new SimpleCORSFilter();
public Filter corsFilter() {
return new CorsFilter();
}
// ==========================================================================================
@@ -0,0 +1,80 @@
package ch.psi.daq.queryrest.filter;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.filter.OncePerRequestFilter;
public class CorsFilter extends OncePerRequestFilter {
private static final String ALLOW_ORIGIN_HEADER = "Access-Control-Allow-Origin";
@Value("${queryrest.cors.allowedorigins}")
private String configuredOrigins;
@Value("${queryrest.cors.forceallheaders}")
private boolean forceAllHeaders;
/**
* @{inheritDoc
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
Set<String> allowedOrigins = new HashSet<String>(Arrays.asList(configuredOrigins.split(","))
.stream()
.map(s -> {
return s.trim(); })
.collect(Collectors.toList()));
String originHeader = request.getHeader("Origin");
if (forceAllHeaders) {
// include headers no matter what - good for development
if (allowedOrigins.contains(originHeader)) {
response.addHeader(ALLOW_ORIGIN_HEADER, originHeader);
} else {
response.addHeader(ALLOW_ORIGIN_HEADER, "*");
}
setDefaultCorsHeaders(response);
} else if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
// this is for 'real' Cross-site browser requests
if (allowedOrigins.contains(originHeader)) {
response.addHeader(ALLOW_ORIGIN_HEADER, originHeader);
}
setDefaultCorsHeaders(response);
}
filterChain.doFilter(request, response);
}
private void setDefaultCorsHeaders(HttpServletResponse response) {
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
response.addHeader("Access-Control-Allow-Headers", "Origin, Authorization, Accept, Content-Type");
response.addHeader("Access-Control-Max-Age", "1800");
}
public void setConfiguredOrigins(String configuredOrigins) {
this.configuredOrigins = configuredOrigins;
}
public void setForceAllHeaders(boolean forceAllHeaders) {
this.forceAllHeaders = forceAllHeaders;
}
}
@@ -1,41 +0,0 @@
package ch.psi.daq.queryrest.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Component
public class SimpleCORSFilter implements Filter {
@Value("${queryrest.enableCORS}")
private boolean enableCORS;
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
ServletException {
if (enableCORS) {
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Access-Control-Allow-Origin", "*");
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
response.setHeader("Access-Control-Max-Age", "3600");
response.setHeader("Access-Control-Allow-Headers",
"Content-Type, Cache-Control, Accept, Authorization, X-Requested-With");
}
chain.doFilter(req, res);
}
public void init(FilterConfig filterConfig) {
}
public void destroy() {
}
}