From b02d1597ce6ffa9c3e9f7085c90812c8ac502f83 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Thu, 21 Feb 2019 11:50:23 +0100
Subject: [PATCH] disable caching for api responses

---
 .../bean/utils/ApiAccessControlFilter.java    | 44 +++++++++++++++++++
 .../web/config/WebAppInitializer.java         | 10 ++++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 web/src/main/java/lcsb/mapviewer/web/bean/utils/ApiAccessControlFilter.java

diff --git a/web/src/main/java/lcsb/mapviewer/web/bean/utils/ApiAccessControlFilter.java b/web/src/main/java/lcsb/mapviewer/web/bean/utils/ApiAccessControlFilter.java
new file mode 100644
index 0000000000..1d490fc98a
--- /dev/null
+++ b/web/src/main/java/lcsb/mapviewer/web/bean/utils/ApiAccessControlFilter.java
@@ -0,0 +1,44 @@
+package lcsb.mapviewer.web.bean.utils;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+
+/**
+ * This filter enables x-frames from another domain if necessary.
+ * 
+ * @author Piotr Gawron
+ *
+ */
+public class ApiAccessControlFilter implements Filter {
+  /**
+   * Default class logger.
+   */
+  @SuppressWarnings("unused")
+  private final Logger logger = Logger.getLogger(ApiAccessControlFilter.class);
+
+  @Override
+  public void init(FilterConfig config) throws ServletException {
+  }
+
+  @Override
+  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+      throws IOException, ServletException {
+    HttpServletResponse response = (HttpServletResponse) res;
+    response.addHeader("Vary", "*");
+    chain.doFilter(req, response);
+  }
+
+  @Override
+  public void destroy() {
+  }
+
+}
diff --git a/web/src/main/java/lcsb/mapviewer/web/config/WebAppInitializer.java b/web/src/main/java/lcsb/mapviewer/web/config/WebAppInitializer.java
index e7bbb0ab63..cde1173065 100644
--- a/web/src/main/java/lcsb/mapviewer/web/config/WebAppInitializer.java
+++ b/web/src/main/java/lcsb/mapviewer/web/config/WebAppInitializer.java
@@ -1,7 +1,9 @@
 package lcsb.mapviewer.web.config;
 
 import java.io.InputStream;
-import java.util.*;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Properties;
 
 import javax.servlet.FilterRegistration;
 import javax.servlet.ServletContext;
@@ -23,6 +25,7 @@ import lcsb.mapviewer.annotation.SpringAnnotationConfig;
 import lcsb.mapviewer.api.SpringRestApiConfig;
 import lcsb.mapviewer.persist.SpringPersistConfig;
 import lcsb.mapviewer.services.SpringServiceConfig;
+import lcsb.mapviewer.web.bean.utils.ApiAccessControlFilter;
 import lcsb.mapviewer.web.bean.utils.JsfAjaxAccessControlAllowFilter;
 import lcsb.mapviewer.web.bean.utils.XFrameAccessControlFilter;
 
@@ -94,6 +97,11 @@ public class WebAppInitializer implements WebApplicationInitializer {
         jsfAjaxAccessControlAllowFilter);
     jsfAjaxAccessControlAllowFilterReg.addMappingForUrlPatterns(null, true, "/*");
 
+    ApiAccessControlFilter apiFilter = new ApiAccessControlFilter();
+    FilterRegistration.Dynamic apiFilterReg = container.addFilter("apiFilter", apiFilter);
+    apiFilterReg.addMappingForUrlPatterns(null, true, "/api/*");
+
+
     /*
      * =============== COOKIE SETTINGS ===============
      */
-- 
GitLab