Rollback unwanted changes (#1886)

* Revert "Import fixes (#1881)" This reverts commit c17621d. * Revert "Fix typos (#1880)" This reverts commit db0f540. * Revert "Use corsfilter instead of bean (#1879)" This reverts commit b8e306b. * Revert "wfnews-2158: Missing url if bulletinUrl is null (#1878)" This reverts commit fe3099b. * Revert "Missing put pt2 (#1877)" This reverts commit 9381857. * Revert "Add put (#1876)" This reverts commit 97ab365. * Revert "Update CorsConfigurationSource (#1875)" This reverts commit 3b6e6b7. * Revert "Fix cors domains (#1874)" This reverts commit 1b9b93c. * Revert "Specify CORS settings (#1873)" This reverts commit 01ccd62. * Revert "Fix syntax for CORS (#1872)" This reverts commit d50a701. * Revert "Update CORS bean and call it in the CORS configuration (#1871)" This reverts commit 07e7109. * Revert "Remove redundant CORS implementations (#1870)" This reverts commit 270be8b. * Revert "Rollback CORS server changes (#1869)" This reverts commit b114cfc. * wfnews-2158: Missing url if bulletinUrl is null (#1878) * wfnews-2158 * wfnews-2158 * Backend only pipeline (#1882) * Fast build fix (#1883) * Backend only pipeline * Remove dependency to client * Allow credentials in cloudfront (#1884) * set access_control_allow_credentials to true * remove CORS section entirely --------- Co-authored-by: Lucas Li <35748253+yzlucas@users.noreply.github.com>
bcgov · May 2, 2024 · 726a1df · 726a1df
1 parent 4ca6a2c
commit 726a1df
Show file tree

Hide file tree

Showing 17 changed files with 71 additions and 16 deletions.
diff --git a/client/wfnews-war/src/main/angular/src/app/services/published-incident-service.ts b/client/wfnews-war/src/main/angular/src/app/services/published-incident-service.ts
@@ -38,6 +38,16 @@ export class PublishedIncidentService {
     const headers = {
       headers: {
         Authorization: `bearer ${this.tokenService.getOauthToken()}`,
+        apikey: this.appConfigService.getConfig().application['wfnewsApiKey'],
+      }
+    }
+    return headers;
+  }
+
+  getPublicSituationReportHeaders() {
+    const headers = {
+      headers: {
+        apikey: this.appConfigService.getConfig().application['wfnewsApiKey'],
       }
     }
     return headers;
@@ -309,13 +319,13 @@ export class PublishedIncidentService {
     const url = `${this.appConfigService.getConfig().rest['wfnews']
       }/publicSituationReport?pageNumber=${pageNum}&pageRowCount=${rowCount}&published=${published ? 'TRUE' : 'FALSE'
       }${cacheBust ? '&cacheBust=' + new Date().getTime() : ''}`;
-    return this.httpClient.get<SituationReport>(url);
+    return this.httpClient.get<SituationReport>(url, this.getPublicSituationReportHeaders());
   }
 
   public fetchSituationReport(reportGuid: string): Observable<SituationReport> {
     const url = `${this.appConfigService.getConfig().rest['wfnews']
       }/publicSituationReport/${reportGuid}`;
-    return this.httpClient.get<SituationReport>(url);
+    return this.httpClient.get<SituationReport>(url, this.getPublicSituationReportHeaders());
   }
 
   public updateSituationReport(

diff --git a/client/wfnews-war/src/main/java/ca/bc/gov/nrs/wfnews/spring/AppConfig.java b/client/wfnews-war/src/main/java/ca/bc/gov/nrs/wfnews/spring/AppConfig.java
@@ -48,7 +48,7 @@ public void addCorsMappings(CorsRegistry registry) {
         .allowCredentials(true)
         .allowedOriginPatterns("*")
         .allowedHeaders("*")
-        .allowedMethods("HEAD", "GET", "PUT", "POST", "OPTIONS");
+        .allowedMethods("HEAD", "GET", "POST", "OPTIONS");
     }
 
