Juan Hernandez has uploaded a new change for review. Change subject: [WIP] Add CORS filter ......................................................................
[WIP] Add CORS filter This patch adds Cross Origin Request Sharing (CORS) support to the RESTAPI. Change-Id: I40f9a13105fe99bb6b4035e61b8945efd8315f57 Signed-off-by: Juan Hernandez <[email protected]> --- M backend/manager/dependencies/common/pom.xml A backend/manager/dependencies/common/src/main/modules/org/ebaysf/web/cors-filter/main/module.xml M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml M backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml 4 files changed, 63 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/67/36367/1 diff --git a/backend/manager/dependencies/common/pom.xml b/backend/manager/dependencies/common/pom.xml index 3290d80..d56f089 100644 --- a/backend/manager/dependencies/common/pom.xml +++ b/backend/manager/dependencies/common/pom.xml @@ -384,6 +384,13 @@ <version>${jackson.version}</version> </dependency> + <!-- This is needed to add CORS support to the RESTAPI: --> + <dependency> + <groupId>org.ebaysf.web</groupId> + <artifactId>cors-filter</artifactId> + <version>1.0.1</version> + </dependency> + </dependencies> <build> @@ -745,6 +752,12 @@ <moduleName>org.codehaus.jackson.jackson-xc</moduleName> </module> + <module> + <groupId>org.ebaysf.web</groupId> + <artifactId>cors-filter</artifactId> + <moduleName>org.ebaysf.web.cors-filter</moduleName> + </module> + </modules> </configuration> </plugin> diff --git a/backend/manager/dependencies/common/src/main/modules/org/ebaysf/web/cors-filter/main/module.xml b/backend/manager/dependencies/common/src/main/modules/org/ebaysf/web/cors-filter/main/module.xml new file mode 100644 index 0000000..e749162 --- /dev/null +++ b/backend/manager/dependencies/common/src/main/modules/org/ebaysf/web/cors-filter/main/module.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- This is needed to add support for CORS to the RESTAPI: --> + +<module xmlns="urn:jboss:module:1.1" name="org.ebaysf.web.cors-filter"> + + <resources> + <resource-root path="cors-filter.jar"/> + </resources> + + <dependencies> + <module name="javax.servlet.api"/> + <module name="javax.ws.rs.api"/> + </dependencies> + +</module> diff --git a/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml b/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml index 3b9302f..ab0f427 100644 --- a/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml +++ b/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/jboss-deployment-structure.xml @@ -34,6 +34,9 @@ <module name="org.ovirt.engine.api.restapi-definition" annotations="true" services="import"/> <module name="org.ovirt.engine.api.restapi-jaxrs" annotations="true" services="import"/> <module name="org.ovirt.engine.api.restapi-types" annotations="true" services="import"/> + + <!-- These dependencies are needed by external filters: --> + <module name="org.ebaysf.web.cors-filter"/> <module name="org.ovirt.engine.core.aaa"/> </dependencies> diff --git a/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml b/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml index 9a108c4..52360d0 100644 --- a/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml +++ b/backend/manager/modules/restapi/webapp/src/main/webapp/WEB-INF/web.xml @@ -24,6 +24,37 @@ <param-value>accept</param-value> </context-param> + <!-- This is needed in order to add CORS (Cross Site Request Sharing) + support to the RESTAPI. --> + <filter> + <filter-name>CORSFilter</filter-name> + <filter-class>org.ebaysf.web.cors.CORSFilter</filter-class> + <!-- Note that this parameter is currrently commented out, and that + means that all origins will be accepted, as the default value + is "*". In a real environment this should be limited, and the + value taken from the engine configuration, as web.xml is not + a configuration file. --> + <!-- + <init-param> + <param-name>cors.allowed.origins</param-name> + <param-value>http://www.example.com/myapp</param-value> + </init-param> + --> + <init-param> + <param-name>cors.allowed.methods</param-name> + <param-value>GET,POST,PUT,DELETE</param-value> + </init-param> + <init-param> + <param-name>cors.allowed.headers</param-name> + <param-value>Authorization,Content-Type</param-value> + </init-param> + </filter> + <filter-mapping> + <filter-name>CORSFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + <filter> <filter-name>CSRFProtection</filter-name> <filter-class>org.ovirt.engine.api.common.security.CSRFProtectionFilter</filter-class> -- To view, visit http://gerrit.ovirt.org/36367 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I40f9a13105fe99bb6b4035e61b8945efd8315f57 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
