Commit ae80cb4c27118383a7dfc0f786648880686ed579
1 parent
e6eddf82
Segurança
Showing
7 changed files
with
102 additions
and
37 deletions
Show diff stats
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/Cache.java
| @@ -25,5 +25,5 @@ import javax.interceptor.InterceptorBinding; | @@ -25,5 +25,5 @@ import javax.interceptor.InterceptorBinding; | ||
| 25 | public @interface Cache { | 25 | public @interface Cache { |
| 26 | 26 | ||
| 27 | @Nonbinding | 27 | @Nonbinding |
| 28 | - String value() default "max-age=9223372036854775807"; | 28 | + String value() default "max-age=0"; |
| 29 | } | 29 | } |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/Cors.java
| @@ -1,26 +0,0 @@ | @@ -1,26 +0,0 @@ | ||
| 1 | -/* | ||
| 2 | - * To change this license header, choose License Headers in Project Properties. | ||
| 3 | - * To change this template file, choose Tools | Templates | ||
| 4 | - * and open the template in the editor. | ||
| 5 | - */ | ||
| 6 | -package org.demoiselle.jee.ws.jaxrs.annotation; | ||
| 7 | - | ||
| 8 | -import static java.lang.annotation.ElementType.METHOD; | ||
| 9 | -import static java.lang.annotation.ElementType.TYPE; | ||
| 10 | -import java.lang.annotation.Inherited; | ||
| 11 | -import java.lang.annotation.Retention; | ||
| 12 | -import static java.lang.annotation.RetentionPolicy.RUNTIME; | ||
| 13 | -import java.lang.annotation.Target; | ||
| 14 | -import javax.enterprise.util.Nonbinding; | ||
| 15 | -import javax.interceptor.InterceptorBinding; | ||
| 16 | - | ||
| 17 | -/** | ||
| 18 | - * | ||
| 19 | - * @author 70744416353 | ||
| 20 | - */ | ||
| 21 | -@Inherited | ||
| 22 | -@InterceptorBinding | ||
| 23 | -@Target({METHOD, TYPE}) | ||
| 24 | -@Retention(RUNTIME) | ||
| 25 | -public @interface Cors { | ||
| 26 | -} |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsAllowMethods.java
0 → 100644
| @@ -0,0 +1,26 @@ | @@ -0,0 +1,26 @@ | ||
| 1 | +/* | ||
| 2 | + * To change this license header, choose License Headers in Project Properties. | ||
| 3 | + * To change this template file, choose Tools | Templates | ||
| 4 | + * and open the template in the editor. | ||
| 5 | + */ | ||
| 6 | +package org.demoiselle.jee.ws.jaxrs.annotation; | ||
| 7 | + | ||
| 8 | +import static java.lang.annotation.ElementType.METHOD; | ||
| 9 | +import static java.lang.annotation.ElementType.TYPE; | ||
| 10 | +import java.lang.annotation.Inherited; | ||
| 11 | +import java.lang.annotation.Retention; | ||
| 12 | +import static java.lang.annotation.RetentionPolicy.RUNTIME; | ||
| 13 | +import java.lang.annotation.Target; | ||
| 14 | +import javax.enterprise.util.Nonbinding; | ||
| 15 | +import javax.interceptor.InterceptorBinding; | ||
| 16 | + | ||
| 17 | +/** | ||
| 18 | + * | ||
| 19 | + * @author 70744416353 | ||
| 20 | + */ | ||
| 21 | +@Inherited | ||
| 22 | +@InterceptorBinding | ||
| 23 | +@Target({METHOD, TYPE}) | ||
| 24 | +@Retention(RUNTIME) | ||
| 25 | +public @interface CorsAllowMethods { | ||
| 26 | +} |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsAllowOrigin.java
0 → 100644
| @@ -0,0 +1,29 @@ | @@ -0,0 +1,29 @@ | ||
| 1 | +/* | ||
| 2 | + * To change this license header, choose License Headers in Project Properties. | ||
| 3 | + * To change this template file, choose Tools | Templates | ||
| 4 | + * and open the template in the editor. | ||
| 5 | + */ | ||
| 6 | +package org.demoiselle.jee.ws.jaxrs.annotation; | ||
| 7 | + | ||
| 8 | +import static java.lang.annotation.ElementType.METHOD; | ||
| 9 | +import static java.lang.annotation.ElementType.TYPE; | ||
| 10 | +import java.lang.annotation.Inherited; | ||
| 11 | +import java.lang.annotation.Retention; | ||
| 12 | +import static java.lang.annotation.RetentionPolicy.RUNTIME; | ||
| 13 | +import java.lang.annotation.Target; | ||
| 14 | +import javax.enterprise.util.Nonbinding; | ||
| 15 | +import javax.interceptor.InterceptorBinding; | ||
| 16 | + | ||
| 17 | +/** | ||
| 18 | + * | ||
| 19 | + * @author 70744416353 | ||
| 20 | + */ | ||
| 21 | +@Inherited | ||
| 22 | +@InterceptorBinding | ||
| 23 | +@Target({METHOD, TYPE}) | ||
| 24 | +@Retention(RUNTIME) | ||
| 25 | +public @interface CorsAllowOrigin { | ||
| 26 | + | ||
| 27 | + @Nonbinding | ||
| 28 | + String value() default "*"; | ||
| 29 | +} |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/annotation/CorsMaxAge.java
0 → 100644
| @@ -0,0 +1,29 @@ | @@ -0,0 +1,29 @@ | ||
| 1 | +/* | ||
| 2 | + * To change this license header, choose License Headers in Project Properties. | ||
| 3 | + * To change this template file, choose Tools | Templates | ||
| 4 | + * and open the template in the editor. | ||
| 5 | + */ | ||
| 6 | +package org.demoiselle.jee.ws.jaxrs.annotation; | ||
| 7 | + | ||
| 8 | +import static java.lang.annotation.ElementType.METHOD; | ||
| 9 | +import static java.lang.annotation.ElementType.TYPE; | ||
| 10 | +import java.lang.annotation.Inherited; | ||
| 11 | +import java.lang.annotation.Retention; | ||
| 12 | +import static java.lang.annotation.RetentionPolicy.RUNTIME; | ||
| 13 | +import java.lang.annotation.Target; | ||
| 14 | +import javax.enterprise.util.Nonbinding; | ||
| 15 | +import javax.interceptor.InterceptorBinding; | ||
| 16 | + | ||
| 17 | +/** | ||
| 18 | + * | ||
| 19 | + * @author 70744416353 | ||
| 20 | + */ | ||
| 21 | +@Inherited | ||
| 22 | +@InterceptorBinding | ||
| 23 | +@Target({METHOD, TYPE}) | ||
| 24 | +@Retention(RUNTIME) | ||
| 25 | +public @interface CorsMaxAge { | ||
| 26 | + | ||
| 27 | + @Nonbinding | ||
| 28 | + String value() default "0"; | ||
| 29 | +} |
demoiselle-rest/src/main/java/org/demoiselle/jee/ws/jaxrs/filter/JaxRsFilter.java
| @@ -18,7 +18,8 @@ import javax.ws.rs.container.ResourceInfo; | @@ -18,7 +18,8 @@ import javax.ws.rs.container.ResourceInfo; | ||
| 18 | import javax.ws.rs.core.Context; | 18 | import javax.ws.rs.core.Context; |
| 19 | import javax.ws.rs.ext.Provider; | 19 | import javax.ws.rs.ext.Provider; |
| 20 | import org.demoiselle.jee.ws.jaxrs.annotation.Cache; | 20 | import org.demoiselle.jee.ws.jaxrs.annotation.Cache; |
| 21 | -import org.demoiselle.jee.ws.jaxrs.annotation.Cors; | 21 | +import org.demoiselle.jee.ws.jaxrs.annotation.CorsAllowMethods; |
| 22 | +import org.demoiselle.jee.ws.jaxrs.annotation.CorsAllowOrigin; | ||
| 22 | 23 | ||
| 23 | /** | 24 | /** |
| 24 | * | 25 | * |
| @@ -41,22 +42,25 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil | @@ -41,22 +42,25 @@ public class JaxRsFilter implements ContainerRequestFilter, ContainerResponseFil | ||