     @Override

diff --git a/client/wfnews-war/src/main/java/ca/bc/gov/nrs/wfnews/spring/SecuritySpringConfig.java b/client/wfnews-war/src/main/java/ca/bc/gov/nrs/wfnews/spring/SecuritySpringConfig.java
@@ -117,7 +117,7 @@ public CorsConfigurationSource corsConfigurationSource() {
     origins.add("*");
 
     configuration.setAllowedOrigins(origins);
-    configuration.setAllowedMethods(Collections.unmodifiableList(Arrays.asList("HEAD", "GET", "PUT", "POST", "OPTIONS")));
+    configuration.setAllowedMethods(Collections.unmodifiableList(Arrays.asList("HEAD", "GET", "POST", "OPTIONS")));
     configuration.setAllowCredentials(true);
     configuration.setAllowedHeaders(origins);
 

diff --git a/...dpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/AttachmentsEndpoint.java b/...dpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/AttachmentsEndpoint.java
@@ -17,6 +17,7 @@
 
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataParam;
+import org.springframework.web.bind.annotation.CrossOrigin;
 
 import ca.bc.gov.nrs.common.rest.resource.HeaderConstants;
 import ca.bc.gov.nrs.common.wfone.rest.resource.MessageListRsrc;
@@ -53,6 +54,7 @@ public interface AttachmentsEndpoint {
 	@GET
 	@Path("/publicPublishedIncidentAttachment/{incidentNumberSequence}/attachments/{attachmentGuid}")
 	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+	@CrossOrigin(origins = "*", allowedHeaders = "*")
 	Response getIncidentAttachment(
 			@ApiParam("The incidentNumberSequence of the Wildfire Incident resource.") @PathParam("incidentNumberSequence") String incidentNumberSequence,
 			@ApiParam("The attachmentGuid of the Attachment resource.") @PathParam("attachmentGuid") String attachmentGuid
@@ -71,6 +73,7 @@ Response getIncidentAttachment(
 	})
 	@GET
 	@Path("/publicPublishedIncidentAttachment/{incidentNumberSequence}/attachments/{attachmentGuid}/bytes")
+	@CrossOrigin(origins = "*", allowedHeaders = "*")
 	Response getIncidentAttachmentBytes(
 			@ApiParam("The incidentNumberSequence of the Wildfire Incident resource.") @PathParam("incidentNumberSequence") String incidentNumberSequence,
 			@ApiParam("The attachmentGuid of the Attachment resource.") @PathParam("attachmentGuid") String attachmentGuid,

diff --git a/...nts/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/AttachmentsListEndpoint.java b/...nts/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/AttachmentsListEndpoint.java
@@ -13,6 +13,8 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.rest.resource.HeaderConstants;
 import ca.bc.gov.nrs.common.wfone.rest.resource.MessageListRsrc;
 import ca.bc.gov.nrs.wfnews.api.rest.v1.endpoints.security.Scopes;
@@ -44,6 +46,7 @@ public interface AttachmentsListEndpoint {
 	@GET
 	@Path("/publicPublishedIncidentAttachment/{incidentNumberSequence}/attachments")
 	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
+	@CrossOrigin(origins = "*", allowedHeaders = "*")
 	Response getIncidentAttachmentList(
 			@ApiParam("The incidentNumberSequence of the Wildfire Incident resource.") @PathParam("incidentNumberSequence") String incidentNumberSequence,
 			@ApiParam("List primary attachments") @QueryParam("primaryIndicator") @DefaultValue("false") String primaryIndicator,

diff --git a/...s/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/PublicExternalUriEndpoint.java b/...s/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/PublicExternalUriEndpoint.java
@@ -9,13 +9,16 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.rest.endpoints.BaseEndpoints;
 import ca.bc.gov.nrs.common.service.ConflictException;
 import ca.bc.gov.nrs.common.service.ForbiddenException;
 import ca.bc.gov.nrs.common.service.NotFoundException;
 import io.swagger.annotations.ApiParam;
 
 @Path("/publicExternalUri")
+@CrossOrigin(origins = "*", allowedHeaders = "*")
 public interface PublicExternalUriEndpoint extends BaseEndpoints{
 	@GET
 	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })

diff --git a/...main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/PublicPublishedIncidentEndpoint.java b/...main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/PublicPublishedIncidentEndpoint.java
@@ -10,6 +10,8 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.rest.endpoints.BaseEndpoints;
 import ca.bc.gov.nrs.common.service.ConflictException;
 import ca.bc.gov.nrs.common.service.ForbiddenException;
@@ -20,6 +22,7 @@
 
 @Path("/publicPublishedIncident")
 @Api(value = "PublicPublishedIncidentEndpoint")
+@CrossOrigin(origins = "*", allowedHeaders = "*")
 public interface PublicPublishedIncidentEndpoint extends BaseEndpoints{
 
 	@GET

diff --git a/...c/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/PublicSituationReportEndpoint.java b/...c/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/PublicSituationReportEndpoint.java
@@ -9,13 +9,16 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.rest.endpoints.BaseEndpoints;
 import ca.bc.gov.nrs.common.service.ConflictException;
 import ca.bc.gov.nrs.common.service.ForbiddenException;
 import ca.bc.gov.nrs.common.service.NotFoundException;
 import io.swagger.annotations.ApiParam;
 
 @Path("/publicSituationReport")
+@CrossOrigin(origins = "*", allowedHeaders = "*")
 public interface PublicSituationReportEndpoint extends BaseEndpoints {
   @GET
 	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })

diff --git a/...nts/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SituationReportEndpoint.java b/...nts/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SituationReportEndpoint.java
@@ -10,6 +10,7 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import ca.bc.gov.nrs.common.persistence.dao.DaoException;
@@ -36,6 +37,7 @@
 
 @Path("/situationReport")
 @Api(value = "SituationReportEndpoint", authorizations = { @Authorization(value = "Webade-OAUTH2", scopes = { @AuthorizationScope(scope = Scopes.GET_TOPLEVEL, description = "") }) })
+@CrossOrigin(origins = "*", allowedHeaders = "*", methods = {RequestMethod.GET, RequestMethod.OPTIONS, RequestMethod.HEAD, RequestMethod.PUT, RequestMethod.POST, RequestMethod.DELETE}, allowCredentials = "true")
 public interface SituationReportEndpoint extends BaseEndpoints {
   @ApiOperation(value = "Add a Sitation Report Resource", response = SituationReportResource.class, notes = "Add a Situation Report", authorizations = { @Authorization(value = "Webade-OAUTH2", scopes = { @AuthorizationScope(scope = Scopes.CREATE_PUBLISHED_INCIDENT, description = "") }) }, extensions = {@Extension(properties = {@ExtensionProperty(name = "auth-type", value = "#{wso2.x-auth-type.app_and_app_user}"), @ExtensionProperty(name = "throttling-tier", value = "Unlimited") })})
 	@ApiImplicitParams({

diff --git a/...ndpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/StatisticsEndpoint.java b/...ndpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/StatisticsEndpoint.java
@@ -9,12 +9,15 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.rest.endpoints.BaseEndpoints;
 import ca.bc.gov.nrs.common.service.ConflictException;
 import ca.bc.gov.nrs.common.service.ForbiddenException;
 import ca.bc.gov.nrs.common.service.NotFoundException;
 
 @Path("/statistics")
+@CrossOrigin(origins = "*", allowedHeaders = "*")
 public interface StatisticsEndpoint extends BaseEndpoints {
   @GET
 	@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })

diff --git a/...-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SwaggerEndpoints.java b/...-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/SwaggerEndpoints.java
@@ -6,6 +6,8 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.wfone.rest.resource.HeaderConstants;
 import ca.bc.gov.nrs.wfnews.api.rest.v1.resource.EndpointsRsrc;
 import io.swagger.v3.oas.annotations.Operation;
@@ -21,6 +23,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 
 @Path("/openapi.json")
+@CrossOrigin(origins = "*", allowedHeaders = "*")
 public interface SwaggerEndpoints {
 
 	@Operation(operationId = "Get Swagger Document", summary = "Get Swagger Document", extensions = {@Extension(properties = {@ExtensionProperty(name = "auth-type", value = "#{wso2.x-auth-type.app_and_app_user}"), @ExtensionProperty(name = "throttling-tier", value = "Unlimited") })})

diff --git a/...endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/TopLevelEndpoints.java b/...endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/endpoints/TopLevelEndpoints.java
@@ -6,6 +6,8 @@
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 
+import org.springframework.web.bind.annotation.CrossOrigin;
+
 import ca.bc.gov.nrs.common.wfone.rest.resource.HeaderConstants;
 import ca.bc.gov.nrs.common.wfone.rest.resource.MessageListRsrc;
 import ca.bc.gov.nrs.wfnews.api.rest.v1.resource.EndpointsRsrc;
@@ -23,6 +25,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 
 @Path("/")
+@CrossOrigin(origins = "*", allowedHeaders = "*")
 public interface TopLevelEndpoints extends BaseEndpoints {
 
 	@Operation(operationId = "Get Top Level Resources.", summary = "Get Top Level Resources", extensions = {@Extension(properties = {@ExtensionProperty(name = "auth-type", value = "#{wso2.x-auth-type.app_and_app_user}"), @ExtensionProperty(name = "throttling-tier", value = "Unlimited") })})

diff --git a/...dpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/ApplicationInitializer.java b/...dpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/ApplicationInitializer.java
@@ -4,7 +4,6 @@
 import javax.servlet.ServletContext;
 import javax.servlet.ServletRegistration;
 
-import ca.bc.gov.nrs.wfone.api.rest.v1.spring.CorsFilter;
 import org.glassfish.jersey.servlet.ServletContainer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

diff --git a/...-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/CorsFilter.java b/...-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/CorsFilter.java
@@ -45,4 +45,4 @@ public void init(FilterConfig filterConfig) {
   public void destroy() {
     logger.info("Destructing CORS filter");
   }
-}
+}
diff --git a/...ndpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/EndpointsSpringConfig.java b/...ndpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/EndpointsSpringConfig.java
@@ -6,7 +6,6 @@
 import javax.sql.DataSource;
 
 import ca.bc.gov.nrs.wfnews.api.rest.v1.common.AttachmentsAwsConfig;
-import ca.bc.gov.nrs.wfone.api.rest.v1.spring.CorsFilter;
 import org.apache.commons.dbcp2.BasicDataSource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -30,6 +29,7 @@
 	,ServiceApiSpringConfig.class
 	,ResourceFactorySpringConfig.class
 	,SecuritySpringConfig.class
+	,WebConfig.class
 	,CorsFilter.class
 })
 public class EndpointsSpringConfig {

diff --git a/...endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/SecuritySpringConfig.java b/...endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/SecuritySpringConfig.java
@@ -2,7 +2,6 @@
 
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -139,16 +138,16 @@ protected void configure(HttpSecurity http) throws Exception {
 
   @Bean
   public CorsConfigurationSource corsConfigurationSource() {
-	  final CorsConfiguration configuration = new CorsConfiguration();
+    final CorsConfiguration configuration = new CorsConfiguration();
 
-	  configuration.setAllowedOrigins(Collections.unmodifiableList(Arrays.asList("*")));
-	  configuration.setAllowedMethods(
-			  Collections.unmodifiableList(Arrays.asList("HEAD", "GET", "POST", "DELETE", "PUT", "OPTIONS")));
-	  configuration.setAllowedHeaders(Collections.unmodifiableList(Arrays.asList("apikey")));
+    configuration.setAllowedOrigins(Collections.unmodifiableList(Arrays.asList("*")));
+    configuration.setAllowedMethods(Collections.unmodifiableList(Arrays.asList("HEAD", "GET", "POST", "DELETE", "PUT", "OPTIONS")));
+    configuration.setAllowCredentials(true);
+    configuration.setAllowedHeaders(Collections.unmodifiableList(Arrays.asList("*")));
 
-	  final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-	  source.registerCorsConfiguration("/**", configuration);
+    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    source.registerCorsConfiguration("/**", configuration);
 
-	  return source;
+    return source;
   }
 }
diff --git a/...s-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/WebConfig.java b/...s-api-rest-endpoints/src/main/java/ca/bc/gov/nrs/wfnews/api/rest/v1/spring/WebConfig.java
@@ -0,0 +1,21 @@
+package ca.bc.gov.nrs.wfnews.api.rest.v1.spring;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@EnableWebMvc
+public class WebConfig implements WebMvcConfigurer {
+  private static final Logger logger = LoggerFactory.getLogger(WebConfig.class);
+  @Override
+  public void addCorsMappings(CorsRegistry registry) {
+    registry.addMapping("/**")
+    .allowedHeaders("*")
+    .allowedOrigins("*")
+    .allowedMethods("*");
+  }
+}