org.eclipse.jetty.servlets.CrossOriginFilter Java Examples

private void testHandlesCrossOriginRequest(String domains, boolean wantHandled) throws Exception {
    final CrossOriginHandler victim = new CrossOriginHandler(domains, "GET,POST,HEAD", "X-Requested-With,Content-Type,Accept,Origin", "1800", "true", "");
    final MockJettyRequest req = mock(MockJettyRequest.class);
    final MockJettyResponse res = mock(MockJettyResponse.class);

    when(req.getMethod()).thenReturn("OPTIONS");
    when(req.getHeader("Origin")).thenReturn("betfair.com");
    when(req.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD_HEADER)).thenReturn("PUT");
    when(req.getHeaders("Connection")).thenReturn(Collections.<String>emptyEnumeration());

    victim.handle("/", req, req, res);

    // this is always called
    verify(req, times(1)).setHandled(eq(true));
    if (wantHandled) {
        verify(req, never()).setHandled(eq(false));
    }
    else {
        verify(req, times(1)).setHandled(eq(false));
    }
}
 

@Override
public void run(FoxtrotServerConfiguration configuration, Environment environment) throws Exception {
    // Enable CORS headers
    final FilterRegistration.Dynamic cors = environment.servlets()
            .addFilter("CORS", CrossOriginFilter.class);

    // Configure CORS parameters
    cors.setInitParameter("allowedOrigins", "*");
    cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
    cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");

    // Add URL mapping
    cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");

    ((AbstractServerFactory)configuration.getServerFactory()).setJerseyRootPath("/foxtrot");

    MetricUtil.setup(environment.metrics());
    ElasticsearchUtils.setTableNamePrefix(configuration.getElasticsearch());

}
 

private void testCORSGetRequest(String userInfoURI) throws Exception {
  HttpAuthenticationFeature authenticationFeature = HttpAuthenticationFeature.basic("admin", "admin");
  Response response = ClientBuilder.newClient()
      .target(userInfoURI)
      .register(authenticationFeature)
      .request()
      .header("Origin", "http://example.com")
      .header("Access-Control-Request-Method", "GET")
      .get();

  Assert.assertEquals(200, response.getStatus());

  MultivaluedMap<String, Object> responseHeader = response.getHeaders();

  List<Object> allowOriginHeader = responseHeader.get(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER);
  Assert.assertNotNull(allowOriginHeader);
  Assert.assertEquals(1, allowOriginHeader.size());
  Assert.assertEquals("http://example.com", allowOriginHeader.get(0));
}
 

@Provides(type = Type.SET)
ContextConfigurator provideCrossOriginFilter(final Configuration conf) {
  return new ContextConfigurator() {
    @Override
    public void init(ServletContextHandler context) {
      FilterHolder crossOriginFilter = new FilterHolder(CrossOriginFilter.class);
      Map<String, String> params = new HashMap<>();

      params.put(CrossOriginFilter.ALLOWED_ORIGINS_PARAM,
          conf.get(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_ORIGIN,
              CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_ORIGIN_DEFAULT));

      params.put(CrossOriginFilter.ALLOWED_METHODS_PARAM,
          conf.get(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_METHODS,
              CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_METHODS_DEFAULT));

      params.put(CrossOriginFilter.ALLOWED_HEADERS_PARAM,
          conf.get(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_HEADERS,
              CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_HEADERS_DEFAULT));

      crossOriginFilter.setInitParameters(params);
      context.addFilter(crossOriginFilter, "/*", EnumSet.of(DispatcherType.REQUEST));
    }
  };
}
 

/**
 * Initializes the Jersey Servlet.
 */
private void initJerseyServlet() {
  servletContext = new ServletContextHandler(ServletContextHandler.SESSIONS);
  servletContext.setContextPath("/");
  // This is used for allowing access to different domains/ports.
  FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
  filterHolder.setInitParameter("allowedOrigins", "*");
  filterHolder.setInitParameter("allowedMethods", "GET, POST");
  servletContext.addFilter(filterHolder, "/*", null);

  jerseyServlet = servletContext.addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/*");
  jerseyServlet.setInitOrder(0);

