killbill-memoizeit
Changes
profiles/killbill/src/main/java/org/killbill/billing/server/filters/ResponseCorsFilter.java 2(+1 -1)
profiles/killbill/src/main/java/org/killbill/billing/server/listeners/KillbillGuiceListener.java 28(+17 -11)
Details
diff --git a/profiles/killbill/src/main/java/org/killbill/billing/server/filters/ResponseCorsFilter.java b/profiles/killbill/src/main/java/org/killbill/billing/server/filters/ResponseCorsFilter.java
index 00cc162..4a2ad53 100644
--- a/profiles/killbill/src/main/java/org/killbill/billing/server/filters/ResponseCorsFilter.java
+++ b/profiles/killbill/src/main/java/org/killbill/billing/server/filters/ResponseCorsFilter.java
@@ -40,7 +40,7 @@ public class ResponseCorsFilter implements Filter {
final HttpServletResponse res = (HttpServletResponse) response;
res.addHeader("Access-Control-Allow-Origin", "*");
res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");
- res.addHeader("Access-Control-Allow-Headers", "Content-Type");
+ res.addHeader("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Killbill-ApiKey, X-Killbill-ApiSecret");
chain.doFilter(request, response);
}
diff --git a/profiles/killbill/src/main/java/org/killbill/billing/server/listeners/KillbillGuiceListener.java b/profiles/killbill/src/main/java/org/killbill/billing/server/listeners/KillbillGuiceListener.java
index 9efd504..1069083 100644
--- a/profiles/killbill/src/main/java/org/killbill/billing/server/listeners/KillbillGuiceListener.java
+++ b/profiles/killbill/src/main/java/org/killbill/billing/server/listeners/KillbillGuiceListener.java
@@ -24,10 +24,10 @@ import java.net.URISyntaxException;
import javax.servlet.ServletContext;
import org.killbill.billing.jaxrs.resources.JaxRsResourceBase;
-import org.killbill.billing.server.filters.ProfilingContainerResponseFilter;
import org.killbill.billing.jaxrs.util.KillbillEventHandler;
import org.killbill.billing.platform.api.KillbillConfigSource;
import org.killbill.billing.platform.config.DefaultKillbillConfigSource;
+import org.killbill.billing.server.filters.ProfilingContainerResponseFilter;
import org.killbill.billing.server.filters.ResponseCorsFilter;
import org.killbill.billing.server.modules.KillbillServerModule;
import org.killbill.billing.server.security.TenantFilter;
@@ -64,11 +64,17 @@ public class KillbillGuiceListener extends KillbillPlatformGuiceListener {
//
builder.addJerseyFilter("com.sun.jersey.api.container.filter.LoggingFilter");
+ // Disable WADL - it generates noisy log messages, such as:
+ // c.s.j.s.w.g.AbstractWadlGeneratorGrammarGenerator - Couldn't find grammar element for class javax.ws.rs.core.Response
+ builder.addJerseyParam("com.sun.jersey.config.feature.DisableWADL", "true");
+
// The logging filter is still incompatible with the GZIP filter
//builder.addJerseyFilter(GZIPContentEncodingFilter.class.getName());
builder.addJerseyFilter(ProfilingContainerResponseFilter.class.getName());
- builder.addFilter("/" + SWAGGER_PATH + "*", ResponseCorsFilter.class);
+ // Broader, to support the "Try it out!" feature
+ //builder.addFilter("/" + SWAGGER_PATH + "*", ResponseCorsFilter.class);
+ builder.addFilter("/*", ResponseCorsFilter.class);
// Add TenantFilter right after is multi-tenancy has been configured.
