changeset 91:cf44d9e1a4a7

let CORS be handled by Restlet 2.3 CorsFilter.
author casties
date Sun, 08 Feb 2015 18:09:00 +0100
parents 475ab3d32630
children aadf8760216d fcb6fe10e08c
files src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java
diffstat 9 files changed, 17 insertions(+), 88 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java	Sun Feb 08 18:09:00 2015 +0100
@@ -54,10 +54,6 @@
  */
 public class AnnotatorAnnotations extends AnnotatorResourceImpl {
 
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET,POST,PUT,DELETE";
-    }
-
     /**
      * GET with JSON content-type.
      * 
@@ -67,7 +63,6 @@
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorAnnotations doGetJSON!");
-        setCorsHeaders();
         // id from URI /annotations/{id}
         String id = null;
         String jsonId = (String) getRequest().getAttributes().get("id");
@@ -164,8 +159,6 @@
     @Post("json")
     public Representation doPostJson(Representation entity) {
         logger.fine("AnnotatorAnnotations doPostJSON!");
-        // set headers
-        setCorsHeaders();
 
         // do authentication TODO: who's allowed to create?
         Person authUser = getUserFromAuthToken(entity);
@@ -219,7 +212,6 @@
     @Put("json")
     public Representation doPutJSON(Representation entity) {
         logger.fine("AnnotatorAnnotations doPutJSON!");
-        setCorsHeaders();
         // id from URI /annotations/{id}
         String jsonId = (String) getRequest().getAttributes().get("id");
         String id = decodeJsonId(jsonId);
@@ -282,7 +274,6 @@
     @Delete("json")
     public Representation doDeleteJSON(Representation entity) {
         logger.fine("AnnotatorAnnotations doDeleteJSON!");
-        setCorsHeaders();
         // id from URI /annotations/{id}
         String jsonId = (String) getRequest().getAttributes().get("id");
         String id = decodeJsonId(jsonId);
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java	Sun Feb 08 18:09:00 2015 +0100
@@ -49,14 +49,10 @@
  * 
  */
 public class AnnotatorAnnotationsByResources extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorAnnotatonsByResource doGetJSON!");
-        setCorsHeaders();
 
         // do authentication
         Person authUser = getUserFromAuthToken(entity);
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java	Sun Feb 08 18:09:00 2015 +0100
@@ -48,14 +48,10 @@
  * 
  */
 public class AnnotatorAnnotationsByTags extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorAnnotatonsBytag doGetJSON!");
-        setCorsHeaders();
 
         // do authentication
         Person authUser = getUserFromAuthToken(entity);
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java	Sun Feb 08 18:09:00 2015 +0100
@@ -47,9 +47,6 @@
  *
  */
 public class AnnotatorGroups extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     /**
      * GET with JSON content-type.
@@ -63,7 +60,6 @@
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorGroups doGetJSON!");
-        setCorsHeaders();
         // get user from auth token (preferred)
         Person authUser = getUserFromAuthToken(entity);
         JSONArray results = null;
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java	Sun Feb 08 18:09:00 2015 +0100
@@ -44,10 +44,9 @@
 import org.json.JSONArray;
 import org.json.JSONException;
 import org.json.JSONObject;
+import org.restlet.data.Header;
 import org.restlet.data.Status;
-import org.restlet.data.Header;
 import org.restlet.representation.Representation;
-import org.restlet.resource.Options;
 import org.restlet.resource.ServerResource;
 import org.restlet.util.Series;
 
@@ -76,10 +75,6 @@
 
     private AnnotationStore store;
 
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET,POST";
-    }
-
     protected AnnotationStore getAnnotationStore() {
         if (store == null) {
             store = ((BaseRestlet) getApplication()).getAnnotationStore();
@@ -108,44 +103,6 @@
     }
 
