org.apache.cxf.rs.security.cors
Class CrossOriginResourceSharingFilter

java.lang.Object
  org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter

All Implemented Interfaces:

javax.ws.rs.container.ContainerRequestFilter, javax.ws.rs.container.ContainerResponseFilter

@PreMatching
public class CrossOriginResourceSharingFilter
extends Object
implements javax.ws.rs.container.ContainerRequestFilter, javax.ws.rs.container.ContainerResponseFilter

A single class that provides both an input and an output filter for CORS, following http://www.w3.org/TR/cors/. The input filter examines the input headers. If the request is valid, it stores the information in the Exchange to allow the response handler to add the appropriate headers to the response. If you need complex or subtle control of the behavior here (e.g. clearing the prefight cache) you might be better off reading the source of this class and implementing this inside your service. This class will perform preflight processing even if there is a resource method annotated to handle @OPTIONS, unless that method is annotated as follows:

Constructor Summary


CrossOriginResourceSharingFilter()



           


 






Method Summary



 void
filter(javax.ws.rs.container.ContainerRequestContext context)



           



 void
filter(javax.ws.rs.container.ContainerRequestContext requestContext,
       javax.ws.rs.container.ContainerResponseContext responseContext)



           



 List<String>
getAllowHeaders()



           



 List<String>
getAllowOrigins()



           



 List<String>
getExposeHeaders()



           



 Integer
getMaxAge()



           



 boolean
isAllowCredentials()



           



 void
setAllowCredentials(boolean allowCredentials)



          The value for the Access-Control-Allow-Credentials header.



 void
setAllowHeaders(List<String> allowedHeaders)



          The list of allowed headers for preflight checks.



 void
setAllowOrigins(List<String> allowedOrigins)



          The origin strings to allow.



 void
setDefaultOptionsMethodsHandlePreflight(boolean defaultOptionsMethodsHandlePreflight)



          What to do when a preflight request comes along for a resource that has a handler method for
 \@OPTIONS and there is no @CrossResourceSharing(localPreflight = val)
 annotation on the method.



 void
setExposeHeaders(List<String> exposeHeaders)



          A list of non-simple headers to be exposed via Access-Control-Expose-Headers.



 void
setFindResourceMethod(boolean findResourceMethod)



           



 void
setMaxAge(Integer maxAge)



          The value for Access-Control-Max-Age.



 void
setPreflightErrorStatus(Integer status)



          Preflight error response status, default is 200.


 


Methods inherited from class java.lang.Object


clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait


 








Constructor Detail




CrossOriginResourceSharingFilter
public CrossOriginResourceSharingFilter()









Method Detail




filter
public void filter(javax.ws.rs.container.ContainerRequestContext context)


Specified by:
filter in interface javax.ws.rs.container.ContainerRequestFilter








filter
public void filter(javax.ws.rs.container.ContainerRequestContext requestContext,
                   javax.ws.rs.container.ContainerResponseContext responseContext)


Specified by:
filter in interface javax.ws.rs.container.ContainerResponseFilter








setAllowOrigins
public void setAllowOrigins(List<String> allowedOrigins)

The origin strings to allow. An empty list allows all origins.





Parameters:
allowedOrigins - a list of case-sensitive origin strings.





getAllowOrigins
public List<String> getAllowOrigins()






Returns:
the list of allowed origins.





getAllowHeaders
public List<String> getAllowHeaders()











setAllowHeaders
public void setAllowHeaders(List<String> allowedHeaders)

The list of allowed headers for preflight checks. Section 5.2.6





Parameters:
allowedHeaders - a list of permitted headers.





getExposeHeaders
public List<String> getExposeHeaders()











getMaxAge
public Integer getMaxAge()











isAllowCredentials
public boolean isAllowCredentials()











setAllowCredentials
public void setAllowCredentials(boolean allowCredentials)

The value for the Access-Control-Allow-Credentials header. If false, no header is added. If true, the
 header is added with the value 'true'.





Parameters:
allowCredentials - 





setExposeHeaders
public void setExposeHeaders(List<String> exposeHeaders)

A list of non-simple headers to be exposed via Access-Control-Expose-Headers.





Parameters:
exposeHeaders - the list of (case-sensitive) header names.





setMaxAge
public void setMaxAge(Integer maxAge)

The value for Access-Control-Max-Age.





Parameters:
maxAge - An integer 'delta-seconds' or null. If null, no header is added.





setPreflightErrorStatus
public void setPreflightErrorStatus(Integer status)

Preflight error response status, default is 200.





Parameters:
status - HTTP status code.





setDefaultOptionsMethodsHandlePreflight
public void setDefaultOptionsMethodsHandlePreflight(boolean defaultOptionsMethodsHandlePreflight)

What to do when a preflight request comes along for a resource that has a handler method for
 \@OPTIONS and there is no @CrossResourceSharing(localPreflight = val)
 annotation on the method. If this is true, then the filter 
 defers to the resource class method.
 If this is false, then this filter performs preflight processing.





Parameters:
defaultOptionsMethodsHandlePreflight - true to defer to resource methods.





setFindResourceMethod
public void setFindResourceMethod(boolean findResourceMethod)




















  

  
    Overview 
  
    Package 
  
  Class 
  
    Use 
  
    Tree 
  
    Deprecated 
  
    Index 
  
    Help 
  



Apache CXF API





 PREV CLASS 
 NEXT CLASS

  FRAMES   
 NO FRAMES   
 







  SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD






Apache CXF