diff options
Diffstat (limited to 'sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors')
5 files changed, 536 insertions, 0 deletions
diff --git a/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORS.java b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORS.java new file mode 100644 index 0000000000..15852e24c8 --- /dev/null +++ b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORS.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.common.http.cors; + +/** + * @version $Rev$ $Date$ + */ +public interface CORS { + /** + * + * @return + */ + CORSConfiguration getCORSConfiguration(); + + /** + * + * @param config + */ + void setCORSConfiguration(CORSConfiguration config); +} diff --git a/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSConfiguration.java b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSConfiguration.java new file mode 100644 index 0000000000..0d89c5c9cb --- /dev/null +++ b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSConfiguration.java @@ -0,0 +1,105 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.common.http.cors; + +import java.util.ArrayList; +import java.util.List; + +public class CORSConfiguration { + List<String> allowOrigins = new ArrayList<String>(); + List<String> allowHeaders = new ArrayList<String>(); + List<String> exposeHeaders = new ArrayList<String>(); + List<String> allowMethods = new ArrayList<String>(); + boolean allowCredentials; + int maxAge; + + public CORSConfiguration() { + + } + + public List<String> getAllowOrigins() { + return allowOrigins; + } + + public void setAllowOrigins(List<String> allowOrigins) { + this.allowOrigins = allowOrigins; + } + + public List<String> getAllowHeaders() { + return allowHeaders; + } + + public void setAllowHeaders(List<String> allowHeaders) { + this.allowHeaders = allowHeaders; + } + + public List<String> getExposeHeaders() { + return exposeHeaders; + } + + public void setExposeHeaders(List<String> exposeHeaders) { + this.exposeHeaders = exposeHeaders; + } + + public List<String> getAllowMethods() { + return allowMethods; + } + + public void setAllowMethods(List<String> allowMethods) { + this.allowMethods = allowMethods; + } + + public boolean isAllowCredentials() { + return allowCredentials; + } + + public void setAllowCredentials(boolean allowCredentials) { + this.allowCredentials = allowCredentials; + } + + public int getMaxAge() { + return maxAge; + } + + public void setMaxAge(int maxAge) { + this.maxAge = maxAge; + } + + /* (non-Javadoc) + * @see java.lang.Object#toString() + */ + @Override + public String toString() { + return "CORSConfiguration [allowOrigins=" + allowOrigins + + ", allowHeaders=" + + allowHeaders + + ", exposeHeaders=" + + exposeHeaders + + ", allowMethods=" + + allowMethods + + ", allowCredentials=" + + allowCredentials + + ", maxAge=" + + maxAge + + "]"; + } + + +} diff --git a/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSConfigurationFactory.java b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSConfigurationFactory.java new file mode 100644 index 0000000000..5cbd6865a0 --- /dev/null +++ b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSConfigurationFactory.java @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.common.http.cors; + +/** + * Factory for the CORS Configuration + */ +public class CORSConfigurationFactory { + + /** + * Create a new CORS Configuration Model + * @return + */ + public CORSConfiguration createCORSConfiguration() { + return new CORSConfiguration(); + } +} diff --git a/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java new file mode 100644 index 0000000000..ffb92f520f --- /dev/null +++ b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.common.http.cors; + +import java.io.IOException; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CORSHeaderProcessor { + public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response) + throws IOException { + + if (config == null) { + String allowHeaders = request.getHeader("Access-Control-Request-Headers"); + if (allowHeaders == null) { + allowHeaders = "Content-Type, Accept, Origin, X-Requested-With"; + } + String allowMethods = request.getHeader("Access-Control-Request-Method"); + if (allowMethods == null) { + allowHeaders = "OPTIONS, HEAD, GET, POST, PUT, DELETE"; + } + + String allowOrigins = request.getHeader("Origin"); + if (allowOrigins == null) { + allowOrigins = "*"; + } + + response.setHeader("Access-Control-Allow-Origin", allowOrigins); + response.setHeader("Access-Control-Allow-Headers", allowHeaders); + response.setHeader("Access-Control-Allow-Credentials", "true"); + if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { + response.setHeader("Access-Control-Allow-Methods", allowMethods); + response.setHeader("Access-Control-Max-Age", "1728000"); + } + return; + } + + if (config.isAllowCredentials()) { + response.setHeader("Access-Control-Allow-Credentials", "true"); + } + + if (config.getMaxAge() > 