details: https://code.openbravo.com/erp/devel/pi/rev/31ed5cfcd285
changeset: 33342:31ed5cfcd285
user: Javier Armendáriz <javier.armendariz <at> openbravo.com>
date: Fri Jan 26 12:32:24 2018 +0100
summary: Fixed bug 37627: Web services does not handle CORS properly.
Web service servlet does not handle CORS so cross-domain request would fail.
Adding the CORS handler in the base servlet for web services.
diffstat:
src/org/openbravo/service/web/BaseWebServiceServlet.java | 15 ++++++++++++---
1 files changed, 12 insertions(+), 3 deletions(-)
diffs (46 lines):
diff -r b45167e7c675 -r 31ed5cfcd285
src/org/openbravo/service/web/BaseWebServiceServlet.java
--- a/src/org/openbravo/service/web/BaseWebServiceServlet.java Thu Feb 01
12:16:41 2018 +0100
+++ b/src/org/openbravo/service/web/BaseWebServiceServlet.java Fri Jan 26
12:32:24 2018 +0100
@@ -11,7 +11,7 @@
* under the License.
* The Original Code is Openbravo ERP.
* The Initial Developer of the Original Code is Openbravo SLU
- * All portions are Copyright (C) 2008-2017 Openbravo SLU
+ * All portions are Copyright (C) 2008-2018 Openbravo SLU
* All Rights Reserved.
* Contributor(s): ______________________________________.
************************************************************************
@@ -33,6 +33,7 @@
import org.openbravo.authentication.AuthenticationManager;
import org.openbravo.base.exception.OBSecurityException;
import org.openbravo.base.provider.OBProvider;
+import org.openbravo.base.secureApp.AllowedCrossDomainsHandler;
import org.openbravo.base.session.OBPropertiesProvider;
import org.openbravo.dal.core.OBContext;
import org.openbravo.dal.core.SessionHandler;
@@ -64,6 +65,14 @@
final boolean sessionExists = request.getSession(false) != null;
+ AllowedCrossDomainsHandler.getInstance().setCORSHeaders(request, response);
+
+ // don't process any further requests otherwise sessions are created for
OPTIONS
+ // requests, the cors headers have already been set so can return
+ if (request.getMethod().equals("OPTIONS")) {
+ return;
+ }
+
// do the login action
AuthenticationManager authManager =
AuthenticationManager.getAuthenticationManager(this);
@@ -89,8 +98,8 @@
} catch (AuthenticationException e) {
final boolean sessionCreated = !sessionExists && null !=
request.getSession(false);
if (sessionCreated && AuthenticationManager.isStatelessRequest(request))
{
- log.warn("Stateless request, still a session was created " +
request.getRequestURL()
- + " " + request.getQueryString());
+ log.warn("Stateless request, still a session was created " +
request.getRequestURL() + " "
+ + request.getQueryString());
}
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openbravo-commits mailing list
Openbravo-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openbravo-commits