  // Tell the Jersey Servlet which REST class to load.
  jerseyServlet.setInitParameter("jersey.config.server.provider.classnames",
      ProvisioningAction.class.getCanonicalName());
}
 

private void checkCorsFilter(SoaConfiguration configuration, ServletEnvironment servlets)
{
    if ( configuration.isAddCorsFilter() )
    {
        // from http://jitterted.com/tidbits/2014/09/12/cors-for-dropwizard-0-7-x/

        FilterRegistration.Dynamic filter = servlets.addFilter("CORS", CrossOriginFilter.class);
        filter.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
        filter.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,PUT,POST,DELETE,OPTIONS");
        filter.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
        filter.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
        filter.setInitParameter("allowedHeaders", "Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin");
        filter.setInitParameter("allowCredentials", "true");
    }
}
 

/**
    * See {@link org.eclipse.jetty.servlets.CrossOriginFilter} for more information on these arguments.
    */
public CrossOriginHandler(final String allowedOrigins, final String allowedMethods, final String allowedHeaders,
                             final String preflightMaxAge, final String allowCredentials, final String exposedHeaders)
           throws ServletException {

	this.crossOriginFilter = new CrossOriginFilter();
	this.crossOriginFilter.init(new FilterConfig() {

           @Override
           public String getFilterName() {
               return "crossOriginFilter";
           }

           @Override
           public String getInitParameter(String name) {
               if (CrossOriginFilter.ALLOWED_ORIGINS_PARAM.equals(name)) return allowedOrigins;
               if (CrossOriginFilter.ALLOWED_METHODS_PARAM.equals(name)) return allowedMethods;
               if (CrossOriginFilter.ALLOWED_HEADERS_PARAM.equals(name)) return allowedHeaders;
               if (CrossOriginFilter.PREFLIGHT_MAX_AGE_PARAM.equals(name)) return preflightMaxAge;
               if (CrossOriginFilter.ALLOW_CREDENTIALS_PARAM.equals(name)) return allowCredentials;
               if (CrossOriginFilter.EXPOSED_HEADERS_PARAM.equals(name)) return exposedHeaders;
               if (CrossOriginFilter.CHAIN_PREFLIGHT_PARAM.equals(name)) return "false";
               return null;
           }

           @Override
           public Enumeration getInitParameterNames() {
               return null;
           }

           @Override
           public ServletContext getServletContext() {
               return null;
           }
       });
}
 

private void configureCors(Environment environment) {
  FilterRegistration.Dynamic filter = environment.servlets().addFilter("CORS", CrossOriginFilter.class);
  filter.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
  filter.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,PUT,POST,DELETE,OPTIONS");
  filter.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
  filter.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
  filter.setInitParameter("allowedHeaders", "Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin");
  filter.setInitParameter("allowCredentials", "true");
}
 

private void configureCors(Environment environment) {
  FilterRegistration.Dynamic filter = environment.servlets().addFilter("CORS", CrossOriginFilter.class);
  filter.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
  filter.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,PUT,POST,DELETE,OPTIONS");
  filter.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
  filter.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
  filter.setInitParameter("allowedHeaders", "Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin");
  filter.setInitParameter("allowCredentials", "true");
}
 

void configureCors(Environment environment) {
  final FilterRegistration.Dynamic cors = environment.servlets().addFilter("CORS", CrossOriginFilter.class);

  // Configure CORS parameters
  cors.setInitParameter("allowedOrigins", "*");
  cors.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin");
  cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");

  // Add URL mapping
  cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
}
 

private void configureCors(Environment environment) {
    Dynamic filter = environment.servlets().addFilter("CORS", CrossOriginFilter.class);
    filter.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
    filter.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "GET,PUT,POST,DELETE,OPTIONS");
    filter.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
    filter.setInitParameter(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER, "*");
    filter.setInitParameter("allowedHeaders", "Content-Type,Authorization,X-Requested-With,Content-Length,Accept,Origin");
    filter.setInitParameter("allowCredentials", "true");
}
 