0) { + response.setHeader("Access-Control-Max-Age", Integer.toString(config.getMaxAge())); + } + + response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config, request)); + response.setHeader("Access-Control-Allow-Methods", getAllowMethods(config)); + response.setHeader("Access-Control-Allow-Headers", getAllowHeaders(config)); + response.setHeader("Access-Control-Expose-Headers", getExposeHeaders(config)); + } + + private static String getAllowOrigins(CORSConfiguration config, HttpServletRequest request) { + String allowOrigins = request.getHeader("Origin"); + if (allowOrigins == null) { + allowOrigins = "*"; + } + return getListValues(config.getAllowOrigins(), allowOrigins); + } + + private static String getAllowMethods(CORSConfiguration config) { + return getListValues(config.getAllowMethods(), "OPTIONS, HEAD, GET, POST, PUT, DELETE"); + } + + private static String getAllowHeaders(CORSConfiguration config) { + return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type, Accept, Origin"); + } + + private static String getExposeHeaders(CORSConfiguration config) { + return getListValues(config.getExposeHeaders(), "X-Requested-With, Content-Type"); + } + + private static String getListValues(List<String> list, String defaultValue) { + StringBuffer values = new StringBuffer(); + if (list != null && list.isEmpty() == false) { + for (String value : list) { + values.append(value).append(","); + } + values.deleteCharAt(values.length()); + } else { + values.append(defaultValue); + } + + return values.toString(); + } +} diff --git a/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/xml/CORSConfigurationProcessor.java b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/xml/CORSConfigurationProcessor.java new file mode 100644 index 0000000000..bc396d66f3 --- /dev/null +++ b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/xml/CORSConfigurationProcessor.java @@ -0,0 +1,256 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.common.http.cors.xml; + +import static javax.xml.stream.XMLStreamConstants.END_ELEMENT; +import static javax.xml.stream.XMLStreamConstants.START_ELEMENT; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; +import javax.xml.stream.XMLStreamWriter; + +import org.apache.tuscany.sca.assembly.Base; +import org.apache.tuscany.sca.common.http.cors.CORSConfiguration; +import org.apache.tuscany.sca.common.http.cors.CORSConfigurationFactory; +import org.apache.tuscany.sca.contribution.processor.BaseStAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.processor.ContributionReadException; +import org.apache.tuscany.sca.contribution.processor.ContributionResolveException; +import org.apache.tuscany.sca.contribution.processor.ContributionWriteException; +import org.apache.tuscany.sca.contribution.processor.ProcessorContext; +import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor; +import org.apache.tuscany.sca.contribution.processor.StAXAttributeProcessor; +import org.apache.tuscany.sca.contribution.resolver.ModelResolver; +import org.apache.tuscany.sca.core.ExtensionPointRegistry; +import org.apache.tuscany.sca.core.FactoryExtensionPoint; + +/** + * CORS Configuration Artifact processor + * @version $Rev$ $Date$ + */ +public class CORSConfigurationProcessor extends BaseStAXArtifactProcessor implements StAXArtifactProcessor<CORSConfiguration> { + + private static final QName CORS_QNAME = new QName(Base.SCA11_TUSCANY_NS, "corsConfiguration"); + + private static final QName ALLOW_CREDENTIALS_QNAME = new QName(Base.SCA11_TUSCANY_NS, "allowCredentials"); + private static final QName MAX_AGE_QNAME = new QName(Base.SCA11_TUSCANY_NS, "maxAge"); + + private static final QName ALLOW_ORIGINS_QNAME = new QName(Base.SCA11_TUSCANY_NS, "allowOrigins"); + private static final QName ORIGIN_QNAME = new QName(Base.SCA11_TUSCANY_NS, "origin"); + + private static final QName ALLOW_METHODS_QNAME = new QName(Base.SCA11_TUSCANY_NS, "allowMethods"); + private static final QName METHOD_QNAME = new QName(Base.SCA11_TUSCANY_NS, "method"); + + private static final QName ALLOW_HEADERS_QNAME = new QName(Base.SCA11_TUSCANY_NS, "allowHeaders"); + private static final QName EXPOSE_HEADERS_QNAME = new QName(Base.SCA11_TUSCANY_NS, "exposeHeaders"); + private static final QName HEADER_QNAME = new QName(Base.SCA11_TUSCANY_NS, "header"); + + + + private StAXArtifactProcessor<Object> extensionProcessor; + private CORSConfigurationFactory corsConfigurationFactory; + + public CORSConfigurationProcessor(ExtensionPointRegistry extensionPoints, + StAXArtifactProcessor<Object> extensionProcessor, + StAXAttributeProcessor<Object> extensionAttributeProcessor) { + + FactoryExtensionPoint modelFactories = extensionPoints.getExtensionPoint(FactoryExtensionPoint.class); + this.corsConfigurationFactory = modelFactories.getFactory(CORSConfigurationFactory.class); + + this.extensionProcessor = (StAXArtifactProcessor<Object>)extensionProcessor; + } + + + @Override + public QName getArtifactType() { + return CORS_QNAME; + } + + @Override + public