cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [1/2] cxf git commit: [CXF-4780] Ensuring a CORS in filter does run before a JAAS filter by default
Date Tue, 24 Mar 2015 12:43:04 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 494ff7640 -> fe94c7fa1


[CXF-4780] Ensuring a CORS in filter does run before a JAAS filter by default


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/29e1dd1c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/29e1dd1c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/29e1dd1c

Branch: refs/heads/master
Commit: 29e1dd1cf8d447a79b606f9301fb5b6c2b40f74f
Parents: 6400b3c
Author: Sergey Beryozkin <sberyozkin@talend.com>
Authored: Tue Mar 24 12:42:11 2015 +0000
Committer: Sergey Beryozkin <sberyozkin@talend.com>
Committed: Tue Mar 24 12:42:11 2015 +0000

----------------------------------------------------------------------
 .../cors/CrossOriginResourceSharingFilter.java         | 13 ++++++++++++-
 .../rs/security/oauth2/filters/OAuthRequestFilter.java |  4 ++++
 2 files changed, 16 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/29e1dd1c/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
index 169e336..5c15836 100644
--- a/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
+++ b/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
@@ -30,7 +30,9 @@ import java.util.Set;
 import java.util.TreeSet;
 import java.util.regex.Pattern;
 
+import javax.annotation.Priority;
 import javax.ws.rs.HttpMethod;
+import javax.ws.rs.Priorities;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
 import javax.ws.rs.container.ContainerResponseContext;
@@ -69,6 +71,7 @@ import org.apache.cxf.phase.Phase;
  * or unless the <tt>defaultOptionsMethodsHandlePreflight</tt> property of this
class is set to <tt>true</tt>.
  */
 @PreMatching
+@Priority(Priorities.AUTHENTICATION - 1)
 public class CrossOriginResourceSharingFilter implements ContainerRequestFilter, 
     ContainerResponseFilter {
     private static final Pattern SPACE_PATTERN = Pattern.compile(" ");
@@ -97,6 +100,7 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
     private Integer preflightFailStatus = 200;
     private boolean defaultOptionsMethodsHandlePreflight;
     private boolean findResourceMethod = true;
+    private boolean blockCorsIfUnauthorized; 
     
     private <T extends Annotation> T  getAnnotation(Method m,
                                                     Class<T> annClass) {
@@ -342,11 +346,14 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
                        ContainerResponseContext responseContext) {
         
         Message m = JAXRSUtils.getCurrentMessage();
-        
         String op = (String)m.getExchange().get(CrossOriginResourceSharingFilter.class.getName());
         if (op == null || op == PREFLIGHT_FAILED) {
             return;
         }
+        if (responseContext.getStatus() == Response.Status.UNAUTHORIZED.getStatusCode()
+            && blockCorsIfUnauthorized) {
+            return;
+        }
          
         /* Common to simple and preflight */
         responseContext.getHeaders().putSingle(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN,

@@ -618,6 +625,10 @@ public class CrossOriginResourceSharingFilter implements ContainerRequestFilter,
         this.findResourceMethod = findResourceMethod;
     }
     
+    public void setBlockCorsIfUnauthorized(boolean blockCorsIfUnauthorized) {
+        this.blockCorsIfUnauthorized = blockCorsIfUnauthorized;
+    }
+
     private class CorsInInterceptor extends AbstractPhaseInterceptor<Message> {
 
         public CorsInInterceptor() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/29e1dd1c/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
----------------------------------------------------------------------
diff --git a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
index a94c2e4..fe638be 100644
--- a/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
+++ b/rt/rs/security/oauth-parent/oauth2/src/main/java/org/apache/cxf/rs/security/oauth2/filters/OAuthRequestFilter.java
@@ -24,8 +24,10 @@ import java.util.Collections;
 import java.util.List;
 import java.util.logging.Logger;
 
+import javax.annotation.Priority;
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.HttpMethod;
+import javax.ws.rs.Priorities;
 import javax.ws.rs.WebApplicationException;
 import javax.ws.rs.container.ContainerRequestContext;
 import javax.ws.rs.container.ContainerRequestFilter;
@@ -58,6 +60,8 @@ import org.apache.cxf.security.SecurityContext;
  */
 @Provider
 @PreMatching
+// Priorities.AUTHORIZATION also works
+@Priority(Priorities.AUTHENTICATION)
 public class OAuthRequestFilter extends AbstractAccessTokenValidator 
     implements ContainerRequestFilter {
     private static final Logger LOG = LogUtils.getL7dLogger(OAuthRequestFilter.class);


Mime
View raw message