|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter
public class CrossOriginResourceSharingFilter
An single class that provides both an input and an output filter for CORS, following http://www.w3.org/TR/cors/. The input examines the input headers. If the request is valid, it stores the information in the Exchange to allow the response handler to add the appropriate headers to the response. If you need complex or subtle control of the behavior here (e.g. clearing the prefight cache) you might be better off reading the source of this and implementing this inside your service. This class will perform preflight processing even if there is a resource method annotated to handle @OPTIONS, unless that method is annotated as follows:
Constructor Summary | |
---|---|
CrossOriginResourceSharingFilter()
|
Method Summary | |
---|---|
List<String> |
getAllowHeaders()
|
List<String> |
getAllowOrigins()
|
List<String> |
getExposeHeaders()
|
Integer |
getMaxAge()
|
javax.ws.rs.core.Response |
handleRequest(Message m,
ClassResourceInfo resourceClass)
|
javax.ws.rs.core.Response |
handleResponse(Message m,
OperationResourceInfo ori,
javax.ws.rs.core.Response response)
|
boolean |
isAllowAnyHeaders()
|
boolean |
isAllowCredentials()
|
boolean |
isDefaultOptionsMethodsHandlePreflight()
|
void |
setAllowAllOrigins(boolean allowAllOrigins)
Whether to implement Access-Control-Allow-Origin: * |
void |
setAllowAnyHeaders(boolean allowAnyHeader)
Completely relax the Access-Control-Request-Headers check. |
void |
setAllowCredentials(boolean allowCredentials)
The value for the Access-Control-Allow-Credentials header. |
void |
setAllowHeaders(List<String> allowedHeaders)
The list of allowed headers for preflight checks. |
void |
setAllowOrigins(List<String> allowedOrigins)
The origin strings to allow. |
void |
setDefaultOptionsMethodsHandlePreflight(boolean defaultOptionsMethodsHandlePreflight)
What to do when a preflight request comes along for a resource that has a handler method for \@OPTIONS and there is no @ CrossResourceSharing (localPreflight = val)
annotation on the method. |
void |
setExposeHeaders(List<String> exposeHeaders)
A list of non-simple headers to be exposed via Access-Control-Expose-Headers. |
void |
setMaxAge(Integer maxAge)
The value for Access-Control-Max-Age. |
void |
setPreflightErrorStatus(Integer status)
Preflight error response status, default is 200. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CrossOriginResourceSharingFilter()
Method Detail |
---|
public javax.ws.rs.core.Response handleRequest(Message m, ClassResourceInfo resourceClass)
handleRequest
in interface RequestHandler
public javax.ws.rs.core.Response handleResponse(Message m, OperationResourceInfo ori, javax.ws.rs.core.Response response)
handleResponse
in interface ResponseHandler
public void setAllowOrigins(List<String> allowedOrigins)
setAllowAllOrigins(boolean)
to enable '*'.
allowedOrigins
- a list of case-sensitive origin strings.public List<String> getAllowOrigins()
public void setAllowAllOrigins(boolean allowAllOrigins)
allowAllOrigins
- if true, all origins are accepted and
"*" is returned in the header. Sections
5.1.1 and 5.1.2, and 5.2.1 and 5.2.2. If false, then the list of allowed origins must bepublic List<String> getAllowHeaders()
public void setAllowHeaders(List<String> allowedHeaders)
allowedHeaders
- a list of permitted headers.public List<String> getExposeHeaders()
public Integer getMaxAge()
public boolean isAllowCredentials()
public void setAllowCredentials(boolean allowCredentials)
allowCredentials
- public void setExposeHeaders(List<String> exposeHeaders)
exposeHeaders
- the list of (case-sensitive) header names.public void setMaxAge(Integer maxAge)
maxAge
- An integer 'delta-seconds' or null. If null, no header is added.public void setPreflightErrorStatus(Integer status)
status
- HTTP status code.public boolean isDefaultOptionsMethodsHandlePreflight()
public void setDefaultOptionsMethodsHandlePreflight(boolean defaultOptionsMethodsHandlePreflight)
CrossResourceSharing
(localPreflight = val)
annotation on the method. If this is true, then the filter
defers to the resource class method.
If this is false, then this filter performs preflight processing.
defaultOptionsMethodsHandlePreflight
- true to defer to resource methods.public boolean isAllowAnyHeaders()
public void setAllowAnyHeaders(boolean allowAnyHeader)
allowAnyHeader
- whether to allow any header. If false,
respect the allowHeaders property.
|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |