|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter
@PreMatching public class CrossOriginResourceSharingFilter
A single class that provides both an input and an output filter for CORS, following http://www.w3.org/TR/cors/. The input filter examines the input headers. If the request is valid, it stores the information in the Exchange to allow the response handler to add the appropriate headers to the response. If you need complex or subtle control of the behavior here (e.g. clearing the prefight cache) you might be better off reading the source of this class and implementing this inside your service. This class will perform preflight processing even if there is a resource method annotated to handle @OPTIONS, unless that method is annotated as follows:
Constructor Summary | |
---|---|
CrossOriginResourceSharingFilter()
|
Method Summary | |
---|---|
void |
filter(javax.ws.rs.container.ContainerRequestContext context)
|
void |
filter(javax.ws.rs.container.ContainerRequestContext requestContext,
javax.ws.rs.container.ContainerResponseContext responseContext)
|
List<String> |
getAllowHeaders()
|
List<String> |
getAllowOrigins()
|
List<String> |
getExposeHeaders()
|
Integer |
getMaxAge()
|
boolean |
isAllowCredentials()
|
void |
setAllowCredentials(boolean allowCredentials)
The value for the Access-Control-Allow-Credentials header. |
void |
setAllowHeaders(List<String> allowedHeaders)
The list of allowed headers for preflight checks. |
void |
setAllowOrigins(List<String> allowedOrigins)
The origin strings to allow. |
void |
setDefaultOptionsMethodsHandlePreflight(boolean defaultOptionsMethodsHandlePreflight)
What to do when a preflight request comes along for a resource that has a handler method for \@OPTIONS and there is no @ CrossResourceSharing (localPreflight = val)
annotation on the method. |
void |
setExposeHeaders(List<String> exposeHeaders)
A list of non-simple headers to be exposed via Access-Control-Expose-Headers. |
void |
setFindResourceMethod(boolean findResourceMethod)
|
void |
setMaxAge(Integer maxAge)
The value for Access-Control-Max-Age. |
void |
setPreflightErrorStatus(Integer status)
Preflight error response status, default is 200. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public CrossOriginResourceSharingFilter()
Method Detail |
---|
public void filter(javax.ws.rs.container.ContainerRequestContext context)
filter
in interface javax.ws.rs.container.ContainerRequestFilter
public void filter(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext)
filter
in interface javax.ws.rs.container.ContainerResponseFilter
public void setAllowOrigins(List<String> allowedOrigins)
allowedOrigins
- a list of case-sensitive origin strings.public List<String> getAllowOrigins()
public List<String> getAllowHeaders()
public void setAllowHeaders(List<String> allowedHeaders)
allowedHeaders
- a list of permitted headers.public List<String> getExposeHeaders()
public Integer getMaxAge()
public boolean isAllowCredentials()
public void setAllowCredentials(boolean allowCredentials)
allowCredentials
- public void setExposeHeaders(List<String> exposeHeaders)
exposeHeaders
- the list of (case-sensitive) header names.public void setMaxAge(Integer maxAge)
maxAge
- An integer 'delta-seconds' or null. If null, no header is added.public void setPreflightErrorStatus(Integer status)
status
- HTTP status code.public void setDefaultOptionsMethodsHandlePreflight(boolean defaultOptionsMethodsHandlePreflight)
CrossResourceSharing
(localPreflight = val)
annotation on the method. If this is true, then the filter
defers to the resource class method.
If this is false, then this filter performs preflight processing.
defaultOptionsMethodsHandlePreflight
- true to defer to resource methods.public void setFindResourceMethod(boolean findResourceMethod)
|
Apache CXF API | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |