From d16cd86ae04836f46fbf8bcdf5660e5262e44577 Mon Sep 17 00:00:00 2001
From: pkupczyk <pkupczyk>
Date: Fri, 5 Dec 2014 15:33:46 +0000
Subject: [PATCH] SSDM-1290 - CKAN - publication webapp bugfixing - added
 caching of mesh terms in an http session

SVN: 32982
---
 .../servlet/AbstractCrossOriginFilter.java    | 17 ++---
 .../InitializeRequestContextHolderFilter.java | 63 +++++++++++++++++++
 .../dss/generic/server/DataStoreServer.java   |  2 +
 3 files changed, 74 insertions(+), 8 deletions(-)
 create mode 100644 common/source/java/ch/systemsx/cisd/common/servlet/InitializeRequestContextHolderFilter.java

diff --git a/common/source/java/ch/systemsx/cisd/common/servlet/AbstractCrossOriginFilter.java b/common/source/java/ch/systemsx/cisd/common/servlet/AbstractCrossOriginFilter.java
index a5ce1f5fe2e..94f8712ed30 100644
--- a/common/source/java/ch/systemsx/cisd/common/servlet/AbstractCrossOriginFilter.java
+++ b/common/source/java/ch/systemsx/cisd/common/servlet/AbstractCrossOriginFilter.java
@@ -31,17 +31,15 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 /**
- * Abstract filter that implements CORS (Cross Origin Resource Sharing) to allow a web page served
- * from a given domain to access resources the openBIS AS/DSS.
+ * Abstract filter that implements CORS (Cross Origin Resource Sharing) to allow a web page served from a given domain to access resources the openBIS
+ * AS/DSS.
  * <p>
- * NOTE: According to the definition of "origin" the openBIS AS and DSS are two different things
- * (because they run on different ports). So the {@link AbstractCrossOriginFilter} makes it possible
- * to share resources between them e.g. access an openBIS AS resource from a web page served by
+ * NOTE: According to the definition of "origin" the openBIS AS and DSS are two different things (because they run on different ports). So the
+ * {@link AbstractCrossOriginFilter} makes it possible to share resources between them e.g. access an openBIS AS resource from a web page served by
  * openBIS DSS.
  * </p>
  * <p>
- * For more details on CORS see
- * http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/.
+ * For more details on CORS see http://www.nczonline.net/blog/2010/05/25/cross-domain-ajax-with-cross-origin-resource-sharing/.
  * 
  * @author Kaloyan Enimanev
  */
@@ -52,6 +50,9 @@ public abstract class AbstractCrossOriginFilter implements Filter
     protected static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER =
             "Access-Control-Allow-Origin";
 
+    protected static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER =
+            "Access-Control-Allow-Credentials";
+
     protected static final String ALLOWED_ORIGINS_KEY = "TODO";
 
     private static final String ALLOW_ALL_ORIGINS = "*";
@@ -91,7 +92,6 @@ public abstract class AbstractCrossOriginFilter implements Filter
         return false;
     }
 
-
     private boolean isMatching(String allowedOrigin, String origin)
     {
         if (allowedOrigin.equalsIgnoreCase(origin))
@@ -118,6 +118,7 @@ public abstract class AbstractCrossOriginFilter implements Filter
         {
             final HttpServletResponse httpResponse = (HttpServletResponse) response;
             httpResponse.setHeader(ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, originHeader);
+            httpResponse.setHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, String.valueOf(true));
         }
 
         filterChain.doFilter(request, response);
diff --git a/common/source/java/ch/systemsx/cisd/common/servlet/InitializeRequestContextHolderFilter.java b/common/source/java/ch/systemsx/cisd/common/servlet/InitializeRequestContextHolderFilter.java
new file mode 100644
index 00000000000..36129f41645
--- /dev/null
+++ b/common/source/java/ch/systemsx/cisd/common/servlet/InitializeRequestContextHolderFilter.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014 ETH Zuerich, CISD
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package ch.systemsx.cisd.common.servlet;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+/**
+ * Filter that binds an HTTP request to the current thread via RequestContextHolder.
+ * 
+ * @author pkupczyk
+ */
+public class InitializeRequestContextHolderFilter implements Filter
+{
+
+    @Override
+    public void init(FilterConfig config) throws ServletException
+    {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response,
+            FilterChain chain) throws IOException, ServletException
+    {
+        if (request instanceof HttpServletRequest)
+        {
+            RequestContextHolder.setRequestAttributes(new ServletRequestAttributes((HttpServletRequest) request));
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy()
+    {
+    }
+
+}
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
index 4a19b61c185..9169e116e71 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
@@ -70,6 +70,7 @@ import ch.systemsx.cisd.common.logging.LogFactory;
 import ch.systemsx.cisd.common.logging.LogInitializer;
 import ch.systemsx.cisd.common.properties.ExtendedProperties;
 import ch.systemsx.cisd.common.resource.IInitializable;
+import ch.systemsx.cisd.common.servlet.InitializeRequestContextHolderFilter;
 import ch.systemsx.cisd.openbis.common.api.server.RpcServiceNameServer;
 import ch.systemsx.cisd.openbis.common.conversation.manager.IServiceConversationClientManagerRemote;
 import ch.systemsx.cisd.openbis.common.conversation.manager.IServiceConversationServerManagerRemote;
@@ -329,6 +330,7 @@ public class DataStoreServer
         context.addServlet(new ServletHolder(new HttpInvokerServlet(jsonV1ServiceExporter,
                 jsonRpcV1Path)), jsonRpcV1Path);
         context.addFilter(DssCrossOriginFilter.class, "/*", EnumSet.allOf(DispatcherType.class));
+        context.addFilter(InitializeRequestContextHolderFilter.class, "/*", EnumSet.allOf(DispatcherType.class));
 
         HttpInvokerServiceExporter nameServiceExporter =
                 ServiceProvider.getRpcNameServiceExporter();
-- 
GitLab