ws-java
diff --git a/‎src/main/java/act/Act.java‎
Lines changed: 10 additions & 0 deletions b/‎src/main/java/act/Act.java‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎src/main/java/act/app/ActionContext.java‎
Lines changed: 36 additions & 4 deletions b/‎src/main/java/act/app/ActionContext.java‎
Lines changed: 36 additions & 4 deletions
diff --git a/‎src/main/java/act/app/conf/AppConfigurator.java‎
Lines changed: 97 additions & 3 deletions b/‎src/main/java/act/app/conf/AppConfigurator.java‎
Lines changed: 97 additions & 3 deletions
diff --git a/‎src/main/java/act/app/event/AppConfigPreMerge.java‎
Lines changed: 12 additions & 0 deletions b/‎src/main/java/act/app/event/AppConfigPreMerge.java‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/main/java/act/app/event/AppEventId.java‎
Lines changed: 6 additions & 0 deletions b/‎src/main/java/act/app/event/AppEventId.java‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎src/main/java/act/boot/app/FullStackAppBootstrapClassLoader.java‎
Lines changed: 6 additions & 8 deletions b/‎src/main/java/act/boot/app/FullStackAppBootstrapClassLoader.java‎
Lines changed: 6 additions & 8 deletions
@@ -18,6 +18,7 @@
 import act.event.EventBus;
 import act.handler.builtin.controller.*;
 import act.handler.builtin.controller.impl.ReflectedHandlerInvoker;
+import act.inject.DependencyInjector;
 import act.job.AppJobManager;
 import act.metric.MetricPlugin;
 import act.metric.SimpleMetricPlugin;
@@ -399,6 +400,15 @@ public static AppJobManager jobManager() {
         return App.instance().jobManager();
     }
 
+    /**
+     * Returns the {@link App app}'s {@link DependencyInjector}
+     * @param <DI> the generic type of injector
+     * @return the app's injector
+     */
+    public static <DI extends DependencyInjector> DI injector() {
+        return App.instance().injector();
+    }
+
     /**
      * Return an instance with give class name
      * @param className the class name
 
@@ -2,16 +2,17 @@
 
 import act.Act;
 import act.Destroyable;
+import act.conf.AppConfig;
 import act.data.MapUtil;
 import act.data.RequestBodyParser;
 import act.event.ActEvent;
+import act.event.ActEventListenerBase;
 import act.event.EventBus;
+import act.event.OnceEventListenerBase;
 import act.handler.RequestHandler;
+import act.handler.event.BeforeCommit;
 import act.route.Router;
 import act.util.ActContext;
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONArray;
-import com.alibaba.fastjson.JSONObject;
 import org.osgl.$;
 import org.osgl.concurrent.ContextLocal;
 import org.osgl.http.H;
@@ -20,14 +21,15 @@
 import org.osgl.util.C;
 import org.osgl.util.E;
 import org.osgl.util.S;
-import org.osgl.util.Str;
 import org.osgl.web.util.UserAgent;
 
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.validation.ConstraintViolation;
 import java.util.*;
 
+import static org.osgl.http.H.Header.Names.*;
+
 /**
  * {@code AppContext} encapsulate contextual properties needed by
  * an application session
@@ -58,6 +60,7 @@ public class ActionContext extends ActContext.Base<ActionContext> implements Act
     private Router router;
     private RequestHandler handler;
     private UserAgent ua;
+    private boolean disableCors;
 
     @Inject
     private ActionContext(App app, H.Request request, H.Response response) {
@@ -68,6 +71,13 @@ private ActionContext(App app, H.Request request, H.Response response) {
         this._init();
         this.state = State.CREATED;
         this.saveLocal();
+        app.eventBus().once(BeforeCommit.class, new OnceEventListenerBase() {
+            @Override
+            public boolean tryHandle(EventObject event) throws Exception {
+                applyGlobalCorsSetting();
+                return true;
+            }
+        });
     }
 
     public State state() {
@@ -265,6 +275,28 @@ public ActionContext addUpload(String name, ISObject sobj) {
         return this;
     }
 
+    public void disableCORS() {
+        this.disableCors = true;
+    }
+
+    public void applyGlobalCorsSetting() {
+        if (this.disableCors) {
+            return;
+        }
+        AppConfig conf = config();
+        if (!conf.corsEnabled()) {
+            return;
+        }
+        H.Response r = resp();
+        r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_ORIGIN, conf.corsAllowOrigin());
+        if (request.method() == H.Method.OPTIONS) {
+            r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_HEADERS, conf.corsAllowHeaders());
+            r.addHeaderIfNotAdded(ACCESS_CONTROL_ALLOW_METHODS, conf.corsAllowMethods());
+            r.addHeaderIfNotAdded(ACCESS_CONTROL_EXPOSE_HEADERS, conf.corsExposeHeaders());
+            r.addHeaderIfNotAdded(ACCESS_CONTROL_MAX_AGE, S.string(conf.corsMaxAge()));
+        }
+    }
+
     /**
      * Called by bytecode enhancer to set the name list of the render arguments that is update
      * by the enhancer
 
@@ -1,5 +1,6 @@
 package act.app.conf;
 
+import act.app.event.AppEventId;
 import act.conf.AppConfig;
 import act.route.RouteSource;
 import act.route.Router;
@@ -10,8 +11,7 @@
 
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 
 /**
  * Base class for app developer implement source code based configuration
@@ -62,6 +62,10 @@ protected T registerStringValueResolver(Class<T> targetType, StringValueResolver
         return me();
     }
 
+    protected CorsSetting cors() {
+        return new CorsSetting(this);
+    }
+
     protected RouteBuilder route(String path) {
         return new RouteBuilder(this).map(path);
     }
@@ -98,14 +102,104 @@ public <V> V propVal(String key) {
 
     protected void releaseAppConfigResources() {}
 
+    protected static class CorsSetting {
+        private AppConfigurator conf;
+        private boolean enabled;
+        private String allowOrigin;
+        private int maxAge;
+        private List<String> methods = new ArrayList<>();
+        private List<String> headersBoth = new ArrayList<>();
+        private List<String> headersAllowed = new ArrayList<>();
+        private List<String> headersExpose = new ArrayList<>();
+
+        CorsSetting(AppConfigurator conf) {
+            this.conf = conf;
+            this.enabled = true;
+            conf.app().jobManager().on(AppEventId.CONFIG_PREMERGE, new Runnable() {
+                @Override
+                public void run() {
+                    checkAndCommit();
+                }
+            });
+        }
+
+        public CorsSetting enable() {
+            enabled = true;
+            return this;
+        }
+
+        public CorsSetting disable() {
+            enabled = false;
+            return this;
+        }
+
+        public CorsSetting allowOrigin(String allowOrigin) {
+            E.illegalArgumentIf(S.blank(allowOrigin), "allow origin cannot be empty");
+            this.allowOrigin = allowOrigin;
+            return this;
+        }
+
+        public CorsSetting allowMethods(String ... methods) {
+            this.methods.addAll(C.listOf(methods));
+            return this;
+        }
+
+        public CorsSetting maxAge(int maxAge) {
+            E.illegalArgumentIf(maxAge < 0);
+            this.maxAge = maxAge;
+            return this;
+        }
+
+        public CorsSetting allowHeaders(String ... headers) {
+            headersAllowed.addAll(C.listOf(headers));
+            return this;
+        }
+
+        public CorsSetting exposeHeaders(String ... headers) {
+            headersExpose.addAll(C.listOf(headers));
+            return this;
+        }
+
+        public CorsSetting allowAndExposeHeaders(String ... headers) {
+            headersBoth.addAll(C.listOf(headers));
+            return this;
+        }
+
+        private void checkAndCommit() {
+            if (!enabled) {
+                logger.info("Global CORS is disabled");
+                conf.enableCors(false);
+                return;
+            }
+            logger.info("Global CORS is enabled");
+            conf.enableCors(true);
+            conf.corsAllowOrigin(allowOrigin);
+            conf.corsHeaders(consolidate(headersBoth));
+            conf.corsAllowHeaders(consolidate(headersAllowed));
+            conf.corsHeadersExpose(consolidate(headersExpose));
+            conf.corsAllowMethods(consolidate(methods));
+            conf.corsMaxAge(maxAge);
+        }
+
+        private String consolidate(List<String> stringList) {
+            if (stringList.isEmpty()) {
+                return null;
+            }
+            Set<String> set = new HashSet<>();
+            for (String s : stringList) {
+                set.addAll(C.listOf(s.split(",")));
+            }
+            return S.join(", ", set);
+        }
+    }
+
     protected static class RouteBuilder {
 
