details:   https://code.openbravo.com/erp/devel/pi/rev/31ed5cfcd285
changeset: 33342:31ed5cfcd285
user:      Javier Armendáriz <javier.armendariz <at> openbravo.com>
date:      Fri Jan 26 12:32:24 2018 +0100
summary:   Fixed bug 37627: Web services does not handle CORS properly.

Web service servlet does not handle CORS so cross-domain request would fail. 
Adding the CORS handler in the base servlet for web services.

diffstat:

 src/org/openbravo/service/web/BaseWebServiceServlet.java |  15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diffs (46 lines):

diff -r b45167e7c675 -r 31ed5cfcd285 
src/org/openbravo/service/web/BaseWebServiceServlet.java
--- a/src/org/openbravo/service/web/BaseWebServiceServlet.java  Thu Feb 01 
12:16:41 2018 +0100
+++ b/src/org/openbravo/service/web/BaseWebServiceServlet.java  Fri Jan 26 
12:32:24 2018 +0100
@@ -11,7 +11,7 @@
  * under the License. 
  * The Original Code is Openbravo ERP. 
  * The Initial Developer of the Original Code is Openbravo SLU 
- * All portions are Copyright (C) 2008-2017 Openbravo SLU 
+ * All portions are Copyright (C) 2008-2018 Openbravo SLU 
  * All Rights Reserved. 
  * Contributor(s):  ______________________________________.
  ************************************************************************
@@ -33,6 +33,7 @@
 import org.openbravo.authentication.AuthenticationManager;
 import org.openbravo.base.exception.OBSecurityException;
 import org.openbravo.base.provider.OBProvider;
+import org.openbravo.base.secureApp.AllowedCrossDomainsHandler;
 import org.openbravo.base.session.OBPropertiesProvider;
 import org.openbravo.dal.core.OBContext;
 import org.openbravo.dal.core.SessionHandler;
@@ -64,6 +65,14 @@
 
     final boolean sessionExists = request.getSession(false) != null;
 
+    AllowedCrossDomainsHandler.getInstance().setCORSHeaders(request, response);
+
+    // don't process any further requests otherwise sessions are created for 
OPTIONS
+    // requests, the cors headers have already been set so can return
+    if (request.getMethod().equals("OPTIONS")) {
+      return;
+    }
+
     // do the login action
     AuthenticationManager authManager = 
AuthenticationManager.getAuthenticationManager(this);
 
@@ -89,8 +98,8 @@
     } catch (AuthenticationException e) {
       final boolean sessionCreated = !sessionExists && null != 
request.getSession(false);
       if (sessionCreated && AuthenticationManager.isStatelessRequest(request)) 
{
-        log.warn("Stateless request, still a session was created " + 
request.getRequestURL()
-            + " " + request.getQueryString());
+        log.warn("Stateless request, still a session was created " + 
request.getRequestURL() + " "
+            + request.getQueryString());
       }
 
       response.setStatus(HttpServletResponse.SC_FORBIDDEN);

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits

Reply via email to