/**
 * Browser "pre flighted" requests first send an HTTP request by the 'OPTIONS' method to the resource on the other
 * domain, in order to determine whether the actual request is safe to send.
 *
 * No authentication required for OPTIONS method
 *
 * @param userInfoURI URI
 */
private void testPreFlightRequest(String userInfoURI) {
  Response response = ClientBuilder
      .newClient()
      .target(userInfoURI)
      .request()
      .options();

  Assert.assertEquals(200, response.getStatus());

  MultivaluedMap<String, Object> responseHeader = response.getHeaders();

  List<Object> allowOriginHeader = responseHeader.get(CrossOriginFilter.ACCESS_CONTROL_ALLOW_ORIGIN_HEADER);
  Assert.assertNotNull(allowOriginHeader);
  Assert.assertEquals(1, allowOriginHeader.size());
  Assert.assertEquals(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_ORIGIN_DEFAULT, allowOriginHeader.get(0));


  List<Object> allowHeadersHeader = responseHeader.get(CrossOriginFilter.ACCESS_CONTROL_ALLOW_HEADERS_HEADER);
  Assert.assertNotNull(allowHeadersHeader);
  Assert.assertEquals(1, allowHeadersHeader.size());
  Assert.assertEquals(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_HEADERS_DEFAULT, allowHeadersHeader.get(0));

  List<Object> allowMethodsHeader = responseHeader.get(CrossOriginFilter.ACCESS_CONTROL_ALLOW_METHODS_HEADER);
  Assert.assertNotNull(allowMethodsHeader);
  Assert.assertEquals(1, allowMethodsHeader.size());
  Assert.assertEquals(CORSConstants.HTTP_ACCESS_CONTROL_ALLOW_METHODS_DEFAULT, allowMethodsHeader.get(0));
}
 

private void enableCORS(Environment environment, List<String> urlPatterns) {
    // Enable CORS headers
    final FilterRegistration.Dynamic cors = environment.servlets().addFilter("CORS", CrossOriginFilter.class);

    // Configure CORS parameters
    cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
    cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "X-Requested-With,Authorization,Content-Type,Accept,Origin");
    cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "OPTIONS,GET,PUT,POST,DELETE,HEAD");

    // Add URL mapping
    String[] urls = urlPatterns.toArray(new String[urlPatterns.size()]);
    cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, urls);
}
 

private static boolean isPreFlightRequest(Request request) {
    if(HttpMethods.OPTIONS.equalsIgnoreCase(request.getMethod())) {
        // If the origin does not match allowed the filter will skip anyway so don't bother checking it.
        if(request.getHeader(ORIGIN_HEADER) != null &&
           request.getHeader(CrossOriginFilter.ACCESS_CONTROL_REQUEST_METHOD_HEADER) != null) {
            return true;
        }
    }
    return false;
}
 

private void addCrossOriginFilter(ContextHandler handler) throws ServletException {
    FilterRegistration reg = handler.getServletContext().addFilter("CrossOriginFilter", CrossOriginFilter.class);
    reg.addMappingForServletNames(null, false, "*");
    reg.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM,
                         configurationService.getProperty(CONFIG_XORIGIN_ORIGINS));
    reg.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM,
                         configurationService.getProperty(CONFIG_XORIGIN_METHODS));
    reg.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM,
                         configurationService.getProperty(CONFIG_XORIGIN_HEADERS));
    reg.setInitParameter(CrossOriginFilter.PREFLIGHT_MAX_AGE_PARAM,
                         configurationService.getProperty(CONFIG_XORIGIN_MAX_AGE));
    reg.setInitParameter(CrossOriginFilter.ALLOW_CREDENTIALS_PARAM,
                         configurationService.getProperty(CONFIG_XORIGIN_CREDENTIALS));
}
 

