Changeset 91:cf44d9e1a4a7 in AnnotationManagerN4J for src

Timestamp:

Feb 8, 2015, 5:09:00 PM (10 years ago)

Author:

casties

Branch:

default

Children:

92:aadf8760216d, 94:fcb6fe10e08c

Message:

let CORS be handled by Restlet 2.3 CorsFilter?.

Location:

src/main/java/de/mpiwg/itgroup/annotations/restlet

Files:

• AnnotatorAnnotations.java (modified) (5 diffs)
• AnnotatorAnnotationsByResources.java (modified) (1 diff)
• AnnotatorAnnotationsByTags.java (modified) (1 diff)
• AnnotatorGroups.java (modified) (2 diffs)
• AnnotatorResourceImpl.java (modified) (3 diffs)
• AnnotatorResources.java (modified) (2 diffs)
• AnnotatorRestlet.java (modified) (4 diffs)
• AnnotatorSearch.java (modified) (3 diffs)
• AnnotatorTags.java (modified) (3 diffs)

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotations.java

@@ -55 +55 @@
 public class AnnotatorAnnotations extends AnnotatorResourceImpl {
 
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET,POST,PUT,DELETE";
-    }
-
     /**
      * GET with JSON content-type.
@@ -68 +64 @@
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorAnnotations doGetJSON!");
-        setCorsHeaders();
         // id from URI /annotations/{id}
         String id = null;
@@ -165 +160 @@
     public Representation doPostJson(Representation entity) {
         logger.fine("AnnotatorAnnotations doPostJSON!");
-        // set headers
-        setCorsHeaders();
 
         // do authentication TODO: who's allowed to create?
@@ -220 +213 @@
     public Representation doPutJSON(Representation entity) {
         logger.fine("AnnotatorAnnotations doPutJSON!");
-        setCorsHeaders();
         // id from URI /annotations/{id}
         String jsonId = (String) getRequest().getAttributes().get("id");
@@ -283 +275 @@
     public Representation doDeleteJSON(Representation entity) {
         logger.fine("AnnotatorAnnotations doDeleteJSON!");
-        setCorsHeaders();
         // id from URI /annotations/{id}
         String jsonId = (String) getRequest().getAttributes().get("id");

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByResources.java

@@ -50 +50 @@
  */
 public class AnnotatorAnnotationsByResources extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorAnnotatonsByResource doGetJSON!");
-        setCorsHeaders();
 
         // do authentication

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorAnnotationsByTags.java

@@ -49 +49 @@
  */
 public class AnnotatorAnnotationsByTags extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     @Get("json")
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorAnnotatonsBytag doGetJSON!");
-        setCorsHeaders();
 
         // do authentication

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorGroups.java

@@ -48 +48 @@
  */
 public class AnnotatorGroups extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     /**
@@ -64 +61 @@
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorGroups doGetJSON!");
-        setCorsHeaders();
         // get user from auth token (preferred)
         Person authUser = getUserFromAuthToken(entity);

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResourceImpl.java

@@ -45 +45 @@
 import org.json.JSONException;
 import org.json.JSONObject;
+import org.restlet.data.Header;
 import org.restlet.data.Status;
-import org.restlet.data.Header;
 import org.restlet.representation.Representation;
-import org.restlet.resource.Options;
 import org.restlet.resource.ServerResource;
 import org.restlet.util.Series;
@@ -77 +76 @@
     private AnnotationStore store;
 
