Pass origin into CorsFilter constructor instead of via init

neo4j · Apr 25, 2018 · 5a8980d · 5a8980d
1 parent ab973ef
commit 5a8980d
Show file tree

Hide file tree

Showing 7 changed files with 33 additions and 34 deletions.
diff --git a/community/server/src/main/java/org/neo4j/server/modules/AuthorizationModule.java b/community/server/src/main/java/org/neo4j/server/modules/AuthorizationModule.java
@@ -64,7 +64,7 @@ public void start()
             authorizationFilter = createAuthorizationDisabledFilter();
         }
 
-        webServer.addFilter( authorizationFilter, "/*", Collections.emptyMap() );
+        webServer.addFilter( authorizationFilter, "/*" );
     }
 
     @Override

diff --git a/community/server/src/main/java/org/neo4j/server/modules/RESTApiModule.java b/community/server/src/main/java/org/neo4j/server/modules/RESTApiModule.java
@@ -71,9 +71,8 @@ public void start()
     {
         URI restApiUri = restApiUri( );
 
-        webServer.addFilter( new CollectUserAgentFilter( clientNames() ), "/*", Collections.emptyMap() );
-        webServer.addFilter( new CorsFilter( logProvider ), "/*", Collections.singletonMap(
-                "access_control_allow_origin", config.get( access_control_allow_origin ) ) );
+        webServer.addFilter( new CollectUserAgentFilter( clientNames() ), "/*" );
+        webServer.addFilter( new CorsFilter( logProvider, config.get( access_control_allow_origin ) ), "/*" );
         webServer.addJAXRSClasses( getClassNames(), restApiUri.toString(), null );
         loadPlugins();
     }

diff --git a/community/server/src/main/java/org/neo4j/server/modules/SecurityRulesModule.java b/community/server/src/main/java/org/neo4j/server/modules/SecurityRulesModule.java
@@ -54,7 +54,7 @@ public void start()
         {
             mountedFilter = new SecurityFilter( securityRules );
 
-            webServer.addFilter( mountedFilter, "/*", Collections.emptyMap() );
+            webServer.addFilter( mountedFilter, "/*" );
 
             for ( SecurityRule rule : securityRules )
             {

diff --git a/community/server/src/main/java/org/neo4j/server/rest/web/CorsFilter.java b/community/server/src/main/java/org/neo4j/server/rest/web/CorsFilter.java
@@ -51,18 +51,32 @@ public class CorsFilter implements Filter
     public static final String VARY = "Vary";
 
     private final Log log;
+    private final String access_control_allow_origin;
+    private final String vary;
 
-    private FilterConfig filterConfig;
-
-    public CorsFilter( LogProvider logProvider )
+    public CorsFilter( LogProvider logProvider, String access_control_allow_origin )
     {
         this.log = logProvider.getLog( getClass() );
+        this.access_control_allow_origin = access_control_allow_origin;
+        if ( "*".equals( access_control_allow_origin ) )
+        {
+            vary = null;
+        }
+        else
+        {
+            // If the server specifies an origin host rather than "*", then it must also include Origin in
+            // the Vary response header to indicate to clients that server responses will differ based on
+            // the value of the Origin request header.
+            //
+            // -- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
+            //
+            vary = "Origin";
+        }
     }
 
     @Override
     public void init( FilterConfig filterConfig ) throws ServletException
     {
-        this.filterConfig = filterConfig;
     }
 
     @Override
@@ -72,21 +86,10 @@ public void doFilter( ServletRequest servletRequest, ServletResponse servletResp
         HttpServletRequest request = (HttpServletRequest) servletRequest;
         HttpServletResponse response = (HttpServletResponse) servletResponse;
 
