Skip to content

Commit 788d20d

Browse files
mmwinthermmwinther
authored
Use @crossorigin annotation (#402)
* Fix application of CORS header * Use @crossorigin annotation
1 parent 89e1760 commit 788d20d

File tree

3 files changed

+133
-60
lines changed

3 files changed

+133
-60
lines changed

klass-api/src/main/java/no/ssb/klass/api/controllers/ClassificationController.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@
5959
import java.util.Date;
6060
import java.util.List;
6161

62+
@CrossOrigin
6263
@RestController
6364
@RequestMapping(
6465
value = {RestConstants.API_VERSION_V1},

klass-api/src/main/java/no/ssb/klass/api/filters/AccessFilter.java

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,26 @@
11
package no.ssb.klass.api.filters;
22

3-
import no.ssb.klass.api.util.RestConstants;
3+
4+
import java.io.IOException;
45

56
import java.io.IOException;
67

78
import javax.servlet.*;
89
import javax.servlet.annotation.WebFilter;
9-
import javax.servlet.http.HttpServletRequest;
1010
import javax.servlet.http.HttpServletResponse;
1111

12-
@WebFilter("/*")
12+
@WebFilter("*")
1313
public class AccessFilter implements Filter {
1414

1515
@Override
1616
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
1717
throws IOException, ServletException {
1818

19-
HttpServletRequest req = (HttpServletRequest) request;
2019
HttpServletResponse res = (HttpServletResponse) response;
2120

22-
String path = req.getServletPath();
23-
24-
// Allow Klass web and other frontends to serve data from the API
25-
if (path.startsWith(RestConstants.CONTEXT_PATH)) {
26-
res.addHeader("Access-Control-Allow-Origin", "*");
27-
res.addHeader("Vary", "Accept");
28-
res.addHeader("Vary", "X-Forwarded-Proto");
29-
}
21+
// Headers instructing the Varnish cache when to invalidate
22+
res.addHeader("Vary", "Accept");
23+
res.addHeader("Vary", "X-Forwarded-Proto");
3024
chain.doFilter(request, response);
3125
}
3226
}

klass-api/src/test/java/no/ssb/klass/api/applicationtest/RestApiClassificationIntegrationTest.java

Lines changed: 126 additions & 48 deletions
Original file line numberDiff line numberDiff line change
@@ -1,90 +1,168 @@
11
package no.ssb.klass.api.applicationtest;
22

33
import static io.restassured.RestAssured.*;
4+
45
import static org.hamcrest.Matchers.*;
56

7+
import io.restassured.http.ContentType;
8+
69
import no.ssb.klass.testutil.TestDataProvider;
10+
711
import org.junit.jupiter.api.Test;
812
import org.springframework.http.HttpStatus;
913

10-
import io.restassured.http.ContentType;
11-
12-
1314
/**
1415
* @author Mads Lundemo, SSB.
1516
*/
1617
public class RestApiClassificationIntegrationTest extends AbstractRestApiApplicationTest {
18+
19+
@Test
20+
public void restServiceAllowCors() {
21+
22+
given().port(port)
23+
.accept(ContentType.JSON)
24+
.header("Origin", "https://www.ssb.no/klass")
25+
.get(REQUEST_WITH_ID, kommuneinndeling.getId())
26+
.prettyPeek()
27+
.then()
28+
.assertThat()
29+
.header("Access-Control-Allow-Origin", equalTo("*"));
30+
}
31+
1732
// @formatter:off
1833
@Test
1934
public void restServiceReturnClassification() {
2035
String urlParts = REQUEST + "/" + kommuneinndeling.getId();
2136

