From a58dd004e519fb08045bdbfd3cd6dba25ae22017 Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Fri, 19 May 2017 14:04:11 +0300
Subject: [PATCH 1/7] Added allow-all CORS filter

refers #2163
---
 .../src/main/webapp/WEB-INF/web.xml           | 11 +++--
 .../connect/http/cors/CorsFilter.java         | 44 +++++++++++++++++++
 2 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java

diff --git a/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml b/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml
index 4cde237650..4295947db9 100644
--- a/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml
+++ b/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml
@@ -8,13 +8,18 @@
   <servlet>
     <servlet-name>Jersey</servlet-name>
     <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
+    <!-- Enable CORS request filter (allows all cors requests) -->
+    <init-param>
+      <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
+      <param-value>org.restcomm.connect.http.cors.CorsFilter</param-value>
+    </init-param>
   </servlet>
 
   <context-param>
     <param-name>resteasy.scan</param-name>
     <param-value>false</param-value>
   </context-param>
-  
+
   <context-param>
     <param-name>resteasy.scan.providers</param-name>
     <param-value>false</param-value>
@@ -24,12 +29,12 @@
     <param-name>resteasy.scan.resources</param-name>
     <param-value>false</param-value>
   </context-param>
-  
+
   <servlet-mapping>
     <servlet-name>Jersey</servlet-name>
     <url-pattern>/2012-04-24/*</url-pattern>
   </servlet-mapping>
-  
+
   <welcome-file-list>
     <welcome-file>index.html</welcome-file>
   </welcome-file-list>
diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
new file mode 100644
index 0000000000..48023fdd20
--- /dev/null
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
@@ -0,0 +1,44 @@
+/*
+ * TeleStax, Open Source Cloud Communications
+ * Copyright 2011-2014, Telestax Inc and individual contributors
+ * by the @authors tag.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+package org.restcomm.connect.http.cors;
+
+import com.sun.jersey.spi.container.ContainerRequest;
+import com.sun.jersey.spi.container.ContainerResponse;
+import com.sun.jersey.spi.container.ContainerResponseFilter;
+
+import javax.ws.rs.ext.Provider;
+
+/**
+ * @author otsakir@gmail.com - Orestis Tsakiridis
+ */
+@Provider
+public class CorsFilter implements ContainerResponseFilter {
+
+    @Override
+    public ContainerResponse filter(ContainerRequest cres, ContainerResponse response) {
+        response.getHttpHeaders().add("Access-Control-Allow-Origin", "*");
+        response.getHttpHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+        response.getHttpHeaders().add("Access-Control-Allow-Credentials", "true");
+        response.getHttpHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+        response.getHttpHeaders().add("Access-Control-Max-Age", "1209600");
+        return response;
+    }
+}

From 2805a23e1e326b87b615ba3b39ec4144457a6a50 Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Thu, 15 Jun 2017 14:18:02 +0300
Subject: [PATCH 2/7] Reviewed restcomm.xml 'rcmlserver-api' section,
 configuration classes and RcmlserverApi class

- renamed rcmlserver-api to rcmlserver
- added api-path property

Refers #2230
---
 .../src/main/webapp/WEB-INF/conf/restcomm.xml |  9 ++++----
 .../sets/RcmlserverConfigurationSet.java      |  1 +
 .../impl/RcmlserverConfigurationSetImpl.java  | 23 +++++++++++++++----
 .../http/client/rcmlserver/RcmlserverApi.java | 13 +++++++++--
 .../resources/restcomm-accountRemoval.xml     |  3 ++-
 5 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/restcomm/restcomm.application/src/main/webapp/WEB-INF/conf/restcomm.xml b/restcomm/restcomm.application/src/main/webapp/WEB-INF/conf/restcomm.xml
index 4a67870fcf..d89cf0c3e4 100644
--- a/restcomm/restcomm.application/src/main/webapp/WEB-INF/conf/restcomm.xml
+++ b/restcomm/restcomm.application/src/main/webapp/WEB-INF/conf/restcomm.xml
@@ -383,17 +383,18 @@
 	</http-client>
 
 	<!-- Control notifications sent to rcmlserver (RVD)
-		base-url: relative path or absolute url where rcmlserver it located.
+		base-url: Base url where rcml server is located of the form scheme://host:port like 'http://rvdserver:8080'. Leave it empty when RVD is bundled together with restcomm.
+		api-path: relative path where rcml server api listens under like '/restcomm-rvd/services
 		notifications: should notifications be sent or not ? defaults to 'false'
 		timeout: milis to wait response from rcmlserver before timing out when sending notifications. Defaults to 5000
 		timeout-per-notification: if several notifications are sent in one step, timeout increase for each. Defaults to 500.
 	-->
-	<rcmlserver-api>
-		<base-url>/restcomm-rvd/services</base-url>
+	<rcmlserver>
+		<api-path>/restcomm-rvd/services</api-path>
 		<notifications>true</notifications>
 		<timeout>5000</timeout>
 		<timeout-per-notification>500</timeout-per-notification>
-	</rcmlserver-api>
+	</rcmlserver>
 
 	<!-- The SMS aggregator is responsible for the handling of SMS messages
 		inside of RestComm. Refer to the org.mobicents.servlet.sip.restcomm.SmsAggregator
diff --git a/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/RcmlserverConfigurationSet.java b/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/RcmlserverConfigurationSet.java
index 1f5c2baa95..24ea459f52 100644
--- a/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/RcmlserverConfigurationSet.java
+++ b/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/RcmlserverConfigurationSet.java
@@ -24,6 +24,7 @@
  * @author otsakir@gmail.com - Orestis Tsakiridis
  */
 public interface RcmlserverConfigurationSet {
+    String getApiPath();
     String getBaseUrl();
     Boolean getNotify();
     Integer getTimeout(); // how much to wait for response to a notification request before giving up
diff --git a/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/impl/RcmlserverConfigurationSetImpl.java b/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/impl/RcmlserverConfigurationSetImpl.java
index 0b36bbf3e5..d2e901c2a2 100644
--- a/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/impl/RcmlserverConfigurationSetImpl.java
+++ b/restcomm/restcomm.commons/src/main/java/org/restcomm/connect/commons/configuration/sets/impl/RcmlserverConfigurationSetImpl.java
@@ -28,11 +28,13 @@
  * @author otsakir@gmail.com - Orestis Tsakiridis
  */
 public class RcmlserverConfigurationSetImpl extends ConfigurationSet implements RcmlserverConfigurationSet {
-    private static final String BASE_URL_KEY = "rcmlserver-api.base-url";
-    private static final String NOTIFY_KEY = "rcmlserver-api.notifications";
-    private static final String TIMEOUT_KEY = "rcmlserver-api.timeout";
-    private static final String TIMEOUT_PER_NOTIFICATION_KEY = "rcmlserver-api.timeout-per-notification";
+    private static final String BASE_URL_KEY = "rcmlserver.base-url";
+    private static final String API_PATH_KEY = "rcmlserver.api-path";
+    private static final String NOTIFY_KEY = "rcmlserver.notifications";
+    private static final String TIMEOUT_KEY = "rcmlserver.timeout";
+    private static final String TIMEOUT_PER_NOTIFICATION_KEY = "rcmlserver.timeout-per-notification";
     private String baseUrl = null;
+    private String apiPath = null;
     private Boolean notify = false;
     private Integer timeout = 5000;
     private Integer timeoutPerNotification = 500;
@@ -48,6 +50,14 @@ public RcmlserverConfigurationSetImpl(ConfigurationSource source) {
             this.baseUrl = value;
         }
 
+        value = source.getProperty(API_PATH_KEY);
+        if ( !StringUtils.isEmpty(value) ) {
+            value = value.trim();
+            if (value.endsWith("/")) // remove trailing '/' if present
+                value = value.substring(0,value.length()-2);
+            this.apiPath = value;
+        }
+
         value = source.getProperty(NOTIFY_KEY);
         try {
             this.notify = Boolean.parseBoolean(value);
@@ -77,6 +87,11 @@ public String getBaseUrl() {
         return baseUrl;
     }
 
+    @Override
+    public String getApiPath() {
+        return apiPath;
+    }
+
     @Override
     public Boolean getNotify() {
         return notify;
diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/client/rcmlserver/RcmlserverApi.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/client/rcmlserver/RcmlserverApi.java
index 3e3e77f72c..7a7aa95ea8 100644
--- a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/client/rcmlserver/RcmlserverApi.java
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/client/rcmlserver/RcmlserverApi.java
@@ -22,6 +22,7 @@
 
 import com.google.gson.Gson;
 import com.google.gson.JsonObject;
+import org.apache.commons.lang.StringUtils;
 import org.apache.http.HttpResponse;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.methods.HttpPost;
@@ -59,8 +60,16 @@ enum NotificationType {
 
     public RcmlserverApi(MainConfigurationSet mainConfig, RcmlserverConfigurationSet rcmlserverConfig) {
         try {
-            // resolve() should be run lazily to work. Make sure this constructor is invoked after the JBoss connectors have been set up.
-            apiUrl = UriUtils.resolve(new URI(rcmlserverConfig.getBaseUrl()));
+            // if there is no baseUrl configured we use the resolver to guess the location of the rcml server and the path
+            if ( StringUtils.isEmpty(rcmlserverConfig.getBaseUrl()) ) {
+                // resolve() should be run lazily to work. Make sure this constructor is invoked after the JBoss connectors have been set up.
+                apiUrl = UriUtils.resolve(new URI(rcmlserverConfig.getApiPath()));
+            }
+            // if baseUrl has been configured, concat baseUrl and path to find the location of rcml server. No resolving here.
+            else {
+                String path = rcmlserverConfig.getApiPath();
+                apiUrl = new URI(rcmlserverConfig.getBaseUrl() + (path != null ? path : "") );
+            }
         } catch (URISyntaxException e) {
             throw new RuntimeException(e);
         }
diff --git a/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml b/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml
index 8fcec79251..048feb9f09 100644
--- a/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml
+++ b/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml
@@ -262,7 +262,8 @@
 
 	<rcmlserver-api>
 		<!-- points to Wiremock server for arquilian testing -->
-		<base-url>http://localhost:8089/restcomm-rvd/services</base-url>
+		<base-url>http://localhost:8089</base-url>
+		<api-path>/restcomm-rvd/services</api-path>
 		<notifications>true</notifications>
 	</rcmlserver-api>
 

From 3feaa8f0c4105f2d65fb6568578cae40b3e23f84 Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Thu, 15 Jun 2017 15:14:39 +0300
Subject: [PATCH 3/7] Fixed broken AccountsEndpointClosingTest

This relates to 'rcmlserver' configuration section since it used it

Refers #2230
---
 .../resources/restcomm-accountRemoval.xml     | 353 +++++++++++++-----
 1 file changed, 260 insertions(+), 93 deletions(-)

diff --git a/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml b/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml
index 048feb9f09..a5f4c154eb 100644
--- a/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml
+++ b/restcomm/restcomm.testsuite/src/test/resources/restcomm-accountRemoval.xml
@@ -1,24 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!--
-  ~ TeleStax, Open Source Cloud Communications
-  ~ Copyright 2011-2014, Telestax Inc and individual contributors
-  ~ by the @authors tag.
-  ~
-  ~ This program is free software: you can redistribute it and/or modify
-  ~ under the terms of the GNU Affero General Public License as
-  ~ published by the Free Software Foundation; either version 3 of
-  ~ the License, or (at your option) any later version.
-  ~
-  ~ This program is distributed in the hope that it will be useful,
-  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
-  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-  ~ GNU Affero General Public License for more details.
-  ~
-  ~ You should have received a copy of the GNU Affero General Public License
-  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>
-  ~
-  -->
-
 <!-- This is free software; you can redistribute it and/or modify it under
 	the terms of the GNU Lesser General Public License as published by the Free
 	Software Foundation; either version 2.1 of the License, or (at your option)
@@ -43,10 +23,20 @@
 		<!-- The location where the audio prompts are located. -->
 		<prompts-uri>/restcomm/audio</prompts-uri>
 
