Work on CORS

This commit is contained in:
James Agnew 2016-11-17 17:10:52 +01:00
parent ca9223fb70
commit 4ed17457dd
7 changed files with 108 additions and 88 deletions

View File

@ -130,6 +130,11 @@
<artifactId>commons-dbcp2</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
@ -468,77 +473,13 @@
<skip-hib4>true</skip-hib4>
</properties>
</profile>
<!--
<profile>
<id>DIST</id>
<build>
<plugins>
<plugin>
<groupId>de.juplo</groupId>
<artifactId>hibernate4-maven-plugin</artifactId>
<configuration>
<force>true</force>
<target>SCRIPT</target>
<skip>${skip-hib4}</skip>
</configuration>
<dependencies>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>${hibernate_version}</version>
</dependency>
</dependencies>
<executions>
<execution>
<id>o10g</id>
<goals>
<goal>export</goal>
</goals>
<phase>test</phase>
<configuration>
<hibernateDialect>org.hibernate.dialect.Oracle10gDialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_oracle_10g.sql</outputFile>
</configuration>
</execution>
<execution>
<id>derby</id>
<goals>
<goal>export</goal>
</goals>
<phase>test</phase>
<configuration>
<hibernateDialect>org.hibernate.dialect.DerbyTenSevenDialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_derby.sql</outputFile>
</configuration>
</execution>
<execution>
<id>hsql</id>
<goals>
<goal>export</goal>
</goals>
<phase>test</phase>
<configuration>
<hibernateDialect>org.hibernate.dialect.HSQLDialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_hsql.sql</outputFile>
</configuration>
</execution>
<execution>
<id>mysql5</id>
<goals>
<goal>export</goal>
</goals>
<phase>test</phase>
<configuration>
<hibernateDialect>org.hibernate.dialect.MySQL5Dialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_mysql_5.sql</outputFile>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
-->
<!-- <profile> <id>DIST</id> <build> <plugins> <plugin> <groupId>de.juplo</groupId> <artifactId>hibernate4-maven-plugin</artifactId> <configuration> <force>true</force> <target>SCRIPT</target> <skip>${skip-hib4}</skip>
</configuration> <dependencies> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-core</artifactId> <version>${hibernate_version}</version> </dependency> </dependencies> <executions>
<execution> <id>o10g</id> <goals> <goal>export</goal> </goals> <phase>test</phase> <configuration> <hibernateDialect>org.hibernate.dialect.Oracle10gDialect</hibernateDialect> <outputFile>${project.build.directory}/schema_oracle_10g.sql</outputFile>
</configuration> </execution> <execution> <id>derby</id> <goals> <goal>export</goal> </goals> <phase>test</phase> <configuration> <hibernateDialect>org.hibernate.dialect.DerbyTenSevenDialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_derby.sql</outputFile> </configuration> </execution> <execution> <id>hsql</id> <goals> <goal>export</goal> </goals> <phase>test</phase> <configuration> <hibernateDialect>org.hibernate.dialect.HSQLDialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_hsql.sql</outputFile> </configuration> </execution> <execution> <id>mysql5</id> <goals> <goal>export</goal> </goals> <phase>test</phase> <configuration> <hibernateDialect>org.hibernate.dialect.MySQL5Dialect</hibernateDialect>
<outputFile>${project.build.directory}/schema_mysql_5.sql</outputFile> </configuration> </execution> </executions> </plugin> </plugins> </build> </profile> -->
</profiles>
</project>

