Currently the AuthFilter will try to find a token in the
X-OPENHAB-TOKEN HTTP header - only when it finds a cookie
named X-OPENHAB-AUTH-HEADER. It can cause problems because
browsers or proxies might block the cookie from being sent
for various reasons (for instance if there's a path set
for it).
There is no downside IMHO to always try to fallback to
checking the X-OPENHAB-TOKEN header for a token, if and
only if it's not already provided in the Authorization
header. It is the responsibility of the client to decide
how it wants to authorize the request among the available
options - by checking a cookie, or something else entirely.
Also removed the '?api_key=' option because Swagger UI
doesn't provide tokens that way anymore.
Signed-off-by: Yannick Schaus <github@schaus.net>
* Migrate to JAX-RS Whiteboard
* Upgrade Jackson and Swagger TP feature dependencies
The upstream JAX-RS Whiteboard feature is not used because the version ranges currently do not work with Karaf on Windows.
See: https://issues.apache.org/jira/browse/KARAF-6536
* Update Felix logback to 1.0.2
This version adds the jul-to-slf4j bridge (FELIX-6027).
JUL is used by CXF and using the bridge we can use logback to reduce the verbosity of the info logging whenever org.apache.cxf.endpoint.ServerImpl creates endpoints.
* Update Aries Whiteboard to 1.0.8
* Removes the hated default web application (ARIES-1931)
* Improves performance
* Uses CXF 3.2.12
* Don't reuse SSE event builders
SSE event builders are not thread-safe.
It also causes the wrong default values being used.
Also-by: Markus Rathgeb <maggu2810@gmail.com>
Signed-off-by: Wouter Born <github@maindrain.net>
* add project for publisher
* add unmodified com.eclipsesource.jaxrs.publisher sources
* modify and use modified publisher
* drop tracker usage (only for custom whitelist by fragments)
* add the new code to new classes and namespace
Also-by: Kai Kreuzer <kai@openhab.org>
Signed-off-by: Markus Rathgeb <maggu2810@gmail.com>
