Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORE-8415 - Upgrade Javalin to version 6.2.0 #6211

Merged
merged 70 commits into from
Jul 23, 2024
Merged

CORE-8415 - Upgrade Javalin to version 6.2.0 #6211

Show file tree
Hide file tree
Changes from 69 commits
Commits
Show all changes
70 commits
Select commit Hold shift + click to select a range
1693d47
CORE-8415 - Added a OSGi complaint Javalin 6.1.7 binaries. This is on…
filipesoliveira Jun 13, 2024
c5b7fdb
Updated the code to be compatible with Javalin 6.1.7.
filipesoliveira Jun 14, 2024
849da10
Reverted changes.
filipesoliveira Jun 14, 2024
bb72d61
Updated the path to the `test-repo`
filipesoliveira Jun 14, 2024
0c2a642
Added `javalin-parent` to the `test-repo`.
filipesoliveira Jun 14, 2024
3bf3e34
Added all javalin related artifacts to the `test-repo`.
filipesoliveira Jun 14, 2024
48511d9
Removed unnecessary jars.
filipesoliveira Jun 14, 2024
ede58f6
Removed .idea folder.
filipesoliveira Jun 14, 2024
7cec6ed
Removed gradle related file that are not necessary.
filipesoliveira Jun 14, 2024
d29ff65
Fixed compilation issues.
filipesoliveira Jun 17, 2024
63efdb5
Fixed issues reported by detekt.
filipesoliveira Jun 17, 2024
648211e
Fixed issues reported by detekt.
filipesoliveira Jun 17, 2024
3ce08fa
Fixed issues reported by detekt.
filipesoliveira Jun 17, 2024
d9dd2f1
Fixed issues reported by detekt.
filipesoliveira Jun 17, 2024
5eb3388
Fixed issues reported by detekt.
filipesoliveira Jun 17, 2024
dd8f9bb
Fixed unit tests.
filipesoliveira Jun 18, 2024
25b3e73
Reverted changem
filipesoliveira Jun 18, 2024
6babf82
Reverted change.
filipesoliveira Jun 18, 2024
c87769e
Reverted change regarding a test
filipesoliveira Jun 18, 2024
d7e3598
Update
filipesoliveira Jun 18, 2024
d8c85cd
Update
filipesoliveira Jun 18, 2024
d11781d
Update
filipesoliveira Jun 18, 2024
5c49d16
Update
filipesoliveira Jun 18, 2024
c2537dc
Removed import with wildcard.
filipesoliveira Jun 19, 2024
db06512
Added the `enableDevLogging` call back to the Javalin server.
filipesoliveira Jun 19, 2024
e3ca3a0
Reverted change to fix failing tests.
filipesoliveira Jun 20, 2024
1f42265
Reverted a change.
filipesoliveira Jun 20, 2024
b5d71d8
Updated the method `fromJsonString`. If the string "null" is passed i…
filipesoliveira Jun 21, 2024
8dca86f
Resolved issue reported by detekt.
filipesoliveira Jun 21, 2024
11bc116
Removed extra white line.
filipesoliveira Jun 21, 2024
fe87ccc
Reverted change.
filipesoliveira Jun 21, 2024
a83d8df
Fixed issue reported by detekt
filipesoliveira Jun 21, 2024
826a959
Disable a test.
filipesoliveira Jun 21, 2024
93ed850
Updated the SSL configuration and fixed an unstable test.
filipesoliveira Jun 25, 2024
89d7ea8
Fixed issues reported by detekt.
filipesoliveira Jun 25, 2024
295aaaa
The class `DuplexChannel` now sends messages synchronously.
filipesoliveira Jun 25, 2024
01ddd66
Fixed issues reported by detekt.
filipesoliveira Jun 25, 2024
488deb4
Commented out a couple of asserts. They will be added back later.