         private AppConfigurator conf;
         private Router router;
         private C.List<H.Method> methods = C.newListOf(Router.supportedHttpMethods());
         private String path;
         private String action;
-        private Class<?> controller;
         RouteBuilder(AppConfigurator config) {
             router = config.app().router();
             E.illegalStateIf(null == router);
 
@@ -0,0 +1,12 @@
+package act.app.event;
+
+import act.app.App;
+
+/**
+ * Emitted right before merging {@link act.app.conf.AppConfigurator app custom config}
+ */
+public class AppConfigPreMerge extends AppEvent {
+    public AppConfigPreMerge(App source) {
+        super(AppEventId.CONFIG_PREMERGE, source);
+    }
+}
@@ -15,6 +15,12 @@ public AppEvent of(App app) {
             return new AppConfigLoaded(app);
         }
     },
+    CONFIG_PREMERGE() {
+        @Override
+        public AppEvent of(App app) {
+            return new AppConfigPreMerge(app);
+        }
+    },
     DB_SVC_LOADED () {
         @Override
         public AppEvent of(App app) {
 
@@ -9,10 +9,7 @@
 import act.util.Jars;
 import org.osgl.$;
 import org.osgl.exception.UnexpectedException;
-import org.osgl.util.C;
-import org.osgl.util.E;
-import org.osgl.util.IO;
-import org.osgl.util.S;
+import org.osgl.util.*;
 
 import java.io.File;
 import java.lang.reflect.Modifier;
@@ -37,6 +34,7 @@ public class FullStackAppBootstrapClassLoader extends BootstrapClassLoader imple
     private Map<String, byte[]> libBC = C.newMap();
     private List<Class<?>> actClasses = C.newList();
     private List<Class<?>> pluginClasses = new ArrayList<>();
+    private String lineSeparator = OS.get().lineSeparator();
 
     public FullStackAppBootstrapClassLoader(ClassLoader parent) {
         super(parent);
@@ -134,15 +132,15 @@ private void savePluginClasses() {
         }
         StringBuilder sb = S.builder();
         for (Class c : pluginClasses) {
-            sb.append(c.getName()).append("\n");
+            sb.append(c.getName()).append(lineSeparator);
         }
         sb.deleteCharAt(sb.length() - 1);
         saveToFile(".act.plugins", sb.toString());
     }
 
     private void saveToFile(String name, String content) {
         StringBuilder sb = S.builder("#").append(jarsChecksum);
-        sb.append("\n").append(content);
+        sb.append(lineSeparator).append(content);
         File file = new File(name);
         IO.writeContent(sb.toString(), file);
     }
@@ -152,7 +150,7 @@ private void restoreClassInfoRegistry() {
         if (list.isEmpty()) {
             return;
         }
-        String json = S.join("\n", list);
+        String json = S.join(lineSeparator, list);
         classInfoRepository = ClassInfoRepository.parseJSON(json);
     }
 
@@ -170,7 +168,7 @@ private List<String> restoreFromFile(String name) {
         File file = new File(name);
         if (file.canRead()) {
             String content = IO.readContentAsString(file);
-            String[] sa = content.split("\n");
+            String[] sa = content.split(lineSeparator);
             long fileChecksum = Long.parseLong(sa[0].substring(1));
             if (jarsChecksum.equals(fileChecksum)) {
                 return C.listOf(sa).drop(1);