Fixes CORS configuration

basyx.aasenvironment/basyx.aasenvironment-http/src/main/java/org/eclipse/digitaltwin/basyx/aasenvironment/http/AASEnvironmentConfiguration.java

@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright (C) 2023 the Eclipse BaSyx Authors
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * 
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+
+package org.eclipse.digitaltwin.basyx.aasenvironment.http;
+
+import org.eclipse.digitaltwin.basyx.http.CorsPathPatternProvider;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 
+ * @author schnicke
+ *
+ */
+@Configuration
+public class AASEnvironmentConfiguration {
+
+	@Bean
+	public CorsPathPatternProvider getAASEnvironmentRepoCorsUrlProvider() {
+		return new CorsPathPatternProvider("/serialization");
+	}
+}

basyx.aasenvironment/basyx.aasenvironment.component/src/main/resources/application.properties

@@ -17,56 +17,7 @@ basyx.backend = InMemory
 # mqtt.hostname = localhost
 # mqtt.port = 1883
 
-# Base Path for Spring Boot Actuator
-management.endpoints.web.base-path=/
-
-####################################################################################
-# Cross-Site Resource Sharing (CORS);
-####################################################################################
-# Comma-separated list of origins to allow. '*' allows all origins. When credentials
-# are allowed, '*' cannot be used and origin patterns should be configured instead.
-# When no allowed origins or allowed origin patterns are set, CORS support is
-# disabled.
-#
-# management.endpoints.web.cors.allowed-origins=https://example.com
-#
-####################################################################################
-# Comma-separated list of origin patterns to allow. Unlike allowed origins which only
-# supports '*', origin patterns are more flexible (for example
-# 'https://*.example.com') and can be used when credentials are allowed. When no
-# allowed origin patterns or allowed origins are set, CORS support is disabled.
-#
-# management.endpoints.web.cors.allowed-origin-patterns=https://*.example.com
-#
-####################################################################################
-# Comma-separated list of methods to allow. '*' allows all methods. When not set,
-# defaults to GET.
-#
-# management.endpoints.web.cors.allowed-methods=
-#
-####################################################################################
-# Comma-separated list of headers to allow in a request. '*' allows all headers.
-#
-# management.endpoints.web.cors.allowed-headers=
-#
-####################################################################################
-# Comma-separated list of headers to include in a response.
-#
-# management.endpoints.web.cors.exposed-headers=
-#
-####################################################################################
-# Boolean; Whether credentials are supported. When not set, credentials are not supported.
-#
-# management.endpoints.web.cors.allow-credentials=
-#
-####################################################################################
-# Number; How long in seconds the response from a pre-flight request can be cached
-# by clients.
-#
-# management.endpoints.web.cors.max-age=
-#
-####################################################################################
-
+# basyx.cors.allowed-origins=http://localhost:3000, http://localhost:4000
 
 ####################################################################################
 # Preconfiguring the Environment;

basyx.aasrepository/basyx.aasrepository-http/src/main/java/org/eclipse/digitaltwin/basyx/aasrepository/http/AasRepoConfiguration.java

@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright (C) 2023 the Eclipse BaSyx Authors
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * 
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+
+package org.eclipse.digitaltwin.basyx.aasrepository.http;
+
+import org.eclipse.digitaltwin.basyx.http.CorsPathPatternProvider;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 
+ * @author schnicke
+ *
+ */
+@Configuration
+public class AasRepoConfiguration {
+
+	@Bean
+	public CorsPathPatternProvider getAasRepoCorsUrlProvider() {
+		return new CorsPathPatternProvider("/shells/**");
+	}
+}

basyx.aasrepository/basyx.aasrepository.component/src/main/resources/application.properties

@@ -1,4 +1,5 @@
 server.port=8081
+server.error.path=/error
 
 spring.application.name=AAS Repository
 basyx.aasrepo.name=aas-repo
@@ -19,57 +20,4 @@ basyx.backend = InMemory
 # mqtt.hostname = localhost
 # mqtt.port = 1883
 
-
-server.error.path=/error
-
-
-# Base Path for Spring Boot Actuator
-management.endpoints.web.base-path=/
-
-####################################################################################
-# Cross-Site Resource Sharing (CORS);
-# As seen on https://docs.spring.io/spring-boot/docs/current/reference/html/actuator.html#actuator.endpoints.cors
-####################################################################################
-# Comma-separated list of origins to allow. '*' allows all origins. When credentials
-# are allowed, '*' cannot be used and origin patterns should be configured instead.
-# When no allowed origins or allowed origin patterns are set, CORS support is
-# disabled.
-#
-# management.endpoints.web.cors.allowed-origins=https://example.com
-#
-####################################################################################
-# Comma-separated list of origin patterns to allow. Unlike allowed origins which only
-# supports '*', origin patterns are more flexible (for example
-# 'https://*.example.com') and can be used when credentials are allowed. When no
-# allowed origin patterns or allowed origins are set, CORS support is disabled.
-#
-# management.endpoints.web.cors.allowed-origin-patterns=https://*.example.com
-#
-####################################################################################
-# Comma-separated list of methods to allow. '*' allows all methods. When not set,
-# defaults to GET.
-#
-# management.endpoints.web.cors.allowed-methods=
-#
-####################################################################################
-# Comma-separated list of headers to allow in a request. '*' allows all headers.
-#
-# management.endpoints.web.cors.allowed-headers=
-#
-####################################################################################
-# Comma-separated list of headers to include in a response.
-#
-# management.endpoints.web.cors.exposed-headers=
-#
-####################################################################################
-# Boolean; Whether credentials are supported. When not set, credentials are not supported.
-#
-# management.endpoints.web.cors.allow-credentials=
-#
-####################################################################################
-# Number; How long in seconds the response from a pre-flight request can be cached
-# by clients.
-#
-# management.endpoints.web.cors.max-age=
-#
-####################################################################################
+# basyx.cors.allowed-origins=http://localhost:3000, http://localhost:4000

basyx.common/basyx.http/src/main/java/org/eclipse/digitaltwin/basyx/http/BaSyxHTTPConfiguration.java

@@ -26,11 +26,17 @@
 
 package org.eclipse.digitaltwin.basyx.http;
 
+import java.util.Arrays;
 import java.util.List;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
 
@@ -43,6 +49,7 @@
  */
 @Configuration
 public class BaSyxHTTPConfiguration {
+	Logger logger = LoggerFactory.getLogger(BaSyxHTTPConfiguration.class);
 
 	/**
 	 * Returns a Jackson2ObjectMapperBuilder that is configured using the passed
@@ -61,4 +68,35 @@ public Jackson2ObjectMapperBuilder jackson2ObjectMapperBuilder(List<Serializatio
 
 		return builder;
 	}
+
+	/**
+	 * Collects a list of {@link CorsPathPatternProvider} and uses them to configure
+	 * CORS for the passed pathPatterns
+	 * 
+	 * @param configurationUrlProviders
+	 * @param allowedOrigins
+	 * @return
+	 */
+	@Bean
+	public WebMvcConfigurer corsConfigurer(List<CorsPathPatternProvider> configurationUrlProviders, @Value("${basyx.cors.allowed-origins:}") String[] allowedOrigins) {
+		return new WebMvcConfigurer() {
+			@Override
+			public void addCorsMappings(CorsRegistry registry) {
+				if (allowedOrigins.length == 0)
+					return;
+
+				logger.info("---- Configuring CORS ----");
+
+				for (CorsPathPatternProvider provider : configurationUrlProviders) {
+					configureOrigins(allowedOrigins, registry, provider.getPathPattern());
+				}
+			}
+
+			private void configureOrigins(String[] allowedOrigins, CorsRegistry registry, String pathPattern) {
+				logger.info(pathPattern + " configured with allowedOriginPatterns " + Arrays.toString(allowedOrigins));
+
+				registry.addMapping(pathPattern).allowedOriginPatterns(allowedOrigins);
+			}
+		};
+	}
 }

basyx.common/basyx.http/src/main/java/org/eclipse/digitaltwin/basyx/http/CorsPathPatternProvider.java

@@ -0,0 +1,46 @@
+/*******************************************************************************
+ * Copyright (C) 2023 the Eclipse BaSyx Authors
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * 
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+
+package org.eclipse.digitaltwin.basyx.http;
+
+/**
+ * Enables components to publish their used pathPatterns for CORS configuration
+ * 
+ * @author schnicke
+ *
+ */
+public class CorsPathPatternProvider {
+	private String pathPattern;
+
+	public CorsPathPatternProvider(String pathPattern) {
+		this.pathPattern = pathPattern;
+	}
+
+	public String getPathPattern() {
+		return pathPattern;
+	}
+
+}

basyx.conceptdescriptionrepository/basyx.conceptdescriptionrepository-http/src/main/java/org/eclipse/digitaltwin/basyx/conceptdescriptionrepository/http/ConceptDescriptionRepoConfiguration.java

@@ -0,0 +1,45 @@
+/*******************************************************************************
+ * Copyright (C) 2023 the Eclipse BaSyx Authors
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ * 
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+
+package org.eclipse.digitaltwin.basyx.conceptdescriptionrepository.http;
+
+import org.eclipse.digitaltwin.basyx.http.CorsPathPatternProvider;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 
+ * @author schnicke
+ *
+ */
+@Configuration
+public class ConceptDescriptionRepoConfiguration {
+
+	@Bean
+	public CorsPathPatternProvider getConceptDescriptionRepoCorsUrlProvider() {
+		return new CorsPathPatternProvider("/concept-descriptions/**");
+	}
+}