Add CORS Headers to JAX Webservice Responses when Environment Variable is Present (#585)

* Add CORS Filter

* Add CorsFilter for old plain webservices that are served through servlet and not JAXRS.

* Adjust Http Headers for CORS

* Do not call superclass

Author: ggallotti

wrappercommon/src/main/java/com/genexus/cors/CORSHelper.java

@@ -0,0 +1,34 @@
+package com.genexus.cors;
+
+import java.util.HashMap;
+
+public class CORSHelper {
+	private static String CORS_ALLOWED_ORIGINS_ENV_VAR_NAME = "GX_CORS_ALLOW_ORIGIN";
+	private static String CORS_MAX_AGE_SECONDS = "86400";
+	private static String CORS_ALLOWED_METHODS = "GET, POST, PUT, DELETE, HEAD";
+	private static String CORS_ALLOWED_HEADERS = "*";
+
+	public static HashMap<String, String> getCORSHeaders(String requestRequiredHeaders) {
+		String corsAllowedOrigin = System.getenv(CORS_ALLOWED_ORIGINS_ENV_VAR_NAME);
+		if (corsAllowedOrigin == null || corsAllowedOrigin.isEmpty()) {
+			return null;
+		}
+		HashMap<String, String> corsHeaders = new HashMap<>();
+		corsHeaders.put(
+			"Access-Control-Allow-Origin", corsAllowedOrigin);
+		corsHeaders.put(
+			"Access-Control-Allow-Credentials", "true");
+
+		corsHeaders.put(
+			"Access-Control-Allow-Headers",
+			requestRequiredHeaders == null || requestRequiredHeaders.isEmpty() ? CORS_ALLOWED_HEADERS : requestRequiredHeaders);
+
+		corsHeaders.put(
+			"Access-Control-Allow-Methods",
+			CORS_ALLOWED_METHODS);
+		corsHeaders.put(
+			"Access-Control-Max-Age",
+			CORS_MAX_AGE_SECONDS);
+		return corsHeaders;
+	}
+}

wrapperjakarta/src/main/java/com/genexus/servlet/CorsFilter.java

@@ -0,0 +1,46 @@
+package com.genexus.servlet;
+
+
+import com.genexus.cors.CORSHelper;
+import jakarta.servlet.*;
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import java.io.IOException;
+import java.util.HashMap;
+
+public class CorsFilter implements jakarta.servlet.Filter {
+
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+
+	}
+
+	@Override
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+		HttpServletRequest request = (HttpServletRequest) servletRequest;
+
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(request.getHeader("Access-Control-Request-Headers"));
+		if (corsHeaders != null) {
+			HttpServletResponse response = (HttpServletResponse) servletResponse;
+			for (String headerName : corsHeaders.keySet()) {
+				if (!response.containsHeader(headerName)) {
+					response.setHeader(headerName, corsHeaders.get(headerName));
+				}
+			}
+		}
+		if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
+			filterChain.doFilter(servletRequest, servletResponse);
+		}
+	}
+
+	@Override
+	public void destroy() {
+
+	}
+}

wrapperjakarta/src/main/java/com/genexus/ws/JAXRSCorsFilter.java

@@ -0,0 +1,25 @@
+package com.genexus.ws;
+
+import com.genexus.cors.CORSHelper;
+import jakarta.ws.rs.container.ContainerRequestContext;
+import jakarta.ws.rs.container.ContainerResponseContext;
+import jakarta.ws.rs.container.ContainerResponseFilter;
+import jakarta.ws.rs.ext.Provider;
+
+import java.util.Collections;
+import java.util.HashMap;
+
+@Provider
+public class JAXRSCorsFilter implements ContainerResponseFilter {
+	@Override
+	public void filter(ContainerRequestContext requestContext,
+					   ContainerResponseContext responseContext) {
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getHeaderString("Access-Control-Request-Headers"));
+		if (corsHeaders == null) {
+			return;
+		}
+		for (String headerName : corsHeaders.keySet()) {
+			responseContext.getHeaders().putSingle(headerName,corsHeaders.get(headerName));
+		}
+	}
+}

wrapperjavax/src/main/java/com/genexus/servlet/CorsFilter.java

@@ -0,0 +1,43 @@
+package com.genexus.servlet;
+
+import com.genexus.cors.CORSHelper;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.HashMap;
+
+public class CorsFilter implements Filter {
+	@Override
+	public void init(FilterConfig filterConfig) throws ServletException {
+
+	}
+
+	@Override
+	public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+		HttpServletRequest request = (HttpServletRequest) servletRequest;
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(request.getHeader("Access-Control-Request-Headers"));
+		if (corsHeaders != null) {
+			HttpServletResponse response = (HttpServletResponse) servletResponse;
+			for (String headerName : corsHeaders.keySet()) {
+				if (!response.containsHeader(headerName)) {
+					response.setHeader(headerName, corsHeaders.get(headerName));
+				}
+			}
+		}
+		if (!request.getMethod().equalsIgnoreCase("OPTIONS")) {
+			filterChain.doFilter(servletRequest, servletResponse);
+		}
+	}
+
+	@Override
+	public void destroy() {
+
+	}
+}

wrapperjavax/src/main/java/com/genexus/ws/JAXRSCorsFilter.java

@@ -0,0 +1,26 @@
+package com.genexus.ws;
+
+import com.genexus.cors.CORSHelper;
+
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerResponseContext;
+import javax.ws.rs.container.ContainerResponseFilter;
+import javax.ws.rs.ext.Provider;
+import java.util.Collections;
+import java.util.HashMap;
+
+@Provider
+public class JAXRSCorsFilter implements ContainerResponseFilter {
+
+	@Override
+	public void filter(ContainerRequestContext requestContext,
+					   ContainerResponseContext responseContext) {
+		HashMap<String, String> corsHeaders = CORSHelper.getCORSHeaders(requestContext.getHeaderString("Access-Control-Request-Headers"));
+		if (corsHeaders == null) {
+			return;
+		}
+		for (String headerName : corsHeaders.keySet()) {
+			responseContext.getHeaders().putSingle(headerName,corsHeaders.get(headerName));
+		}
+	}
+}