+		<!-- Conference audio files, these will be played when a participant joins or leaves the conference -->
+		<conference-entry-audio>beep.wav</conference-entry-audio>
+		<conference-exit-audio>alert.wav</conference-exit-audio>
+
 		<!-- Cache settings. -->
 		<cache-path>${restcomm:home}/cache</cache-path>
 		<cache-uri>/restcomm/cache</cache-uri>
 
+		<!-- If set to true RestComm will NOT use cache for *.wav files playback.
+			If set to false RestComm will use cache for *.wav files playback.
+			Default: false
+		-->
+		<cache-no-wav>false</cache-no-wav>
+
 		<!-- The path where recordings made by the <Record> verb are stored. -->
 		<recordings-path>file://${restcomm:home}/recordings</recordings-path>
 		<recordings-uri>/restcomm/recordings</recordings-uri>
@@ -72,16 +62,28 @@
 			from those users -->
 		<authenticate>true</authenticate>
 
+		<!-- If authenticate is set to true Restcomm can work as IMS Client. To enable set act-as-ims-ua to true and
+		 configure IMS domain and IMS Proxy (e.g. P-CSCF or SBC) -->
+		<ims-authentication>
+			<act-as-ims-ua>false</act-as-ims-ua>
+			<domain></domain>
+			<proxy-address></proxy-address>
+			<proxy-port>5060</proxy-port>
+			<call-id-prefix>WebRTCGW__1@</call-id-prefix>
+			<user-agent>WebRTCGW/1.0</user-agent>
+			<account></account>
+		</ims-authentication>
+
 		<!-- Interval time in seconds that Restcomm will send keepalive messages (OPTIONS) to registered clients -->
 		<ping-interval>60</ping-interval>
 
 		<!-- If set to FALSE Restcomm wont normalize phone numbers (prepend +1)
 			when creating an outbound call -->
-		<normalize-numbers-for-outbound-calls>true</normalize-numbers-for-outbound-calls>
-		<!--If set to TRUE Restcomm will use the From address of initial call to
-			proxied calls Caller A dials DID XYZ that is bind to RCML that Dials Number
-			4321. If from-address-to-proxied-calls is TRUE Restcomm will pass callerId
-			A to the created call -->
+		<normalize-numbers-for-outbound-calls>false</normalize-numbers-for-outbound-calls>
+		<!--If set to TRUE Restcomm will use the From address of initial call as
+			caller-id for calls created with Dial Number. Caller A (callerId A) dials
+			DID XYZ that is bind to RCML that Dials Number 4321. If from-address-to-proxied-calls
+			is TRUE Restcomm will pass callerId A to the created call -->
 		<from-address-to-proxied-calls>true</from-address-to-proxied-calls>
 
 		<!-- Control whether Restcomm will try to patch the Request-URI and SDP
@@ -89,6 +91,30 @@
 		<!-- Default value: true -->
 		<patch-for-nat-b2bua-sessions>true</patch-for-nat-b2bua-sessions>
 
+		<!-- If set to true, when calling clients Restcomm will bypass LB or Proxy if set.
+		     Default value false so call are routed through LB-->
+		<bypass-lb-for-clients>false</bypass-lb-for-clients>
+
+		<!-- Set to true so Restcomm will send 100 Trying on initial Request-->
+		<!-- Used only for testing. !!! Don't enable this for production -->
+		<send-trying-for-initial-requests>false</send-trying-for-initial-requests>
+
+		<!--Play background music for conference rooms with 1 participant even if startConference=true? Music will stop after the second participant joins-->
+		<!--Default value: false -->
+		<play-music-for-conference>false</play-music-for-conference>
+
+		<!-- Set to true so Restcomm will NOT patch the SDP for the following cases:
+			1. SDP received from 200 OK
+			2. SDP in the initial INVITE
+			3. SDP in the in-dialog INVITE
+			Default value: false -->
+		<disable-sdp-patching-on-updating-mediasession>false</disable-sdp-patching-on-updating-mediasession>
+
+		<!-- If this is set to TRUE, when verb is Dial, delay 200 OK to INVITE until outbound dial answers
+			 or send appropriate response according to the response from outbound dial-->
+		<!--  https://github.com/RestComm/Restcomm-Connect/issues/1649 -->
+		<enable-200-ok-delay>false</enable-200-ok-delay>
+
 		<outbound-proxy>
 			<!-- Parameters for primary outbound proxy. -->
 			<outbound-proxy-user></outbound-proxy-user>
@@ -104,14 +130,15 @@
 				proxy when -->
 			<!-- creating the From header, as the userpart of the sip uri. Example:
 				From: "Alice" <sip:PROXY_USERNAME@PROXY> -->
-			<outboudproxy-user-at-from-header>true</outboudproxy-user-at-from-header>
+			<!-- Must be TRUE for Nexmo integration -->
+			<outboudproxy-user-at-from-header>false</outboudproxy-user-at-from-header>
 			<!-- When set to true, Restcomm will use the original user for the display
 				name of the From header -->
 			<!-- Example: From: "Alice" <sip:PROXY_USERNAME@PROXY> -->
 			<user-at-displayed-name>true</user-at-displayed-name>
 
 			<!-- Allow fallback to backup proxy -->
-			<allow-fallback>true</allow-fallback>
+			<allow-fallback>false</allow-fallback>
 			<!-- Number of maximum failed calls before switching from primary to the
 				fallback outbound proxy -->
 			<max-failed-calls>20</max-failed-calls>
@@ -119,21 +146,30 @@
 			<allow-fallback-to-primary>true</allow-fallback-to-primary>
 		</outbound-proxy>
 
+		<!--Depreciated -->
 		<telestax-proxy>
 			<enabled>false</enabled>
 			<login>restcomm</login>
 			<password>restcomm</password>
 			<endpoint>restcomm_instance_id</endpoint>
+			<siteId>site_id</siteId>
 			<uri>http://127.0.0.1:2080</uri>
 		</telestax-proxy>
 
 		<!-- TelScale USSD Gateway -->
 		<ussd-gateway>
-			<ussd-gateway-uri>127.0.0.1:5090</ussd-gateway-uri>
+			<ussd-gateway-uri></ussd-gateway-uri>
 			<ussd-gateway-user></ussd-gateway-user>
 			<ussd-gateway-password></ussd-gateway-password>
 		</ussd-gateway>
 
+		<!-- TelScale GMLC -->
+		<gmlc>
+			<gmlc-uri>http://GMLC-IP:port/restcomm/gmlc/rest?msisdn=</gmlc-uri> <!-- Change GMLC-IP:port to appropriate value-->
+			<gmlc-user></gmlc-user>
+			<gmlc-password></gmlc-password>
+		</gmlc>
+
 		<!-- Each permission is represented as three columns Domain:Action:Target
 			Possible actions are Create, Read, Modify, Delete. -->
 		<security-roles>
@@ -155,6 +191,9 @@
 				<permission>RestComm:Read:SmsMessages</permission>
 				<permission>RestComm:Read:Transcriptions</permission>
 				<permission>RestComm:*:OutboundProxies</permission>
+				<permission>RestComm:*:EmailMessages</permission>
+				<permission>RestComm:*:Usage</permission>
+				<permission>RestComm:*:Geolocation</permission>
 			</role>
 			<role name="Unprivileged">
 				<permission>RestComm:Read:Accounts</permission>
@@ -163,19 +202,75 @@
 		</security-roles>
 	</runtime-settings>
 
-	<phone-number-provisioning
-			class="org.restcomm.connect.provisioning.number.nexmo.NexmoPhoneNumberProvisioningManager">
+	<!--Bandwidth Provisioning API Configuration class: BandwidthNumberProvisioningManager
+		username - The username assigned to you at account setup for the Bandwidth
+		Provisioning Portal (https://webui.inetwork.com) password - Password used
+		to login to the Bandwidth Provisioning portal (https://webui.inetwork.com)
+		accountId - Account ID assigned to you by Bandwidth at account setup siteId
+		- The Site ID within your Bandwidth account where numbers should be provisioned.
+		The site is called Location in the portal. You can find the site Id in the
+		url string by navigating to Account/Configuration/Locations and selecting
+		the proper location. Given the url: https://webui.inetwork.com/report/#editlocation:%7B%22a%22:5555111,%22s%22:1234,%22p%22:507567%7D
+		The site Id will be 1234, that is the characters after the s%22: You can
+		also get the site Id by querying the Sites REST API directly. uri - Should
+		always be https://api.inetwork.com/v1.0 for production traffic and numbers. -->
+	<!-- <phone-number-provisioning class="BandwidthNumberProvisioningManager">
+		<callback-urls> <voice url="" method="SIP"/> <sms url="" method="SIP"/> <fax
+		url="" method="SIP"/> <ussd url="" method="SIP"/> </callback-urls> <bandwidth>
+		<username></username> <password></password> <accountId></accountId> <siteId></siteId>
+		<uri>https://api.inetwork.com/v1.0</uri> </bandwidth> </phone-number-provisioning> -->
+
+	<!--Voxbone Provisioning API Configuration For Callback URLs, use {E164}@IP_ADDRESS:PORT
+		username - The username assigned to you at account setup for the Voxbone
+		Portal (https://voxbone.com) password - Password used to login to the Voxbone
+		portal (https://voxbone.com) uri - The URI of voxbone rest services. Usually
+		not changed except if you want to test with a sandbox account Should always
+		be https://api.voxbone.com/ws-voxbone/services/rest for production traffic
+		and numbers. -->
+	<!-- <phone-number-provisioning class="VoxbonePhoneNumberProvisioningManager">
+		<callback-urls> <voice url="+{E164}@IP_ADDRESS:PORT" method="SIP"/> <sms
+		url="+{E164}@IP_ADDRESS:PORT" method="SIP"/> <fax url="+{E164}@IP_ADDRESS:PORT"
+		method="SIP"/> <ussd url="+{E164}@IP_ADDRESS:PORT" method="SIP"/> </callback-urls>
+		<voxbone> <username></username> <password></password> <uri>https://api.voxbone.com/ws-voxbone/services/rest</uri>
+		</voxbone> </phone-number-provisioning> -->
+	<!-- Configuration for the VoIP Innovations provisioning API. class: VoIPInnovationsNumberProvisioningManager
+		voice url: URL (host:port) and method (SIP or SIPS) to where a DID for voice
+		should forward the calls sms url: URL (host:port) and method (SS7, SMPP,
+		SIP or SIPS) to where a DID for voice should forward the calls fax url: URL
+		(host:port) and method (SIP or SIPS) to where a DID for voice should forward
+		the calls ussd url: URL (host:port) and method (SS7, SIP or SIPS) to where
+		a DID for voice should forward the calls Configuration for Nexmo class: NexmoPhoneNumberProvisioningManager -->
+	<phone-number-provisioning class="org.restcomm.connect.provisioning.number.vi.VoIPInnovationsNumberProvisioningManager">
 		<callback-urls>
-			<voice url="localhost:5080" method="SIP" />
-			<sms url="localhost:5080" method="SIP" />
-			<fax url="localhost:5080" method="SIP" />
-			<ussd url="localhost:5080" method="SIP" />
+			<voice url="" method="" />
+			<sms url="" method="" />
+			<fax url="" method="" />
+			<ussd url="" method="" />
 		</callback-urls>
+		<voip-innovations>
+			<login></login>
+			<password></password>
+			<endpoint></endpoint>
+			<uri>https://backoffice.voipinnovations.com/api2.pl</uri>
+		</voip-innovations>
+		<bandwidth>
+			<username></username>
+			<password></password>
+			<accountId></accountId>
+			<siteId></siteId>
+			<uri>https://api.inetwork.com/v1.0</uri>
+		</bandwidth>
 		<nexmo>
-			<api-key>randomkey</api-key>
-			<api-secret>randomsecret</api-secret>
-			<uri>http://127.0.0.1:8089/nexmo</uri>
+			<api-key></api-key>
+			<api-secret></api-secret>
+			<uri>https://rest.nexmo.com/</uri>
+			<smpp-system-type></smpp-system-type>
 		</nexmo>
+		<voxbone>
+			<username></username>
+			<password></password>
+			<uri>https://api.voxbone.com/ws-voxbone/services/rest</uri>
+		</voxbone>
 	</phone-number-provisioning>
 
 	<smtp-notify>
@@ -189,8 +284,7 @@
 	</smtp-notify>
 
 	<smtp-service>
-		<host>
-		</host>
+		<host></host>
 		<user></user>
 		<password></password>
 		<port></port>
@@ -203,8 +297,27 @@
 		<access-key></access-key>
 		<security-key></security-key>
 		<reduced-redundancy>false</reduced-redundancy>
-		<minutes-to-retain-public-url>7</minutes-to-retain-public-url>
+		<minutes-to-retain-public-url>10</minutes-to-retain-public-url>
 		<remove-original-file>true</remove-original-file>
+		<bucket-region>us-east-1</bucket-region>
+		<!--
+		Restcomm Recordings - Amazon S3 integration security details
+
+		The Security level controls the details that the Recordings REST API will
+		provide to the user and also how the user will access the wav file.
+
+		1. NONE: Recordings REST API will contain the S3_URI with no credentials.
+		   Restcomm will fetch and serve recording to the user if the FILE_URI of the Recording is used
+		2. REDIRECT: Recordings REST API will NOT contain the S3_URI. Restcomm will
+		   create redirect response and recording will be served by Amazon S3 if the FILE_URI of the Recording is used
+		3. DEFAULT SECURE: Recordings REST API will NOT contain the S3_URI. Restcomm will
+		   fetch and serve recording to the user if the FILE_URI of the Recording is used
+
+		DEFAULT VALUE: SECURE
+		-->
+		<security-level>secure</security-level>
+		<testing>false</testing>
+		<testing-url>http://127.0.0.1:8090/s3</testing-url>
 	</amazon-s3>
 
 	<!-- Defines how RestComm communicates with the Media Server Control layer.
@@ -233,22 +346,35 @@
 		when necessary so if your server already has a routable IP address setting
 		this parameter will have no effect. <max-response-time> - In milliseconds
 		the maximum amount of time to wait for a response from the media server before
-		abandoning the request. This does NOT apply to RQNT/NOTIFY request/response. -->
+		abandoning the request. This does NOT apply to RQNT/NOTIFY request/response.
+		<rtp-timeout> This indicates rtp timeout, in seconds.
+		<rtp-timeout-timer-start-time> This is used to indicate when the RTP/RTCP timeout
+		timer starts. It can have one of the following values:
+         *  "im" for immediate i.e., the timer starts as soon as the
+            request is received.  This is the default.
+         *  "ra" to indicate that the timer should start only after an
+            RTCP packet has been received from the other end (i.e., the
+            timer will be initiated when the first RTCP packet is
+            received after the request is made).  Note that in the case
+            where the other end does not support RTCP, the timer will
+            never be initiated.-->
 	<media-server-manager>
-		<mgcp-server class="org.restcomm.connect.mgcp.MockMediaGateway"
-			name="Mobicents Media Server">
+		<mgcp-server class="org.restcomm.connect.mgcp.MediaGateway" name="Mobicents Media Server">
 			<local-address>127.0.0.1</local-address>
 			<local-port>2727</local-port>
 			<remote-address>127.0.0.1</remote-address>
 			<remote-port>2427</remote-port>
-			<response-timeout>1500</response-timeout>
-			<!-- <external-address></external-address> -->
+			<response-timeout>500</response-timeout>
+			<external-address><null/></external-address>
+			<rtp-timeout>60</rtp-timeout>
+			<rtp-timeout-timer-start-time>im</rtp-timeout-timer-start-time>
 		</mgcp-server>
+		<mrb class="org.restcomm.connect.mrb.MediaResourceBrokerGeneric" name="Community MediaResourceBroker">
+		</mrb>
 	</media-server-manager>
-
-		<!-- Adjust http client behaviour for outgoing requests -->
+	<!-- Adjust http client behaviour for outgoing requests -->
 	<http-client>
-		<response-timeout>5000</response-timeout>
+		<response-timeout>6000</response-timeout>
 		<!-- Control peer certificate verification for https connections. Two modes are supported:
 			'allowall' : Disables peer certificate verification. Use it when testing.
 			'strict' : Fails requests if peer certificate is not trusted. Use it in production. -->
@@ -260,21 +386,30 @@
 		<hostname></hostname>
 	</http-client>
 
-	<rcmlserver-api>
-		<!-- points to Wiremock server for arquilian testing -->
+	<!-- Control notifications sent to rcmlserver (RVD)
+		base-url: Base url where rcml server is located of the form scheme://host:port like 'http://rvdserver:8080'. Leave it empty when RVD is bundled together with restcomm.
+		api-path: relative path where rcml server api listens under like '/restcomm-rvd/services
+		notifications: should notifications be sent or not ? defaults to 'false'
+		timeout: milis to wait response from rcmlserver before timing out when sending notifications. Defaults to 5000
+		timeout-per-notification: if several notifications are sent in one step, timeout increase for each. Defaults to 500.
+	-->
+	<rcmlserver>
 		<base-url>http://localhost:8089</base-url>
 		<api-path>/restcomm-rvd/services</api-path>
 		<notifications>true</notifications>
-	</rcmlserver-api>
+		<timeout>5000</timeout>
+		<timeout-per-notification>500</timeout-per-notification>
+	</rcmlserver>
 
 	<!-- The SMS aggregator is responsible for the handling of SMS messages
 		inside of RestComm. Refer to the org.mobicents.servlet.sip.restcomm.SmsAggregator
 		interface for more information. -->
 	<sms-aggregator class="org.restcomm.connect.sms.SmsService">
 		<outbound-prefix></outbound-prefix>
-		<outbound-endpoint>127.0.0.1:5090</outbound-endpoint>
+		<outbound-endpoint>127.0.0.1:5070</outbound-endpoint>
 	</sms-aggregator>
 
+
 	<!-- by default activateSmppConnection is set to false -->
 
 	<smpp class="org.restcomm.connect.sms.smpp.SmppService" activateSmppConnection ="false">
@@ -334,34 +469,45 @@
 		<api-key production="false"></api-key>
 	</speech-recognizer>
 
-	<!-- The Speech Synthesizer is responsible for turning text in to speech
-		for play back by the media gateway. <speech-synthesizer class="AcapelaSpeechSynthesizer">
+	<speech-synthesizer active="voicerss"/>
+
+	<!-- The Speech Synthesizer is responsible for turning text in to speech for play back by the media gateway. -->
+	<acapela class="org.restcomm.connect.tts.acapela.AcapelaSpeechSynthesizer">
 		<service-root>http://vaas.acapela-group.com/Services/Synthesizer</service-root>
-		<application></application> <login></login> <password></password> <speakers>
-		<belgium-french> <female>justine8k</female> <male></male> </belgium-french>
-		<brazilian-portuguese> <female>marcia8k</female> <male></male> </brazilian-portuguese>
-		<british-english> <female>rachel8k</female> <male>graham8k</male> </british-english>
-		<canadian-french> <female>louise8k</female> <male></male> </canadian-french>
-		<czech> <female>eliska8k</female> <male></male> </czech> <danish> <female>mette8k</female>
-		<male>rasmus8k</male> </danish> <english> <female>heather8k</female> <male>ryan8k</male>
-		</english> <finnish> <female>sanna8k</female> <male></male> </finnish> <french>
-		<female>claire8k</female> <male>bruno8k</male> </french> <german> <female>sarah8k</female>
-		<male>klaus8k</male> </german> <greek> <female></female> <male>dimitris8k</male>
-		</greek> <italian> <female>chiara8k</female> <male>vittorio8k</male> </italian>
-		<netherlands-dutch> <female>jasmijn8k</female> <male>daan8k</male> </netherlands-dutch>
-		<norwegian> <female>kari8k</female> <male>olav8k</male> </norwegian> <polish>
-		<female>ania8k</female> <male></male> </polish> <portuguese> <female>celia8k</female>
-		<male></male> </portuguese> <russian> <female>alyona8k</female> <male></male>
-		</russian> <saudi-arabia-arabic> <female>salma8k</female> <male>mehdi8k</male>
-		</saudi-arabia-arabic> <spain-catalan> <female>laia8k</female> <male></male>
-		</spain-catalan> <spanish> <female>maria8k</female> <male>antonio8k</male>
-		</spanish> <swedish> <female>elin8k</female> <male>emil8k</male> </swedish>
-		<turkish> <female>ipek8k</female> <male></male> </turkish> </speakers> </speech-synthesizer> -->
-
-	<speech-synthesizer
-		class="org.restcomm.connect.tts.voicerss.VoiceRSSSpeechSynthesizer">
+		<application></application>
+		<login></login>
+		<password></password>
+		<speakers>
+			<belgium-french> <female>justine8k</female> <male></male> </belgium-french>
+			<brazilian-portuguese> <female>marcia8k</female> <male></male> </brazilian-portuguese>
+			<british-english> <female>rachel8k</female> <male>graham8k</male> </british-english>
+			<canadian-french> <female>louise8k</female> <male></male> </canadian-french>
+			<czech> <female>eliska8k</female> <male></male> </czech>
+			<danish> <female>mette8k</female><male>rasmus8k</male></danish>
+			<english> <female>laura8k</female> <male>ryan8k</male> </english>
+			<finnish> <female>sanna8k</female> <male></male> </finnish>
+			<french> <female>claire8k</female> <male>bruno8k</male> </french>
+			<german> <female>sarah8k</female> <male>klaus8k</male> </german>
+			<greek> <female></female> <male>dimitris8k</male> </greek>
+			<italian> <female>chiara8k</female> <male>vittorio8k</male> </italian>
+			<netherlands-dutch> <female>jasmijn8k</female> <male>daan8k</male> </netherlands-dutch>
+			<norwegian> <female>kari8k</female> <male>olav8k</male> </norwegian>
+			<polish><female>ania8k</female> <male></male> </polish>
+			<portuguese> <female>celia8k</female><male></male> </portuguese>
+			<russian> <female>alyona8k</female> <male></male></russian>
+			<saudi-arabia-arabic> <female>salma8k</female> <male>mehdi8k</male></saudi-arabia-arabic>
+			<spain-catalan> <female>laia8k</female> <male></male> </spain-catalan>
+			<spanish> <female>maria8k</female> <male>antonio8k</male></spanish>
+			<swedish> <female>elin8k</female> <male>emil8k</male> </swedish>
+			<turkish> <female>ipek8k</female> <male></male> </turkish>
+			<mandarin-chinese> <female>lulu8k</female> <male></male> </mandarin-chinese>
+			<japanese> <female>sakura8k</female> <male></male> </japanese>
+		</speakers>
+	</acapela>
+
+	<voicerss class="org.restcomm.connect.tts.voicerss.VoiceRSSSpeechSynthesizer">
 		<service-root>http://api.voicerss.org</service-root>
-		<apikey>16824850f3634b9eb8a464350c0b133d</apikey>
+		<apikey></apikey>
 		<languages>
 			<catalan>ca-es</catalan>
 			<chinese-china>zh-cn</chinese-china>
@@ -381,18 +527,7 @@
 			<italian>it-it</italian>
 			<japanese>ja-jp</japanese>
 			<korean>ko-kr</korean>
-			<norwegian>nb-no</norwegian>	<!-- Adjust http client behaviour for outgoing requests -->
-	<http-client>
-		<!-- Control peer certificate verification for https connections. Two modes are supported:
-			'allowall' : Disables peer certificate verification. Use it when testing.
-			'strict' : Fails requests if peer certificate is not trusted. Use it in production. -->
-		<ssl-mode>strict</ssl-mode>
-		<!-- Control whether relative URL should be resolved using hostname instead of IP Address.
-		If for any reason hostname resolution fails, IP Address will be used -->
-		<use-hostname-to-resolve-relative-url>true</use-hostname-to-resolve-relative-url>
-		<!-- Optionally provide the hostname to be used, otherwise Java will try to get the hostname of the machine JVM is running -->
-		<hostname></hostname>
-	</http-client>
+			<norwegian>nb-no</norwegian>
 			<polish>pl-pl</polish>
 			<portuguese-brasil>pt-br</portuguese-brasil>
 			<portuguese-portugal>pt-pt</portuguese-portugal>
@@ -401,10 +536,42 @@
 			<spanish-spain>es-es</spanish-spain>
 			<swedish>sv-se</swedish>
 		</languages>
-	</speech-synthesizer>
+	</voicerss>
+
+	<!-- AWS Polly Speech Synthesizer plugin -->
+	<awspolly class="org.restcomm.connect.tts.awspolly.AWSPollySpeechSyntetizer">
+		<aws-access-key></aws-access-key>
+		<aws-secret-key></aws-secret-key>
+		<aws-region></aws-region>
+		<speakers>
+			<ja-JP><female>Mizuki</female><male></male></ja-JP>
+			<tr-TR><female>Filiz</female><male></male></tr-TR>
+			<ru-RU><female>Tatyana</female><male>Maxim</male></ru-RU>
+			<ro-RO><female>Carmen</female><male>Maxim</male></ro-RO>
+			<pt-PT><female>Ines</female><male>Cristiano</male></pt-PT>
+			<pt-BR><female>Vitoria</female><male>Ricardo</male></pt-BR>
+			<pl-PL><female>Maja</female><male>Jan</male></pl-PL>
+			<nl-NL><female>Lotte</female><male>Ruben</male></nl-NL>
+			<nb-NO><female>Liv</female><male></male></nb-NO>
+			<it-IT><female>Carla</female><male>Giorgio</male></it-IT>
+			<is-IS><female>Dora</female><male>Karl</male></is-IS>
+			<fr-FR><female>Celine</female><male>Mathieu</male></fr-FR>
+			<fr-CA><female>Chantal</female><male></male></fr-CA>
+			<es-US><female>Penelope</female><male>Miguel</male></es-US>
+			<es-ES><female>Conchita</female><male>Enrique</male></es-ES>
+			<en-GB-WLS><female></female><male>Geraint</male></en-GB-WLS>
+			<cy-GB><female>Gwyneth</female><male></male></cy-GB>
+			<en-US><female>Joanna</female><male>Joey</male></en-US>
+			<en-IN><female>Raveena</female><male></male></en-IN>
+			<en-GB><female>Emma</female><male>Brian</male></en-GB>
+			<en-AU><female>Nicole</female><male>Russell</male></en-AU>
+			<de-DE><female>Marlene</female><male>Hans</male></de-DE>
+			<da-DK><female>Naja</female><male>Mads</male></da-DK>
+		</speakers>
+	</awspolly>
 
 	<!-- AT&T Speech Synthesizer plugin -->
-	<!-- <speech-synthesizer class="AttSpeechSynthesizer">
+	<!-- <speech-synthesizer class="org.restcomm.connect.tts.att.AttSpeechSynthesizer">
 		<host>127.0.0.1</host> <port>7000</port> <tts-client-directory></tts-client-directory>
 		<verbose-output>false</verbose-output> <speakers> <english> <female>crystal8</female>
 		<male>mike8</male> </english> <english-uk> <female>audrey8</female> <male>charles8</male>
@@ -414,4 +581,4 @@
 		<male>reiner8</male> </german> <italian> <female>francesca8</female> <male>giovanni8</male>
 		</italian> <brazilian-portuguese> <female>marina8</female> <male>tiago8</male>
 		</brazilian-portuguese> </speakers> </speech-synthesizer> -->
-</restcomm>
+</restcomm>
\ No newline at end of file

From ca24d22533b91774e4c7b3f8fcdcaf576081fb44 Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Fri, 16 Jun 2017 00:39:00 +0300
Subject: [PATCH 4/7] Load restcomm.xml and initialize CorsFilter accordingly

Refers #2230
---
 .../connect/http/cors/CorsFilter.java         | 55 +++++++++++++++++--
 1 file changed, 50 insertions(+), 5 deletions(-)

diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
index 48023fdd20..47cc32adfa 100644
--- a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
@@ -23,8 +23,16 @@
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ContainerResponse;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.commons.configuration.XMLConfiguration;
+import org.restcomm.connect.commons.configuration.sets.RcmlserverConfigurationSet;
+import org.restcomm.connect.commons.configuration.sets.impl.RcmlserverConfigurationSetImpl;
+import org.restcomm.connect.commons.configuration.sources.ApacheConfigurationSource;
+import org.restcomm.connect.commons.configuration.sources.ConfigurationSource;
 
 import javax.ws.rs.ext.Provider;
+import java.io.File;
+import java.net.URL;
 
 /**
  * @author otsakir@gmail.com - Orestis Tsakiridis
@@ -32,13 +40,50 @@
 @Provider
 public class CorsFilter implements ContainerResponseFilter {
 
+    String allowedOrigin;
+
+    public CorsFilter() {
+        // Determine absolute path to restcomm.xml
+        URL url = CorsFilter.class.getResource(".");
+        String path = url.getFile();
+        String webInfPath = path.substring(0, path.indexOf("/WEB-INF/"));
+        String restcommXmlPath = webInfPath + "/WEB-INF/conf/restcomm.xml";
+        File restcommXmlFile = new File(restcommXmlPath);
+        // Create apache configuration
+        XMLConfiguration apacheConf = new XMLConfiguration();
+        apacheConf.setDelimiterParsingDisabled(true);
+        apacheConf.setAttributeSplittingDisabled(true);
+        try {
+            apacheConf.load(restcommXmlPath);
+        } catch (ConfigurationException e) {
+            e.printStackTrace();
+        }
+        // Create high-level configuration
+        ConfigurationSource source = new ApacheConfigurationSource(apacheConf);
+        RcmlserverConfigurationSet rcmlserverConfig = new RcmlserverConfigurationSetImpl(source);
+
+        // initialize allowedOrigin
+        String baseUrl = rcmlserverConfig.getBaseUrl();
+        if ( baseUrl != null && (! baseUrl.trim().equals(""))) {
+            // baseUrl is set. We need to return CORS allow headers
+            allowedOrigin = baseUrl;
+        }
+    }
+
+    // We return Access-* headers only in case allowedOrigin is present and equals to the 'Origin' header.
     @Override
     public ContainerResponse filter(ContainerRequest cres, ContainerResponse response) {
-        response.getHttpHeaders().add("Access-Control-Allow-Origin", "*");
-        response.getHttpHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
-        response.getHttpHeaders().add("Access-Control-Allow-Credentials", "true");
-        response.getHttpHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
-        response.getHttpHeaders().add("Access-Control-Max-Age", "1209600");
+        String requestOrigin = cres.getHeaderValue("Origin");
+        if (requestOrigin != null) { // is this is a cors request (ajax request that targets a different domain than the one the page was loaded from)
+            if (allowedOrigin != null && allowedOrigin.startsWith(requestOrigin)) {  // no cors allowances make are applied if allowedOrigins == null
+                // only return the origin the client informed
+                response.getHttpHeaders().add("Access-Control-Allow-Origin", requestOrigin);
+                response.getHttpHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
+                response.getHttpHeaders().add("Access-Control-Allow-Credentials", "true");
+                response.getHttpHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
+                response.getHttpHeaders().add("Access-Control-Max-Age", "1209600");
+            }
+        }
         return response;
     }
 }

From ef1d591e75edf57c44d03605073c0550a225db56 Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Mon, 22 May 2017 02:18:52 +0300
Subject: [PATCH 5/7] Added OPTIONS method to AccountsEndpoint and refined
 security checks for endpoint's methods

Refers #2230
---
 .../java/org/restcomm/connect/http/AccountsEndpoint.java  | 5 ++++-
 .../org/restcomm/connect/http/AccountsJsonEndpoint.java   | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsEndpoint.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsEndpoint.java
index 796de673c7..4ced8a1fda 100644
--- a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsEndpoint.java
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsEndpoint.java
@@ -108,7 +108,6 @@ void init() {
         xstream.registerConverter(new AccountListConverter(runtimeConfiguration));
         xstream.registerConverter(new RestCommResponseConverter(runtimeConfiguration));
         // Make sure there is an authenticated account present when this endpoint is used
-        checkAuthenticatedAccount();
     }
 
     private Account createFrom(final Sid accountSid, final MultivaluedMap<String, String> data) throws PasswordTooWeak {
@@ -142,6 +141,7 @@ private Account createFrom(final Sid accountSid, final MultivaluedMap<String, St
     }
 
     protected Response getAccount(final String accountSid, final MediaType responseType) {
+        checkAuthenticatedAccount();
         //First check if the account has the required permissions in general, this way we can fail fast and avoid expensive DAO operations
         Account account = null;
         checkPermission("RestComm:Read:Accounts");
@@ -302,6 +302,7 @@ private void removeIncomingPhoneNumbers(Sid accountSid, IncomingPhoneNumbersDao
 
 
     protected Response getAccounts(final MediaType responseType) {
+        checkAuthenticatedAccount();
         //First check if the account has the required permissions in general, this way we can fail fast and avoid expensive DAO operations
         checkPermission("RestComm:Read:Accounts");
         final Account account = userIdentityContext.getEffectiveAccount();
@@ -323,6 +324,7 @@ protected Response getAccounts(final MediaType responseType) {
     }
 
     protected Response putAccount(final MultivaluedMap<String, String> data, final MediaType responseType) {
+        checkAuthenticatedAccount();
         //First check if the account has the required permissions in general, this way we can fail fast and avoid expensive DAO operations
         checkPermission("RestComm:Create:Accounts");
         // check account level depth. If we're already at third level no sub-accounts are allowed to be created
@@ -476,6 +478,7 @@ private Account prepareAccountForUpdate(final Account account, final Multivalued
 
     protected Response updateAccount(final String identifier, final MultivaluedMap<String, String> data,
             final MediaType responseType) {
+        checkAuthenticatedAccount();
         // First check if the account has the required permissions in general, this way we can fail fast and avoid expensive DAO
         // operations
         checkPermission("RestComm:Modify:Accounts");
diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsJsonEndpoint.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsJsonEndpoint.java
index 18d4f0b2c4..34273f2508 100644
--- a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsJsonEndpoint.java
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/AccountsJsonEndpoint.java
@@ -23,6 +23,7 @@
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
+import javax.ws.rs.OPTIONS;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
@@ -49,6 +50,13 @@ public Response getAccountAsJson(@PathParam("accountSid") final String accountSi
         return getAccount(accountSid, APPLICATION_JSON_TYPE);
     }
 
