Add Access-Control-Allow-Origin: * For REST-api

This enables other sites to call the rest api. The header SHOULD NOT be enabled on anything returning other than json

Add Access-Control-Allow-Origin: * For REST-api
This enables other sites to call the rest api. The header SHOULD NOT be enabled on anything returning other than json
Tuomas Riihimäki
Commit bd707b7d authored Nov 09, 2014 by Tuomas Riihimäki
Showing with 28 additions and 12 deletions
code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
code/moya-web/src/main/java/fi/codecrew/moya/rest/JsonpRestFilter.java
code/moya-web/src/main/java/fi/codecrew/moya/rest/placemap/v1/PlacemapRestViewV1.java
--- a/code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/HostnameFilter.java
@@ -21,6 +21,7 @@ package fi.codecrew.moya;
 import java.io.IOException;
 import java.io.PrintWriter;
 import java.security.Principal;
+import java.nio.charset.Charset;

 import javax.ejb.EJB;
 import javax.faces.application.ProjectStage;
@@ -73,6 +74,7 @@ public class HostnameFilter implements Filter {
 	@EJB
 	private SessionMgmtBeanLocal sessionmgmt;
 	public static final String HTTP_TRAIL_NAME = "moya_http_trail";
+	private static final Charset UTF8 = Charset.forName("UTF-8");

 	/**
 	 * Default constructor.
@@ -137,7 +139,9 @@ public class HostnameFilter implements Filter {
 				if (RestApplicationEntrypoint.REST_PATH.equals(httpRequest.getServletPath())) {
 					authtype = AuthType.REST;
 					if (!restAuth(httpRequest, response)) {
-						response.getWriter().write("REST authentication failed!");
+						response.reset();
+						response.getOutputStream().write("Rest auth failed! ".getBytes(UTF8));
+
 						if (response instanceof HttpServletResponse) {
 							HttpServletResponse httpResp = (HttpServletResponse) response;
 							httpResp.setStatus(HttpServletResponse.SC_FORBIDDEN);
@@ -207,14 +211,6 @@ public class HostnameFilter implements Filter {
 			{
 				HttpServletResponse httpResp = ((HttpServletResponse) response);
 				httpResp.setStatus(HttpServletResponse.SC_FORBIDDEN);
-				try {
-					PrintWriter w = httpResp.getWriter();
-					w.write("Rest auth failed! ");
-					w.flush();
-				} catch (IOException e) {
-					logger.info("Error writing error message from restauth failure to ostream", e);
-				}
-
 			}

 		} finally {

--- a/code/moya-web/src/main/java/fi/codecrew/moya/rest/JsonpRestFilter.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/rest/JsonpRestFilter.java
@@ -12,6 +12,8 @@ import javax.servlet.ServletOutputStream;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;

 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -30,8 +32,14 @@ public class JsonpRestFilter implements Filter {

 	@Override
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+		HttpServletResponse httpResp = (HttpServletResponse) response;
+		HttpServletRequest httpRequest = (HttpServletRequest) request;
+
+		httpResp.setHeader("Access-Control-Allow-Origin", "*");
+
 		String jsonpFunc = request.getParameter(JSONP_PARAMETER);
-		boolean useJsonp = jsonpFunc != null && !jsonpFunc.isEmpty();
+		boolean useJsonp = "GET".equals(httpRequest.getMethod()) && jsonpFunc != null && !jsonpFunc.isEmpty();

 		ServletOutputStream ostream = response.getOutputStream();
 		if (useJsonp) {
@@ -42,10 +50,11 @@ public class JsonpRestFilter implements Filter {
 		}

 		chain.doFilter(request, response);
-
-		if (useJsonp) {
+		
+		if (HttpServletResponse.SC_FORBIDDEN != httpResp.getStatus() && useJsonp) {
 			ostream.write(");".getBytes(UTF8));
 		}
+
 	}

 	@Override

--- a/code/moya-web/src/main/java/fi/codecrew/moya/rest/placemap/v1/PlacemapRestViewV1.java
+++ b/code/moya-web/src/main/java/fi/codecrew/moya/rest/placemap/v1/PlacemapRestViewV1.java
@@ -7,11 +7,15 @@ import javax.ejb.EJB;
 import javax.enterprise.context.RequestScoped;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;

+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import fi.codecrew.moya.beans.PlaceBeanLocal;
 import fi.codecrew.moya.model.EventMap;
 import fi.codecrew.moya.model.Place;
@@ -27,6 +31,7 @@ public class PlacemapRestViewV1 {

 	@EJB
 	private PlaceBeanLocal placebean;
+	private static final Logger logger = LoggerFactory.getLogger(PlacemapRestViewV1.class);

 	//	@GET
 	//	@Path("/maps")
@@ -37,6 +42,12 @@ public class PlacemapRestViewV1 {
 	//		new PlacemapMapRootPojo();
 	//	}

+	@POST
+	@Path("/place/{id}/reserve")
+	public void reservePlace() {
+		logger .warn("Reserving not yet implemented");
+	}
+
 	@GET
 	@Path("/{id}")
 	public PlacemapMapRootPojo getMap(@PathParam("id") Integer id) {