cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject [cxf] branch master updated: [CXF-7561] Checking the Cors annotation on interfaces as well
Date Mon, 20 Nov 2017 16:50:46 GMT
This is an automated email from the ASF dual-hosted git repository.

sergeyb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 0cfd4e0  [CXF-7561] Checking the Cors annotation on interfaces as well
0cfd4e0 is described below

commit 0cfd4e0eb5d2e0ce46e4337191df4a31566a7a0c
Author: Sergey Beryozkin <sberyozkin@gmail.com>
AuthorDate: Mon Nov 20 16:50:31 2017 +0000

    [CXF-7561] Checking the Cors annotation on interfaces as well
---
 .../org/apache/cxf/common/util/ReflectionUtil.java | 23 ++++++++++++++-
 .../systest/jaxrs/cors/AnnotatedCorsServer.java    |  3 --
 .../cxf/systest/jaxrs/cors/CorsSecuredBase.java    | 33 ++++++++++++++++++++++
 .../systest/jaxrs/cors/CrossOriginSimpleTest.java  | 18 ++++++++++++
 .../test/resources/jaxrs_cors/WEB-INF/beans.xml    |  9 ++++++
 5 files changed, 82 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java b/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java
index b535c39..fd801c8 100644
--- a/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java
+++ b/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java
@@ -275,6 +275,27 @@ public final class ReflectionUtil {
         if (annotation != null) {
             return annotation;
         }
-        return m.getDeclaringClass().getAnnotation(annotationType);
+        annotation = m.getDeclaringClass().getAnnotation(annotationType);
+        if (annotation != null) {
+            return annotation;
+        }
+        for (Class<?> intf : m.getDeclaringClass().getInterfaces()) {
+            annotation = getAnnotationForInterface(intf, annotationType);
+            if (annotation != null) {
+                return annotation;
+            }
+        }
+        return null;
+    }
+    
+    private static <T extends Annotation> T getAnnotationForInterface(Class<?>
intf, Class<T> annotationType) {
+        T annotation = intf.getAnnotation(annotationType);
+        if (annotation != null) {
+            return annotation;
+        }
+        for (Class<?> intf2 : intf.getInterfaces()) {
+            return getAnnotationForInterface(intf2, annotationType);
+        }
+        return null;
     }
 }
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
index 105c0cd..7e6eb9b 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
@@ -36,9 +36,6 @@ import org.apache.cxf.rs.security.cors.CorsHeaderConstants;
 import org.apache.cxf.rs.security.cors.CrossOriginResourceSharing;
 import org.apache.cxf.rs.security.cors.LocalPreflight;
 
-/**
- * Service bean with no class-level annotation for cross-script control.
- */
 @CrossOriginResourceSharing(allowOrigins = {
         "http://area51.mil:31415"
         }, allowCredentials = true, maxAge = 1, allowHeaders = {
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsSecuredBase.java
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsSecuredBase.java
new file mode 100644
index 0000000..b801570
--- /dev/null
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsSecuredBase.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.cors;
+
+import org.apache.cxf.rs.security.cors.CrossOriginResourceSharing;
+
+@CrossOriginResourceSharing(allowOrigins = {
+        "http://area51.mil:31415"
+        }, allowCredentials = true, maxAge = 1, allowHeaders = {
+        "X-custom-1", "X-custom-2"
+        }, exposeHeaders = {
+        "X-custom-3", "X-custom-4"
+        }
+)
+public interface CorsSecuredBase {
+
+}
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
index 635d162..0e0af76 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
@@ -482,6 +482,24 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase
{
             ((Closeable)httpclient).close();
         }
     }
+    
+    @Test
+    public void testAnnotatedClassCorrectOrigin2() throws Exception {
+        HttpClient httpclient = HttpClientBuilder.create().build();
+        HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/antest2/simpleGet/HelloThere");
+        httpget.addHeader("Origin", "http://area51.mil:31415");
+
+        HttpResponse response = httpclient.execute(httpget);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        HttpEntity entity = response.getEntity();
+        String e = IOUtils.toString(entity.getContent(), "utf-8");
+
+        assertEquals("HelloThere", e); // ensure that we didn't bust the operation itself.
+        assertOriginResponse(false, new String[] {"http://area51.mil:31415" }, true, response);
+        if (httpclient instanceof Closeable) {
+            ((Closeable)httpclient).close();
+        }
+    }
 
     @Test
     public void testAnnotatedClassWrongOrigin() throws Exception {
diff --git a/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml b/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml
index f1f8c1d..744196a 100644
--- a/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml
+++ b/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml
@@ -33,6 +33,14 @@
             <ref bean="cors-filter"/>
         </jaxrs:providers>
     </jaxrs:server>
+    <jaxrs:server id="ann-cors-service2" address="/antest2">
+        <jaxrs:serviceBeans>
+            <ref bean="ann-cors-server2"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="cors-filter"/>
+        </jaxrs:providers>
+    </jaxrs:server>
     <jaxrs:server id="config-service" address="/config">
         <jaxrs:serviceBeans>
             <ref bean="config-server"/>
@@ -46,4 +54,5 @@
     </bean>
     <bean id="unann-cors-server" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.UnannotatedCorsServer"/>
     <bean id="ann-cors-server" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer"/>
+    <bean id="ann-cors-server2" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer2"/>
 </beans>

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].

Mime
View raw message