org.jboss.aerogear.controller.router.decorators.cors

Class Cors

java.lang.Object

org.jboss.aerogear.controller.router.decorators.cors.Cors

public class Cors
extends Object

Cors is a helper class for handling Cross-Origin Resource Sharing (CORS) in AeroGear Controller.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Cors.RequestHeader
static class	Cors.ResponseHeader

Field Summary

Fields

Modifier and Type	Field and Description
private CorsConfiguration	corsConfig
private javax.servlet.http.HttpServletRequest	request

Constructor Summary

Constructors

Constructor and Description
Cors(CorsConfiguration corsConfig, javax.servlet.http.HttpServletRequest request) Sole constructor.

Method Summary

Methods

Modifier and Type	Method and Description
boolean	areRequestHeadersValid() Checks that the configured preflight request headers (Cors.RequestHeader.HEADERS) are supported according to the underlying CorsConfiguration settings.
boolean	areRequestHeadersValid(List<String> validHeaders) Checks that the preflight request headers (Cors.RequestHeader.HEADERS) are supported.
private String	asString(Collection<String> strings)
boolean	canHandleRequest() Determines if this instance can handle CORS requests.
List<String>	getAllowedRequestHeaders() Returns the allowed set of Request Headers.
Set<String>	getAllowedRequestMethods() Returns the allowed set of Request Methods.
String	getRequestHeaders() Returns the Cors.RequestHeader.HEADERS request header.
String	getRequestMethod() Returns the Cors.RequestHeader.METHOD request header.
private boolean	hasHeader(String name)
boolean	hasOriginHeader() Determines if the current HttpServletRequest has an 'Origin' request header.
boolean	hasRequestHeaders() Determines if the current HttpServletRequest has a Cors.RequestHeader.HEADERS request header.
boolean	isCorsRequest() Determines if the current HttpServletRequest is a CORS request.
boolean	isCorsSupportEnabled() Determines if core support has been enabled by the CorsConfig instance.
boolean	isOptionsMethod() Determines if the the current HttpServletRequest's http method is 'OPTIONS'.
boolean	isPreflightRequest() Determines if the current HttpServletRequest qualifies as a 'Preflight' request.
boolean	isRequestMethodValid() Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported according to the CorsConfiguration settings.
boolean	isRequestMethodValid(Set<String> validMethods) Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported.
Cors	setAllowCredentials(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.ALLOW_CREDENTIALS to 'true' if allowCookies was set set to true in the underlying CorsConfiguration.
Cors	setAllowHeaders(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.ALLOW_HEADERS to configured values.
Cors	setAllowMethods(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.ALLOW_METHODS to the the configured comma separated list of http methods.
Cors	setAnyOrigin(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.ALLOW_ORIGIN to '*'.
Cors	setEchoOrigin(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.ALLOW_ORIGIN to be the same value that was passed in the 'Origin' request header.
Cors	setExposeHeaders(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.EXPOSE_HEADERS to the the configured comma separated list of headers.
Cors	setMaxAge(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.MAX_AGE to the configured max age value.
Cors	setOrigin(javax.servlet.http.HttpServletResponse response) Set the Cors.ResponseHeader.ALLOW_ORIGIN to either echo the 'Origin' or to support '*' depending on the underlying CorsConfiguration setting.
Cors	setOrigin(javax.servlet.http.HttpServletResponse response, String origin) Set the Cors.ResponseHeader.ALLOW_ORIGIN to the passed in value.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

request

private final javax.servlet.http.HttpServletRequest request

corsConfig

private final CorsConfiguration corsConfig

Constructor Detail

Cors

public Cors(CorsConfiguration corsConfig,
    javax.servlet.http.HttpServletRequest request)

Sole constructor.

Parameters:

corsConfig - The CorsConfig containing configuration options.

request - The HttpServletRequest that this instance will use.

Method Detail

isCorsRequest

public boolean isCorsRequest()

Determines if the current HttpServletRequest is a CORS request.

See http-origin section of the specification.

Returns:

true if the current request has an 'Origin' request header, otherwise false.

canHandleRequest

public boolean canHandleRequest()

Determines if this instance can handle CORS requests.