if (config.isMultiTenancyEnabled()) {
@@ -77,7 +83,6 @@ public class KillbillGuiceListener extends KillbillPlatformGuiceListener {
return builder.build();
}
-
@Override
protected Module getModule(final ServletContext servletContext) {
return new KillbillServerModule(servletContext, config, configSource);
@@ -116,13 +121,14 @@ public class KillbillGuiceListener extends KillbillPlatformGuiceListener {
protected void startLifecycleStage3() {
super.startLifecycleStage3();
- final BeanConfig config = new BeanConfig();
- config.setResourcePackage("org.killbill.billing.jaxrs.resources");
- config.setTitle("Kill Bill");
- config.setDescription("Kill Bill is an open-source billing and payments platform");
- config.setContact("killbilling-users@googlegroups.com");
- config.setLicense("Apache License, Version 2.0");
- config.setLicenseUrl("http://www.apache.org/licenses/LICENSE-2.0.html");
- config.setScan(true);
+ final BeanConfig beanConfig = new BeanConfig();
+ beanConfig.setResourcePackage("org.killbill.billing.jaxrs.resources");
+ beanConfig.setTitle("Kill Bill");
+ beanConfig.setDescription("Kill Bill is an open-source billing and payments platform");
+ beanConfig.setContact("killbilling-users@googlegroups.com");
+ beanConfig.setLicense("Apache License, Version 2.0");
+ beanConfig.setLicenseUrl("http://www.apache.org/licenses/LICENSE-2.0.html");
+ beanConfig.setBasePath(config.getBaseUrl());
+ beanConfig.setScan(true);
}
}
diff --git a/profiles/killbill/src/main/java/org/killbill/billing/server/modules/KillBillShiroWebModule.java b/profiles/killbill/src/main/java/org/killbill/billing/server/modules/KillBillShiroWebModule.java
index ae27622..113ed01 100644
--- a/profiles/killbill/src/main/java/org/killbill/billing/server/modules/KillBillShiroWebModule.java
+++ b/profiles/killbill/src/main/java/org/killbill/billing/server/modules/KillBillShiroWebModule.java
@@ -19,11 +19,16 @@
package org.killbill.billing.server.modules;
import javax.servlet.ServletContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.guice.web.ShiroWebModule;
import org.apache.shiro.session.mgt.SessionManager;
+import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
+import org.apache.shiro.web.util.WebUtils;
import org.killbill.billing.jaxrs.resources.JaxrsResource;
import org.killbill.billing.util.config.RbacConfig;
import org.killbill.billing.util.glue.EhCacheManagerProvider;
@@ -35,6 +40,7 @@ import org.killbill.billing.util.security.shiro.realm.KillBillJndiLdapRealm;
import org.skife.config.ConfigSource;
import org.skife.config.ConfigurationObjectFactory;
+import com.google.inject.Key;
import com.google.inject.binder.AnnotatedBindingBuilder;
// For Kill Bill server only.
@@ -63,7 +69,7 @@ public class KillBillShiroWebModule extends ShiroWebModule {
bind(CacheManager.class).toProvider(EhCacheManagerProvider.class).asEagerSingleton();
if (KillBillShiroModule.isRBACEnabled()) {
- addFilterChain(JaxrsResource.PREFIX + "/**", AUTHC_BASIC);
+ addFilterChain(JaxrsResource.PREFIX + "/**", Key.get(CorsBasicHttpAuthenticationFilter.class));
}
}
@@ -76,4 +82,16 @@ public class KillBillShiroWebModule extends ShiroWebModule {
// Magic provider to configure the session DAO
bind(JDBCSessionDao.class).toProvider(JDBCSessionDaoProvider.class).asEagerSingleton();
}
+
+ public static final class CorsBasicHttpAuthenticationFilter extends BasicHttpAuthenticationFilter {
+
+ @Override
+ protected boolean isAccessAllowed(final ServletRequest request, final ServletResponse response, final Object mappedValue) {
+ final HttpServletRequest httpRequest = WebUtils.toHttp(request);
+ final String httpMethod = httpRequest.getMethod();
+ // Don't require any authorization or authentication header for OPTIONS requests
+ // See https://bugzilla.mozilla.org/show_bug.cgi?id=778548 and http://www.kinvey.com/blog/60/kinvey-adds-cross-origin-resource-sharing-cors
+ return "OPTIONS".equalsIgnoreCase(httpMethod) || super.isAccessAllowed(request, response, mappedValue);
+ }
+ }
}
diff --git a/profiles/killbill/src/main/java/org/killbill/billing/server/security/TenantFilter.java b/profiles/killbill/src/main/java/org/killbill/billing/server/security/TenantFilter.java
index 1a65fd0..6e1165e 100644
--- a/profiles/killbill/src/main/java/org/killbill/billing/server/security/TenantFilter.java
+++ b/profiles/killbill/src/main/java/org/killbill/billing/server/security/TenantFilter.java
@@ -130,6 +130,8 @@ public class TenantFilter implements Filter {
("/1.0/kb/tenants".equals(path) && "POST".equals(httpServletRequest.getMethod())) ||
// Metrics servlets
(KillbillGuiceListener.METRICS_SERVLETS_PATHS.contains(path) && "GET".equals(httpServletRequest.getMethod())) ||
+ // See KillBillShiroWebModule#CorsBasicHttpAuthenticationFilter
+ "OPTIONS".equals(httpServletRequest.getMethod()) ||
// Welcome screen, static resources, etc.
(!path.startsWith("/1.0") && "GET".equals(httpServletRequest.getMethod()))
) {