     /**
-     * Handle options request to allow CORS for AJAX.
-     * 
-     * @param entity
-     */
-    @Options
-    public void doOptions(Representation entity) {
-        logger.fine("AnnotatorResourceImpl doOptions!");
-        setCorsHeaders();
-    }
-
-    /**
-     * set headers to allow CORS for AJAX.
-     */
-    protected void setCorsHeaders() {
-        Series<Header> responseHeaders = (Series<Header>) getResponse().getHeaders();
-        if (responseHeaders == null) {
-            responseHeaders = new Series<Header>(Header.class);
-            getResponse().getAttributes().put("org.restlet.http.headers", responseHeaders);
-        }
-        responseHeaders.add("Access-Control-Allow-Methods", getAllowedMethodsForHeader());
-        // echo back Origin and Request-Headers
-        @SuppressWarnings("unchecked")
-        Series<Header> requestHeaders = (Series<Header>) getRequest().getAttributes().get("org.restlet.http.headers");
-        String origin = requestHeaders.getFirstValue("Origin", true);
-        if (origin == null) {
-            responseHeaders.add("Access-Control-Allow-Origin", "*");
-        } else {
-            responseHeaders.add("Access-Control-Allow-Origin", origin);
-        }
-        String allowHeaders = requestHeaders.getFirstValue("Access-Control-Request-Headers", true);
-        if (allowHeaders != null) {
-            responseHeaders.add("Access-Control-Allow-Headers", allowHeaders);
-        }
-        responseHeaders.add("Access-Control-Allow-Credentials", "true");
-        responseHeaders.add("Access-Control-Max-Age", "60");
-    }
-
-    /**
      * returns if authentication information from headers is valid.
      * 
      * @param entity
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java	Sun Feb 08 18:09:00 2015 +0100
@@ -48,9 +48,6 @@
  * 
  */
 public class AnnotatorResources extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     /**
      * GET with JSON content-type. 
@@ -62,7 +59,6 @@
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorResources doGetJSON!");
-        setCorsHeaders();
 
         String jsonId = (String) getRequest().getAttributes().get("id");
         if (jsonId != null) {
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java	Sun Feb 08 18:09:00 2015 +0100
@@ -22,7 +22,11 @@
  * #L%
  */
 
+import java.util.Arrays;
+import java.util.HashSet;
+
 import org.restlet.Restlet;
+import org.restlet.engine.application.CorsFilter;
 import org.restlet.routing.Router;
 
 /**
@@ -31,7 +35,7 @@
  */
 public class AnnotatorRestlet extends BaseRestlet {
 
-    public final String version = "AnnotationManagerN4J/Annotator 0.5.0";
+    public final String version = "AnnotationManagerN4J/Annotator 0.5.1";
 
     /*
      * (non-Javadoc)
@@ -40,10 +44,9 @@
      */
     @Override
     public Restlet createInboundRoot() {
-        // this.authenticator = createAuthenticator();
 
         Router router = new Router(getContext());
-
+        
         router.attach("/annotations", AnnotatorAnnotations.class);
         router.attach("/annotations/{id}", AnnotatorAnnotations.class);
         router.attach("/search", AnnotatorSearch.class);
@@ -55,10 +58,19 @@
         router.attach("/resources/{id}", AnnotatorResources.class);
         router.attach("/resources/{id}/annotations", AnnotatorAnnotationsByResources.class);
         router.attach("/", AnnotatorInfo.class);
+        //return router;
+
+        // this.authenticator = createAuthenticator();
         // authenticator.setNext(router);
         // return authenticator;
 
-        return router;
+        // handle Cross-Origin-Resource-Security headers
+        CorsFilter corsFilter = new CorsFilter(getContext(), router);
+        corsFilter.setAllowedOrigins(new HashSet<String>(Arrays.asList("*")));
+        corsFilter.setAllowedCredentials(true);
+        corsFilter.setNext(router);
+        return corsFilter;
+
     }
 
     /* (non-Javadoc)
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java	Sun Feb 08 18:09:00 2015 +0100
@@ -1,6 +1,3 @@
-/**
- * Implements the "search" uri of the Annotator API.
- */
 package de.mpiwg.itgroup.annotations.restlet;
 
 /*
@@ -51,10 +48,6 @@
  */
 public class AnnotatorSearch extends AnnotatorResourceImpl {
 
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
-
     /**
      * result for JSON content-type. optional search parameters: uri, user, limit,
      * offset, sortBy.
@@ -65,7 +58,6 @@
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorSearch doGetJSON!");
-        setCorsHeaders();
         // do authentication
         Person authUser = getUserFromAuthToken(entity);
         logger.fine("request authenticated=" + authUser);
--- a/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java	Sun Feb 08 16:57:42 2015 +0100
+++ b/src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java	Sun Feb 08 18:09:00 2015 +0100
@@ -1,6 +1,3 @@
-/**
- * ReST API for accessing groups in the Annotation store.
- */
 package de.mpiwg.itgroup.annotations.restlet;
 
 /*
@@ -48,9 +45,6 @@
  * 
  */
 public class AnnotatorTags extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     /**
      * GET with JSON content-type. 
@@ -64,7 +58,6 @@
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorGroups doGetJSON!");
-        setCorsHeaders();
 
         String jsonId = (String) getRequest().getAttributes().get("id");
         // String id = decodeJsonId(jsonId);