22-
given().port(port).accept(ContentType.JSON)
37+
given().port(port)
38+
.accept(ContentType.JSON)
2339
.get(REQUEST_WITH_ID, kommuneinndeling.getId())
24-
// .prettyPeek()
40+
// .prettyPeek()
2541
.then()
26-
.assertThat().statusCode(HttpStatus.OK.value())
27-
.assertThat().contentType(ContentType.JSON)
42+
.assertThat()
43+
.statusCode(HttpStatus.OK.value())
44+
.assertThat()
45+
.contentType(ContentType.JSON)
2846
// classification
29-
.assertThat().body("name", equalTo(TestDataProvider.KOMMUNEINNDELING_NAVN_NO))
30-
.assertThat().body("description", equalTo(TestDataProvider.KOMMUNEINNDELING_BESKRIVELSE_NO))
31-
.assertThat().body("lastModified", notNullValue())
32-
.assertThat().body(JSON_LINKS + ".self.href", containsString("classifications/" + kommuneinndeling.getId()))
47+
.assertThat()
48+
.body("name", equalTo(TestDataProvider.KOMMUNEINNDELING_NAVN_NO))
49+
.assertThat()
50+
.body("description", equalTo(TestDataProvider.KOMMUNEINNDELING_BESKRIVELSE_NO))
51+
.assertThat()
52+
.body("lastModified", notNullValue())
53+
.assertThat()
54+
.body(
55+
JSON_LINKS + ".self.href",
56+
containsString("classifications/" + kommuneinndeling.getId()))
3357
// versions
34-
.assertThat().body("versions.size()", equalTo(3))
58+
.assertThat()
59+
.body("versions.size()", equalTo(3))
3560
//
36-
.assertThat().body("versions[0].name", equalTo("Kommuneinndeling 2014"))
37-
.assertThat().body("versions[0]._links.self.href", containsString("versions/"))
61+
.assertThat()
62+
.body("versions[0].name", equalTo("Kommuneinndeling 2014"))
63+
.assertThat()
64+
.body("versions[0]._links.self.href", containsString("versions/"))
3865
//
39-
.assertThat().body("versions[1].name", equalTo("Kommuneinndeling 2012"))
40-
.assertThat().body("versions[1]._links.self.href", containsString("versions/"))
66+
.assertThat()
67+
.body("versions[1].name", equalTo("Kommuneinndeling 2012"))
68+
.assertThat()
69+
.body("versions[1]._links.self.href", containsString("versions/"))
4170
// links
4271
.body(JSON_LINKS + ".self.href", containsString(urlParts))
43-
.body(JSON_LINKS + ".codes.href", containsString(urlParts + "/codes"
44-
+ "{?from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
45-
.body(JSON_LINKS + ".codesAt.href", containsString(urlParts + "/codesAt"
46-
+ "{?date=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
47-
.body(JSON_LINKS + ".variant.href", containsString(urlParts + "/variant"
48-
+ "{?variantName,from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
49-
.body(JSON_LINKS + ".variantAt.href", containsString(urlParts + "/variantAt"
50-
+ "{?variantName,date=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
51-
.body(JSON_LINKS + ".corresponds.href", containsString(urlParts + "/corresponds"
52-
+ "{?targetClassificationId,from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator}"))
53-
.body(JSON_LINKS + ".correspondsAt.href", containsString(urlParts + "/correspondsAt"
54-
+ "{?targetClassificationId,date=<yyyy-MM-dd>,csvSeparator}"))
55-
.body(JSON_LINKS + ".changes.href", containsString(urlParts + "/changes"
56-
+ "{?from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator}"));
72+
.body(
73+
JSON_LINKS + ".codes.href",
74+
containsString(
75+
urlParts
76+
+ "/codes"
77+
+ "{?from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
78+
.body(
79+
JSON_LINKS + ".codesAt.href",
80+
containsString(
81+
urlParts
82+
+ "/codesAt"
83+
+ "{?date=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
84+
.body(
85+
JSON_LINKS + ".variant.href",
86+
containsString(
87+
urlParts
88+
+ "/variant"
89+
+ "{?variantName,from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
90+
.body(
91+
JSON_LINKS + ".variantAt.href",
92+
containsString(
93+
urlParts
94+
+ "/variantAt"
95+
+ "{?variantName,date=<yyyy-MM-dd>,csvSeparator,level,selectCodes,presentationNamePattern}"))
96+
.body(
97+
JSON_LINKS + ".corresponds.href",
98+
containsString(
99+
urlParts
100+
+ "/corresponds"
101+
+ "{?targetClassificationId,from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator}"))
102+
.body(
103+
JSON_LINKS + ".correspondsAt.href",
104+
containsString(
105+
urlParts
106+
+ "/correspondsAt"
107+
+ "{?targetClassificationId,date=<yyyy-MM-dd>,csvSeparator}"))
108+
.body(
109+
JSON_LINKS + ".changes.href",
110+
containsString(
111+
urlParts
112+
+ "/changes"
113+
+ "{?from=<yyyy-MM-dd>,to=<yyyy-MM-dd>,csvSeparator}"));
57114
}
58115