filipesoliveira Jun 25, 2024
9129f2d
Disabled a test related to swagger. Will come back later.
filipesoliveira Jun 25, 2024
33793ad
Disabled a test related to swagger. Will come back later.
filipesoliveira Jun 25, 2024
43d49aa
Fixed issues reported by detekt.
filipesoliveira Jun 25, 2024
709e3b3
Reverted a change.
filipesoliveira Jun 25, 2024
6f8d379
Upgraded `networkntJsonSchemaVersion` to the most recent version that…
filipesoliveira Jun 25, 2024
a0e7dff
Reverted to the original version for networkntJsonSchemaVersion.
filipesoliveira Jun 25, 2024
c916c12
Fixed issue reported by detekt.
filipesoliveira Jun 25, 2024
e8b1306
Fixed failing test due to the charset not being set.
filipesoliveira Jun 26, 2024
42d0498
Fixed issue reported by detekt.
filipesoliveira Jun 26, 2024
2f23cec
Replace `.name` by `.mimeType`.
filipesoliveira Jun 26, 2024
7c290f7
The protocol is required in the origin for the headers in the respons…
filipesoliveira Jun 27, 2024
2bc4f45
Fixed issue reported by detekt.
filipesoliveira Jun 27, 2024
3744d7f
Updated the `networkntJsonSchemaVersion` to fix issue with the versio…
filipesoliveira Jun 27, 2024
eec8566
Revert "Updated the `networkntJsonSchemaVersion` to fix issue with th…
filipesoliveira Jun 27, 2024
c3f61cd
Added the response encoding to the request to avoid the charset to be…
filipesoliveira Jun 28, 2024
1872ae9
Made the package `org.slf4j.spi` optional in an attempt to resolve a …
filipesoliveira Jul 1, 2024
e392611
Quick test. Revert this change if the build fails.
filipesoliveira Jul 1, 2024
4c62d2a
Revert "Quick test. Revert this change if the build fails."
filipesoliveira Jul 1, 2024
ee05e26
CORE-8415: Filter out unwanted SLF4J bundle in tests
filipesoliveira Jul 2, 2024
d3d616e
Removed comments.
filipesoliveira Jul 2, 2024
d38cb09
Reverted a change made to a test.
filipesoliveira Jul 3, 2024
7bb6506
Simplified the code responsible for the basic authentication.
filipesoliveira Jul 3, 2024
7265ed3
Removed unnecessary import.
filipesoliveira Jul 3, 2024
f0f821e
Removed unncessary imports.
filipesoliveira Jul 3, 2024
f7b681e
Fixed unit test related to the basic auth.
filipesoliveira Jul 3, 2024
9711ebb
Fixed unit tests related to the basic auth.
filipesoliveira Jul 3, 2024
2ea3734
Fixed issues reported by detekt.
filipesoliveira Jul 4, 2024
d6bbd28
Updated Jetty to the lastest version of the major version 11.
filipesoliveira Jul 4, 2024
b96e718
Fixed build issue after updating the branch with the latest changes f…
filipesoliveira Jul 12, 2024
ebbe671
Updated the version of Javalin to 6.2.0.
filipesoliveira Jul 22, 2024
dc1d35a
Removed the `test-repo` used for testing javalin-6.1.7-SNAPSHOT.
filipesoliveira Jul 22, 2024
c7c60ce
Added back a change purposed by Viktor that had been lost.
filipesoliveira Jul 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions ...ons/tools/metrics-webserver/src/main/kotlin/net/corda/metrics/reader/MetricsReaderMain.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
package net.corda.metrics.reader

import io.javalin.Javalin
import io.javalin.core.util.Header
import io.javalin.http.HandlerType
import io.javalin.http.Header
import org.slf4j.LoggerFactory
import java.nio.file.Files
import java.nio.file.Path
Expand All @@ -27,7 +27,7 @@ class MetricsReaderMain {
loadMeasurements(Paths.get(metricsFile))
server = Javalin.create()

server?.addHandler(HandlerType.GET, "/metrics") { context ->
server?.addHttpHandler(HandlerType.GET, "/metrics") { context ->
context.result(nextReading())
context.header(Header.CACHE_CONTROL, "no-cache")
}
Expand Down
2 changes: 1 addition & 1 deletion ...rkers/worker-common/src/main/kotlin/net/corda/applications/workers/workercommon/Health.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package net.corda.applications.workers.workercommon

import com.fasterxml.jackson.databind.ObjectMapper
import io.javalin.core.util.Header
import io.javalin.http.Header
import net.corda.lifecycle.LifecycleStatus
import net.corda.lifecycle.registry.LifecycleRegistry
import net.corda.rest.ResponseCode
Expand Down
2 changes: 1 addition & 1 deletion ...kers/worker-common/src/main/kotlin/net/corda/applications/workers/workercommon/Metrics.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
package net.corda.applications.workers.workercommon

import io.javalin.core.util.Header
import io.javalin.http.Header
import io.micrometer.core.instrument.binder.jvm.ClassLoaderMetrics
import io.micrometer.core.instrument.binder.jvm.JvmGcMetrics
import io.micrometer.core.instrument.binder.jvm.JvmHeapPressureMetrics
Expand Down
8 changes: 4 additions & 4 deletions gradle/libs.versions.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ commonsioVersion = "2.16.1"
guavaVersion = "33.2.1-jre"
hikariCpVersion = "5.1.0"
jacksonVersion = "2.17.2"
javalinVersion = "4.6.8"
javalinVersion = "6.2.0"
jcipAnnotationsVersion = "1.0_2"
# This version of Jetty must be the same major version as used by Javalin, please see above.
# Once Javalin version is upgraded to the latest, this override may be removed.
jettyVersion = "9.4.55.v20240627"
jettyVersion = "11.0.21"
micrometerVersion = "1.12.4"
nimbusVersion = "11.13"
kafkaClientVersion = "3.7.0_1"
Expand Down Expand Up @@ -66,7 +66,7 @@ assertj-core = { group = "org.assertj", name = "assertj-core", version.ref = "as
bouncycastle-pkix = { group = "org.bouncycastle", name = "bcpkix-jdk18on", version.ref = "bouncycastleVersion" }
bouncycastle-prov = { group = "org.bouncycastle", name = "bcprov-jdk18on", version.ref = "bouncycastleVersion" }
brave-context-slf4j = { group = "io.zipkin.brave", name = "brave-context-slf4j", version.ref = "braveVersion" }
brave-instrumentation-servlet = { group = "io.zipkin.brave", name = "brave-instrumentation-servlet", version.ref = "braveVersion" }
brave-instrumentation-servlet = { group = "io.zipkin.brave", name = "brave-instrumentation-servlet-jakarta", version.ref = "braveVersion" }
caffeine = { group = "com.github.ben-manes.caffeine", name = "caffeine", version.ref = "caffeineVersion" }
commonsio = { group = "commons-io", name = "commons-io", version.ref = "commonsioVersion" }
guava = { group = "com.google.guava", name = "guava", version.ref = "guavaVersion" }
Expand All @@ -83,7 +83,7 @@ jetty-server = { group = "org.eclipse.jetty", name = "jetty-server", version.ref
jetty-xml = { group = "org.eclipse.jetty", name = "jetty-xml", version.ref = "jettyVersion" }
jetty-websocket-servlet = { group = "org.eclipse.jetty.websocket", name = "websocket-servlet", version.ref = "jettyVersion" }
jetty-websocket-server = { group = "org.eclipse.jetty.websocket", name = "websocket-server", version.ref = "jettyVersion" }
jetty-websocket-client = { group = "org.eclipse.jetty.websocket", name = "websocket-client", version.ref = "jettyVersion" }
jetty-websocket-client = { group = "org.eclipse.jetty.websocket", name = "websocket-jetty-client", version.ref = "jettyVersion" }
jetty-http2-server = { group = "org.eclipse.jetty.http2", name = "http2-server", version.ref = "jettyVersion" }
junit = { group = "org.junit.jupiter", name = "junit-jupiter", version.ref = "junitVersion" }
junit-api = { group = "org.junit.jupiter", name = "junit-jupiter-api", version.ref = "junitVersion" }
Expand Down
4 changes: 2 additions & 2 deletions ...kotlin/net/corda/crypto/test/certificates/generation/RevocableCertificateAuthorityImpl.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ internal class RevocableCertificateAuthorityImpl(
internal const val PATH = "/ocsp"
}
private val app = Javalin.create().start(port)
.addHandler(HandlerType.GET, "$PATH/*", OcspHandler())
.addHttpHandler(HandlerType.GET, "$PATH/*", OcspHandler())
private val revokedCertificates = ConcurrentHashMap.newKeySet<BigInteger>()
private val clock = Clock.systemUTC()

