Apache CXF API

org.apache.cxf.rs.security.cors
Annotation Type CrossOriginResourceSharing


@Target(value={TYPE,METHOD})
@Retention(value=RUNTIME)
@Inherited
public @interface CrossOriginResourceSharing

Attach CORS information to a resource. This annotation is read by CrossOriginResourceSharingFilter. If this annotation is present on a method, or on the method's class (or its superclasses), then it completely overrides any parameters set in CrossOriginResourceSharingFilter. If a particular parameter of this annotation is not specified, then the default value is used, not the parameters of the filter. Note that the CORS specification censors the headers on a preflight OPTIONS request. As a result, the filter cannot determine exactly which method corresponds to the request, and so uses only class-level annotations to set policies.


Optional Element Summary
 boolean allowAllOrigins
          If true, this resource will return
 boolean allowCredentials
          If true, this resource will return
 String[] allowHeaders
          A list of headers that the client may include in an actual request.
 String[] allowOrigins
          A list of permitted origins.
 String[] exposeHeaders
          A list of headers to return in Access-Control-Expose-Headers.
 int maxAge
          The value to return in Access-Control-Max-Age.
 

allowAllOrigins

public abstract boolean allowAllOrigins
If true, this resource will return
Access-Control-Allow-Origin: *
for a valid request

Default:
false

allowOrigins

public abstract String[] allowOrigins
A list of permitted origins. It is ignored if allowAllOrigins() returns true

Default:
{}

allowHeaders

public abstract String[] allowHeaders
A list of headers that the client may include in an actual request. All the headers listed in the Access-Control-Request-Headers will be allowed if the list is empty

Default:
{}

allowCredentials

public abstract boolean allowCredentials
If true, this resource will return
Access-Control-Allow-Credentials: true

Default:
false

exposeHeaders

public abstract String[] exposeHeaders
A list of headers to return in Access-Control-Expose-Headers.

Default:
{}

maxAge

public abstract int maxAge
The value to return in Access-Control-Max-Age. If this is negative, then no header is returned. The default value is -1.

Default:
-1

Apache CXF API

Apache CXF