common/securis.git

..	..	@@ -1,3 +1,6 @@
	1	+/*
	2	+ * Copyright @ 2013 CurisTEC, S.A.S. All Rights Reserved.
	3	+ */
1	4	package net.curisit.securis;
2	5
3	6	import java.io.IOException;
..	..	@@ -16,6 +19,19 @@
16	19	import org.apache.logging.log4j.LogManager;
17	20	import org.apache.logging.log4j.Logger;
18	21
	22	+/**
	23	+* DevFilter
	24	+* <p>
	25	+* Development-time CORS helper. Adds permissive CORS headers to allow front-end
	26	+* resources (e.g. JS served from a different origin) to call the API.
	27	+* Short-circuits <code>OPTIONS</code> preflight requests.
	28	+*
	29	+* <p><b>Security note:</b> This configuration is intentionally permissive and should be
	30	+* restricted for production.
	31	+*
	32	+* @author JRA
	33	+ * Last reviewed by JRA on Oct 5, 2025.
	34	+*/
19	35	@ApplicationScoped
20	36	@WebFilter(urlPatterns = "/*")
21	37	public class DevFilter implements Filter {
..	..	@@ -23,10 +39,19 @@
23	39	@SuppressWarnings("unused")
24	40	private static final Logger log = LogManager.getLogger(DevFilter.class);
25	41
	42	+ /**
	43	+ * init<p>
	44	+ * Filter init hook (unused).
	45	+ */
26	46	@Override
27	47	public void init(FilterConfig fc) throws ServletException {
28	48	}
29	49
	50	+ /**
	51	+ * doFilter
	52	+ * <p>
	53	+ * Add CORS headers and pass through non-OPTIONS methods to the next filter.
	54	+ */
30	55	@Override
31	56	public void doFilter(ServletRequest sreq, ServletResponse sres, FilterChain fc) throws IOException, ServletException {
32	57	HttpServletRequest req = (HttpServletRequest) sreq;
..	..	@@ -44,6 +69,10 @@
44	69	}
45	70	}
46	71
	72	+ /**
	73	+ * destroy<p>
	74	+ * Filter destroy hook (unused).
	75	+ */
47	76	@Override
48	77	public void destroy() {
49	78	}