Commit ae80cb4c27118383a7dfc0f786648880686ed579
1 parent
e6eddf82
Segurança
Showing
7 changed files
with
102 additions
and
37 deletions
Show diff stats
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/Cache.java
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/Cors.java
... | ... | @@ -1,26 +0,0 @@ |
1 | -/* | |
2 | - * To change this license header, choose License Headers in Project Properties. | |
3 | - * To change this template file, choose Tools | Templates | |
4 | - * and open the template in the editor. | |
5 | - */ | |
6 | -package org.demoiselle.jee.ws.jaxrs.annotation; | |
7 | - | |
8 | -import static java.lang.annotation.ElementType.METHOD; | |
9 | -import static java.lang.annotation.ElementType.TYPE; | |
10 | -import java.lang.annotation.Inherited; | |
11 | -import java.lang.annotation.Retention; | |
12 | -import static java.lang.annotation.RetentionPolicy.RUNTIME; | |
13 | -import java.lang.annotation.Target; | |
14 | -import javax.enterprise.util.Nonbinding; | |
15 | -import javax.interceptor.InterceptorBinding; | |
16 | - | |
17 | -/** | |
18 | - * | |
19 | - * @author 70744416353 | |
20 | - */ | |
21 | -@Inherited | |
22 | -@InterceptorBinding | |
23 | -@Target({METHOD, TYPE}) | |
24 | -@Retention(RUNTIME) | |
25 | -public @interface Cors { | |
26 | -} |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsAllowMethods.java
0 → 100644
... | ... | @@ -0,0 +1,26 @@ |
1 | +/* | |
2 | + * To change this license header, choose License Headers in Project Properties. | |
3 | + * To change this template file, choose Tools | Templates | |
4 | + * and open the template in the editor. | |
5 | + */ | |
6 | +package org.demoiselle.jee.ws.jaxrs.annotation; | |
7 | + | |
8 | +import static java.lang.annotation.ElementType.METHOD; | |
9 | +import static java.lang.annotation.ElementType.TYPE; | |
10 | +import java.lang.annotation.Inherited; | |
11 | +import java.lang.annotation.Retention; | |
12 | +import static java.lang.annotation.RetentionPolicy.RUNTIME; | |
13 | +import java.lang.annotation.Target; | |
14 | +import javax.enterprise.util.Nonbinding; | |
15 | +import javax.interceptor.InterceptorBinding; | |
16 | + | |
17 | +/** | |
18 | + * | |
19 | + * @author 70744416353 | |
20 | + */ | |
21 | +@Inherited | |
22 | +@InterceptorBinding | |
23 | +@Target({METHOD, TYPE}) | |
24 | +@Retention(RUNTIME) | |
25 | +public @interface CorsAllowMethods { | |
26 | +} | ... | ... |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsAllowOrigin.java
0 → 100644
... | ... | @@ -0,0 +1,29 @@ |
1 | +/* | |
2 | + * To change this license header, choose License Headers in Project Properties. | |
3 | + * To change this template file, choose Tools | Templates | |
4 | + * and open the template in the editor. | |
5 | + */ | |
6 | +package org.demoiselle.jee.ws.jaxrs.annotation; | |
7 | + | |
8 | +import static java.lang.annotation.ElementType.METHOD; | |
9 | +import static java.lang.annotation.ElementType.TYPE; | |
10 | +import java.lang.annotation.Inherited; | |
11 | +import java.lang.annotation.Retention; | |
12 | +import static java.lang.annotation.RetentionPolicy.RUNTIME; | |
13 | +import java.lang.annotation.Target; | |
14 | +import javax.enterprise.util.Nonbinding; | |
15 | +import javax.interceptor.InterceptorBinding; | |
16 | + | |
17 | +/** | |
18 | + * | |
19 | + * @author 70744416353 | |
20 | + */ | |
21 | +@Inherited | |
22 | +@InterceptorBinding | |
23 | +@Target({METHOD, TYPE}) | |
24 | +@Retention(RUNTIME) | |
25 | +public @interface CorsAllowOrigin { | |
26 | + | |
27 | + @Nonbinding | |
28 | + String value() default "*"; | |
29 | +} | ... | ... |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsMaxAge.java
0 → 100644
... | ... | @@ -0,0 +1,29 @@ |
1 | +/* | |
2 | + * To change this license header, choose License Headers in Project Properties. | |