Expand All @@ -51,7 +51,7 @@ internal class RevocableCertificateAuthorityImpl(
}

override fun close() {
app.close()
app.stop()
}

private inner class OcspHandler : Handler {
Expand Down
8 changes: 5 additions & 3 deletions ...erated-rest-client/src/test/kotlin/net/corda/restclient/generated/TestClientAuthHeader.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package net.corda.restclient.generated

import io.javalin.Javalin
import io.javalin.http.ContentType
import io.javalin.http.Header
import io.javalin.http.servlet.getBasicAuthCredentials
import net.corda.restclient.CordaRestClient
import net.corda.restclient.generated.infrastructure.ApiClient
import org.assertj.core.api.AssertionsForClassTypes.assertThat
Expand All @@ -22,12 +24,12 @@ class TestClientAuthHeader {
app = Javalin.create().start(0)
app.get("api/v5_3/mgm/1234/info") { ctx ->

assertThat(ctx.basicAuthCredentialsExist()).isTrue()
val basicAuthCredentials = getBasicAuthCredentials(ctx.header(Header.AUTHORIZATION))
assertThat(basicAuthCredentials).isNotNull()

// Respond with the credentials from the basic auth header
val (user, password) = ctx.basicAuthCredentials()
ctx.contentType(ContentType.APPLICATION_JSON)
.result("$user:$password")
.result("${basicAuthCredentials?.username}:${basicAuthCredentials?.password}")
}
}

Expand Down
7 changes: 1 addition & 6 deletions libs/rest/rest-server-impl/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,16 +29,11 @@ dependencies {
implementation project(":libs:rest:rest-server")
implementation "net.corda:corda-crypto"
implementation libs.javalin
constraints {
filipesoliveira marked this conversation as resolved.
Show resolved Hide resolved
implementation(libs.bundles.jetty) {
because 'Javalin uses an older version of Jetty which is exposed to CVE-2023-26048 and CVE-2023-26049. ' +
'This might be resolved in the future versions of Javalin.'
}
}
implementation libs.nimbus.sdk
implementation libs.jcip.annotations
implementation libs.swagger.core
implementation libs.jetty.http2.server
implementation libs.jetty.websocket.client

implementation libs.jackson.module.kotlin
implementation project(":libs:rest:rest-common")
Expand Down
38 changes: 21 additions & 17 deletions ...erver-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/AbstractWebsocketTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,21 +1,23 @@
package net.corda.rest.server.impl

import io.javalin.core.util.Header
import io.javalin.http.Header
import net.corda.rest.server.config.models.RestServerSettings
import net.corda.rest.test.utils.WebRequest
import net.corda.rest.tools.HttpVerb
import net.corda.utilities.debug
import org.apache.http.HttpStatus
import org.assertj.core.api.Assertions.assertThat
import org.eclipse.jetty.client.HttpRequest
import org.eclipse.jetty.client.HttpResponse
import org.eclipse.jetty.http.HttpField
import org.eclipse.jetty.io.EofException
import org.eclipse.jetty.websocket.api.CloseStatus
import org.eclipse.jetty.websocket.api.Session
import org.eclipse.jetty.websocket.api.StatusCode
import org.eclipse.jetty.websocket.api.UpgradeRequest
import org.eclipse.jetty.websocket.api.UpgradeResponse
import org.eclipse.jetty.websocket.api.WebSocketAdapter
import org.eclipse.jetty.websocket.client.ClientUpgradeRequest
import org.eclipse.jetty.websocket.client.NoOpEndpoint
import org.eclipse.jetty.websocket.client.JettyUpgradeListener
import org.eclipse.jetty.websocket.client.WebSocketClient
import org.eclipse.jetty.websocket.client.io.UpgradeListener
import org.junit.jupiter.api.AfterEach
import org.junit.jupiter.api.Test
import org.slf4j.Logger
Expand Down Expand Up @@ -50,7 +52,8 @@ abstract class AbstractWebsocketTest : RestServerTestBase() {
fun `valid path returns 200 OK`() {
val getPathResponse = client.call(HttpVerb.GET, WebRequest<Any>("health/sanity"), userName, password)
assertEquals(HttpStatus.SC_OK, getPathResponse.responseStatus)
assertEquals("localhost", getPathResponse.headers[Header.ACCESS_CONTROL_ALLOW_ORIGIN])

assertEquals("http://localhost", getPathResponse.headers[Header.ACCESS_CONTROL_ALLOW_ORIGIN])
assertEquals("true", getPathResponse.headers[Header.ACCESS_CONTROL_ALLOW_CREDENTIALS])
assertEquals("no-cache", getPathResponse.headers[Header.CACHE_CONTROL])
}
Expand All @@ -65,7 +68,7 @@ abstract class AbstractWebsocketTest : RestServerTestBase() {
val maximumDesiredCount = 100
val list = mutableListOf<String>()

val wsHandler = object : NoOpEndpoint() {
val wsHandler = object : WebSocketAdapter() {

override fun onWebSocketConnect(session: Session) {
log.info("onWebSocketConnect : $session")
Expand All @@ -78,6 +81,7 @@ abstract class AbstractWebsocketTest : RestServerTestBase() {
}

override fun onWebSocketText(message: String) {
log.debug { "Receiving: $message" }
list.add(message)
if (list.size >= maximumDesiredCount) {
log.warn("Too many received!")
Expand All @@ -86,14 +90,14 @@ abstract class AbstractWebsocketTest : RestServerTestBase() {
}
}

val upgradeListener = object : UpgradeListener {
override fun onHandshakeRequest(request: UpgradeRequest) {
val upgradeListener = object : JettyUpgradeListener {
override fun onHandshakeRequest(request: HttpRequest) {
val headerValue = toBasicAuthValue(userName, password)
log.info("Header value: $headerValue")
request.setHeader(Header.AUTHORIZATION, headerValue)
request.addHeader(HttpField(Header.AUTHORIZATION, headerValue))
}

override fun onHandshakeResponse(response: UpgradeResponse) {
override fun onHandshakeResponse(request: HttpRequest, response: HttpResponse) {
}
}

Expand Down Expand Up @@ -130,12 +134,12 @@ abstract class AbstractWebsocketTest : RestServerTestBase() {

@Test
fun `check WebSocket wrong credentials connectivity`() {
val upgradeListener = object : UpgradeListener {
override fun onHandshakeRequest(request: UpgradeRequest) {
request.setHeader(Header.AUTHORIZATION, toBasicAuthValue("alienUser", "wrongPassword"))
val upgradeListener = object : JettyUpgradeListener {
override fun onHandshakeRequest(request: HttpRequest) {
request.addHeader(HttpField(Header.AUTHORIZATION, toBasicAuthValue("alienUser", "wrongPassword")))
}

override fun onHandshakeResponse(response: UpgradeResponse) {
override fun onHandshakeResponse(request: HttpRequest, response: HttpResponse) {
}
}

Expand All @@ -147,14 +151,14 @@ abstract class AbstractWebsocketTest : RestServerTestBase() {
performUnauthorizedTest(null)
}

private fun performUnauthorizedTest(upgradeListener: UpgradeListener?) {
private fun performUnauthorizedTest(upgradeListener: JettyUpgradeListener?) {
val wsClient = createWsClient()
wsClient.start()

val latch = CountDownLatch(2)
var closeStatus: CloseStatus? = null

val wsHandler = object : NoOpEndpoint() {
val wsHandler = object : WebSocketAdapter() {