-        String uri = "*";
-        if ( filterConfig != null )
+        response.setHeader( ACCESS_CONTROL_ALLOW_ORIGIN, access_control_allow_origin );
+        if ( vary != null )
         {
-            uri = filterConfig.getInitParameter( "access_control_allow_origin" );
-        }
-        response.setHeader( ACCESS_CONTROL_ALLOW_ORIGIN, uri );
-        if ( !"*".equals( uri ) )
-        {
-            // If the server specifies an origin host rather than "*", then it must also include Origin in
-            // the Vary response header to indicate to clients that server responses will differ based on
-            // the value of the Origin request header.
-            //
-            // -- https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
-            //
-            response.setHeader( VARY, "Origin" );
+            response.setHeader( VARY, vary );
         }
 
         Enumeration<String> requestMethodEnumeration = request.getHeaders( ACCESS_CONTROL_REQUEST_METHOD );
@@ -115,7 +118,6 @@ public void doFilter( ServletRequest servletRequest, ServletResponse servletResp
     @Override
     public void destroy()
     {
-        this.filterConfig = null;
     }
 
     private void addAllowedMethodIfValid( String methodName, HttpServletResponse response )

diff --git a/community/server/src/main/java/org/neo4j/server/web/Jetty9WebServer.java b/community/server/src/main/java/org/neo4j/server/web/Jetty9WebServer.java
@@ -260,9 +260,9 @@ public void removeJAXRSClasses( List<String> classNames, String serverMountPoint
     }
 
     @Override
-    public void addFilter( Filter filter, String pathSpec, Map<String, String> initParameters )
+    public void addFilter( Filter filter, String pathSpec )
     {
-        filters.add( new FilterDefinition( filter, pathSpec, initParameters ) );
+        filters.add( new FilterDefinition( filter, pathSpec ) );
     }
 
     @Override
@@ -511,9 +511,9 @@ private void addFiltersTo( ServletContextHandler context )
     {
         for ( FilterDefinition filterDef : filters )
         {
-            FilterHolder filterHolder = new FilterHolder( filterDef.getFilter() );
-            filterHolder.setInitParameters( filterDef.initParameters );
-            context.addFilter( filterHolder, filterDef.getPathSpec(), EnumSet.allOf( DispatcherType.class ) );
+            context.addFilter( new FilterHolder( filterDef.getFilter() ),
+                    filterDef.getPathSpec(), EnumSet.allOf( DispatcherType.class )
+            );
         }
     }
 
@@ -526,13 +526,11 @@ private static class FilterDefinition
     {
         private final Filter filter;
         private final String pathSpec;
-        private final Map<String, String> initParameters;
 
-        FilterDefinition( Filter filter, String pathSpec, Map<String, String> initParameters )
+        FilterDefinition( Filter filter, String pathSpec )
         {
             this.filter = filter;
             this.pathSpec = pathSpec;
-            this.initParameters = initParameters;
         }
 
         public boolean matches( Filter filter, String pathSpec )

diff --git a/community/server/src/main/java/org/neo4j/server/web/WebServer.java b/community/server/src/main/java/org/neo4j/server/web/WebServer.java
@@ -61,7 +61,7 @@ public interface WebServer
     void addJAXRSClasses( List<String> classNames, String serverMountPoint, Collection<Injectable<?>> injectables );
     void removeJAXRSClasses( List<String> classNames, String serverMountPoint );
 
-    void addFilter( Filter filter, String pathSpec, Map<String, String> initParameters );
+    void addFilter( Filter filter, String pathSpec );
 
     void removeFilter( Filter filter, String pathSpec );
 

diff --git a/community/server/src/test/java/org/neo4j/server/rest/web/CorsFilterTest.java b/community/server/src/test/java/org/neo4j/server/rest/web/CorsFilterTest.java
@@ -49,7 +49,7 @@ public class CorsFilterTest
     private final HttpServletResponse response = responseMock();
     private final FilterChain chain = filterChainMock();
 
-    private final CorsFilter filter = new CorsFilter( NullLogProvider.getInstance() );
+    private final CorsFilter filter = new CorsFilter( NullLogProvider.getInstance(), "*" );
 
     @Test
     public void shouldCallChainDoFilter() throws Exception