+    @Path("/{accountSid}")
+    @OPTIONS
+    public Response optionsAccount(@PathParam("accountSid") final String accountSid) {
+        // no authentication here since this is a pre-flight request
+        return Response.ok().build();
+    }
+
     @GET
     public Response getAccounts() {
         return getAccounts(APPLICATION_JSON_TYPE);

From eb071676e7e7705391f99e5e08d65659730e19d1 Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Fri, 16 Jun 2017 12:38:55 +0300
Subject: [PATCH 6/7] Reviewed CorsFilter initialization and added automated
 test

Refers #2230
---
 .../src/main/webapp/WEB-INF/web.xml           |   2 +-
 .../connect/http/cors/CorsFilter.java         |  73 ++-
 .../connect/testsuite/http/CorsRelaxTest.java | 103 +++
 .../src/test/resources/restcomm-corsRelax.xml | 600 ++++++++++++++++++
 4 files changed, 749 insertions(+), 29 deletions(-)
 create mode 100644 restcomm/restcomm.testsuite/src/test/java/org/restcomm/connect/testsuite/http/CorsRelaxTest.java
 create mode 100644 restcomm/restcomm.testsuite/src/test/resources/restcomm-corsRelax.xml

diff --git a/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml b/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml
index 4295947db9..01b2f813b9 100644
--- a/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml
+++ b/restcomm/restcomm.application/src/main/webapp/WEB-INF/web.xml
@@ -8,7 +8,7 @@
   <servlet>
     <servlet-name>Jersey</servlet-name>
     <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
-    <!-- Enable CORS request filter (allows all cors requests) -->
+    <!-- Enable CORS request filter -->
     <init-param>
       <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
       <param-value>org.restcomm.connect.http.cors.CorsFilter</param-value>
diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
index 47cc32adfa..ec9266a2c8 100644
--- a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
@@ -25,54 +25,39 @@
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import org.apache.commons.configuration.ConfigurationException;
 import org.apache.commons.configuration.XMLConfiguration;
+import org.apache.commons.lang.StringUtils;
+import org.apache.log4j.Logger;
 import org.restcomm.connect.commons.configuration.sets.RcmlserverConfigurationSet;
 import org.restcomm.connect.commons.configuration.sets.impl.RcmlserverConfigurationSetImpl;
 import org.restcomm.connect.commons.configuration.sources.ApacheConfigurationSource;
 import org.restcomm.connect.commons.configuration.sources.ConfigurationSource;
 
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.Context;
 import javax.ws.rs.ext.Provider;
 import java.io.File;
-import java.net.URL;
 
 /**
  * @author otsakir@gmail.com - Orestis Tsakiridis
  */
 @Provider
 public class CorsFilter implements ContainerResponseFilter {
+    private final Logger logger = Logger.getLogger(CorsFilter.class);
 
-    String allowedOrigin;
+    @Context
+    private HttpServletRequest servletRequest;
 
-    public CorsFilter() {
-        // Determine absolute path to restcomm.xml
-        URL url = CorsFilter.class.getResource(".");
-        String path = url.getFile();
-        String webInfPath = path.substring(0, path.indexOf("/WEB-INF/"));
-        String restcommXmlPath = webInfPath + "/WEB-INF/conf/restcomm.xml";
-        File restcommXmlFile = new File(restcommXmlPath);
-        // Create apache configuration
-        XMLConfiguration apacheConf = new XMLConfiguration();
-        apacheConf.setDelimiterParsingDisabled(true);
-        apacheConf.setAttributeSplittingDisabled(true);
-        try {
-            apacheConf.load(restcommXmlPath);
-        } catch (ConfigurationException e) {
-            e.printStackTrace();
-        }
-        // Create high-level configuration
-        ConfigurationSource source = new ApacheConfigurationSource(apacheConf);
-        RcmlserverConfigurationSet rcmlserverConfig = new RcmlserverConfigurationSetImpl(source);
+    // we initialize this lazily upon first request since it can't be injected through the @Context annotation (it didn't work)
+    private ServletContext lazyServletContext;
 
-        // initialize allowedOrigin
-        String baseUrl = rcmlserverConfig.getBaseUrl();
-        if ( baseUrl != null && (! baseUrl.trim().equals(""))) {
-            // baseUrl is set. We need to return CORS allow headers
-            allowedOrigin = baseUrl;
-        }
-    }
+    String allowedOrigin;
 
