webapi: x-csrf-token, webapi.js and webapi-min.js

src/main/java/org/genesys2/server/servlet/controller/webapi/WebApiController.java

@@ -79,8 +79,8 @@ public class WebApiController extends RestController {
 	}
 
 	public static class JsonData {
-		public String filter;
-		public Integer startAt;
-		public Integer maxRecords;
+		public String filter = "";
+		public Integer startAt = 1;
+		public Integer maxRecords = 50;
 	}
 }

src/main/webapp/WEB-INF/web.xml

@@ -121,7 +121,7 @@
         </init-param>
  		<init-param>
 	        <param-name>allowedHeaders</param-name>
-	        <param-value>authorization,content-type</param-value>
+	        <param-value>authorization,content-type,x-csrf-token</param-value>
 	    </init-param>
 	    <!-- Do not chain preflight request to application -->
         <init-param>

src/main/webapp/html/js/webapi.js

+/**
+ * Copyright 2015 Global Crop Diversity Trust
+ * jQuery $ and $.ajax() required.
+ */
+GenesysPGR = function(baseUrl, clientId) {
+	this.clientId = clientId;
+	this.baseUrl = baseUrl;
+	this.clientSecret = null;
+
+	this.defaultOptions = {
+		startAt: 1,
+		maxRecords: 50,
+		success: new Function(),
+		error: new Function()
+	};
+};
+
+GenesysPGR.prototype.getUrl = function(apiCall) {
+	return this.baseUrl + '/webapi' + apiCall + '?client_id=' + this.clientId + (this.clientSecret!==null ? '&client_secret=' + this.clientSecret : '');
+};
+	
+GenesysPGR.prototype.listAccessions = function (filter, opts) {
+	var o = $.extend({}, GenesysPGR.defaultOptions, opts); 
+	var json={filter: JSON.stringify(filter), startAt: Math.max(1, o.startAt), maxRecords: o.maxRecords };
+
+	$.ajax(this.getUrl('/v0/acn/filter'), {
+		dataType: 'json',
+		type: 'POST',
+		contentType: 'application/json; charset=utf-8',
+		data: JSON.stringify(json),
+
+		success: function (accessions) {
+			o.success(accessions);
+		},
+
+		error: function (errorAsync) {
+			o.error(errorAsync);
+		}
+	});
+};