org.apache.cxf.rs.security.cors
Annotation Type CrossOriginResourceSharing

@Target(value={TYPE,METHOD})
@Retention(value=RUNTIME)
@Inherited
public @interface CrossOriginResourceSharing

Attach CORS information to a resource. This annotation is read by CrossOriginResourceSharingFilter. If this annotation is present on a method, or on the method's class (or its superclasses), then it completely overrides any parameters set in CrossOriginResourceSharingFilter. If a particular parameter of this annotation is not specified, then the default value is used, not the parameters of the filter. Note that the CORS specification censors the headers on a preflight OPTIONS request. As a result, the filter cannot determine exactly which method corresponds to the request, and so uses only class-level annotations to set policies.

allowAllOrigins

public abstract boolean allowAllOrigins

If true, this resource will return

Access-Control-Allow-Origin: *

for a valid request

Default:

false

allowOrigins

public abstract String[] allowOrigins

A list of permitted origins. It is ignored if allowAllOrigins() returns true

Default:

{}

allowHeaders

public abstract String[] allowHeaders

A list of headers that the client may include in an actual request. All the headers listed in the Access-Control-Request-Headers will be allowed if the list is empty

Default:

{}

allowCredentials

public abstract boolean allowCredentials

If true, this resource will return

Access-Control-Allow-Credentials: true

Default:

false

exposeHeaders

public abstract String[] exposeHeaders

A list of headers to return in Access-Control-Expose-Headers.

Default:

{}

maxAge

public abstract int maxAge

The value to return in Access-Control-Max-Age. If this is negative, then no header is returned. The default value is -1.

Default:

-1