Commit 473d5bcf authored by Piotr Gawron's avatar Piotr Gawron
Browse files

optin that allows cors request

parent 5b5fc537
......@@ -151,6 +151,11 @@ public final class Configuration {
*/
private static List<String> xFrametDomain = new ArrayList<>();
/**
* Should CORS be disabled.
*/
private static boolean disableCors = false;
/**
* Directory where tomcat webapp folder is located. Default value is "." because
* it should be set to proper value when tomcat application is deployed and run.
......@@ -438,4 +443,12 @@ public final class Configuration {
Configuration.sessionLength = sessionLength;
}
public static boolean isDisableCors() {
return disableCors;
}
public static void setDisableCors(boolean disableCors) {
Configuration.disableCors = disableCors;
}
}
......@@ -90,7 +90,8 @@ public enum ConfigurationElementType {
/**
* Description of the right logo presented in the system.
*/
RIGHT_LOGO_TEXT("Right logo description", "LCSB - Luxembourg Centre for Systems Biomedicine", ConfigurationElementEditType.STRING, false,
RIGHT_LOGO_TEXT("Right logo description", "LCSB - Luxembourg Centre for Systems Biomedicine",
ConfigurationElementEditType.STRING, false,
ConfigurationElementTypeGroup.LEGEND_AND_LOGO),
/**
......@@ -128,6 +129,12 @@ public enum ConfigurationElementType {
X_FRAME_DOMAIN("Domain allowed to connect via x-frame technology", "", ConfigurationElementEditType.URL, false,
ConfigurationElementTypeGroup.SERVER_CONFIGURATION),
/**
* Domain allowed to connect via x-frame technology.
*/
CORS_DOMAIN("Disable CORS (when disabled 'ORIGIN' http header is required)", "false",
ConfigurationElementEditType.BOOLEAN, false, ConfigurationElementTypeGroup.SERVER_CONFIGURATION),
/**
* Relative directory (in webapps folder) where big files will be stored.
*/
......
......@@ -95,6 +95,8 @@ public class ConfigurationService implements IConfigurationService {
for (String domain : getConfigurationValue(ConfigurationElementType.X_FRAME_DOMAIN).split(";")) {
Configuration.getxFrameDomain().add(domain);
}
} else if (type.equals(ConfigurationElementType.CORS_DOMAIN)) {
Configuration.setDisableCors(value.equalsIgnoreCase("true"));
} else if (type.equals(ConfigurationElementType.SESSION_LENGTH)) {
Configuration.setSessionLength(Integer.valueOf(value));
}
......
......@@ -8,10 +8,13 @@ import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import lcsb.mapviewer.common.Configuration;
/**
* This filter enables ajax queries from all domains. It should be used for
* restfull API.
......@@ -20,25 +23,32 @@ import org.apache.log4j.Logger;
*
*/
public class JsfAjaxAccessControlAllowFilter implements Filter {
/**
* Default class logger.
*/
@SuppressWarnings("unused")
private final Logger logger = Logger.getLogger(JsfAjaxAccessControlAllowFilter.class);
@Override
public void init(FilterConfig config) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
response.addHeader("Access-Control-Allow-Origin", "*");
chain.doFilter(req, response);
}
@Override
public void destroy() {
}
/**
* Default class logger.
*/
@SuppressWarnings("unused")
private final Logger logger = Logger.getLogger(JsfAjaxAccessControlAllowFilter.class);
@Override
public void init(FilterConfig config) throws ServletException {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
String origin = request.getHeader("ORIGIN");
if (origin == null || origin.trim().isEmpty() || !Configuration.isDisableCors()) {
origin = "*";
}
response.setHeader("Access-Control-Allow-Origin", origin);
chain.doFilter(req, response);
}
@Override
public void destroy() {
}
}
......@@ -62,8 +62,8 @@ public class StartupBean {
@Autowired
public StartupBean(IProjectService projectService,
IConfigurationService configurationService,
IReferenceGenomeService referenceGenomeService) {
IConfigurationService configurationService,
IReferenceGenomeService referenceGenomeService) {
this.projectService = projectService;
this.configurationService = configurationService;
this.referenceGenomeService = referenceGenomeService;
......@@ -82,6 +82,7 @@ public class StartupBean {
setInterruptedProjectsStatuses();
modifyXFrameDomain();
modifyCorsDomain();
setSessionLength();
removeInterruptedReferenceGenomeDownloads();
logger.debug("Application startup script ends");
......@@ -126,6 +127,15 @@ public class StartupBean {
}
}
private void modifyCorsDomain() {
try {
Configuration.setDisableCors(
configurationService.getConfigurationValue(ConfigurationElementType.CORS_DOMAIN).equalsIgnoreCase("true"));
} catch (Exception e) {
logger.error("Problem with modyfing cors...", e);
}
}
/**
* Removes downloads of reference genomes that were interrupted by tomcat
* restart.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment