SuperPlan(14)Winner Seller Server - JSON Cross Domain

SuperPlan(14)Winner Seller Server - JSON Cross Domain

16. JSON cross domain
I will rock and roll in JSON REST and JSON client now. JSONP is not what I want.

It is complex than I thought. Actually, I make the JSON basic auth working with JSONP basic auth. JSONP is for the navigate bars, JSON is working for the products right now.

16.1 Server Side
I need to extend the HttpHeader to enable the cross domain access. The documents in spray are not in detail, it take time to understand and read the source scala codes in spray.
package object CrossDomainHeaders {
  case class Origin(origin: String) extends HttpHeader {
    def name = "Origin"
    def lowercaseName = "origin"
    def value = origin
  }

  case class `Access-Control-Allow-Origin`(origin: String) extends HttpHeader {
    def name = "Access-Control-Allow-Origin"
    def lowercaseName = "access-control-allow-origin"
    def value = origin
  }

  case class `Access-Control-Allow-Headers`(origin: String) extends HttpHeader {
    def name = "Access-Control-Allow-Headers"
    def lowercaseName = "access-control-allow-headers"
    def value = origin
  }

  case class `Access-Control-Allow-Methods`(origin: String) extends HttpHeader {
    def name = "Access-Control-Allow-Methods"
    def lowercaseName = "access-control-allow-methods"
    def value = origin
  }

  case class `Access-Control-Allow-Credentials`(allowed: Boolean) extends HttpHeader {
    def name = "Access-Control-Allow-Credentials"
    def lowercaseName = "access-control-allow-credentials"
    def value = if(allowed) "true" else "false"
  }
}

In my router, I need to consider to get the request header, find out the origin URL and match my white list of the domain names.
…snip...
implicit val productFormatter = ProductJsonProtocol.ProductJsonFormat
headerValueByName("Origin") { originHeader =>
      respondWithHeaders(`Access-Control-Allow-Origin`(originHeader),`Access-Control-Allow-Credentials`(true)) {
        authenticate(BasicAuth(new BrandUserPassAuthenticator(dao), "Realm")) { user =>
…snip…

Right now, it will access all the domain names, because it just say originHeader, I will rewrite it to match a white list.

Here is the way to read the white list in configuration file.
server {
     address = "0.0.0.0"
    port = 9001
    crossdomain.eanble = true
    crossdomain.list = [ "http://localhost:9000", "http://localhost:9001" ]
}

val lists = config.getStringList("server.crossdomain.list")

16.2 Client Side
There is nothing special on the client, because we send the credential to server via jsonp.
//json
if(config.productsProvider == 'json'){
     options.dataType = "json";
     options.crossDomain = true;
     options.xhrFields = { withCredentials: true };

     //options.beforeSend = function (xhr) {
     //   xhr.setRequestHeader('Authorization', 'Basic Y3VzdG9tZXI6Y3VzdG9tZXI=');
     //};

     var url_str = 'http://' + config.remoteServerURL + ':' + config.remoteServerPort
     url_str = url_str + '/' + config.apiVersion + '/' + config.brandName + '/' + 'products';
     options.url = url_str;
}

17. Jasmine
come sonn...

18. Integration(Backbone + Require + Jasmine + Phantom + Grunt + Bootstrap)
come soon…


References:
superPlan 13
http://sillycat.iteye.com/blog/1885313

integration
http://hdnrnzk.me/2013/01/10/backbone-requirejs-jasmine-phantomjs-and-grunt/
https://github.com/ghiden/backbone-requirejs-jasmine-phantomjs-grunt-setup

superplan(11) phantom
http://sillycat.iteye.com/blog/1874971

你可能感兴趣的:(server)