View File

@ -0,0 +1,37 @@
package ca.uhn.fhir.jpa.provider.dstu3;
import static org.junit.Assert.assertEquals;
import java.io.IOException;
import org.apache.commons.io.IOUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.junit.AfterClass;
import org.junit.Test;
import ca.uhn.fhir.util.TestUtil;
public class CorsDstu3Test extends BaseResourceProviderDstu3Test {
private static final org.slf4j.Logger ourLog = org.slf4j.LoggerFactory.getLogger(CorsDstu3Test.class);
@Test
public void saveLocalOrigin() throws IOException {
HttpGet get = new HttpGet(ourServerBase + "/Patient?name=test");
get.addHeader("Origin", "file://");
CloseableHttpResponse resp = ourHttpClient.execute(get);
ourLog.info(resp.toString());
IOUtils.closeQuietly(resp.getEntity().getContent());
assertEquals(200, resp.getStatusLine().getStatusCode());
}
@AfterClass
public static void afterClassClearContext() {
TestUtil.clearAllStaticFieldsForUnitTest();
}
}

View File

@ -164,6 +164,10 @@
<groupId>org.ebaysf.web</groupId>
<artifactId>cors-filter</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
</dependency>
</dependencies>

View File

@ -446,8 +446,6 @@ public final class CORSFilter_ implements Filter {
* The {@link HttpServletResponse} object.
* @param filterChain
* The {@link FilterChain} object.
* @throws IOException
* @throws ServletException
*/
public void handleInvalidCORS(final HttpServletRequest request,
final HttpServletResponse response, final FilterChain filterChain) {
@ -594,7 +592,6 @@ public final class CORSFilter_ implements Filter {
* Determines the request type.
*
* @param request
* @return
*/
public CORSRequestType checkRequestType(final HttpServletRequest request) {
CORSRequestType requestType = CORSRequestType.INVALID_CORS;
@ -607,7 +604,7 @@ public final class CORSFilter_ implements Filter {
if (originHeader != null) {
if (originHeader.isEmpty()) {
requestType = CORSRequestType.INVALID_CORS;
} else if ("null".equals(originHeader) == false && !isValidOrigin(originHeader)) {
} else if ("null".equals(originHeader) == false && "file://".equals(originHeader) == false && !isValidOrigin(originHeader)) {
requestType = CORSRequestType.INVALID_CORS;
} else {
String method = request.getMethod();
@ -802,7 +799,6 @@ public final class CORSFilter_ implements Filter {
*
* @param origin
* @see <a href="http://tools.ietf.org/html/rfc952">RFC952</a>
* @return
*/
public static boolean isValidOrigin(String origin) {
// Checks for encoded characters. Helps prevent CRLF injection.
@ -843,8 +839,6 @@ public final class CORSFilter_ implements Filter {
/**
* Returns a {@link Set} of headers that should be exposed by browser.
*
* @return
*/
public Collection<String> getExposedHeaders() {
return exposedHeaders;
@ -852,8 +846,6 @@ public final class CORSFilter_ implements Filter {
/**
* Determines is supports credentials is enabled
*
* @return
*/
public boolean isSupportsCredentials() {
return supportsCredentials;
@ -1029,7 +1021,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of HTTP methods. Case sensitive.
*
* @see http://tools.ietf.org/html/rfc2616#section-5.1.1
* @see <a href="http://tools.ietf.org/html/rfc2616#section-5.1.1">link</a>
*/
public static final Collection<String> HTTP_METHODS = new HashSet<String>(
Arrays.asList("OPTIONS", "GET", "HEAD", "POST", "PUT", "DELETE",
@ -1043,7 +1035,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP methods. Case sensitive.
*
* @see http://www.w3.org/TR/cors/#terminology
* @see <a href="http://www.w3.org/TR/cors/#terminology">link</a>
*/
public static final Collection<String> SIMPLE_HTTP_METHODS =
new HashSet<String>(
@ -1052,7 +1044,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP request headers. Case in-sensitive.
*
* @see http://www.w3.org/TR/cors/#terminology
* @see <a href="http://www.w3.org/TR/cors/#terminology">link</a>
*/
public static final Collection<String> SIMPLE_HTTP_REQUEST_HEADERS =
new HashSet<String>(Arrays.asList("Accept", "Accept-Language",
@ -1061,7 +1053,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP request headers. Case in-sensitive.
*
* @see http://www.w3.org/TR/cors/#terminology
* @see <a href="http://www.w3.org/TR/cors/#terminology">link</a>
*/
public static final Collection<String> SIMPLE_HTTP_RESPONSE_HEADERS =
new HashSet<String>(Arrays.asList("Cache-Control",
@ -1071,7 +1063,7 @@ public final class CORSFilter_ implements Filter {
/**
* {@link Collection} of Simple HTTP request headers. Case in-sensitive.
*
* @see http://www.w3.org/TR/cors/#terminology
* @see <a href="http://www.w3.org/TR/cors/#terminology">link</a>
*/
public static final Collection<String> SIMPLE_HTTP_REQUEST_CONTENT_TYPE_VALUES =
new HashSet<String>(Arrays.asList(

