Pre-Register the built-in plugins.

javaConductor / gserv

GServ: Framework for SPAs and REST based services.

MIT License

49 stars 9 forks source link

Pre-Register the built-in plugins. #9

Closed javaConductor closed 9 years ago

javaConductor commented 9 years ago

If you have to register it then its NOT built-in.

javaConductor commented 9 years ago

Done. CORS, Compression, ClientCaching

ribomation commented 9 years ago

Should be possible to NOT use the LDAP plugin, because it requires spring-ldap-template.

I do suggest adding at least an additional constructor that do not register any plugin. Perhaps use configuration methods for each built-in plugin. E.g. def pm = PluginMgr.instance().useCORS().useCOMPRESSION()

javaConductor commented 9 years ago

Ldap is becoming an external plugin in 0.9.8. I didnt really want a Spring dependency. Registered just means that gServ knows about it but no server instance is using it til declared.

ribomation commented 9 years ago

I cloned and changed relevant parts of the plugin-mgr to

    private def PluginMgr() {}
    def useCORS() {
        register('cors', CorsPlugin.class)
        return this
    }
    def useCACHING() {
        register('caching', CachingPlugin.class)
        return this
    }
    def useCOMPRESSION() {
        register('compression', CompressionPlugin.class)
        return this
    }
    def useLDAP() {
        register('ldap', LdapPlugin.class)
        return this
    }
    def useALL() {
        useCORS()
        useCACHING()
        useCOMPRESSION()
        useLDAP()
        return this
    }

I also changed all requestContext.responseHeaders.add into requestContext.responseHeaders.put in CorsPlugin, because it was throwing method-not-found errors.

However, stopped working on this as I couldn't get CORS working anyway. Perhaps, I working example might shed some light on this.

javaConductor commented 9 years ago

Clone the latest in the 0.9.7 branch - the CORS plugin is NOW working.
Working example: https://github.com/javaConductor/gservExamples SubProject: CrossSiteScripting

The example serves content on 60000 and the REST service on 60001.

Lee

ribomation commented 9 years ago

OK. Looks better now. However, I modified the demo code (incl index.html) to blacklist localhost and expected HTTP failure. But got HTTP 200. With the following changes below, I expected the hidden link to fail. Am I missing something?

cors('/internal', whiteList(3600, hostListWithLocalhost))
cors('/hidden', blackList(3600, hostListWithLocalhost))
  //...
get('/hidden'){ ->
    write( "This is the HIDDEN message.")
}

javaConductor commented 9 years ago

I updated the examples with a BlackList test as you described. It works in the example. Let me know if this is representative of what your code does. As a rule, if it is allowed as WhiteList it is NOT allowed as a BlackList.

ribomation commented 9 years ago

Tried it and even commented out the whiteList line, but still get HTTP 200. i.e. no rejection. To clarify: clicking on the "show hidden" button, should render an error message, not show the "This is the hidden message." message. What am I missing?

javaConductor commented 9 years ago

Get the latest from 0.9.7 branch and it should work. I see an error msg when i try.