override fun onWebSocketConnect(session: Session) {
log.info("onWebSocketConnect : $session")
Expand Down
10 changes: 9 additions & 1 deletion ...mpl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerHTTPSWebsocketTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ import net.corda.rest.test.utils.TestHttpClientUnirestImpl
import net.corda.rest.test.utils.multipartDir
import net.corda.utilities.NetworkHostAndPort
import org.eclipse.jetty.client.HttpClient
import org.eclipse.jetty.client.dynamic.HttpClientTransportDynamic
import org.eclipse.jetty.io.ClientConnector
import org.eclipse.jetty.util.ssl.SslContextFactory
import org.eclipse.jetty.websocket.client.WebSocketClient
import org.junit.jupiter.api.AfterAll
Expand Down Expand Up @@ -53,6 +55,7 @@ class RestServerHTTPSWebsocketTest : AbstractWebsocketTest() {
multipartDir,
true
).apply { start() }

client = TestHttpClientUnirestImpl(
"https://${restServerSettings.address.host}:${server.port}" +
"/${restServerSettings.context.basePath}/${apiVersion.versionPath}/",
Expand All @@ -70,7 +73,12 @@ class RestServerHTTPSWebsocketTest : AbstractWebsocketTest() {
}
}

override fun createWsClient() = WebSocketClient(HttpClient(SslContextFactory.Client(true)))
override fun createWsClient(): WebSocketClient {
val clientConnector = ClientConnector().apply {
sslContextFactory = SslContextFactory.Client(true)
}
return WebSocketClient(HttpClient(HttpClientTransportDynamic(clientConnector)))
}

override val wsProtocol = "wss"

Expand Down
4 changes: 2 additions & 2 deletions ...erver-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerOpenApiTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ class RestServerOpenApiTest : RestServerTestBase() {
fun `GET swagger UI should return html with reference to swagger json`() {
val apiSpec = client.call(GET, WebRequest<Any>("swagger"))
assertEquals(HttpStatus.SC_OK, apiSpec.responseStatus)
assertEquals("text/html", apiSpec.headers["Content-Type"])
assertEquals("text/html;charset=utf-8", apiSpec.headers["Content-Type"])
val expected = """url: "/${context.basePath}/${apiVersion.versionPath}/swagger.json""""
assertTrue(apiSpec.body!!.contains(expected))
}
Expand All @@ -505,7 +505,7 @@ class RestServerOpenApiTest : RestServerTestBase() {
fun `GET swagger UI with trailing slash in path should return html with reference to swagger json without trailing slash`() {
val apiSpec = client.call(GET, WebRequest<Any>("swagger/"))
assertEquals(HttpStatus.SC_OK, apiSpec.responseStatus)
assertEquals("text/html", apiSpec.headers["Content-Type"])
assertEquals("text/html;charset=utf-8", apiSpec.headers["Content-Type"])
val expected = """url: "/${context.basePath}/${apiVersion.versionPath}/swagger.json""""
assertTrue(apiSpec.body!!.contains(expected))
}
Expand Down
11 changes: 6 additions & 5 deletions ...rver-impl/src/integrationTest/kotlin/net/corda/rest/server/impl/RestServerRequestsTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package net.corda.rest.server.impl

import com.google.gson.Gson
import io.javalin.core.util.Header.ACCESS_CONTROL_ALLOW_CREDENTIALS
import io.javalin.core.util.Header.ACCESS_CONTROL_ALLOW_ORIGIN
import io.javalin.core.util.Header.CACHE_CONTROL
import io.javalin.core.util.Header.WWW_AUTHENTICATE
import io.javalin.http.Header.ACCESS_CONTROL_ALLOW_CREDENTIALS
import io.javalin.http.Header.ACCESS_CONTROL_ALLOW_ORIGIN
import io.javalin.http.Header.CACHE_CONTROL
import io.javalin.http.Header.WWW_AUTHENTICATE
import net.corda.rest.annotations.RestApiVersion
import net.corda.rest.server.apigen.test.TestJavaPrimitivesRestResourceImpl
import net.corda.rest.server.config.models.RestServerSettings
Expand Down Expand Up @@ -107,8 +107,9 @@ class RestServerRequestsTest : RestServerTestBase() {
userName,
password
)

