From 43f3b1d7fff77ee39280513fd9f5d67cd5179cf3 Mon Sep 17 00:00:00 2001 From: Andrew Berezovskyi Date: Sat, 5 Oct 2024 11:48:46 +0200 Subject: [PATCH] fix: do not require auth on CORS preflights Also allows the ignore flag to be overridden too --- .../files/generateCredentialsFilter.mtl | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/org.eclipse.lyo.oslc4j.codegenerator/src/org/eclipse/lyo/oslc4j/codegenerator/files/generateCredentialsFilter.mtl b/org.eclipse.lyo.oslc4j.codegenerator/src/org/eclipse/lyo/oslc4j/codegenerator/files/generateCredentialsFilter.mtl index 63af5fb4..57b7da21 100644 --- a/org.eclipse.lyo.oslc4j.codegenerator/src/org/eclipse/lyo/oslc4j/codegenerator/files/generateCredentialsFilter.mtl +++ b/org.eclipse.lyo.oslc4j.codegenerator/src/org/eclipse/lyo/oslc4j/codegenerator/files/generateCredentialsFilter.mtl @@ -119,16 +119,27 @@ public class [anAdaptorInterface.javaClassNameForCredentialsFilter() /] implemen * @return true - the resource is protected, otherwise false */ private boolean isProtectedResource(HttpServletRequest httpRequest) { - if (ignoreResourceProtection) { - return false; - } String pathInfo = httpRequest.getPathInfo(); //'protectedResource' defines the basic set of requests that needs to be protected. //You can override this defintion in the user protected code block below. + // Do not protect OSLC resources needed for initial discovery boolean protectedResource = !pathInfo.startsWith("/rootservices") && !pathInfo.startsWith("/oauth"); + // Do not protect CORS preflight requests + if (protectedResource) { + String method = httpRequest.getMethod(); + if ("OPTIONS".equalsIgnoreCase(method)) { + protectedResource = false; + } + } + // Only for debugging! + if (ignoreResourceProtection) { + protectedResource = false; + } + // Here you can override or extend the checks // [protected ('isProtectedResource')] // [/protected] + return protectedResource; }