From 5a2c2f712e61960afd301999f964cdfcbe11ab41 Mon Sep 17 00:00:00 2001
From: Miguel Reboiro-Jato <mrjato@uvigo.es>
Date: Mon, 10 Feb 2020 19:52:41 +0100
Subject: [PATCH] Adds CORS configuration to the REST API

The REST API now supports cross-origin requests thanks to a new CORS
configuration.
---
 pom.xml                         |   2 +-
 src/main/webapp/WEB-INF/web.xml | 117 +++++++++++++++++++-------------
 2 files changed, 69 insertions(+), 50 deletions(-)

diff --git a/pom.xml b/pom.xml
index 49e84c2..ccf5f97 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<groupId>es.uvigo.esei.daa</groupId>
 	<artifactId>example</artifactId>
 	<packaging>war</packaging>
-	<version>0.1.12</version>
+	<version>0.1.13</version>
 	<name>DAA Example</name>
 
 	<licenses>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index df238ce..f748eff 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -1,56 +1,75 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
-	 	http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
-	version="3.1">
-	<display-name>DAAExample</display-name>
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
+    http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
+  version="3.1">
+  <display-name>DAAExample</display-name>
 
-	<welcome-file-list>
-		<welcome-file>index.html</welcome-file>
-	</welcome-file-list>
+  <welcome-file-list>
+    <welcome-file>index.html</welcome-file>
+  </welcome-file-list>
 
-	<security-constraint>
-		<web-resource-collection>
-			<web-resource-name>Protected Area</web-resource-name>
-			<url-pattern>/rest/*</url-pattern>
-			<http-method>PUT</http-method>
-			<http-method>DELETE</http-method>
-			<http-method>GET</http-method>
-			<http-method>POST</http-method>
-			<http-method>OPTIONS</http-method>
-		</web-resource-collection>
-		<auth-constraint>
-			<role-name>ADMIN</role-name>
-			<role-name>USER</role-name>
-		</auth-constraint>
-	</security-constraint>
+  <filter>
+    <filter-name>CorsFilter</filter-name>
+    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
+    <init-param>
+      <param-name>cors.allowed.origins</param-name>
+      <param-value>*</param-value>
+    </init-param>
+    <init-param>
+      <param-name>cors.allowed.headers</param-name>
+      <param-value>Authorization</param-value>
+    </init-param>
+    <init-param>
+      <param-name>cors.allowed.methods</param-name>
+      <param-value>GET, POST, DELETE, PUT</param-value>
+    </init-param>
+  </filter>
+  <filter-mapping>
+    <filter-name>CorsFilter</filter-name>
+    <url-pattern>/rest/*</url-pattern>
+  </filter-mapping>
 
-	<security-constraint>
-		<web-resource-collection>
-			<web-resource-name>Admin Area</web-resource-name>
-			<url-pattern>/rest/people/*</url-pattern>
-			<http-method>PUT</http-method>
-			<http-method>DELETE</http-method>
-			<http-method>GET</http-method>
-			<http-method>POST</http-method>
-			<http-method>OPTIONS</http-method>
-		</web-resource-collection>
-		<auth-constraint>
-			<role-name>ADMIN</role-name>
-		</auth-constraint>
-	</security-constraint>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Protected Area</web-resource-name>
+      <url-pattern>/rest/*</url-pattern>
+      <http-method>PUT</http-method>
+      <http-method>DELETE</http-method>
+      <http-method>GET</http-method>
+      <http-method>POST</http-method>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>ADMIN</role-name>
+      <role-name>USER</role-name>
+    </auth-constraint>
+  </security-constraint>
 
-	<!-- Security roles referenced by this web application -->
-	<security-role>
-		<role-name>ADMIN</role-name>
-	</security-role>
-	<security-role>
-		<role-name>USER</role-name>
-	</security-role>
-	
-	<login-config>
-		<auth-method>BASIC</auth-method>
-		<realm-name>DAAExample</realm-name>
-	</login-config>
+  <security-constraint>
+    <web-resource-collection>
+      <web-resource-name>Admin Area</web-resource-name>
+      <url-pattern>/rest/people/*</url-pattern>
+      <http-method>GET</http-method>
+      <http-method>PUT</http-method>
+      <http-method>DELETE</http-method>
+      <http-method>POST</http-method>
+    </web-resource-collection>
+    <auth-constraint>
+      <role-name>ADMIN</role-name>
+    </auth-constraint>
+  </security-constraint>
+
+  <!-- Security roles referenced by this web application -->
+  <security-role>
+    <role-name>ADMIN</role-name>
+  </security-role>
+  <security-role>
+    <role-name>USER</role-name>
+  </security-role>
+  
+  <login-config>
+    <auth-method>BASIC</auth-method>
+    <realm-name>DAAExample</realm-name>
+  </login-config>
 </web-app>
\ No newline at end of file
-- 
2.18.1