GONRG-2138 fix filter for CORS preflight request

e1b73d8c · Rustam Lotsmanenko (EPAM) · 2357e0f0 · e1b73d8c · e1b73d8c · e1b73d8c
Commit e1b73d8c authored 3 years ago by Rustam Lotsmanenko (EPAM)
--- a/legal-core/src/main/java/org/opengroup/osdu/legal/middleware/LegalFilter.java
+++ b/legal-core/src/main/java/org/opengroup/osdu/legal/middleware/LegalFilter.java
@@ -58,9 +58,9 @@ public class LegalFilter implements Filter {
        long startTime = System.currentTimeMillis();
        setResponseHeaders(httpServletResponse);
        try {
-            if (!validateIsHttps(httpServletResponse)) {
+            if (!validateIsHttps(httpServletResponse,httpServletRequest)) {
                //do nothing
-            } else if (httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS")) {
+            } else if (isOptionsMethod(httpServletRequest)) {
                httpServletResponse.setStatus(200);
            } else {
                chain.doFilter(request, response);
@@ -75,9 +75,9 @@ public class LegalFilter implements Filter {
 	public void destroy() {
    }
    
-    private boolean validateIsHttps( HttpServletResponse httpServletResponse) {
+    private boolean validateIsHttps( HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        String uri = requestInfo.getUri();
-        if(!isLocalHost(uri) && !isCronJob(uri) && !isSwagger(uri) && !isHealthCheck(uri)) {
+        if(!isLocalHost(uri) && !isCronJob(uri) && !isSwagger(uri) && !isHealthCheck(uri) && !isOptionsMethod(httpServletRequest)) {
            if(!hasJwt()) {
                httpServletResponse.setStatus(401);
                return false;
@@ -111,6 +111,11 @@ public class LegalFilter implements Filter {
    private boolean isSwagger(String uri) {
        return uri.contains("/swagger") || uri.contains("/v2/api-docs") || uri.contains("/configuration/ui") || uri.contains("/webjars/");
    }
+
+    private boolean isOptionsMethod(HttpServletRequest httpServletRequest){
+        return httpServletRequest.getMethod().equalsIgnoreCase("OPTIONS");
+    }
+
    private void logRequest(HttpServletRequest servletRequest, HttpServletResponse servletResponse, long startTime) {
        String uri = requestInfo.getUri();
        if(!isHealthCheck(uri)) {

--- a/legal-core/src/test/java/org/opengroup/osdu/legal/middleware/LegalFilterTest.java
+++ b/legal-core/src/test/java/org/opengroup/osdu/legal/middleware/LegalFilterTest.java
@@ -49,7 +49,7 @@ public class LegalFilterTest {
        legalFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);

        Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Origin", "custom-domain");
-        Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey");
+        Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Headers", "access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey");
        Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH");
        Mockito.verify(httpServletResponse).addHeader("Access-Control-Allow-Credentials", "true");
        Mockito.verify(httpServletResponse).addHeader("X-Frame-Options", "DENY");

--- a/pom.xml
+++ b/pom.xml
@@ -8,7 +8,7 @@
        <maven.compiler.source>1.8</maven.compiler.source>
        <docker.image.prefix>opendes</docker.image.prefix>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <os-core-common.version>0.6.9</os-core-common.version>
+        <os-core-common.version>0.8.1-SNAPSHOT</os-core-common.version>
        <snakeyaml.version>1.26</snakeyaml.version>
        <spring-web.version>5.1.19.RELEASE</spring-web.version>
    </properties>