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET,POST";
-    }
-
     protected AnnotationStore getAnnotationStore() {
         if (store == null) {
@@ -106 +101 @@
             return null;
         }
-    }
-
-    /**
-     * Handle options request to allow CORS for AJAX.
-     * 
-     * @param entity
-     */
-    @Options
-    public void doOptions(Representation entity) {
-        logger.fine("AnnotatorResourceImpl doOptions!");
-        setCorsHeaders();
-    }
-
-    /**
-     * set headers to allow CORS for AJAX.
-     */
-    protected void setCorsHeaders() {
-        Series<Header> responseHeaders = (Series<Header>) getResponse().getHeaders();
-        if (responseHeaders == null) {
-            responseHeaders = new Series<Header>(Header.class);
-            getResponse().getAttributes().put("org.restlet.http.headers", responseHeaders);
-        }
-        responseHeaders.add("Access-Control-Allow-Methods", getAllowedMethodsForHeader());
-        // echo back Origin and Request-Headers
-        @SuppressWarnings("unchecked")
-        Series<Header> requestHeaders = (Series<Header>) getRequest().getAttributes().get("org.restlet.http.headers");
-        String origin = requestHeaders.getFirstValue("Origin", true);
-        if (origin == null) {
-            responseHeaders.add("Access-Control-Allow-Origin", "*");
-        } else {
-            responseHeaders.add("Access-Control-Allow-Origin", origin);
-        }
-        String allowHeaders = requestHeaders.getFirstValue("Access-Control-Request-Headers", true);
-        if (allowHeaders != null) {
-            responseHeaders.add("Access-Control-Allow-Headers", allowHeaders);
-        }
-        responseHeaders.add("Access-Control-Allow-Credentials", "true");
-        responseHeaders.add("Access-Control-Max-Age", "60");
     }
 

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorResources.java

@@ -49 +49 @@
  */
 public class AnnotatorResources extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     /**
@@ -63 +60 @@
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorResources doGetJSON!");
-        setCorsHeaders();
 
         String jsonId = (String) getRequest().getAttributes().get("id");

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorRestlet.java

@@ -23 +23 @@
  */
 
+import java.util.Arrays;
+import java.util.HashSet;
+
 import org.restlet.Restlet;
+import org.restlet.engine.application.CorsFilter;
 import org.restlet.routing.Router;
 
@@ -32 +36 @@
 public class AnnotatorRestlet extends BaseRestlet {
 
-    public final String version = "AnnotationManagerN4J/Annotator 0.5.0";
+    public final String version = "AnnotationManagerN4J/Annotator 0.5.1";
 
     /*
@@ -41 +45 @@
     @Override
     public Restlet createInboundRoot() {
-        // this.authenticator = createAuthenticator();
 
         Router router = new Router(getContext());
-
+        
         router.attach("/annotations", AnnotatorAnnotations.class);
         router.attach("/annotations/{id}", AnnotatorAnnotations.class);
@@ -56 +59 @@
         router.attach("/resources/{id}/annotations", AnnotatorAnnotationsByResources.class);
         router.attach("/", AnnotatorInfo.class);
+        //return router;
+
+        // this.authenticator = createAuthenticator();
         // authenticator.setNext(router);
         // return authenticator;
 
-        return router;
+        // handle Cross-Origin-Resource-Security headers
+        CorsFilter corsFilter = new CorsFilter(getContext(), router);
+        corsFilter.setAllowedOrigins(new HashSet<String>(Arrays.asList("*")));
+        corsFilter.setAllowedCredentials(true);
+        corsFilter.setNext(router);
+        return corsFilter;
+
     }
 

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorSearch.java

@@ -1 @@
-/**
- * Implements the "search" uri of the Annotator API.
- */
 package de.mpiwg.itgroup.annotations.restlet;
 
@@ -52 +49 @@
 public class AnnotatorSearch extends AnnotatorResourceImpl {
 
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
-
     /**
      * result for JSON content-type. optional search parameters: uri, user, limit,
@@ -66 +59 @@
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorSearch doGetJSON!");
-        setCorsHeaders();
         // do authentication
         Person authUser = getUserFromAuthToken(entity);

src/main/java/de/mpiwg/itgroup/annotations/restlet/AnnotatorTags.java

@@ -1 @@
-/**
- * ReST API for accessing groups in the Annotation store.
- */
 package de.mpiwg.itgroup.annotations.restlet;
 
@@ -49 +46 @@
  */
 public class AnnotatorTags extends AnnotatorResourceImpl {
-    protected String getAllowedMethodsForHeader() {
-        return "OPTIONS,GET";
-    }
 
     /**
@@ -65 +59 @@
     public Representation doGetJSON(Representation entity) {
         logger.fine("AnnotatorGroups doGetJSON!");
-        setCorsHeaders();
 
         String jsonId = (String) getRequest().getAttributes().get("id");