Commit ae80cb4c27118383a7dfc0f786648880686ed579

Authored by PauloGladson
1 parent e6eddf82

Segurança

demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/Cache.java
... ... @@ -25,5 +25,5 @@ import javax.interceptor.InterceptorBinding;
25 25 public @interface Cache {
26 26  
27 27 @Nonbinding
28   - String value() default "max-age=9223372036854775807";
  28 + String value() default "max-age=0";
29 29 }
... ...
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/Cors.java
... ... @@ -1,26 +0,0 @@
1   -/*
2   - * To change this license header, choose License Headers in Project Properties.
3   - * To change this template file, choose Tools | Templates
4   - * and open the template in the editor.
5   - */
6   -package org.demoiselle.jee.ws.jaxrs.annotation;
7   -
8   -import static java.lang.annotation.ElementType.METHOD;
9   -import static java.lang.annotation.ElementType.TYPE;
10   -import java.lang.annotation.Inherited;
11   -import java.lang.annotation.Retention;
12   -import static java.lang.annotation.RetentionPolicy.RUNTIME;
13   -import java.lang.annotation.Target;
14   -import javax.enterprise.util.Nonbinding;
15   -import javax.interceptor.InterceptorBinding;
16   -
17   -/**
18   - *
19   - * @author 70744416353
20   - */
21   -@Inherited
22   -@InterceptorBinding
23   -@Target({METHOD, TYPE})
24   -@Retention(RUNTIME)
25   -public @interface Cors {
26   -}
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsAllowMethods.java 0 → 100644
... ... @@ -0,0 +1,26 @@
  1 +/*
  2 + * To change this license header, choose License Headers in Project Properties.
  3 + * To change this template file, choose Tools | Templates
  4 + * and open the template in the editor.
  5 + */
  6 +package org.demoiselle.jee.ws.jaxrs.annotation;
  7 +
  8 +import static java.lang.annotation.ElementType.METHOD;
  9 +import static java.lang.annotation.ElementType.TYPE;
  10 +import java.lang.annotation.Inherited;
  11 +import java.lang.annotation.Retention;
  12 +import static java.lang.annotation.RetentionPolicy.RUNTIME;
  13 +import java.lang.annotation.Target;
  14 +import javax.enterprise.util.Nonbinding;
  15 +import javax.interceptor.InterceptorBinding;
  16 +
  17 +/**
  18 + *
  19 + * @author 70744416353
  20 + */
  21 +@Inherited
  22 +@InterceptorBinding
  23 +@Target({METHOD, TYPE})
  24 +@Retention(RUNTIME)
  25 +public @interface CorsAllowMethods {
  26 +}
... ...
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsAllowOrigin.java 0 → 100644
... ... @@ -0,0 +1,29 @@
  1 +/*
  2 + * To change this license header, choose License Headers in Project Properties.
  3 + * To change this template file, choose Tools | Templates
  4 + * and open the template in the editor.
  5 + */
  6 +package org.demoiselle.jee.ws.jaxrs.annotation;
  7 +
  8 +import static java.lang.annotation.ElementType.METHOD;
  9 +import static java.lang.annotation.ElementType.TYPE;
  10 +import java.lang.annotation.Inherited;
  11 +import java.lang.annotation.Retention;
  12 +import static java.lang.annotation.RetentionPolicy.RUNTIME;
  13 +import java.lang.annotation.Target;
  14 +import javax.enterprise.util.Nonbinding;
  15 +import javax.interceptor.InterceptorBinding;
  16 +
  17 +/**
  18 + *
  19 + * @author 70744416353
  20 + */
  21 +@Inherited
  22 +@InterceptorBinding
  23 +@Target({METHOD, TYPE})
  24 +@Retention(RUNTIME)
  25 +public @interface CorsAllowOrigin {
  26 +
  27 + @Nonbinding
  28 + String value() default "*";
  29 +}
... ...
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsMaxAge.java 0 → 100644
... ... @@ -0,0 +1,29 @@
  1 +/*
  2 + * To change this license header, choose License Headers in Project Properties.
  3 + * To change this template file, choose Tools | Templates
  4 + * and open the template in the editor.
  5 + */
  6 +package org.demoiselle.jee.ws.jaxrs.annotation;
  7 +
  8 +import static java.lang.annotation.ElementType.METHOD;
  9 +import static java.lang.annotation.ElementType.TYPE;
  10 +import java.lang.annotation.Inherited;
  11 +import java.lang.annotation.Retention;
  12 +import static java.lang.annotation.RetentionPolicy.RUNTIME;
  13 +import java.lang.annotation.Target;
  14 +import javax.enterprise.util.Nonbinding;
  15 +import javax.interceptor.InterceptorBinding;
  16 +
  17 +/**
  18 + *
  19 + * @author 70744416353
  20 + */
  21 +@Inherited
  22 +@InterceptorBinding
  23 +@Target({METHOD, TYPE})
  24 +@Retention(RUNTIME)
  25 +public @interface CorsMaxAge {
  26 +
  27 + @Nonbinding
  28 + String value() default "0";
  29 +}
... ...
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java
... ... @@ -18,7 +18,8 @@ import javax.ws.rs.container.ResourceInfo;
18 18 import javax.ws.rs.core.Context;
19 19 import javax.ws.rs.ext.Provider;
20 20 import org.demoiselle.jee.ws.jaxrs.annotation.Cache;
21   -import org.demoiselle.jee.ws.jaxrs.annotation.Cors;
  21 +import org.demoiselle.jee.ws.jaxrs.annotation.CorsAllowMethods;
  22 +import org.demoiselle.jee.ws.jaxrs.annotation.CorsAllowOrigin;
22 23  
23 24 /**
24 25 *
... ... @@ -41,22 +42,25 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil
41 42 @Override
42 43 public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) {
43 44  
  45 + response.getHeaders().putSingle("Demoiselle", "3.0.0");
  46 +
44 47 if (requestContext.getMethod().equals("GET")) {
45 48 Cache max = info.getResourceMethod().getAnnotation(Cache.class);
46 49 if (max != null) {
47 50 response.getHeaders().putSingle("Cache-Control", max.value());
48 51 }
49 52 }
50   -
51   -// Cors cors = info.getResourceMethod().getAnnotation(Cors.class);
52   -// if (cors != null) {
53   -// response.getHeaders().putSingle("Cache-Control", max.value());
54   -// }
55 53  
56   - response.getHeaders().putSingle("Demoiselle", "3.0.0");
57   - response.getHeaders().putSingle("Access-Control-Allow-Origin", "*");
58   - response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE");
59   - response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type");
  54 + CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class);
  55 + if (corsAllowMethods != null) {
  56 + response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod());
  57 + }
  58 +
  59 + CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class);
  60 + if (corsAllowOrigin != null) {
  61 + response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value());
  62 + }
  63 +
60 64 }
61 65  
62 66 @PostConstruct
... ...
demoiselle-security/src/main/java/org/demoiselle/jee/security/filter/JaxRsFilter.java
... ... @@ -44,6 +44,9 @@ public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, C
44 44  
45 45 @Override
46 46 public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) {
  47 + responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Authorization");
  48 + responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true");
  49 +
47 50 responseContext.getHeaders().putSingle("Authorization", "enabled");
48 51 responseContext.getHeaders().putSingle("x-content-type-options", "nosniff");
49 52 responseContext.getHeaders().putSingle("x-frame-options", "SAMEORIGIN");
... ...