3 | + * To change this template file, choose Tools | Templates | |
4 | + * and open the template in the editor. | |
5 | + */ | |
6 | +package org.demoiselle.jee.ws.jaxrs.annotation; | |
7 | + | |
8 | +import static java.lang.annotation.ElementType.METHOD; | |
9 | +import static java.lang.annotation.ElementType.TYPE; | |
10 | +import java.lang.annotation.Inherited; | |
11 | +import java.lang.annotation.Retention; | |
12 | +import static java.lang.annotation.RetentionPolicy.RUNTIME; | |
13 | +import java.lang.annotation.Target; | |
14 | +import javax.enterprise.util.Nonbinding; | |
15 | +import javax.interceptor.InterceptorBinding; | |
16 | + | |
17 | +/** | |
18 | + * | |
19 | + * @author 70744416353 | |
20 | + */ | |
21 | +@Inherited | |
22 | +@InterceptorBinding | |
23 | +@Target({METHOD, TYPE}) | |
24 | +@Retention(RUNTIME) | |
25 | +public @interface CorsMaxAge { | |
26 | + | |
27 | + @Nonbinding | |
28 | + String value() default "0"; | |
29 | +} | ... | ... |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java
... | ... | @@ -18,7 +18,8 @@ import javax.ws.rs.container.ResourceInfo; |
18 | 18 | import javax.ws.rs.core.Context; |
19 | 19 | import javax.ws.rs.ext.Provider; |
20 | 20 | import org.demoiselle.jee.ws.jaxrs.annotation.Cache; |
21 | -import org.demoiselle.jee.ws.jaxrs.annotation.Cors; | |
21 | +import org.demoiselle.jee.ws.jaxrs.annotation.CorsAllowMethods; | |
22 | +import org.demoiselle.jee.ws.jaxrs.annotation.CorsAllowOrigin; | |
22 | 23 | |
23 | 24 | /** |
24 | 25 | * |
... | ... | @@ -41,22 +42,25 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil |
41 | 42 | @Override |
42 | 43 | public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) { |
43 | 44 | |
45 | + response.getHeaders().putSingle("Demoiselle", "3.0.0"); | |
46 | + | |
44 | 47 | if (requestContext.getMethod().equals("GET")) { |
45 | 48 | Cache max = info.getResourceMethod().getAnnotation(Cache.class); |
46 | 49 | if (max != null) { |
47 | 50 | response.getHeaders().putSingle("Cache-Control", max.value()); |
48 | 51 | } |
49 | 52 | } |
50 | - | |
51 | -// Cors cors = info.getResourceMethod().getAnnotation(Cors.class); | |
52 | -// if (cors != null) { | |
53 | -// response.getHeaders().putSingle("Cache-Control", max.value()); | |
54 | -// } | |
55 | 53 | |
56 | - response.getHeaders().putSingle("Demoiselle", "3.0.0"); | |
57 | - response.getHeaders().putSingle("Access-Control-Allow-Origin", "*"); | |
58 | - response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE"); | |
59 | - response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type"); | |
54 | + CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class); | |
55 | + if (corsAllowMethods != null) { | |
56 | + response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod()); | |
57 | + } | |
58 | + | |
59 | + CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class); | |
60 | + if (corsAllowOrigin != null) { | |
61 | + response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value()); | |
62 | + } | |
63 | + | |
60 | 64 | } |
61 | 65 | |
62 | 66 | @PostConstruct | ... | ... |
demoiselle-security/src/main/java/org/demoiselle/jee/security/filter/JaxRsFilter.java
... | ... | @@ -44,6 +44,9 @@ public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, C |
44 | 44 | |
45 | 45 | @Override |
46 | 46 | public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) { |
47 | + responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Authorization"); | |
48 | + responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true"); | |
49 | + | |
47 | 50 | responseContext.getHeaders().putSingle("Authorization", "enabled"); |
48 | 51 | responseContext.getHeaders().putSingle("x-content-type-options", "nosniff"); |
49 | 52 | responseContext.getHeaders().putSingle("x-frame-options", "SAMEORIGIN"); | ... | ... |