back out my OF-342 commit for now

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13273 b35dd754-fafc-0310-a699-88a17e54d16e

back out my OF-342 commit for now
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@13273 b35dd754-fafc-0310-a699-88a17e54d16e
465ee07d · Daryl Herzmann · akrherz · c1bdea84 · 465ee07d · 465ee07d
Commit 465ee07d authored Aug 30, 2012 by Daryl Herzmann Committed by akrherz Aug 30, 2012
3 changed files
--- a/src/java/org/jivesoftware/openfire/http/HttpBindManager.java
+++ b/src/java/org/jivesoftware/openfire/http/HttpBindManager.java
@@ -23,7 +23,6 @@ package org.jivesoftware.openfire.http;
 import java.io.File;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -68,24 +67,6 @@ public final class HttpBindManager {
    public static final String HTTP_BIND_SECURE_PORT = "httpbind.port.secure";
    public static final int HTTP_BIND_SECURE_PORT_DEFAULT = 7443;
-    // http binding CORS default properties
-    public static final String HTTP_BIND_CORS_ENABLED = "httpbind.CORS.enabled";
-    public static final boolean HTTP_BIND_CORS_ENABLED_DEFAULT = true;
-    public static final String HTTP_BIND_CORS_ALLOW_ORIGIN = "httpbind.CORS.domains";
-    public static final String HTTP_BIND_CORS_ALLOW_ORIGIN_DEFAULT = "*";
-    public static final String HTTP_BIND_CORS_ALLOW_METHODS_DEFAULT = "GET, POST, OPTIONS";
-    public static final String HTTP_BIND_CORS_ALLOW_HEADERS_DEFAULT = "Content-Type";
-    public static final String HTTP_BIND_CORS_MAX_AGE_DEFAULT = "86400";
-    public static Map<String, Boolean> HTTP_BIND_ALLOWED_ORIGINS = new HashMap<String, Boolean>();
    private static HttpBindManager instance = new HttpBindManager();
@@ -104,9 +85,6 @@ public final class HttpBindManager {
    private ContextHandlerCollection contexts;
-    // is all orgin allowed flag
-    private boolean allowAllOrigins;
    public static HttpBindManager getInstance() {
        return instance;
    }
@@ -118,9 +96,6 @@ public final class HttpBindManager {
        PropertyEventDispatcher.addListener(new HttpServerPropertyListener());
        this.httpSessionManager = new HttpSessionManager();
        contexts = new ContextHandlerCollection();
-        // setup the cache for the allowed origins
-        this.setupAllowedOriginsMap();
    }
    public void start() {
@@ -267,57 +242,7 @@ public final class HttpBindManager {
    public String getJavaScriptUrl() {
        return "http://" + XMPPServer.getInstance().getServerInfo().getXMPPDomain() + ":" +
                bindPort + "/scripts/";
-    }   
-    // http binding CORS support start
-    private void setupAllowedOriginsMap() {
-        String originString = getCORSAllowOrigin();
-        if (originString.equals(HTTP_BIND_CORS_ALLOW_ORIGIN_DEFAULT)) {
-            allowAllOrigins = true;
-        } else {
-            allowAllOrigins = false;
-            String[] origins = originString.split(",");
-            // reset the cache
-            HTTP_BIND_ALLOWED_ORIGINS.clear();
-            for (String str : origins) {
-                HTTP_BIND_ALLOWED_ORIGINS.put(str, true);
-            }
-        }
-    }
-    public boolean isCORSEnabled() {
-        return JiveGlobals.getBooleanProperty(HTTP_BIND_CORS_ENABLED, HTTP_BIND_CORS_ENABLED_DEFAULT);
-    }
-    public void setCORSEnabled(Boolean value) {
-        if (value != null)
-            JiveGlobals.setProperty(HTTP_BIND_CORS_ENABLED, String.valueOf(value));
-    }
-    public String getCORSAllowOrigin() {
-        return JiveGlobals.getProperty(HTTP_BIND_CORS_ALLOW_ORIGIN , HTTP_BIND_CORS_ALLOW_ORIGIN_DEFAULT);
-    }
-    public void setCORSAllowOrigin(String origins) {
-        if (origins == null || origins.trim().isEmpty())
-             origins = HTTP_BIND_CORS_ALLOW_ORIGIN_DEFAULT;
-        else {
-            origins = origins.replaceAll("\\s+", "");
-        }
-        JiveGlobals.setProperty(HTTP_BIND_CORS_ALLOW_ORIGIN, origins);
-        setupAllowedOriginsMap();
-    }
-    public boolean isAllOriginsAllowed() {
-        return allowAllOrigins;
-    }
-    public boolean isThisOriginAllowed(String origin) {
-        return HTTP_BIND_ALLOWED_ORIGINS.get(origin) != null;
    }
-    // http binding CORS support end
    public void setHttpBindEnabled(boolean isEnabled) {
        JiveGlobals.setProperty(HTTP_BIND_ENABLED, String.valueOf(isEnabled));

--- a/src/java/org/jivesoftware/openfire/http/HttpBindServlet.java
+++ b/src/java/org/jivesoftware/openfire/http/HttpBindServlet.java
@@ -96,14 +96,6 @@ public class HttpBindServlet extends HttpServlet {
        sessionManager.stop();
    }
-    @Override
-    protected void doOptions(HttpServletRequest request, HttpServletResponse response)
-            throws ServletException, IOException {
-        // Use HttpServlet's implementation to add basic headers ('Allow').
-        super.doOptions(request, response);
-        addCORSHeaders(request, response);
-    }
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException
@@ -206,7 +198,7 @@ public class HttpBindServlet extends HttpServlet {
        try {
        	if ((session.getMajorVersion() == 1 && session.getMinorVersion() >= 6) ||
                	session.getMajorVersion() > 1) {
-                respond(session, request, response, createErrorBody(bindingError.getErrorType().getType(),
+                respond(session, response, createErrorBody(bindingError.getErrorType().getType(),
                        bindingError.getCondition()), request.getMethod());
            }
            else {
@@ -269,11 +261,11 @@ public class HttpBindServlet extends HttpServlet {
            if ("terminate".equals(type)) {
                session.close();
-                respond(session, request, response, createEmptyBody(), request.getMethod());
+                respond(session, response, createEmptyBody(), request.getMethod());
            }
            else if ("true".equals(restartStream) && rootNode.elements().size() == 0) {
                try {
-					respond(session, request, response, createSessionRestartResponse(session), request.getMethod());
+					respond(session, response, createSessionRestartResponse(session), request.getMethod());
 				}
 				catch (DocumentException e) {
 					Log.error("Error sending session restart response to client.", e);
@@ -281,7 +273,7 @@ public class HttpBindServlet extends HttpServlet {
            }
            else if (pauseDuration > 0 && pauseDuration <= session.getMaxPause()) {
            	session.pause(pauseDuration);
-                respond(session, request, response, createEmptyBody(), request.getMethod());
+                respond(session, response, createEmptyBody(), request.getMethod());
                session.setLastResponseEmpty(true);
            }
            else {
@@ -333,7 +325,7 @@ public class HttpBindServlet extends HttpServlet {
            if (JiveGlobals.getBooleanProperty("log.httpbind.enabled", false)) {
                System.out.println(new Date()+": HTTP RECV(" + connection.getSession().getStreamID().getID() + "): " + rootNode.asXML());
            }
-            respond(request, response, connection, request.getMethod());
+            respond(response, connection, request.getMethod());
        }
        catch (UnauthorizedException e) {
            // Server wasn't initialized yet.
@@ -346,8 +338,7 @@ public class HttpBindServlet extends HttpServlet {
    }
-    // add request argument
+    private void respond(HttpServletResponse response, HttpConnection connection, String method)
-    private void respond(HttpServletRequest request, HttpServletResponse response, HttpConnection connection, String method)
            throws IOException
    {
        String content;
@@ -359,11 +350,10 @@ public class HttpBindServlet extends HttpServlet {
            connection.getSession().setLastResponseEmpty(true);
        }
-        respond(connection.getSession(), request, response, content, method);
+        respond(connection.getSession(), response, content, method);
    }
-    // add request argument
+    private void respond(HttpSession session, HttpServletResponse response, String content, String method)
-    private void respond(HttpSession session, HttpServletRequest request, HttpServletResponse response, String content, String method)
            throws IOException {
        response.setStatus(HttpServletResponse.SC_OK);
        response.setContentType("GET".equals(method) ? "text/javascript" : "text/xml");
@@ -378,8 +368,6 @@ public class HttpBindServlet extends HttpServlet {
            }
            content = "_BOSH_(\"" + StringEscapeUtils.escapeJavaScript(content) + "\")";
        }
-        addCORSHeaders(request, response);
        if (JiveGlobals.getBooleanProperty("log.httpbind.enabled", false)) {
            System.out.println(new Date()+": HTTP SENT(" + session.getStreamID().getID() + "): " + content);
@@ -390,27 +378,6 @@ public class HttpBindServlet extends HttpServlet {
        response.getOutputStream().close();
    }
-    private void addCORSHeaders(HttpServletRequest request, HttpServletResponse response)
-            throws IOException {
-        // add CORS headers
-        if (boshManager.isCORSEnabled()) {
-            if (boshManager.isAllOriginsAllowed())
-                // set the Access-Control-Allow-Origin header to * to allow all Origin to do the CORS  
-                response.addHeader("Access-Control-Allow-Origin", HttpBindManager.HTTP_BIND_CORS_ALLOW_ORIGIN_DEFAULT);
-            else {
-                // get the Origin header from the request and check if it is in the allowed Origin Map.