Class<CORSConfiguration> getModelType() { + return CORSConfiguration.class; + } + + @Override + public CORSConfiguration read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException { + + CORSConfiguration corsConfiguration = corsConfigurationFactory.createCORSConfiguration(); + + /** + * <corsConfiguration> + * <allowCredentials>true</allowCredentials> + * + * <maxAge>100</maxAge> + * + * <allowOrigins> + * <origin>http://www.sfly.com</origin> + * </allowOrigins> + * + * <allowMethods> + * <method>PUT</method> + * <method>POST</method> + * </allowMethods> + * + * <allowHeaders> + * <header>X-custom-1</header> + * <header>X-custom-2</header> + * </allowHeaders> + * + * <exposeHeaders> + * <header>X-custom-1</header> + * <header>X-custom-2</header> + * </exposeHeaders> + * + * </corsConfiguration> + **/ + + HeaderElementType headerType = null; + + while(reader.hasNext()) { + QName elementName = null; + int event = reader.getEventType(); + switch (event) { + case START_ELEMENT: + elementName = reader.getName(); + + if (ALLOW_CREDENTIALS_QNAME.equals(elementName)) { + String value = reader.getElementText(); + corsConfiguration.setAllowCredentials(Boolean.parseBoolean(value)); + } else if (MAX_AGE_QNAME.equals(elementName)) { + String value = reader.getElementText(); + corsConfiguration.setMaxAge(Integer.parseInt(value)); + } else if (ORIGIN_QNAME.equals(elementName)) { + String value = reader.getElementText(); + corsConfiguration.getAllowOrigins().add(value); + } else if (METHOD_QNAME.equals(elementName)) { + String value = reader.getElementText(); + corsConfiguration.getAllowMethods().add(value); + } else if (ALLOW_HEADERS_QNAME.equals(elementName)) { + headerType = HeaderElementType.ALLOWHEADERS; + } else if (EXPOSE_HEADERS_QNAME.equals(elementName)) { + headerType = HeaderElementType.EXPOSEHEADERS; + } else if (HEADER_QNAME.equals(elementName)) { + if(headerType != null) { + String value = reader.getElementText(); + if(headerType == HeaderElementType.ALLOWHEADERS) { + corsConfiguration.getAllowHeaders().add(value); + } else { + corsConfiguration.getExposeHeaders().add(value); + } + } + } + + break; + + case END_ELEMENT: + elementName = reader.getName(); + if(CORS_QNAME.equals(elementName)) { + return corsConfiguration; + } + break; + } + + + + // Read the next element + if (reader.hasNext()) { + reader.next(); + } + } + + return corsConfiguration; + } + + @Override + public void write(CORSConfiguration model, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException, XMLStreamException { + + writeStart(writer, CORS_QNAME.getNamespaceURI(), CORS_QNAME.getLocalPart()); + + // Write allowCredentials + writeStart(writer, ALLOW_CREDENTIALS_QNAME.getNamespaceURI(), ALLOW_CREDENTIALS_QNAME.getLocalPart()); + writer.writeCharacters(Boolean.toString(model.isAllowCredentials())); + writeEnd(writer); + + // Write maxAge + writeStart(writer, MAX_AGE_QNAME.getNamespaceURI(), MAX_AGE_QNAME.getLocalPart()); + writer.writeCharacters(Integer.toString(model.getMaxAge())); + writeEnd(writer); + + // Allow origins + if(model.getAllowOrigins() != null && model.getAllowOrigins().isEmpty() == false) { + writeStart(writer, ALLOW_ORIGINS_QNAME.getNamespaceURI(), ALLOW_ORIGINS_QNAME.getLocalPart()); + for(String origin : model.getAllowOrigins()) { + writeStart(writer, ORIGIN_QNAME.getNamespaceURI(), ORIGIN_QNAME.getLocalPart()); + writer.writeCharacters(origin); + writeEnd(writer); + } + writeEnd(writer); + } + + // Allow methods + if(model.getAllowMethods() != null && model.getAllowMethods().isEmpty() == false) { + writeStart(writer, ALLOW_METHODS_QNAME.getNamespaceURI(), ALLOW_METHODS_QNAME.getLocalPart()); + for(String method : model.getAllowMethods()) { + writeStart(writer, METHOD_QNAME.getNamespaceURI(), METHOD_QNAME.getLocalPart()); + writer.writeCharacters(method); + writeEnd(writer); + } + writeEnd(writer); + } + + + // Allow headers + if(model.getAllowHeaders() != null && model.getAllowHeaders().isEmpty() == false) { + writeStart(writer, ALLOW_HEADERS_QNAME.getNamespaceURI(), ALLOW_HEADERS_QNAME.getLocalPart()); + for(String header : model.getAllowHeaders()) { + writeStart(writer, HEADER_QNAME.getNamespaceURI(), HEADER_QNAME.getLocalPart()); + writer.writeCharacters(header); + writeEnd(writer); + } + writeEnd(writer); + } + + + // Exposed headers + if(model.getExposeHeaders() != null && model.getExposeHeaders().isEmpty() == false) { + writeStart(writer, EXPOSE_HEADERS_QNAME.getNamespaceURI(), EXPOSE_HEADERS_QNAME.getLocalPart()); + for(String header : model.getExposeHeaders()) { + writeStart(writer, HEADER_QNAME.getNamespaceURI(), HEADER_QNAME.getLocalPart()); + writer.writeCharacters(header); + writeEnd(writer); + } + writeEnd(writer); + } + writeEnd(writer); + } + + @Override + public void resolve(CORSConfiguration model, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException { + // Should not need to do anything here for now... + } + + + enum HeaderElementType { + ALLOWHEADERS, + EXPOSEHEADERS + } + + +} |