@Override
public void run(BlockExplorerConfiguration configuration, Environment environment) throws Exception {
    BCSAPI api = hyperLedgerBundle.getBCSAPI();
    final FilterRegistration.Dynamic cors =
            environment.servlets().addFilter("CORS", CrossOriginFilter.class);

    // Configure CORS parameters
    cors.setInitParameter("allowedOrigins", "*");
    cors.setInitParameter("allowedHeaders", "*");
    cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");

    // Add URL mapping
    cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
    environment.jersey().register(new ExplorerResource(api));
}
 

@Override
public void run(HelloWorldConfiguration configuration, Environment environment) throws Exception {

  // Enable CORS to allow GraphiQL on a separate port to reach the API
  final FilterRegistration.Dynamic cors =
      environment.servlets().addFilter("cors", CrossOriginFilter.class);
  cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");

  final HelloWorldResource resource =
      new HelloWorldResource(configuration.getTemplate(), configuration.getDefaultName());
  environment.jersey().register(resource);
}
 

private void enableCORS(Environment environment) {
    // Enable CORS headers
    final FilterRegistration.Dynamic cors = environment.servlets().addFilter("CORS", CrossOriginFilter.class);

    // Configure CORS parameters
    cors.setInitParameter(CrossOriginFilter.ALLOWED_ORIGINS_PARAM, "*");
    cors.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, "X-Requested-With,Authorization,Content-Type,Accept,Origin");
    cors.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, "OPTIONS,GET,PUT,POST,DELETE,HEAD");

    // Add URL mapping
    cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
}
 

@Override
public void run(BlockExplorerConfiguration configuration, Environment environment) throws Exception {
    BCSAPI api = hyperLedgerBundle.getBCSAPI();
    final FilterRegistration.Dynamic cors =
            environment.servlets().addFilter("CORS", CrossOriginFilter.class);

    // Configure CORS parameters
    cors.setInitParameter("allowedOrigins", "*");
    cors.setInitParameter("allowedHeaders", "*");
    cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");

    // Add URL mapping
    cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true, "/*");
    environment.jersey().register(new ExplorerResource(api));
}
 

private void configureSwagger(Environment environment) {
    BeanConfig config = new BeanConfig();
    config.setTitle("Inventory Item API");
    config.setVersion("1.0.0");
    config.setResourcePackage(InventoryItemResource.class.getPackage().getName());
    config.setScan(true);

    FilterRegistration.Dynamic filter = environment.servlets().addFilter("CORSFilter", CrossOriginFilter.class);
    filter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, environment.getApplicationContext().getContextPath() + "swagger.json");
    filter.setInitParameter(ALLOWED_METHODS_PARAM, "GET,OPTIONS");
    filter.setInitParameter(ALLOWED_HEADERS_PARAM, "Origin, Content-Type, Accept");
    filter.setInitParameter(ALLOWED_ORIGINS_PARAM, "*");
    filter.setInitParameter(ALLOW_CREDENTIALS_PARAM, "true");
}
 

@Override
public void run(final BaragonAgentConfiguration config, final Environment environment) {
  if (!config.isEnableCorsFilter()) {
    return;
  }

  final Filter corsFilter = new CrossOriginFilter();
  final FilterConfig corsFilterConfig = new FilterConfig() {

    @Override
    public String getFilterName() {
      return FILTER_NAME;
    }

    @Override
    public ServletContext getServletContext() {
      return null;
    }

    @Override
    public String getInitParameter(final String name) {
      return null;
    }

    @Override
    public Enumeration<String> getInitParameterNames() {
      return Iterators.asEnumeration(Collections.<String>emptyIterator());
    }
  };

  try {
    corsFilter.init(corsFilterConfig);
  } catch (final Exception e) {
    throw Throwables.propagate(e);
  }

  environment.servlets().addFilter(FILTER_NAME, corsFilter).addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
}
 

private FilterHolder configureCors() {
	final FilterHolder filter = new FilterHolder(new CrossOriginFilter());
	filter.setInitParameter(ALLOWED_ORIGINS_PARAM, "*");
	filter.setInitParameter(ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER, valueOf(TRUE));
	filter.setInitParameter(ALLOWED_METHODS_PARAM, on(",").join(HttpMethod.values()));
	filter.setInitParameter(ALLOWED_HEADERS_PARAM,
			on(",").join(X_PING_OTHER, ORIGIN, X_REQUESTED_WITH, CONTENT_TYPE, ACCEPT));
	filter.setInitParameter(PREFLIGHT_MAX_AGE_PARAM, PREFLIGHT_MAX_AGE_VALUE);
	filter.setInitParameter(ALLOW_CREDENTIALS_PARAM, valueOf(TRUE));
	return filter;
}
 

@Override
public void run(final BaragonConfiguration config, final Environment environment) {
  if (!config.isEnableCorsFilter()) {
    return;
  }

  final Filter corsFilter = new CrossOriginFilter();
  final FilterConfig corsFilterConfig = new FilterConfig() {

    @Override
    public String getFilterName() {
      return FILTER_NAME;
    }

    @Override
    public ServletContext getServletContext() {
      return null;
    }

    @Override
    public String getInitParameter(final String name) {
      return null;
    }

    @Override
    public Enumeration<String> getInitParameterNames() {
      return Iterators.asEnumeration(Collections.<String>emptyIterator());
    }
  };

  try {
    corsFilter.init(corsFilterConfig);
  } catch (final Exception e) {
    throw Throwables.propagate(e);
  }

  environment.servlets().addFilter(FILTER_NAME, corsFilter).addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
}
 

@Override
public void run(final SnowizardConfiguration config,
        final Environment environment) throws Exception {

    environment.jersey().register(new SnowizardExceptionMapper());
    environment.jersey().register(new ProtocolBufferMessageBodyProvider());

    if (config.isCORSEnabled()) {
        final FilterRegistration.Dynamic filter = environment.servlets()
                .addFilter("CrossOriginFilter", CrossOriginFilter.class);
        filter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST),
                true, "/*");
        filter.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM,
                "GET");
    }

    final IdWorker worker = new IdWorker(config.getWorkerId(),
            config.getDatacenterId(), 0L, config.validateUserAgent(),
            environment.metrics());

    environment.metrics().register(
            MetricRegistry.name(SnowizardApplication.class, "worker_id"),
            new Gauge<Integer>() {
                @Override
                public Integer getValue() {
                    return config.getWorkerId();
                }
            });

    environment.metrics()
    .register(
            MetricRegistry.name(SnowizardApplication.class,
                    "datacenter_id"), new Gauge<Integer>() {
                @Override
                public Integer getValue() {
                    return config.getDatacenterId();
                }
            });

    // health check
    environment.healthChecks().register("empty", new EmptyHealthCheck());

    // resources
    environment.jersey().register(new IdResource(worker));
    environment.jersey().register(new PingResource());
    environment.jersey().register(new VersionResource());
}
 

public void start() throws Exception {
    ((ServerConnector) server.getConnectors()[0]).setReuseAddress(true);

    // Root context
    context.setContextPath("/abnormal");

    // Setup static content
    context.setResourceBase("src/main/webapp/");
    context.addServlet(DefaultServlet.class, "/");

    // Enable Jersey debug output
    context.setInitParameter("com.sun.jersey.config.statistic.Trace", "true");

    // Enable CORS - cross origin resource sharing
    FilterHolder cors = new FilterHolder();
    cors.setInitParameter("allowedOrigins", "https?://localhost:*, https?://*.e-navigation.net:*");
    cors.setInitParameter("allowedHeaders", "*");
    cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");
    cors.setFilter(new CrossOriginFilter());
    context.addFilter(cors, "*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.ASYNC, DispatcherType.INCLUDE));

    // Little hack to satisfy OpenLayers URLs in DMA context
    RewritePatternRule openlayersRewriteRule = new RewritePatternRule();
    openlayersRewriteRule.setPattern("/abnormal/theme/*");
    openlayersRewriteRule.setReplacement("/abnormal/js/theme/");

    RewriteHandler rewrite = new RewriteHandler();
    rewrite.setRewriteRequestURI(true);
    rewrite.setRewritePathInfo(false);
    rewrite.setOriginalPathAttribute("requestedPath");
    rewrite.addRule(openlayersRewriteRule);
    rewrite.setHandler(context);
    server.setHandler(rewrite);

    // Setup Guice-Jersey integration
    context.addEventListener(new GuiceServletContextListener() {
        @Override
        protected Injector getInjector() {
            return Guice.createInjector(new RestModule(
                    repositoryName,
                    pathToEventDatabase,
                    eventRepositoryType,
                    eventDataDbHost,
                    eventDataDbPort,
                    eventDataDbName,
                    eventDataDbUsername,
                    eventDataDbPassword
            ));
        }
    });
    context.addFilter(com.google.inject.servlet.GuiceFilter.class, "/rest/*", EnumSet.allOf(DispatcherType.class));

    // Start the server
    server.start();
}
 

@Override
public void run(final ImageJServerConfiguration configuration,
	final Environment environment)
{
	// Enable CORS headers
	final FilterRegistration.Dynamic cors = environment.servlets().addFilter(
		"CORS", CrossOriginFilter.class);

	// Configure CORS parameters
	cors.setInitParameter("allowedOrigins", "*");
	cors.setInitParameter("allowedHeaders",
		"X-Requested-With,Content-Type,Accept,Origin");
	cors.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD");

	// Add URL mapping
	cors.addMappingForUrlPatterns(EnumSet.allOf(DispatcherType.class), true,
		"/*");

	env = environment;

	// NB: not implemented yet
	final ImageJServerHealthCheck healthCheck = new ImageJServerHealthCheck();
	environment.healthChecks().register("imagej-server", healthCheck);

	environment.jersey().register(MultiPartFeature.class);

	// -- resources --

	environment.jersey().register(AdminResource.class);

	environment.jersey().register(ModulesResource.class);

	environment.jersey().register(ObjectsResource.class);

	// -- context dependencies injection --

	environment.jersey().register(new AbstractBinder() {

		@Override
		protected void configure() {
			bind(ctx).to(Context.class);
			bind(env).to(Environment.class);
			bind(objectService).to(ObjectService.class);
			bind(jsonService).to(JsonService.class);
		}

	});
}
 

/**
 * Start the web server including setup.
 */
public void start() throws Exception {
  if (!config.getBoolean(ExecConstants.HTTP_ENABLE)) {
    return;
  }

  final boolean authEnabled = config.getBoolean(ExecConstants.USER_AUTHENTICATION_ENABLED);

  int port = config.getInt(ExecConstants.HTTP_PORT);
  final boolean portHunt = config.getBoolean(ExecConstants.HTTP_PORT_HUNT);
  final int acceptors = config.getInt(ExecConstants.HTTP_JETTY_SERVER_ACCEPTORS);
  final int selectors = config.getInt(ExecConstants.HTTP_JETTY_SERVER_SELECTORS);
  final int handlers = config.getInt(ExecConstants.HTTP_JETTY_SERVER_HANDLERS);
  final QueuedThreadPool threadPool = new QueuedThreadPool(2, 2);
  embeddedJetty = new Server(threadPool);
  ServletContextHandler webServerContext = createServletContextHandler(authEnabled);
  //Allow for Other Drillbits to make REST calls
  FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
  filterHolder.setInitParameter("allowedOrigins", "*");
  //Allowing CORS for metrics only
  webServerContext.addFilter(filterHolder, STATUS_METRICS_PATH, null);
  embeddedJetty.setHandler(webServerContext);

  ServerConnector connector = createConnector(port, acceptors, selectors);
  threadPool.setMaxThreads(handlers + connector.getAcceptors() + connector.getSelectorManager().getSelectorCount());
  embeddedJetty.addConnector(connector);
  for (int retry = 0; retry < PORT_HUNT_TRIES; retry++) {
    connector.setPort(port);
    try {
      embeddedJetty.start();
      return;
    } catch (IOException e) {
      if (portHunt) {
        logger.info("Failed to start on port {}, trying port {}", port, ++port, e);
      } else {
        throw e;
      }
    }
  }
  throw new IOException("Failed to find a port");
}
 

@Override
public void run(final SingularityConfiguration config, final Environment environment) {
  CorsConfiguration corsConfiguration = config.getCors();
  if (!config.isEnableCorsFilter() && !corsConfiguration.isEnabled()) {
    return;
  }

  final Filter corsFilter = new CrossOriginFilter();
  final FilterConfig corsFilterConfig = new FilterConfig() {

    @Override
    public String getFilterName() {
      return FILTER_NAME;
    }

    @Override
    public ServletContext getServletContext() {
      return null;
    }

    @Override
    public String getInitParameter(final String name) {
      return null;
    }

    @Override
    public Enumeration<String> getInitParameterNames() {
      return Iterators.asEnumeration(Collections.<String>emptyIterator());
    }
  };

  try {
    corsFilter.init(corsFilterConfig);
  } catch (final Exception e) {
    throw new RuntimeException(e);
  }

  FilterRegistration.Dynamic filter = environment
    .servlets()
    .addFilter(FILTER_NAME, corsFilter);

  filter.setInitParameter(
    CrossOriginFilter.ALLOWED_ORIGINS_PARAM,
    corsConfiguration.getAllowedOrigins()
  );
  filter.setInitParameter(
    CrossOriginFilter.ALLOWED_HEADERS_PARAM,
    corsConfiguration.getAllowedHeaders()
  );
  filter.setInitParameter(
    CrossOriginFilter.ALLOWED_METHODS_PARAM,
    corsConfiguration.getAllowedMethods()
  );
  filter.setInitParameter(
    CrossOriginFilter.ALLOW_CREDENTIALS_PARAM,
    corsConfiguration.isAllowCredentials() ? "true" : "false"
  );

  filter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
}
 

public JettyServer(BaseServerOptions options, HttpHandler handler) {
  this.handler = Require.nonNull("Handler", handler);
  int port = options.getPort() == 0 ? PortProber.findFreePort() : options.getPort();

  String host = options.getHostname().orElseGet(() -> {
    try {
      return new NetworkUtils().getNonLoopbackAddressOfThisMachine();
    } catch (WebDriverException ignored) {
      return "localhost";
    }
  });

  try {
    this.url = new URL("http", host, port, "");
  } catch (MalformedURLException e) {
    throw new UncheckedIOException(e);
  }

  Log.setLog(new JavaUtilLog());
  this.server = new org.eclipse.jetty.server.Server(
      new QueuedThreadPool(options.getMaxServerThreads()));

  this.servletContextHandler = new ServletContextHandler(ServletContextHandler.SECURITY);
  ConstraintSecurityHandler
      securityHandler =
      (ConstraintSecurityHandler) servletContextHandler.getSecurityHandler();

  Constraint disableTrace = new Constraint();
  disableTrace.setName("Disable TRACE");
  disableTrace.setAuthenticate(true);
  ConstraintMapping disableTraceMapping = new ConstraintMapping();
  disableTraceMapping.setConstraint(disableTrace);
  disableTraceMapping.setMethod("TRACE");
  disableTraceMapping.setPathSpec("/");
  securityHandler.addConstraintMapping(disableTraceMapping);

  Constraint enableOther = new Constraint();
  enableOther.setName("Enable everything but TRACE");
  ConstraintMapping enableOtherMapping = new ConstraintMapping();
  enableOtherMapping.setConstraint(enableOther);
  enableOtherMapping.setMethodOmissions(new String[]{"TRACE"});
  enableOtherMapping.setPathSpec("/");
  securityHandler.addConstraintMapping(enableOtherMapping);

  // Allow CORS: Whether the Selenium server should allow web browser connections from any host
  if (options.getAllowCORS()) {
    FilterHolder
        filterHolder = servletContextHandler.addFilter(CrossOriginFilter.class, "/*", EnumSet
        .of(DispatcherType.REQUEST));
    filterHolder.setInitParameter("allowedMethods", "GET,POST,PUT,DELETE,HEAD");

    // Warning user
    LOG.warning("You have enabled CORS requests from any host. "
                + "Be careful not to visit sites which could maliciously "
                + "try to start Selenium sessions on your machine");
  }

  server.setHandler(servletContextHandler);

  HttpConfiguration httpConfig = new HttpConfiguration();
  httpConfig.setSecureScheme("https");

  ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
  options.getHostname().ifPresent(http::setHost);
  http.setPort(getUrl().getPort());

  http.setIdleTimeout(500000);

  server.setConnectors(new Connector[]{http});
}
 

final Handler configureHandler() {
  ResourceConfig resourceConfig = new ResourceConfig();
  configureBaseApplication(resourceConfig, getMetricsTags());
  configureResourceExtensions(resourceConfig);
  setupResources(resourceConfig, getConfiguration());

  // Configure the servlet container
  ServletContainer servletContainer = new ServletContainer(resourceConfig);
  final FilterHolder servletHolder = new FilterHolder(servletContainer);

  ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
  context.setContextPath(path);

  ServletHolder defaultHolder = new ServletHolder("default", DefaultServlet.class);
  defaultHolder.setInitParameter("dirAllowed", "false");

  ResourceCollection staticResources = getStaticResources();
  if (staticResources != null) {
    context.setBaseResource(staticResources);
  }

  configureSecurityHandler(context);

  if (isCorsEnabled()) {
    String allowedOrigins = config.getString(RestConfig.ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG);
    FilterHolder filterHolder = new FilterHolder(CrossOriginFilter.class);
    filterHolder.setName("cross-origin");
    filterHolder.setInitParameter(
            CrossOriginFilter.ALLOWED_ORIGINS_PARAM, allowedOrigins

    );
    String allowedMethods = config.getString(RestConfig.ACCESS_CONTROL_ALLOW_METHODS);
    String allowedHeaders = config.getString(RestConfig.ACCESS_CONTROL_ALLOW_HEADERS);
    if (allowedMethods != null && !allowedMethods.trim().isEmpty()) {
      filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_METHODS_PARAM, allowedMethods);
    }
    if (allowedHeaders != null && !allowedHeaders.trim().isEmpty()) {
      filterHolder.setInitParameter(CrossOriginFilter.ALLOWED_HEADERS_PARAM, allowedHeaders);
    }
    // handle preflight cors requests at the filter level, do not forward down the filter chain
    filterHolder.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, "false");
    context.addFilter(filterHolder, "/*", EnumSet.of(DispatcherType.REQUEST));
  }

  if (config.getString(RestConfig.RESPONSE_HTTP_HEADERS_CONFIG) != null
          && !config.getString(RestConfig.RESPONSE_HTTP_HEADERS_CONFIG).isEmpty()) {
    configureHttpResponsHeaderFilter(context);
  }

  configurePreResourceHandling(context);
  context.addFilter(servletHolder, "/*", null);
  configurePostResourceHandling(context);
  context.addServlet(defaultHolder, "/*");

  applyCustomConfiguration(context, REST_SERVLET_INITIALIZERS_CLASSES_CONFIG);

  RequestLogHandler requestLogHandler = new RequestLogHandler();
  requestLogHandler.setRequestLog(requestLog);

  HandlerCollection handlers = new HandlerCollection();
  handlers.setHandlers(new Handler[]{context, requestLogHandler});

  return handlers;
}