View File

@ -305,6 +305,7 @@
<phloc_commons_version>4.4.5</phloc_commons_version>
<spring_version>4.3.1.RELEASE</spring_version>
<thymeleaf-version>3.0.1.RELEASE</thymeleaf-version>
<tomcat_version>8.0.39</tomcat_version>
<ebay_cors_filter_version>1.0.1</ebay_cors_filter_version>
<xmlunit_version>1.6</xmlunit_version>
@ -516,6 +517,12 @@
<artifactId>wagon-scm</artifactId>
<version>2.10</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-catalina</artifactId>
<!-- Use property for version because we should refer to this from docs -->
<version>${tomcat_version}</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>

View File

@ -41,6 +41,45 @@
</p>
</answer>
</faq>
<faq id="reporting_bugs">
<question>How do I report a bug?</question>
<answer>
<p>
We welcome bug reports, and do our best to address them quickly. Please do
keep in mind though that HAPI FHIR is a volunteer-run project, so we can't
always act immediately on every issue.
</p>
<p>
Before reporting a bug, please make sure what you have is actually a bug.
If you are unsure how to do something with HAPI, you are more likely to
get a helpful response on our Google Group (please see the
<a href="#getting_help">"Where can I ask questions or get help"</a> above).
</p>
<p>
When reporting a bug, please be as descriptive as possible. It is important
to include details such as:
</p>
<ul>
<li>What you are trying to accomplish</li>
<li>What version of HAPI you are using (and if you are running a customized version, please mention that too)</li>
<li>What platform you are using (Windows/OSX/Linux Platform, OS Version, etc)</li>
<li>What version of Java you are using</li>
</ul>
<p>
Please also include any samples or other useful files that might help in
diagnosing the issue. This could include resources you are using
for testing, build/server logs, etc. If you are concerned about privacy
you may also email <a href="mailto:jamesagnew@gmail.com">James</a> with
these artifacts but please also file a bug and reference the ticket number.
</p>
<p>
Finally, if you are able to include a unit test, or even better a
GitHub Pull Request we will be appreciative. Actually, one more thing:
If you disciver that your bug was actually not a bug, please make sure
to put an update in the ticket and close it.
</p>
</answer>
</faq>
</part>
<part id="JPA Server">
<title>JPA Server</title>
@ -82,7 +121,7 @@
<a href="https://github.com/jamesagnew/hapi-fhir/blob/master/hapi-fhir-jpaserver-uhnfhirtest/src/main/java/ca/uhn/fhirtest/DerbyNetworkServer.java">here</a>
and
an example of setting up a datasource
<a href="https://github.com/jamesagnew/hapi-fhir/blob/master/hapi-fhir-jpaserver-uhnfhirtest/src/main/java/ca/uhn/fhirtest/config/TestDstu21Config.java">here</a>.
<a href="https://github.com/jamesagnew/hapi-fhir/blob/master/hapi-fhir-jpaserver-uhnfhirtest/src/main/java/ca/uhn/fhirtest/config/TestDstu3Config.java">here</a>.
</li>
</ul>
</p>