Skip to content

Codecrew / Moya

Go to a project
Commit bd707b7d by Tuomas Riihimäki
Options

Add Access-Control-Allow-Origin: * For REST-api 

This enables other sites to call the rest api. The header SHOULD NOT be enabled on anything returning other than json
1 parent f6d2ee1a
Inline Side-by-side
Showing with 27 additions and 11 deletions
code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
...@@ -21,6 +21,7 @@ package fi.codecrew.moya; ...@@ -21,6 +21,7 @@ package fi.codecrew.moya;
import java.io.IOException; import java.io.IOException;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.security.Principal; import java.security.Principal;
import java.nio.charset.Charset;
import javax.ejb.EJB; import javax.ejb.EJB;
import javax.faces.application.ProjectStage; import javax.faces.application.ProjectStage;
...@@ -73,6 +74,7 @@ public class HostnameFilter implements Filter { ...@@ -73,6 +74,7 @@ public class HostnameFilter implements Filter {
@EJB @EJB
private SessionMgmtBeanLocal sessionmgmt; private SessionMgmtBeanLocal sessionmgmt;
public static final String HTTP_TRAIL_NAME = "moya_http_trail"; public static final String HTTP_TRAIL_NAME = "moya_http_trail";
private static final Charset UTF8 = Charset.forName("UTF-8");
/** /**
* Default constructor. * Default constructor.
...@@ -137,7 +139,9 @@ public class HostnameFilter implements Filter { ...@@ -137,7 +139,9 @@ public class HostnameFilter implements Filter {
if (RestApplicationEntrypoint.REST_PATH.equals(httpRequest.getServletPath())) { if (RestApplicationEntrypoint.REST_PATH.equals(httpRequest.getServletPath())) {
authtype = AuthType.REST; authtype = AuthType.REST;
if (!restAuth(httpRequest, response)) { if (!restAuth(httpRequest, response)) {
response.getWriter().write("REST authentication failed!"); response.reset();
response.getOutputStream().write("Rest auth failed! ".getBytes(UTF8));
if (response instanceof HttpServletResponse) { if (response instanceof HttpServletResponse) {
HttpServletResponse httpResp = (HttpServletResponse) response; HttpServletResponse httpResp = (HttpServletResponse) response;
httpResp.setStatus(HttpServletResponse.SC_FORBIDDEN); httpResp.setStatus(HttpServletResponse.SC_FORBIDDEN);
...@@ -207,14 +211,6 @@ public class HostnameFilter implements Filter { ...@@ -207,14 +211,6 @@ public class HostnameFilter implements Filter {
{ {
HttpServletResponse httpResp = ((HttpServletResponse) response); HttpServletResponse httpResp = ((HttpServletResponse) response);
httpResp.setStatus(HttpServletResponse.SC_FORBIDDEN); httpResp.setStatus(HttpServletResponse.SC_FORBIDDEN);
try {
PrintWriter w = httpResp.getWriter();
w.write("Rest auth failed! ");
w.flush();
} catch (IOException e) {
logger.info("Error writing error message from restauth failure to ostream", e);
}
} }
} finally { } finally {
......
code/moya-web/src/main/java/fi/codecrew/moya/rest/JsonpRestFilter.java
...@@ -12,6 +12,8 @@ import javax.servlet.ServletOutputStream; ...@@ -12,6 +12,8 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter; import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
...@@ -30,8 +32,14 @@ public class JsonpRestFilter implements Filter { ...@@ -30,8 +32,14 @@ public class JsonpRestFilter implements Filter {
@Override @Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletResponse httpResp = (HttpServletResponse) response;
HttpServletRequest httpRequest = (HttpServletRequest) request;
httpResp.setHeader("Access-Control-Allow-Origin", "*");
String jsonpFunc = request.getParameter(JSONP_PARAMETER); String jsonpFunc = request.getParameter(JSONP_PARAMETER);
boolean useJsonp = jsonpFunc != null && !jsonpFunc.isEmpty(); boolean useJsonp = "GET".equals(httpRequest.getMethod()) && jsonpFunc != null && !jsonpFunc.isEmpty();
ServletOutputStream ostream = response.getOutputStream(); ServletOutputStream ostream = response.getOutputStream();
if (useJsonp) { if (useJsonp) {
...@@ -43,9 +51,10 @@ public class JsonpRestFilter implements Filter { ...@@ -43,9 +51,10 @@ public class JsonpRestFilter implements Filter {
chain.doFilter(request, response); chain.doFilter(request, response);
if (useJsonp) { if (HttpServletResponse.SC_FORBIDDEN != httpResp.getStatus() && useJsonp) {
ostream.write(");".getBytes(UTF8)); ostream.write(");".getBytes(UTF8));
} }
} }
@Override @Override
......
code/moya-web/src/main/java/fi/codecrew/moya/rest/placemap/v1/PlacemapRestViewV1.java
...@@ -7,11 +7,15 @@ import javax.ejb.EJB; ...@@ -7,11 +7,15 @@ import javax.ejb.EJB;
import javax.enterprise.context.RequestScoped; import javax.enterprise.context.RequestScoped;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.GET; import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path; import javax.ws.rs.Path;
import javax.ws.rs.PathParam; import javax.ws.rs.PathParam;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.codecrew.moya.beans.PlaceBeanLocal; import fi.codecrew.moya.beans.PlaceBeanLocal;
import fi.codecrew.moya.model.EventMap; import fi.codecrew.moya.model.EventMap;
import fi.codecrew.moya.model.Place; import fi.codecrew.moya.model.Place;
...@@ -27,6 +31,7 @@ public class PlacemapRestViewV1 { ...@@ -27,6 +31,7 @@ public class PlacemapRestViewV1 {
@EJB @EJB
private PlaceBeanLocal placebean; private PlaceBeanLocal placebean;
private static final Logger logger = LoggerFactory.getLogger(PlacemapRestViewV1.class);
// @GET // @GET
// @Path("/maps") // @Path("/maps")
...@@ -37,6 +42,12 @@ public class PlacemapRestViewV1 { ...@@ -37,6 +42,12 @@ public class PlacemapRestViewV1 {
// new PlacemapMapRootPojo(); // new PlacemapMapRootPojo();
// } // }
@POST
@Path("/place/{id}/reserve")
public void reservePlace() {
logger .warn("Reserving not yet implemented");
}
@GET @GET
@Path("/{id}") @Path("/{id}")
public PlacemapMapRootPojo getMap(@PathParam("id") Integer id) { public PlacemapMapRootPojo getMap(@PathParam("id") Integer id) {
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!