Package org.apache.cxf.rs.security.cors

Class CrossOriginResourceSharingFilter

  • All Implemented Interfaces:
    javax.ws.rs.container.ContainerRequestFilter, javax.ws.rs.container.ContainerResponseFilter
    @Provider
@PreMatching
@Priority(999)
public class CrossOriginResourceSharingFilter
extends Object
implements javax.ws.rs.container.ContainerRequestFilter, javax.ws.rs.container.ContainerResponseFilter
    A single class that provides both an input and an output filter for CORS, following http://www.w3.org/TR/cors/. The input filter examines the input headers. If the request is valid, it stores the information in the Exchange to allow the response handler to add the appropriate headers to the response. If you need complex or subtle control of the behavior here (e.g. clearing the prefight cache) you might be better off reading the source of this class and implementing this inside your service. This class will perform preflight processing even if there is a resource method annotated to handle @OPTIONS, unless that method is annotated as follows: 
    

    • 












    

  • 


    

      

    • 



      Constructor Detail
      




        

      • 

        CrossOriginResourceSharingFilter
        

        public CrossOriginResourceSharingFilter()
        

        • 

      

      • 

    

    


    

      

    • 



      Method Detail
      




        

      • 

        filter
        

        public void filter​(javax.ws.rs.container.ContainerRequestContext context)
        

        

        Specified by:
        

        filter in interface javax.ws.rs.container.ContainerRequestFilter
        

        

        • 

      




        

      • 

        filter
        

        public void filter​(javax.ws.rs.container.ContainerRequestContext requestContext,
                   javax.ws.rs.container.ContainerResponseContext responseContext)
        

        

        Specified by:
        

        filter in interface javax.ws.rs.container.ContainerResponseFilter
        

        

        • 

      




        

      • 

        setAllowOrigins
        

        public void setAllowOrigins​(List<String> allowedOrigins)
        

        The origin strings to allow. An empty list allows all origins.
        

        

        Parameters:
        

        allowedOrigins - a list of case-sensitive origin strings.
        

        

        • 

      




        

      • 

        getAllowOrigins
        

        public List<String> getAllowOrigins()
        

        

        Returns:
        

        the list of allowed origins.
        

        

        • 

      




        

      • 

        getAllowHeaders
        

        public List<String> getAllowHeaders()
        

        • 

      




        

      • 

        setAllowHeaders
        

        public void setAllowHeaders​(List<String> allowedHeaders)
        

        The list of allowed headers for preflight checks. Section 5.2.6
        

        

        Parameters:
        

        allowedHeaders - a list of permitted headers.
        

        

        • 

      




        

      • 

        getExposeHeaders
        

        public List<String> getExposeHeaders()
        

        • 

      




        

      • 

        getMaxAge
        

        public Integer getMaxAge()
        

        • 

      




        

      • 

        isAllowCredentials
        

        public boolean isAllowCredentials()
        

        • 

      




        

      • 

        setAllowCredentials
        

        public void setAllowCredentials​(boolean allowCredentials)
        

        The value for the Access-Control-Allow-Credentials header. If false, no header is added. If true, the
 header is added with the value 'true'.
        

        

        Parameters:
        

        allowCredentials - 
        

        

        • 

      




        

      • 

        setExposeHeaders
        

        public void setExposeHeaders​(List<String> exposeHeaders)
        

        A list of non-simple headers to be exposed via Access-Control-Expose-Headers.
        

        

        Parameters:
        

        exposeHeaders - the list of (case-sensitive) header names.
        

        

        • 

      




        

      • 

        setMaxAge
        

        public void setMaxAge​(Integer maxAge)
        

        The value for Access-Control-Max-Age.
        

        

        Parameters:
        

        maxAge - An integer 'delta-seconds' or null. If null, no header is added.
        

        

        • 

      




        

      • 

        setPreflightErrorStatus
        

        public void setPreflightErrorStatus​(Integer status)
        

        Preflight error response status, default is 200.
        

        

        Parameters:
        

        status - HTTP status code.
        

        

        • 

      




        

      • 

        setDefaultOptionsMethodsHandlePreflight
        

        public void setDefaultOptionsMethodsHandlePreflight​(boolean defaultOptionsMethodsHandlePreflight)
        

        What to do when a preflight request comes along for a resource that has a handler method for
 \@OPTIONS and there is no @CrossResourceSharing(localPreflight = val)
 annotation on the method. If this is true, then the filter
 defers to the resource class method.
 If this is false, then this filter performs preflight processing.
        

        

        Parameters:
        

        defaultOptionsMethodsHandlePreflight - true to defer to resource methods.
        

        

        • 

      




        

      • 

        setFindResourceMethod
        

        public void setFindResourceMethod​(boolean findResourceMethod)
        

        • 

      




        

      • 

        setBlockCorsIfUnauthorized
        

        public void setBlockCorsIfUnauthorized​(boolean blockCorsIfUnauthorized)
        

        • 

      

      • 

    

    

    •