Wednesday, 5 February 2014

Same-origin policy (SOP)

Same Origin Policy (SOP) is a web browser security measure that prevents JavasScript running in one site from accessing other sites (unless they're from the same origin). For example, if you have "random_site.com" open in one browser window and "gmail.com" in another, then you don't want a script from "random_site.com" to access your Gmail. Two pages are considered from the same origin if the protocol, port (if any) and host are the same.

Cross-origin resource sharing (CORS)

Cross-origin resource sharing (CORS) is a mechanism that allows scripts to bypass the Same-Origin Policy, essentially allowing JavasScript code to make requests to external sites. Such "cross-domain" requests would otherwise be forbidden by web browsers. When browsers issue requests, they always include the "Origin" header, the server can then pick up this "Origin" header and respond with an "Access-Control-Allow-Origin" header if that Origin is acceptable.  Browsers will then allow the access to go ahead.

CORS in Java

In your Java webapp, all you need to do is set the "Access-Control-Allow-Origin" CORS header to the Servlet response:

response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));

As of Tomcat 7, CORS  support has been added (in the form of a filter). In theory, you can add this Tomcat-specific Servlet to the web.xml and it should take care of adding CORS headers (although that didn't really work for me): 

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

More info at:

CORS in Scala

If using Spray with Scala, for example, adding CORS headers to the response can be achieved using the following code: 

import spray.http._

path("your_path") {
 get{
  respondWithHeader(HttpHeaders.`Access-Control-Allow-Origin`(AllOrigins)){
    _.complete("server response")        
  }
 }
}

Friday, 31 January 2014

Scala: Remote debugging in SBT's Jetty container


The following will attach your Scala source code to your webapp running in Jetty.

Configuration for remote debugging in SBT's embedded Jetty is not much different Maven's Jetty plugin. Here I used Scala 2.10, SBT 0.12 and dependency "jetty-webapp" 8.1

1. Export JVM debug parameters

$ export SBT_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,address=4000,server=y,suspend=n"

                   Note: Change parameters "suspend" and "address" to your own needs.

2. Start SBT (sbt) and configure your IDE to connect to the port SBT is listening on. In Eclipse, for example, would be something like this: 

"Run" > "Debug Configurations" > "Remote Java Application"

Create a new configuration and enter the following:

Connection TypeStandard (Socket Attach)
Hostlocalhost
Port4000

Select "Apply" and then "Debug"

3. Create breakpoints in your code and start the Jetty container: 

container:start