assertEquals(HttpStatus.SC_OK, getPathResponse.responseStatus)
assertEquals("localhost", getPathResponse.headers[ACCESS_CONTROL_ALLOW_ORIGIN])
assertEquals("http://localhost", getPathResponse.headers[ACCESS_CONTROL_ALLOW_ORIGIN])
assertEquals("true", getPathResponse.headers[ACCESS_CONTROL_ALLOW_CREDENTIALS])
assertEquals("no-cache", getPathResponse.headers[CACHE_CONTROL])
}
Expand Down
11 changes: 5 additions & 6 deletions ...erver-impl/src/main/kotlin/net/corda/rest/server/impl/context/ClientHttpRequestContext.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
package net.corda.rest.server.impl.context

import io.javalin.core.util.Header
import io.javalin.http.Context
import io.javalin.http.Header
import io.javalin.http.UploadedFile
import io.javalin.plugin.json.JsonMapper
import io.javalin.plugin.json.jsonMapper
import io.javalin.json.JsonMapper
import net.corda.data.rest.PasswordExpiryStatus
import net.corda.rest.server.impl.security.RestAuthenticationProvider

Expand All @@ -14,7 +13,7 @@ import net.corda.rest.server.impl.security.RestAuthenticationProvider
internal class ClientHttpRequestContext(private val ctx: Context) : ClientRequestContext {

override val method: String
get() = ctx.method()
get() = ctx.method().name

override fun header(header: String): String? = ctx.header(header)

Expand Down Expand Up @@ -60,12 +59,12 @@ internal class ClientHttpRequestContext(private val ctx: Context) : ClientReques
}

override fun addPasswordExpiryHeader(expiryStatus: PasswordExpiryStatus) {
ctx.res.addHeader(Header.WARNING, "199 - PasswordExpiryStatus is $expiryStatus")
ctx.res().addHeader(Header.WARNING, "199 - PasswordExpiryStatus is $expiryStatus")
}

private fun addHeaderValues(values: Iterable<String>) {
values.forEach {
ctx.res.addHeader(Header.WWW_AUTHENTICATE, it)
ctx.res().addHeader(Header.WWW_AUTHENTICATE, it)
}
}
}
15 changes: 9 additions & 6 deletions ...st-server-impl/src/main/kotlin/net/corda/rest/server/impl/context/ClientRequestContext.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package net.corda.rest.server.impl.context

import io.javalin.core.security.BasicAuthCredentials
import io.javalin.core.util.Header
import io.javalin.http.Header
import io.javalin.http.UploadedFile
import io.javalin.http.util.ContextUtil
import io.javalin.plugin.json.JsonMapper
import io.javalin.http.servlet.getBasicAuthCredentials
import io.javalin.json.JsonMapper
import io.javalin.security.BasicAuthCredentials
import net.corda.data.rest.PasswordExpiryStatus
import net.corda.rest.server.impl.security.RestAuthenticationProvider

Expand Down Expand Up @@ -101,13 +101,16 @@ interface ClientRequestContext {
* Returns a Boolean which is true if there is an Authorization header with
* Basic auth credentials. Returns false otherwise.
*/
fun basicAuthCredentialsExist(): Boolean = ContextUtil.hasBasicAuthCredentials(header(Header.AUTHORIZATION))
fun basicAuthCredentialsExist(): Boolean = getBasicAuthCredentials() != null

/**
* Gets basic-auth credentials from the request, or throws.
*
* Returns a wrapper object [BasicAuthCredentials] which contains the
* Base64 decoded username and password from the Authorization header.
*/
fun basicAuthCredentials(): BasicAuthCredentials = ContextUtil.getBasicAuthCredentials(header(Header.AUTHORIZATION))
fun basicAuthCredentials(): BasicAuthCredentials = getBasicAuthCredentials()!!

private fun getBasicAuthCredentials() =
getBasicAuthCredentials(header(Header.AUTHORIZATION))
}
Loading