59116
@Test
60117
public void restServiceReturnClassificationIncludeFutureVersions() {
61118
String urlParts = REQUEST + "/" + kommuneinndeling.getId();
62119

63-
given().port(port).accept(ContentType.JSON).param("includeFuture", true)
120+
given().port(port)
121+
.accept(ContentType.JSON)
122+
.param("includeFuture", true)
64123
.get(REQUEST_WITH_ID, kommuneinndeling.getId())
65-
// .prettyPeek()
124+
// .prettyPeek()
66125
.then()
67-
.assertThat().statusCode(HttpStatus.OK.value())
68-
.assertThat().contentType(ContentType.JSON)
126+
.assertThat()
127+
.statusCode(HttpStatus.OK.value())
128+
.assertThat()
129+
.contentType(ContentType.JSON)
69130
// classification
70-
.assertThat().body("name", equalTo(TestDataProvider.KOMMUNEINNDELING_NAVN_NO))
71-
.assertThat().body("description", equalTo(TestDataProvider.KOMMUNEINNDELING_BESKRIVELSE_NO))
72-
.assertThat().body("lastModified", notNullValue())
73-
.assertThat().body(JSON_LINKS + ".self.href", containsString("classifications/" + kommuneinndeling.getId()))
131+
.assertThat()
132+
.body("name", equalTo(TestDataProvider.KOMMUNEINNDELING_NAVN_NO))
133+
.assertThat()
134+
.body("description", equalTo(TestDataProvider.KOMMUNEINNDELING_BESKRIVELSE_NO))
135+
.assertThat()
136+
.body("lastModified", notNullValue())
137+
.assertThat()
138+
.body(
139+
JSON_LINKS + ".self.href",
140+
containsString("classifications/" + kommuneinndeling.getId()))
74141
// versions
75-
.assertThat().body("versions.size()", equalTo(4))
142+
.assertThat()
143+
.body("versions.size()", equalTo(4))
76144
//
77-
.assertThat().body("versions[0].name", equalTo("Kommuneinndeling "+TestDataProvider.TEN_YEARS_LATER))
78-
.assertThat().body("versions[0]._links.self.href", containsString("versions/"))
145+
.assertThat()
146+
.body(
147+
"versions[0].name",
148+
equalTo("Kommuneinndeling " + TestDataProvider.TEN_YEARS_LATER))
149+
.assertThat()
150+
.body("versions[0]._links.self.href", containsString("versions/"))
79151
//
80-
.assertThat().body("versions[1].name", equalTo("Kommuneinndeling 2014"))
81-
.assertThat().body("versions[1]._links.self.href", containsString("versions/"))
152+
.assertThat()
153+
.body("versions[1].name", equalTo("Kommuneinndeling 2014"))
154+
.assertThat()
155+
.body("versions[1]._links.self.href", containsString("versions/"))
82156
//
83-
.assertThat().body("versions[2].name", equalTo("Kommuneinndeling 2012"))
84-
.assertThat().body("versions[2]._links.self.href", containsString("versions/"))
157+
.assertThat()
158+
.body("versions[2].name", equalTo("Kommuneinndeling 2012"))
159+
.assertThat()
160+
.body("versions[2]._links.self.href", containsString("versions/"))
85161
//
86-
.assertThat().body("versions[3].name", equalTo("Kommuneinndeling 2008"))
87-
.assertThat().body("versions[3]._links.self.href", containsString("versions/"));
162+
.assertThat()
163+
.body("versions[3].name", equalTo("Kommuneinndeling 2008"))
164+
.assertThat()
165+
.body("versions[3]._links.self.href", containsString("versions/"));
88166
}
89-
// @formatter:on
167+
// @formatter:on
90168
}

0 commit comments

Comments
 (0)