     // We return Access-* headers only in case allowedOrigin is present and equals to the 'Origin' header.
     @Override
     public ContainerResponse filter(ContainerRequest cres, ContainerResponse response) {
+        initLazily(servletRequest);
         String requestOrigin = cres.getHeaderValue("Origin");
         if (requestOrigin != null) { // is this is a cors request (ajax request that targets a different domain than the one the page was loaded from)
             if (allowedOrigin != null && allowedOrigin.startsWith(requestOrigin)) {  // no cors allowances make are applied if allowedOrigins == null
@@ -86,4 +71,36 @@ public ContainerResponse filter(ContainerRequest cres, ContainerResponse respons
         }
         return response;
     }
+
+    private void initLazily(ServletRequest request)  {
+        if (lazyServletContext == null) {
+            ServletContext context = request.getServletContext();
+            String rootPath = context.getRealPath("/");
+            rootPath = StringUtils.stripEnd(rootPath,"/"); // remove trailing "/" character
+            String restcommXmlPath = rootPath + "/WEB-INF/conf/restcomm.xml";
+
+            // ok, found restcomm.xml. Now let's get rcmlserver/base-url configuration setting
+            File restcommXmlFile = new File(restcommXmlPath);
+            // Create apache configuration
+            XMLConfiguration apacheConf = new XMLConfiguration();
+            apacheConf.setDelimiterParsingDisabled(true);
+            apacheConf.setAttributeSplittingDisabled(true);
+            try {
+                apacheConf.load(restcommXmlPath);
+            } catch (ConfigurationException e) {
+                e.printStackTrace();
+            }
+            // Create high-level configuration
+            ConfigurationSource source = new ApacheConfigurationSource(apacheConf);
+            RcmlserverConfigurationSet rcmlserverConfig = new RcmlserverConfigurationSetImpl(source);
+            // initialize allowedOrigin
+            String baseUrl = rcmlserverConfig.getBaseUrl();
+            if ( baseUrl != null && (! baseUrl.trim().equals(""))) {
+                // baseUrl is set. We need to return CORS allow headers
+                allowedOrigin = baseUrl;
+            }
+
+            lazyServletContext = context;
+        }
+    }
 }
diff --git a/restcomm/restcomm.testsuite/src/test/java/org/restcomm/connect/testsuite/http/CorsRelaxTest.java b/restcomm/restcomm.testsuite/src/test/java/org/restcomm/connect/testsuite/http/CorsRelaxTest.java
new file mode 100644
index 0000000000..045562688f
--- /dev/null
+++ b/restcomm/restcomm.testsuite/src/test/java/org/restcomm/connect/testsuite/http/CorsRelaxTest.java
@@ -0,0 +1,103 @@
+/*
+ * TeleStax, Open Source Cloud Communications
+ * Copyright 2011-2014, Telestax Inc and individual contributors
+ * by the @authors tag.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation; either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+package org.restcomm.connect.testsuite.http;
+
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.WebResource;
+import junit.framework.Assert;
+import org.apache.log4j.Logger;
+import org.jboss.arquillian.container.test.api.Deployer;
+import org.jboss.arquillian.container.test.api.Deployment;
+import org.jboss.arquillian.junit.Arquillian;
+import org.jboss.arquillian.test.api.ArquillianResource;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.WebArchive;
+import org.jboss.shrinkwrap.resolver.api.maven.archive.ShrinkWrapMaven;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.restcomm.connect.commons.Version;
+
+import javax.ws.rs.core.MultivaluedMap;
+import java.net.URL;
+
+/**
+ * Tests whether CORS restrictions are relaxed when <rcmlserver/> configuration contains an absolute baseurl.
+ * Currently it only tests Accounts endpoint where CORS-relax logic has been applied
+ *
+ * @author otsakir@gmail.com - Orestis Tsakiridis
+ */
+@RunWith(Arquillian.class)
+public class CorsRelaxTest extends EndpointTest {
+    private final static Logger logger = Logger.getLogger(CorsRelaxTest.class.getName());
+
+    private static final String version = Version.getVersion();
+
+    @ArquillianResource
+    private Deployer deployer;
+    @ArquillianResource
+    URL deploymentUrl;
+
+    String accountSid = "ACae6e420f425248d6a26948c17a9e2acf";
+    String accountToken = "77f8c12cc7b8f8423e5c38b035249166";
+
+    // Tests cors headers existence when retrieving an account
+    @Test
+    public void corsHeadersAreReturnedForAccount() {
+        // Bypass jersey restriction for "Origin" header. By default it can't be added to a WebResource object.
+        System.setProperty("sun.net.http.allowRestrictedHeaders", "true");
+
+        Client jersey = Client.create();
+        // make a preflight OPTIONS request using an origin present in restcomm.xml/rcmlserver i.e. http://testing.restcomm.com
+        WebResource resource = jersey.resource(getResourceUrl("/2012-04-24/Accounts.json/ACae6e420f425248d6a26948c17a9e2acf"));
+        ClientResponse response = resource.header("Origin", "http://testing.restcomm.com").options(ClientResponse.class);
+        Assert.assertEquals(200, response.getStatus());
+        MultivaluedMap<String,String> headers = response.getHeaders();
+        String originHeader = headers.getFirst("Access-Control-Allow-Origin");
+        Assert.assertEquals("http://testing.restcomm.com",originHeader);
+        // make a preflight OPTIONS request using an origin NOT present in restcomm.xml/rcmlserver i.e. http://otherhost.restcomm.com
+        WebResource resource2 = jersey.resource(getResourceUrl("/restcomm/2012-04-24/Accounts.json/ACae6e420f425248d6a26948c17a9e2acf"));
+        ClientResponse response2 = resource2.header("Origin", "http://otherhost.restcomm.com").options(ClientResponse.class);
+        originHeader = response2.getHeaders().getFirst("Access-Control-Allow-Origin");
+        Assert.assertEquals(200, response2.getStatus());
+        Assert.assertNull(originHeader);
+
+    }
+
+    @Deployment(name = "CorsRelaxTest", managed = true, testable = false)
+    public static WebArchive createWebArchiveNoGw() {
+        logger.info("Packaging Test App");
+        logger.info("version");
+        WebArchive archive = ShrinkWrap.create(WebArchive.class, "restcomm.war");
+        final WebArchive restcommArchive = ShrinkWrapMaven.resolver()
+                .resolve("org.restcomm:restcomm-connect.application:war:" + version).withoutTransitivity()
+                .asSingle(WebArchive.class);
+        archive = archive.merge(restcommArchive);
+        archive.delete("/WEB-INF/sip.xml");
+        archive.delete("/WEB-INF/conf/restcomm.xml");
+        archive.delete("/WEB-INF/data/hsql/restcomm.script");
+        archive.addAsWebInfResource("sip.xml");
+        archive.addAsWebInfResource("restcomm-corsRelax.xml", "conf/restcomm.xml");
+        archive.addAsWebInfResource("restcomm.script", "data/hsql/restcomm.script");
+        logger.info("Packaged Test App");
+        return archive;
+    }
+}
diff --git a/restcomm/restcomm.testsuite/src/test/resources/restcomm-corsRelax.xml b/restcomm/restcomm.testsuite/src/test/resources/restcomm-corsRelax.xml
new file mode 100644
index 0000000000..58ed3ba08d
--- /dev/null
+++ b/restcomm/restcomm.testsuite/src/test/resources/restcomm-corsRelax.xml
@@ -0,0 +1,600 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ TeleStax, Open Source Cloud Communications
+  ~ Copyright 2011-2014, Telestax Inc and individual contributors
+  ~ by the @authors tag.
+  ~
+  ~ This program is free software: you can redistribute it and/or modify
+  ~ under the terms of the GNU Affero General Public License as
+  ~ published by the Free Software Foundation; either version 3 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This program is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  ~ GNU Affero General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Affero General Public License
+  ~ along with this program.  If not, see <http://www.gnu.org/licenses/>
+  ~
+  -->
+
+<!-- This is free software; you can redistribute it and/or modify it under
+	the terms of the GNU Lesser General Public License as published by the Free
+	Software Foundation; either version 2.1 of the License, or (at your option)
+	any later version. This software is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General
+	Public License for more details. You should have received a copy of the GNU
+	Lesser General Public License along with this software; if not, write to
+	the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+	MA 02110-1301 USA, or see the FSF site: http://www.fsf.org. -->
+<restcomm>
+    <runtime-settings>
+        <!-- The API version that will be used. -->
+        <api-version>2012-04-24</api-version>
+
+        <!-- Try to run RVD workspace projects migration to apply new naming
+            convention and synchronization with database entities. This execution
+            will occurs max one time per Restcomm version. To force a new run,
+            remove the file .version inside RVD workspace. -->
+        <rvd-workspace-migration-enabled>false</rvd-workspace-migration-enabled>
+
+        <!-- The location where the audio prompts are located. -->
+        <prompts-uri>/restcomm/audio</prompts-uri>
+
+        <!-- Conference audio files, these will be played when a participant joins or leaves the conference -->
+        <conference-entry-audio>beep.wav</conference-entry-audio>
+        <conference-exit-audio>alert.wav</conference-exit-audio>
+
+        <!-- Cache settings. -->
+        <cache-path>${restcomm:home}/cache</cache-path>
+        <cache-uri>/restcomm/cache</cache-uri>
+
+        <!-- If set to true RestComm will NOT use cache for *.wav files playback.
+            If set to false RestComm will use cache for *.wav files playback.
+            Default: false
+        -->
+        <cache-no-wav>false</cache-no-wav>
+
+        <!-- The path where recordings made by the <Record> verb are stored. -->
+        <recordings-path>file://${restcomm:home}/recordings</recordings-path>
+        <recordings-uri>/restcomm/recordings</recordings-uri>
+
+        <!-- The URL to the errors dictionary. -->
+        <error-dictionary-uri>/restcomm/errors</error-dictionary-uri>
+
+        <!-- The IP to use for out-bound SIP REGISTER requests. This is useful
+            when you want to report a different IP than the one RestComm picked by default. -->
+        <external-ip></external-ip>
+
+        <!-- If set to true RestComm will use the To header to determine the destination.
+            If set to false RestComm will use the Request URI to determine the destination. -->
+        <use-to>true</use-to>
+
+        <!-- If set to true Restcomm will use the Local Address (or external address
+            if available) in the host part of the From header for calls to the outbound
+            proxy. Default is False, which means that Restcomm will use outbound proxy
+            for the host part of From header -->
+        <use-local-address>false</use-local-address>
+
+        <!-- If set to true Restcomm will authenticate users and incoming messages
+            from those users -->
+        <authenticate>true</authenticate>
+
+        <!-- If authenticate is set to true Restcomm can work as IMS Client. To enable set act-as-ims-ua to true and
+         configure IMS domain and IMS Proxy (e.g. P-CSCF or SBC) -->
+        <ims-authentication>
+            <act-as-ims-ua>false</act-as-ims-ua>
+            <domain></domain>
+            <proxy-address></proxy-address>
+            <proxy-port>5060</proxy-port>
+            <call-id-prefix>WebRTCGW__1@</call-id-prefix>
+            <user-agent>WebRTCGW/1.0</user-agent>
+            <account></account>
+        </ims-authentication>
+
+        <!-- Interval time in seconds that Restcomm will send keepalive messages (OPTIONS) to registered clients -->
+        <ping-interval>60</ping-interval>
+
+        <!-- If set to FALSE Restcomm wont normalize phone numbers (prepend +1)
+            when creating an outbound call -->
+        <normalize-numbers-for-outbound-calls>false</normalize-numbers-for-outbound-calls>
+        <!--If set to TRUE Restcomm will use the From address of initial call as
+            caller-id for calls created with Dial Number. Caller A (callerId A) dials
+            DID XYZ that is bind to RCML that Dials Number 4321. If from-address-to-proxied-calls
+            is TRUE Restcomm will pass callerId A to the created call -->
+        <from-address-to-proxied-calls>true</from-address-to-proxied-calls>
+
+        <!-- Control whether Restcomm will try to patch the Request-URI and SDP
+            for B2BUA sessions with the discovered external IP Address of the peer -->
+        <!-- Default value: true -->
+        <patch-for-nat-b2bua-sessions>true</patch-for-nat-b2bua-sessions>
+
+        <!-- If set to true, when calling clients Restcomm will bypass LB or Proxy if set.
+             Default value false so call are routed through LB-->
+        <bypass-lb-for-clients>false</bypass-lb-for-clients>
+
+        <!-- Set to true so Restcomm will send 100 Trying on initial Request-->
+        <!-- Used only for testing. !!! Don't enable this for production -->
+        <send-trying-for-initial-requests>false</send-trying-for-initial-requests>
+
+        <!--Play background music for conference rooms with 1 participant even if startConference=true? Music will stop after the second participant joins-->
+        <!--Default value: false -->
+        <play-music-for-conference>false</play-music-for-conference>
+
+        <!-- Set to true so Restcomm will NOT patch the SDP for the following cases:
+            1. SDP received from 200 OK
+            2. SDP in the initial INVITE