| 41 | @Override | 42 | @Override |
| 42 | public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) { | 43 | public void filter(ContainerRequestContext requestContext, ContainerResponseContext response) { |
| 43 | 44 | ||
| 45 | + response.getHeaders().putSingle("Demoiselle", "3.0.0"); | ||
| 46 | + | ||
| 44 | if (requestContext.getMethod().equals("GET")) { | 47 | if (requestContext.getMethod().equals("GET")) { |
| 45 | Cache max = info.getResourceMethod().getAnnotation(Cache.class); | 48 | Cache max = info.getResourceMethod().getAnnotation(Cache.class); |
| 46 | if (max != null) { | 49 | if (max != null) { |
| 47 | response.getHeaders().putSingle("Cache-Control", max.value()); | 50 | response.getHeaders().putSingle("Cache-Control", max.value()); |
| 48 | } | 51 | } |
| 49 | } | 52 | } |
| 50 | - | ||
| 51 | -// Cors cors = info.getResourceMethod().getAnnotation(Cors.class); | ||
| 52 | -// if (cors != null) { | ||
| 53 | -// response.getHeaders().putSingle("Cache-Control", max.value()); | ||
| 54 | -// } | ||
| 55 | 53 | ||
| 56 | - response.getHeaders().putSingle("Demoiselle", "3.0.0"); | ||
| 57 | - response.getHeaders().putSingle("Access-Control-Allow-Origin", "*"); | ||
| 58 | - response.getHeaders().putSingle("Access-Control-Allow-Methods", "OPTIONS, GET, POST, PUT, DELETE"); | ||
| 59 | - response.getHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type"); | 54 | + CorsAllowMethods corsAllowMethods = info.getResourceMethod().getAnnotation(CorsAllowMethods.class); |
| 55 | + if (corsAllowMethods != null) { | ||
| 56 | + response.getHeaders().putSingle("Access-Control-Allow-Methods", requestContext.getMethod()); | ||
| 57 | + } | ||
| 58 | + | ||
| 59 | + CorsAllowOrigin corsAllowOrigin = info.getResourceMethod().getAnnotation(CorsAllowOrigin.class); | ||
| 60 | + if (corsAllowOrigin != null) { | ||
| 61 | + response.getHeaders().putSingle("Access-Control-Allow-Origin", corsAllowOrigin.value()); | ||
| 62 | + } | ||
| 63 | + | ||
| 60 | } | 64 | } |
| 61 | 65 | ||
| 62 | @PostConstruct | 66 | @PostConstruct |
demoiselle-security/src/main/java/org/demoiselle/jee/security/filter/JaxRsFilter.java
| @@ -44,6 +44,9 @@ public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, C | @@ -44,6 +44,9 @@ public class JaxRsFilter implements ClientRequestFilter, ClientResponseFilter, C | ||
| 44 | 44 | ||
| 45 | @Override | 45 | @Override |
| 46 | public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) { | 46 | public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) { |
| 47 | + responseContext.getHeaders().putSingle("Access-Control-Allow-Headers", "Authorization"); | ||
| 48 | + responseContext.getHeaders().putSingle("Access-Control-Allow-Credentials", "true"); | ||
| 49 | + | ||
| 47 | responseContext.getHeaders().putSingle("Authorization", "enabled"); | 50 | responseContext.getHeaders().putSingle("Authorization", "enabled"); |
| 48 | responseContext.getHeaders().putSingle("x-content-type-options", "nosniff"); | 51 | responseContext.getHeaders().putSingle("x-content-type-options", "nosniff"); |
| 49 | responseContext.getHeaders().putSingle("x-frame-options", "SAMEORIGIN"); | 52 | responseContext.getHeaders().putSingle("x-frame-options", "SAMEORIGIN"); |