Fix CORS for tomcat.

Total change of direction and use of a library providing a servlet filter.

Closes mapfish#507

core/build.gradle

@@ -116,6 +116,7 @@ dependencies {
             "org.springframework:spring-webmvc:$project.springVersion",
             "org.springframework.security:spring-security-config:$springSecurityVersion",
             "org.springframework.security:spring-security-web:$springSecurityVersion",
+            "com.thetransactioncompany:cors-filter:2.5",
             //hibernate & postgres
             "org.hibernate:hibernate-core:4.1.7.Final",
    	        "org.postgresql:postgresql:9.4-1206-jdbc42",

core/src/main/java/org/mapfish/print/servlet/BaseMapServlet.java

@@ -4,8 +4,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -123,18 +121,4 @@ protected final StringBuilder getBaseUrl(final HttpServletRequest httpServletReq
         }
         return baseURL;
     }
-
-    /**
-     * Answer to CORS OPTION requests.
-     *
-     * @param theHttpServletResponse The response
-     */
-    @RequestMapping(method = RequestMethod.OPTIONS)
-    public final void commonOptions(final HttpServletResponse theHttpServletResponse) {
-        theHttpServletResponse.addHeader("Access-Control-Allow-Headers",
-                "origin, content-type, accept, x-requested-with");
-        theHttpServletResponse.addHeader("Access-Control-Max-Age", "86400");
-        theHttpServletResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS, DELETE");
-        theHttpServletResponse.addHeader("Access-Control-Allow-Origin", "*");
-    }
 }

core/src/main/webapp/WEB-INF/mapfish-print-servlet.xml

@@ -2,17 +2,11 @@
 
 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:context="http://www.springframework.org/schema/context"
-    xmlns:mvc="http://www.springframework.org/schema/mvc"
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
-        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 
     <context:annotation-config/>
 
-    <mvc:interceptors>
-        <bean class="org.mapfish.print.servlet.CorsFilterHandlerInterceptor"/>
-    </mvc:interceptors>
-
     <bean name="CurrentAPI" class="org.mapfish.print.servlet.MapPrinterServlet">
         <property name="maxCreateAndGetWaitTimeInSeconds" value="30" />
     </bean>

core/src/main/webapp/WEB-INF/web.xml

@@ -70,6 +70,27 @@
         <url-pattern>/*</url-pattern>
     </filter-mapping>
 
+    <filter>
+        <filter-name>CORS</filter-name>
+        <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
+        <init-param>
+            <param-name>cors.supportedMethods</param-name>
+            <param-value>GET, POST, HEAD, OPTIONS</param-value>
+        </init-param>
+        <init-param>
+            <param-name>cors.maxAge</param-name>
+            <param-value>86400</param-value>
+        </init-param>
+        <init-param>
+            <param-name>cors.supportsCredentials</param-name>
+            <param-value>false</param-value>
+        </init-param>
+    </filter>
+    <filter-mapping>
+        <filter-name>CORS</filter-name>
+        <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
     <servlet>
         <servlet-name>metrics-servlet</servlet-name>
         <servlet-class>com.codahale.metrics.servlets.AdminServlet</servlet-class>
@@ -90,10 +111,6 @@
         <servlet-name>mapfish-print</servlet-name>
         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
         <load-on-startup>1</load-on-startup>
-        <init-param>
-            <param-name>dispatchOptionsRequest</param-name>
-            <param-value>true</param-value>
-        </init-param>
     </servlet>
 
     <servlet-mapping>

core/src/test/resources/org/mapfish/print/servlet/mapfish-print-servlet.xml

@@ -2,13 +2,7 @@
 
 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xmlns:mvc="http://www.springframework.org/schema/mvc"
-       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-                           http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
-
-    <mvc:interceptors>
-        <bean class="org.mapfish.print.servlet.CorsFilterHandlerInterceptor"/>
-    </mvc:interceptors>
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
 
     <bean id="mapfishPrintServlet" class="org.mapfish.print.servlet.MapPrinterServlet">
         <property name="maxCreateAndGetWaitTimeInSeconds" value="30" />

examples/src/test/java/org/mapfish/print/PrintApiTest.java

@@ -487,12 +487,14 @@ public void testCors() throws Exception {
 
         request = getPrintRequest(MapPrinterServlet.LIST_APPS_URL, HttpMethod.OPTIONS);
         request.getHeaders().set("Origin", "http://example.com/");
+        request.getHeaders().set("Access-Control-Request-Method", "POST");
+        request.getHeaders().set("Access-Control-Request-Headers", "X-Toto");
         response = request.execute();
         assertEquals(HttpStatus.OK, response.getStatusCode());
         assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
         assertTrue(response.getHeaders().containsKey("Access-Control-Max-Age"));
         assertTrue(response.getHeaders().containsKey("Access-Control-Allow-Methods"));
-        assertTrue(response.getHeaders().containsKey("Access-Control-Allow-Headers"));
+        assertEquals("X-Toto", response.getHeaders().getFirst("Access-Control-Allow-Headers"));
     }
 
     private JSONArray execCapabilitiesRequestWithAut(int expectedNumberOfLayouts, String credentials) throws IOException, URISyntaxException, JSONException {

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Fri Aug 07 18:45:56 CEST 2015
+#Mon Mar 13 08:28:38 CET 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-2.7-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-2.7-all.zip