-                // if it is allowed write it back to the Access-Control-Allow-Origin header of the respond. 
-                String origin = request.getHeader("Origin");
-                if (boshManager.isThisOriginAllowed(origin)) {
-                    response.addHeader("Access-Control-Allow-Origin", origin);
-                }
-            }
-            response.addHeader("Access-Control-Allow-Methods", HttpBindManager.HTTP_BIND_CORS_ALLOW_METHODS_DEFAULT);
-            response.addHeader("Access-Control-Allow-Headers", HttpBindManager.HTTP_BIND_CORS_ALLOW_HEADERS_DEFAULT);
-            response.addHeader("Access-Control-Max-Age", HttpBindManager.HTTP_BIND_CORS_MAX_AGE_DEFAULT);
-        }
-    }
    private static String createEmptyBody() {
        Element body = DocumentHelper.createElement("body");
        body.addNamespace("", "http://jabber.org/protocol/httpbind");

--- a/src/web/http-bind.jsp
+++ b/src/web/http-bind.jsp
@@ -36,21 +36,13 @@
        Map<String, String> errorMap = new HashMap<String, String>();
        boolean isEnabled = ParamUtils.getBooleanParameter(request, "httpBindEnabled",
                serverManager.isHttpBindEnabled());
-        // CORS        
-        boolean isCORSEnabled = ParamUtils.getBooleanParameter(request, "CORSEnabled",
-                serverManager.isCORSEnabled());        
        if (isEnabled) {
            int requestedPort = ParamUtils.getIntParameter(request, "port",
                    serverManager.getHttpBindUnsecurePort());
            int requestedSecurePort = ParamUtils.getIntParameter(request, "securePort",
                    serverManager.getHttpBindSecurePort());
-            // CORS
-            String CORSDomains = ParamUtils.getParameter(request, "CORSDomains", true);     
            try {
                serverManager.setHttpBindPorts(requestedPort, requestedSecurePort);
-                // CORS
-                serverManager.setCORSEnabled(isCORSEnabled);
-                serverManager.setCORSAllowOrigin(CORSDomains);
            }
            catch (Exception e) {
                Log.error("An error has occured configuring the HTTP binding ports", e);
@@ -79,8 +71,6 @@
    int port = serverManager.getHttpBindUnsecurePort();
    int securePort = serverManager.getHttpBindSecurePort();
    boolean isScriptSyntaxEnabled = serverManager.isScriptSyntaxEnabled();
-    // CORS
-    boolean isCORSEnabled = serverManager.isCORSEnabled();
 %>
 <%@page import="org.jivesoftware.openfire.http.FlashCrossDomainServlet"%><html>
@@ -96,9 +86,6 @@
            $("securePort").disabled = !enabled;
            $("rb03").disabled = !enabled;
            $("rb04").disabled = !enabled;
-            $("rb05").disabled = !enabled;
-            $("rb06").disabled = !enabled;
-            $("CORSDomains").disabled = !enabled;
            $("crossdomain").disabled = !enabled;
        }
        window.onload = setTimeout("setEnabled()", 500);
@@ -211,53 +198,6 @@
 		</tbody>
 		</table>
    </div>
-    <!-- CORS -->
-	<div class="jive-contentBoxHeader">Provides support for CORS (Cross-Origin Resource Sharing)</div>
-    <div class="jive-contentbox">
-    	<table cellpadding="3" cellspacing="0" border="0">
-		<tbody>
-			<tr valign="top">
-				<td width="1%" nowrap>
-					<input type="radio" name="CORSEnabled" value="true" id="rb05"
-					 <%= (isCORSEnabled ? "checked" : "") %>>
-				</td>
-				<td width="99%">
-					<label for="rb05">
-						<b>Enabled</b> - Activate CORS support for cross domain scripting
-					</label>
-					<table border="0">
-						<tr>
-							<td>
-								<label for="CORSDomains">
-									Enter domain list below separated by commas or * to allow any :
-								</label>
-							</td>
-						</tr>
-                        <tr>
-                            <td>
-                                <input id="CORSDomains" type="text" size="80" name="CORSDomains" value="<%= serverManager.getCORSAllowOrigin() %>">
-                            </td>
-                        </tr>
-                    </table>
-				</td>
-			</tr>
-            <tr valign="top">
-				<td width="1%" nowrap>
-					<input type="radio" name="CORSEnabled" value="false" id="rb06"
-					 <%= (!isCORSEnabled ? "checked" : "") %>>
-				</td>
-				<td width="99%">
-					<label for="rb06">
-					<b>Disabled</b> - Disable CORS support
-					</label>
-				</td>
-			</tr>
-		</tbody>
-		</table>
-    </div>
-    <!-- CORS -->
    <div class="jive-contentBoxHeader">Cross-domain policy</div>
    <div class="jive-contentbox">
    	<p><fmt:message key="httpbind.settings.crossdomain.info.general" /></p>