Return-Path: <commits-return-48096-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 17679200D44
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 20 Nov 2017 17:50:49 +0100 (CET)
Received: by cust-asf.ponee.io (Postfix)
	id 162DF160BF9; Mon, 20 Nov 2017 16:50:49 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 36477160BE1
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 20 Nov 2017 17:50:48 +0100 (CET)
Received: (qmail 70921 invoked by uid 500); 20 Nov 2017 16:50:47 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 70912 invoked by uid 99); 20 Nov 2017 16:50:47 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 20 Nov 2017 16:50:47 +0000
Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33)
	id 59357816A5; Mon, 20 Nov 2017 16:50:46 +0000 (UTC)
Date: Mon, 20 Nov 2017 16:50:46 +0000
To: "commits@cxf.apache.org" <commits@cxf.apache.org>
Subject: [cxf] branch master updated: [CXF-7561] Checking the Cors
 annotation on interfaces as well
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Message-ID: <151119664605.25978.8953970419768996632@gitbox.apache.org>
From: sergeyb@apache.org
X-Git-Host: gitbox.apache.org
X-Git-Repo: cxf
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: 27695e1388f83eb2fc22494ca2e619bd8bf45b5b
X-Git-Newrev: 0cfd4e0eb5d2e0ce46e4337191df4a31566a7a0c
X-Git-Rev: 0cfd4e0eb5d2e0ce46e4337191df4a31566a7a0c
X-Git-NotificationType: ref_changed_plus_diff
X-Git-Multimail-Version: 1.5.dev
Auto-Submitted: auto-generated
archived-at: Mon, 20 Nov 2017 16:50:49 -0000

This is an automated email from the ASF dual-hosted git repository.

sergeyb pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git


The following commit(s) were added to refs/heads/master by this push:
     new 0cfd4e0  [CXF-7561] Checking the Cors annotation on interfaces as well
0cfd4e0 is described below

commit 0cfd4e0eb5d2e0ce46e4337191df4a31566a7a0c
Author: Sergey Beryozkin <sberyozkin@gmail.com>
AuthorDate: Mon Nov 20 16:50:31 2017 +0000

    [CXF-7561] Checking the Cors annotation on interfaces as well
---
 .../org/apache/cxf/common/util/ReflectionUtil.java | 23 ++++++++++++++-
 .../systest/jaxrs/cors/AnnotatedCorsServer.java    |  3 --
 .../cxf/systest/jaxrs/cors/CorsSecuredBase.java    | 33 ++++++++++++++++++++++
 .../systest/jaxrs/cors/CrossOriginSimpleTest.java  | 18 ++++++++++++
 .../test/resources/jaxrs_cors/WEB-INF/beans.xml    |  9 ++++++
 5 files changed, 82 insertions(+), 4 deletions(-)

diff --git a/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java b/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java
index b535c39..fd801c8 100644
--- a/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java
+++ b/core/src/main/java/org/apache/cxf/common/util/ReflectionUtil.java
@@ -275,6 +275,27 @@ public final class ReflectionUtil {
         if (annotation != null) {
             return annotation;
         }
-        return m.getDeclaringClass().getAnnotation(annotationType);
+        annotation = m.getDeclaringClass().getAnnotation(annotationType);
+        if (annotation != null) {
+            return annotation;
+        }
+        for (Class<?> intf : m.getDeclaringClass().getInterfaces()) {
+            annotation = getAnnotationForInterface(intf, annotationType);
+            if (annotation != null) {
+                return annotation;
+            }
+        }
+        return null;
+    }
+    
+    private static <T extends Annotation> T getAnnotationForInterface(Class<?> intf, Class<T> annotationType) {
+        T annotation = intf.getAnnotation(annotationType);
+        if (annotation != null) {
+            return annotation;
+        }
+        for (Class<?> intf2 : intf.getInterfaces()) {
+            return getAnnotationForInterface(intf2, annotationType);
+        }
+        return null;
     }
 }
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
index 105c0cd..7e6eb9b 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/AnnotatedCorsServer.java
@@ -36,9 +36,6 @@ import org.apache.cxf.rs.security.cors.CorsHeaderConstants;
 import org.apache.cxf.rs.security.cors.CrossOriginResourceSharing;
 import org.apache.cxf.rs.security.cors.LocalPreflight;
 
-/**
- * Service bean with no class-level annotation for cross-script control.
- */
 @CrossOriginResourceSharing(allowOrigins = {
         "http://area51.mil:31415"
         }, allowCredentials = true, maxAge = 1, allowHeaders = {
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsSecuredBase.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsSecuredBase.java
new file mode 100644
index 0000000..b801570
--- /dev/null
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CorsSecuredBase.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.jaxrs.cors;
+
+import org.apache.cxf.rs.security.cors.CrossOriginResourceSharing;
+
+@CrossOriginResourceSharing(allowOrigins = {
+        "http://area51.mil:31415"
+        }, allowCredentials = true, maxAge = 1, allowHeaders = {
+        "X-custom-1", "X-custom-2"
+        }, exposeHeaders = {
+        "X-custom-3", "X-custom-4"
+        }
+)
+public interface CorsSecuredBase {
+
+}
diff --git a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
index 635d162..0e0af76 100644
--- a/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
+++ b/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/cors/CrossOriginSimpleTest.java
@@ -482,6 +482,24 @@ public class CrossOriginSimpleTest extends AbstractBusClientServerTestBase {
             ((Closeable)httpclient).close();
         }
     }
+    
+    @Test
+    public void testAnnotatedClassCorrectOrigin2() throws Exception {
+        HttpClient httpclient = HttpClientBuilder.create().build();
+        HttpGet httpget = new HttpGet("http://localhost:" + PORT + "/antest2/simpleGet/HelloThere");
+        httpget.addHeader("Origin", "http://area51.mil:31415");
+
+        HttpResponse response = httpclient.execute(httpget);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+        HttpEntity entity = response.getEntity();
+        String e = IOUtils.toString(entity.getContent(), "utf-8");
+
+        assertEquals("HelloThere", e); // ensure that we didn't bust the operation itself.
+        assertOriginResponse(false, new String[] {"http://area51.mil:31415" }, true, response);
+        if (httpclient instanceof Closeable) {
+            ((Closeable)httpclient).close();
+        }
+    }
 
     @Test
     public void testAnnotatedClassWrongOrigin() throws Exception {
diff --git a/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml b/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml
index f1f8c1d..744196a 100644
--- a/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml
+++ b/systests/jaxrs/src/test/resources/jaxrs_cors/WEB-INF/beans.xml
@@ -33,6 +33,14 @@
             <ref bean="cors-filter"/>
         </jaxrs:providers>
     </jaxrs:server>
+    <jaxrs:server id="ann-cors-service2" address="/antest2">
+        <jaxrs:serviceBeans>
+            <ref bean="ann-cors-server2"/>
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="cors-filter"/>
+        </jaxrs:providers>
+    </jaxrs:server>
     <jaxrs:server id="config-service" address="/config">
         <jaxrs:serviceBeans>
             <ref bean="config-server"/>
@@ -46,4 +54,5 @@
     </bean>
     <bean id="unann-cors-server" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.UnannotatedCorsServer"/>
     <bean id="ann-cors-server" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer"/>
+    <bean id="ann-cors-server2" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer2"/>
 </beans>

-- 
To stop receiving notification emails like this one, please contact
['"commits@cxf.apache.org" <commits@cxf.apache.org>'].