+            3. SDP in the in-dialog INVITE
+            Default value: false -->
+        <disable-sdp-patching-on-updating-mediasession>false</disable-sdp-patching-on-updating-mediasession>
+
+        <!-- If this is set to TRUE, when verb is Dial, delay 200 OK to INVITE until outbound dial answers
+             or send appropriate response according to the response from outbound dial-->
+        <!--  https://github.com/RestComm/Restcomm-Connect/issues/1649 -->
+        <enable-200-ok-delay>false</enable-200-ok-delay>
+
+        <outbound-proxy>
+            <!-- Parameters for primary outbound proxy. -->
+            <outbound-proxy-user></outbound-proxy-user>
+            <outbound-proxy-password></outbound-proxy-password>
+            <outbound-proxy-uri>127.0.0.1:5070</outbound-proxy-uri>
+
+            <!-- Parameters for fallback outbound proxy. -->
+            <fallback-outbound-proxy-user></fallback-outbound-proxy-user>
+            <fallback-outbound-proxy-password></fallback-outbound-proxy-password>
+            <fallback-outbound-proxy-uri>127.0.0.1:5090</fallback-outbound-proxy-uri>
+
+            <!-- When set to true, Restcomm will use the username of the outbound
+                proxy when -->
+            <!-- creating the From header, as the userpart of the sip uri. Example:
+                From: "Alice" <sip:PROXY_USERNAME@PROXY> -->
+            <!-- Must be TRUE for Nexmo integration -->
+            <outboudproxy-user-at-from-header>false</outboudproxy-user-at-from-header>
+            <!-- When set to true, Restcomm will use the original user for the display
+                name of the From header -->
+            <!-- Example: From: "Alice" <sip:PROXY_USERNAME@PROXY> -->
+            <user-at-displayed-name>true</user-at-displayed-name>
+
+            <!-- Allow fallback to backup proxy -->
+            <allow-fallback>false</allow-fallback>
+            <!-- Number of maximum failed calls before switching from primary to the
+                fallback outbound proxy -->
+            <max-failed-calls>20</max-failed-calls>
+            <!-- Allow fallback to Primary proxy in case backup proxy fails also -->
+            <allow-fallback-to-primary>true</allow-fallback-to-primary>
+        </outbound-proxy>
+
+        <!--Depreciated -->
+        <telestax-proxy>
+            <enabled>false</enabled>
+            <login>restcomm</login>
+            <password>restcomm</password>
+            <endpoint>restcomm_instance_id</endpoint>
+            <siteId>site_id</siteId>
+            <uri>http://127.0.0.1:2080</uri>
+        </telestax-proxy>
+
+        <!-- TelScale USSD Gateway -->
+        <ussd-gateway>
+            <ussd-gateway-uri></ussd-gateway-uri>
+            <ussd-gateway-user></ussd-gateway-user>
+            <ussd-gateway-password></ussd-gateway-password>
+        </ussd-gateway>
+
+        <!-- TelScale GMLC -->
+        <gmlc>
+            <gmlc-uri>http://GMLC-IP:port/restcomm/gmlc/rest?msisdn=</gmlc-uri> <!-- Change GMLC-IP:port to appropriate value-->
+            <gmlc-user></gmlc-user>
+            <gmlc-password></gmlc-password>
+        </gmlc>
+
+        <!-- Each permission is represented as three columns Domain:Action:Target
+            Possible actions are Create, Read, Modify, Delete. -->
+        <security-roles>
+            <role name="Developer">
+                <permission>RestComm:*:Accounts</permission>
+                <permission>RestComm:*:Applications</permission>
+                <permission>RestComm:*:Announcements</permission>
+                <permission>RestComm:Read:AvailablePhoneNumbers</permission>
+                <permission>RestComm:*:Calls</permission>
+                <permission>RestComm:*:Clients</permission>
+                <permission>RestComm:*:Conferences</permission>
+                <permission>RestComm:Create,Delete,Read:Faxes</permission>
+                <permission>RestComm:*:IncomingPhoneNumbers</permission>
+                <permission>RestComm:Read:Notifications</permission>
+                <permission>RestComm:*:OutgoingCallerIds</permission>
+                <permission>RestComm:Delete,Read:Recordings</permission>
+                <permission>RestComm:Read,Modify:SandBoxes</permission>
+                <permission>RestComm:*:ShortCodes</permission>
+                <permission>RestComm:Read:SmsMessages</permission>
+                <permission>RestComm:Read:Transcriptions</permission>
+                <permission>RestComm:*:OutboundProxies</permission>
+                <permission>RestComm:*:EmailMessages</permission>
+                <permission>RestComm:*:Usage</permission>
+                <permission>RestComm:*:Geolocation</permission>
+            </role>
+        </security-roles>
+    </runtime-settings>
+
+    <!--Bandwidth Provisioning API Configuration class: BandwidthNumberProvisioningManager
+        username - The username assigned to you at account setup for the Bandwidth
+        Provisioning Portal (https://webui.inetwork.com) password - Password used
+        to login to the Bandwidth Provisioning portal (https://webui.inetwork.com)
+        accountId - Account ID assigned to you by Bandwidth at account setup siteId
+        - The Site ID within your Bandwidth account where numbers should be provisioned.
+        The site is called Location in the portal. You can find the site Id in the
+        url string by navigating to Account/Configuration/Locations and selecting
+        the proper location. Given the url: https://webui.inetwork.com/report/#editlocation:%7B%22a%22:5555111,%22s%22:1234,%22p%22:507567%7D
+        The site Id will be 1234, that is the characters after the s%22: You can
+        also get the site Id by querying the Sites REST API directly. uri - Should
+        always be https://api.inetwork.com/v1.0 for production traffic and numbers. -->
+    <!-- <phone-number-provisioning class="BandwidthNumberProvisioningManager">
+        <callback-urls> <voice url="" method="SIP"/> <sms url="" method="SIP"/> <fax
+        url="" method="SIP"/> <ussd url="" method="SIP"/> </callback-urls> <bandwidth>
+        <username></username> <password></password> <accountId></accountId> <siteId></siteId>
+        <uri>https://api.inetwork.com/v1.0</uri> </bandwidth> </phone-number-provisioning> -->
+
+    <!--Voxbone Provisioning API Configuration For Callback URLs, use {E164}@IP_ADDRESS:PORT
+        username - The username assigned to you at account setup for the Voxbone
+        Portal (https://voxbone.com) password - Password used to login to the Voxbone
+        portal (https://voxbone.com) uri - The URI of voxbone rest services. Usually
+        not changed except if you want to test with a sandbox account Should always
+        be https://api.voxbone.com/ws-voxbone/services/rest for production traffic
+        and numbers. -->
+    <!-- <phone-number-provisioning class="VoxbonePhoneNumberProvisioningManager">
+        <callback-urls> <voice url="+{E164}@IP_ADDRESS:PORT" method="SIP"/> <sms
+        url="+{E164}@IP_ADDRESS:PORT" method="SIP"/> <fax url="+{E164}@IP_ADDRESS:PORT"
+        method="SIP"/> <ussd url="+{E164}@IP_ADDRESS:PORT" method="SIP"/> </callback-urls>
+        <voxbone> <username></username> <password></password> <uri>https://api.voxbone.com/ws-voxbone/services/rest</uri>
+        </voxbone> </phone-number-provisioning> -->
+    <!-- Configuration for the VoIP Innovations provisioning API. class: VoIPInnovationsNumberProvisioningManager
+        voice url: URL (host:port) and method (SIP or SIPS) to where a DID for voice
+        should forward the calls sms url: URL (host:port) and method (SS7, SMPP,
+        SIP or SIPS) to where a DID for voice should forward the calls fax url: URL
+        (host:port) and method (SIP or SIPS) to where a DID for voice should forward
+        the calls ussd url: URL (host:port) and method (SS7, SIP or SIPS) to where
+        a DID for voice should forward the calls Configuration for Nexmo class: NexmoPhoneNumberProvisioningManager -->
+    <phone-number-provisioning class="org.restcomm.connect.provisioning.number.vi.VoIPInnovationsNumberProvisioningManager">
+        <callback-urls>
+            <voice url="" method="" />
+            <sms url="" method="" />
+            <fax url="" method="" />
+            <ussd url="" method="" />
+        </callback-urls>
+        <voip-innovations>
+            <login></login>
+            <password></password>
+            <endpoint></endpoint>
+            <uri>https://backoffice.voipinnovations.com/api2.pl</uri>
+        </voip-innovations>
+        <bandwidth>
+            <username></username>
+            <password></password>
+            <accountId></accountId>
+            <siteId></siteId>
+            <uri>https://api.inetwork.com/v1.0</uri>
+        </bandwidth>
+        <nexmo>
+            <api-key></api-key>
+            <api-secret></api-secret>
+            <uri>https://rest.nexmo.com/</uri>
+            <smpp-system-type></smpp-system-type>
+        </nexmo>
+        <voxbone>
+            <username></username>
+            <password></password>
+            <uri>https://api.voxbone.com/ws-voxbone/services/rest</uri>
+        </voxbone>
+    </phone-number-provisioning>
+
+    <smtp-notify>
+        <host></host>
+        <user></user>
+        <password></password>
+        <port></port>
+        <!-- Default mail address used to report issues related to Restcomm management,
+        mostly associated with bootstrap executions, like workspace migration, etc. -->
+        <default-email-address></default-email-address>
+    </smtp-notify>
+
+    <smtp-service>
+        <host></host>
+        <user></user>
+        <password></password>
+        <port></port>
+    </smtp-service>
+
+    <amazon-s3>
+        <enabled>false</enabled>
+        <bucket-name>restcomm-recordings</bucket-name>
+        <folder></folder>
+        <access-key></access-key>
+        <security-key></security-key>
+        <reduced-redundancy>false</reduced-redundancy>
+        <minutes-to-retain-public-url>10</minutes-to-retain-public-url>
+        <remove-original-file>true</remove-original-file>
+        <bucket-region>us-east-1</bucket-region>
+        <!--
+        Restcomm Recordings - Amazon S3 integration security details
+
+        The Security level controls the details that the Recordings REST API will
+        provide to the user and also how the user will access the wav file.
+
+        1. NONE: Recordings REST API will contain the S3_URI with no credentials.
+           Restcomm will fetch and serve recording to the user if the FILE_URI of the Recording is used
+        2. REDIRECT: Recordings REST API will NOT contain the S3_URI. Restcomm will
+           create redirect response and recording will be served by Amazon S3 if the FILE_URI of the Recording is used
+        3. DEFAULT SECURE: Recordings REST API will NOT contain the S3_URI. Restcomm will
+           fetch and serve recording to the user if the FILE_URI of the Recording is used
+
+        DEFAULT VALUE: SECURE
+        -->
+        <security-level>secure</security-level>
+        <testing>false</testing>
+        <testing-url>http://127.0.0.1:8090/s3</testing-url>
+    </amazon-s3>
+
+    <!-- Defines how RestComm communicates with the Media Server Control layer.
+        Accepted values: XMS (Dialogic XMS using JSR-309 driver) or RMS (RestComm
+        Media Server using MGCP driver) -->
+    <mscontrol>
+        <compatibility>rms</compatibility>
+        <media-server name="Dialogic XMS" class="com.dialogic.dlg309">
+            <address>127.0.0.1</address>
+            <port>5060</port>
+            <transport>udp</transport>
+            <timeout>5</timeout>
+        </media-server>
+    </mscontrol>
+
+    <!-- The media server manager is responsible for managing the media servers
+        in use by RestComm. The default way to control media servers is using the
+        MGCP stack. The MGCP stack MUST have a name and the following parameters:
+        <stack-address> - The local IP address for the MGCP stack. <stack-port> -
+        The local port for the MGCP stack. <remote-address> - The IP address for
+        the media server. <remote-port> - The port for the media server. <external-address>
+        - Sometimes there is interest to use a different address in the SDP than
+        the IP address the media server is reporting. This parameter if set tells
+        RestComm to patch the Connection attribute in the SDP on behalf of the media
+        server to the specified IP address. Note: RestComm will only do NAT resolution
+        when necessary so if your server already has a routable IP address setting
+        this parameter will have no effect. <max-response-time> - In milliseconds
+        the maximum amount of time to wait for a response from the media server before
+        abandoning the request. This does NOT apply to RQNT/NOTIFY request/response.
+        <rtp-timeout> This indicates rtp timeout, in seconds.
+        <rtp-timeout-timer-start-time> This is used to indicate when the RTP/RTCP timeout
+        timer starts. It can have one of the following values:
+         *  "im" for immediate i.e., the timer starts as soon as the
+            request is received.  This is the default.
+         *  "ra" to indicate that the timer should start only after an
+            RTCP packet has been received from the other end (i.e., the
+            timer will be initiated when the first RTCP packet is
+            received after the request is made).  Note that in the case
+            where the other end does not support RTCP, the timer will
+            never be initiated.-->
+    <media-server-manager>
+        <mgcp-server class="org.restcomm.connect.mgcp.MediaGateway" name="Mobicents Media Server">
+            <local-address>127.0.0.1</local-address>
+            <local-port>2727</local-port>
+            <remote-address>127.0.0.1</remote-address>
+            <remote-port>2427</remote-port>
+            <response-timeout>500</response-timeout>
+            <external-address><null/></external-address>
+            <rtp-timeout>60</rtp-timeout>
+            <rtp-timeout-timer-start-time>im</rtp-timeout-timer-start-time>
+        </mgcp-server>
+        <mrb class="org.restcomm.connect.mrb.MediaResourceBrokerGeneric" name="Community MediaResourceBroker">
+        </mrb>
+    </media-server-manager>
+    <!-- Adjust http client behaviour for outgoing requests -->
+    <http-client>
+        <response-timeout>6000</response-timeout>
+        <!-- Control peer certificate verification for https connections. Two modes are supported:
+            'allowall' : Disables peer certificate verification. Use it when testing.
+            'strict' : Fails requests if peer certificate is not trusted. Use it in production. -->
+        <ssl-mode>strict</ssl-mode>
+        <!-- Control whether relative URL should be resolved using hostname instead of IP Address.
+        If for any reason hostname resolution fails, IP Address will be used -->
+        <use-hostname-to-resolve-relative-url>true</use-hostname-to-resolve-relative-url>
+        <!-- Optionally provide the hostname to be used, otherwise Java will try to get the hostname of the machine JVM is running -->
+        <hostname></hostname>
+    </http-client>
+
+    <!-- Control notifications sent to rcmlserver (RVD)
+        base-url: Base url where rcml server is located of the form scheme://host:port like 'http://rvdserver:8080'. Leave it empty when RVD is bundled together with restcomm.
+        api-path: relative path where rcml server api listens under like '/restcomm-rvd/services
+        notifications: should notifications be sent or not ? defaults to 'false'
+        timeout: milis to wait response from rcmlserver before timing out when sending notifications. Defaults to 5000
+        timeout-per-notification: if several notifications are sent in one step, timeout increase for each. Defaults to 500.
+    -->
+    <rcmlserver>
+        <base-url>http://testing.restcomm.com</base-url>
+        <api-path>/restcomm-rvd/services</api-path>
+        <notifications>true</notifications>
+        <timeout>5000</timeout>
+        <timeout-per-notification>500</timeout-per-notification>
+    </rcmlserver>
+
+    <!-- The SMS aggregator is responsible for the handling of SMS messages
+        inside of RestComm. Refer to the org.mobicents.servlet.sip.restcomm.SmsAggregator
+        interface for more information. -->
+    <sms-aggregator class="org.restcomm.connect.sms.SmsService">
+        <outbound-prefix></outbound-prefix>
+        <outbound-endpoint>127.0.0.1:5070</outbound-endpoint>
+    </sms-aggregator>
+
+
+    <!-- by default activateSmppConnection is set to false -->
+
+    <smpp class="org.restcomm.connect.sms.smpp.SmppService" activateSmppConnection ="false">
+        <connections>
+            <connection activateAddressMapping="false" sourceAddressMap="" destinationAddressMap="" tonNpiValue="1">
+                <!-- Name must be unique for each connection -->
+                <name>test</name>
+                <systemid>test</systemid>
+                <peerip>127.0.0.1</peerip>
+                <peerport>2776</peerport>
+                <bindtype>TRANSCEIVER</bindtype>
+                <!-- These are optional params -->
+                <password>test</password>
+                <systemtype>sms</systemtype>
+                <!-- byte value for interface version 0x34 is 3.4, 0x33 is 3.3 and 0x50
+                    is 5.0 -->
+                <interfaceversion>0x34</interfaceversion>
+                <ton>-1</ton>
+                <npi>-1</npi>
+                <range></range>
+                <!-- Default value is 1. The window size is the amount of unacknowledged
+                    requests that are permitted to be outstanding/unacknowledged at any given
+                    time. If more requests are added, the underlying stack will throw an exception. -->
+                <windowsize>1</windowsize>
+                <!-- Default value is 60000 milli seconds. This parameter is used to
+                    specify the time to wait until a slot opens up in the 'sendWindow'. -->
+                <windowwaittimeout>60000</windowwaittimeout>
+                <!-- BIND request must be sent within configured timeout in ms -->
+                <connecttimeout>10000</connecttimeout>
+                <!-- Set the amount of time to wait for an endpoint to respond to a request
+                    before it expires. Defaults to disabled (-1). -->
+                <requestexpirytimeout>30000</requestexpirytimeout>
+                <!-- Sets the amount of time between executions of monitoring the window
+                    for requests that expire. It's recommended that this generally either matches
+                    or is half the value of requestExpiryTimeout. Therefore, at worst a request
+                    would could take up 1.5X the requestExpiryTimeout to clear out. -->
+                <windowmonitorinterval>15000</windowmonitorinterval>
+                <logbytes>true</logbytes>
+                <countersenabled>true</countersenabled>
+                <!-- Default value is 30000 milli seconds. When SMPP connects to a remote
+                    server, it sends an 'ENQUIRE_LINK' after every configured enquire-link-delay.
+                    If no response received for 3 consecutive requests, connection will be killed
+                    and attempted to connect again -->
+                <enquirelinkdelay>30000</enquirelinkdelay>
+            </connection>
+        </connections>
+    </smpp>
+
+    <!-- The Fax Service is used to send and receive faxes on behalf of RestComm. -->
+    <fax-service class="org.restcomm.connect.fax.InterfaxService">
+        <user></user>
+        <password></password>
+    </fax-service>
+
+    <!-- The Speech Recognizer is responsible for turning speech in to text. -->
+    <speech-recognizer class="org.restcomm.connect.asr.ISpeechAsr">
+        <api-key production="false"></api-key>
+    </speech-recognizer>
+
+    <speech-synthesizer active="voicerss"/>
+
+    <!-- The Speech Synthesizer is responsible for turning text in to speech for play back by the media gateway. -->
+    <acapela class="org.restcomm.connect.tts.acapela.AcapelaSpeechSynthesizer">
+        <service-root>http://vaas.acapela-group.com/Services/Synthesizer</service-root>
+        <application></application>
+        <login></login>
+        <password></password>
+        <speakers>
+            <belgium-french> <female>justine8k</female> <male></male> </belgium-french>
+            <brazilian-portuguese> <female>marcia8k</female> <male></male> </brazilian-portuguese>
+            <british-english> <female>rachel8k</female> <male>graham8k</male> </british-english>
+            <canadian-french> <female>louise8k</female> <male></male> </canadian-french>
+            <czech> <female>eliska8k</female> <male></male> </czech>
+            <danish> <female>mette8k</female><male>rasmus8k</male></danish>
+            <english> <female>laura8k</female> <male>ryan8k</male> </english>
+            <finnish> <female>sanna8k</female> <male></male> </finnish>
+            <french> <female>claire8k</female> <male>bruno8k</male> </french>
+            <german> <female>sarah8k</female> <male>klaus8k</male> </german>
+            <greek> <female></female> <male>dimitris8k</male> </greek>
+            <italian> <female>chiara8k</female> <male>vittorio8k</male> </italian>
+            <netherlands-dutch> <female>jasmijn8k</female> <male>daan8k</male> </netherlands-dutch>
+            <norwegian> <female>kari8k</female> <male>olav8k</male> </norwegian>
+            <polish><female>ania8k</female> <male></male> </polish>
+            <portuguese> <female>celia8k</female><male></male> </portuguese>
+            <russian> <female>alyona8k</female> <male></male></russian>
+            <saudi-arabia-arabic> <female>salma8k</female> <male>mehdi8k</male></saudi-arabia-arabic>
+            <spain-catalan> <female>laia8k</female> <male></male> </spain-catalan>
+            <spanish> <female>maria8k</female> <male>antonio8k</male></spanish>
+            <swedish> <female>elin8k</female> <male>emil8k</male> </swedish>
+            <turkish> <female>ipek8k</female> <male></male> </turkish>
+            <mandarin-chinese> <female>lulu8k</female> <male></male> </mandarin-chinese>
+            <japanese> <female>sakura8k</female> <male></male> </japanese>
+        </speakers>
+    </acapela>
+
+    <voicerss class="org.restcomm.connect.tts.voicerss.VoiceRSSSpeechSynthesizer">
+        <service-root>http://api.voicerss.org</service-root>
+        <apikey></apikey>
+        <languages>
+            <catalan>ca-es</catalan>
+            <chinese-china>zh-cn</chinese-china>
+            <chinese-hongkong>zh-hk</chinese-hongkong>
+            <chinese-taiwan>zh-tw</chinese-taiwan>
+            <danish>da-dk</danish>
+            <dutch>nl-nl</dutch>
+            <english-australia>en-au</english-australia>
+            <english-canada>en-ca</english-canada>
+            <english-greatbritain>en-gb</english-greatbritain>
+            <english-india>en-in</english-india>
+            <english-us>en-us</english-us>
+            <finish>fi-fi</finish>
+            <french-canada>fr-ca</french-canada>
+            <french-france>fr-fr</french-france>
+            <german>de-de</german>
+            <italian>it-it</italian>
+            <japanese>ja-jp</japanese>
+            <korean>ko-kr</korean>
+            <norwegian>nb-no</norwegian>
+            <polish>pl-pl</polish>
+            <portuguese-brasil>pt-br</portuguese-brasil>
+            <portuguese-portugal>pt-pt</portuguese-portugal>
+            <russian>ru-ru</russian>
+            <spanish-mexico>es-mx</spanish-mexico>
+            <spanish-spain>es-es</spanish-spain>
+            <swedish>sv-se</swedish>
+        </languages>
+    </voicerss>
+
+    <!-- AWS Polly Speech Synthesizer plugin -->
+    <awspolly class="org.restcomm.connect.tts.awspolly.AWSPollySpeechSyntetizer">
+        <aws-access-key></aws-access-key>
+        <aws-secret-key></aws-secret-key>
+        <aws-region></aws-region>
+        <speakers>
+            <ja-JP><female>Mizuki</female><male></male></ja-JP>
+            <tr-TR><female>Filiz</female><male></male></tr-TR>
+            <ru-RU><female>Tatyana</female><male>Maxim</male></ru-RU>
+            <ro-RO><female>Carmen</female><male>Maxim</male></ro-RO>
+            <pt-PT><female>Ines</female><male>Cristiano</male></pt-PT>
+            <pt-BR><female>Vitoria</female><male>Ricardo</male></pt-BR>
+            <pl-PL><female>Maja</female><male>Jan</male></pl-PL>
+            <nl-NL><female>Lotte</female><male>Ruben</male></nl-NL>
+            <nb-NO><female>Liv</female><male></male></nb-NO>
+            <it-IT><female>Carla</female><male>Giorgio</male></it-IT>
+            <is-IS><female>Dora</female><male>Karl</male></is-IS>
+            <fr-FR><female>Celine</female><male>Mathieu</male></fr-FR>
+            <fr-CA><female>Chantal</female><male></male></fr-CA>
+            <es-US><female>Penelope</female><male>Miguel</male></es-US>
+            <es-ES><female>Conchita</female><male>Enrique</male></es-ES>
+            <en-GB-WLS><female></female><male>Geraint</male></en-GB-WLS>
+            <cy-GB><female>Gwyneth</female><male></male></cy-GB>
+            <en-US><female>Joanna</female><male>Joey</male></en-US>
+            <en-IN><female>Raveena</female><male></male></en-IN>
+            <en-GB><female>Emma</female><male>Brian</male></en-GB>
+            <en-AU><female>Nicole</female><male>Russell</male></en-AU>
+            <de-DE><female>Marlene</female><male>Hans</male></de-DE>
+            <da-DK><female>Naja</female><male>Mads</male></da-DK>
+        </speakers>
+    </awspolly>
+
+    <!-- AT&T Speech Synthesizer plugin -->
+    <!-- <speech-synthesizer class="org.restcomm.connect.tts.att.AttSpeechSynthesizer">
+        <host>127.0.0.1</host> <port>7000</port> <tts-client-directory></tts-client-directory>
+        <verbose-output>false</verbose-output> <speakers> <english> <female>crystal8</female>
+        <male>mike8</male> </english> <english-uk> <female>audrey8</female> <male>charles8</male>
+        </english-uk> <spanish> <female>rosa8</female> <male>alberto8</male> </spanish>
+        <french> <female>juliette8</female> <male>alain8</male> </french> <canadian-french>
+        <male>arnaud8</male> </canadian-french> <german> <female>klara8</female>
+        <male>reiner8</male> </german> <italian> <female>francesca8</female> <male>giovanni8</male>
+        </italian> <brazilian-portuguese> <female>marina8</female> <male>tiago8</male>
+        </brazilian-portuguese> </speakers> </speech-synthesizer> -->
+</restcomm>

From 66864c8a282ba798325d20c091388681c84b2b7e Mon Sep 17 00:00:00 2001
From: Orestis Tsakiridis <orestis.tsakiridis@telestax.com>
Date: Tue, 20 Jun 2017 10:56:25 +0300
Subject: [PATCH 7/7] Added log message upon initialization of CORS filter

Refers #2230
---
 .../main/java/org/restcomm/connect/http/cors/CorsFilter.java    | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
index ec9266a2c8..9dcb847f88 100644
--- a/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
+++ b/restcomm/restcomm.http/src/main/java/org/restcomm/connect/http/cors/CorsFilter.java
@@ -101,6 +101,8 @@ private void initLazily(ServletRequest request)  {
             }
 
             lazyServletContext = context;
+
+            logger.info("Initialized (lazily) CORS servlet response filter. allowedOrigin: " + allowedOrigin);
         }
     }
 }