This is simply a convenience method and is the equivalent of calling isCorsSupportEnabled() && isCorsRequest()

Returns:

true is CORS support has been enabled and if the current request is a CORS request.

isCorsSupportEnabled

public boolean isCorsSupportEnabled()

Determines if core support has been enabled by the CorsConfig instance.

Returns:

true if support for CORS is enabled.

hasOriginHeader

public boolean hasOriginHeader()

Determines if the current HttpServletRequest has an 'Origin' request header.

Returns:

true if the current request has an 'Origin' request header, otherwise false.

isOptionsMethod

public boolean isOptionsMethod()

Determines if the the current HttpServletRequest's http method is 'OPTIONS'.

Returns:

true if the current request' http method is 'OPTIONS', otherwise false.

isPreflightRequest

public boolean isPreflightRequest()

Determines if the current HttpServletRequest qualifies as a 'Preflight' request.

See preflight-request section of the specification.

Returns:

true if the current request qualifies as a preflight, otherwise false.

isRequestMethodValid

public boolean isRequestMethodValid(Set<String> validMethods)

Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported.

Parameters:

validMethods - a set of methods that are allowed.

Returns:

true if the current request method is one of the allowed http methods.

isRequestMethodValid

public boolean isRequestMethodValid()

Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported according to the CorsConfiguration settings.

Returns:

true if the current request method is one of the allowed http methods.

hasRequestHeaders

public boolean hasRequestHeaders()

Determines if the current HttpServletRequest has a Cors.RequestHeader.HEADERS request header.

Returns:

true if the current request methods has a RequestHeader.HEADERS header.

getRequestHeaders

public String getRequestHeaders()

Returns the Cors.RequestHeader.HEADERS request header.

Returns:

String if the current request methods has a RequestHeader.HEADERS header.

getRequestMethod

public String getRequestMethod()

Returns the Cors.RequestHeader.METHOD request header.

Returns:

true if the current request methods has a RequestHeader.HEADERS header.

getAllowedRequestMethods

public Set<String> getAllowedRequestMethods()

Returns the allowed set of Request Methods.

Returns:

Set of allowed Request Methods.

getAllowedRequestHeaders

public List<String> getAllowedRequestHeaders()

Returns the allowed set of Request Headers.

Returns:

Set of allowed Request Headers.

setEchoOrigin

public Cors setEchoOrigin(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.ALLOW_ORIGIN to be the same value that was passed in the 'Origin' request header.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.

Returns:

Cors to support methods chaining.

setOrigin

public Cors setOrigin(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.ALLOW_ORIGIN to either echo the 'Origin' or to support '*' depending on the underlying CorsConfiguration setting.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.

Returns:

Cors to support methods chaining.

setOrigin

public Cors setOrigin(javax.servlet.http.HttpServletResponse response,
             String origin)

Set the Cors.ResponseHeader.ALLOW_ORIGIN to the passed in value.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.

Returns:

Cors to support methods chaining.

setAnyOrigin

public Cors setAnyOrigin(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.ALLOW_ORIGIN to '*'.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.

Returns:

Cors to support methods chaining.

setAllowCredentials

public Cors setAllowCredentials(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.ALLOW_CREDENTIALS to 'true' if allowCookies was set set to true in the underlying CorsConfiguration.

By default cookies are not included in CORS requests but by setting this header cookies will be added to CORS request.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_CREDENTIALS should be set.

Returns:

Cors to support methods chaining.

setExposeHeaders

public Cors setExposeHeaders(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.EXPOSE_HEADERS to the the configured comma separated list of headers.

During a simple CORS request only certain response headers are made available to a calling client:

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

To expose other headers they need to be specified which what this method enables.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader#EXPOSE_HEADERS should be set.

Returns:

Cors to support methods chaining.

setAllowMethods

public Cors setAllowMethods(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.ALLOW_METHODS to the the configured comma separated list of http methods.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_METHODS should be set.

Returns:

Cors to support methods chaining.

setMaxAge

public Cors setMaxAge(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.MAX_AGE to the configured max age value.

When making a preflight request the client has to perform two request with can be inefficient. This setting enables the caching of the preflight response for the specified time. During this time no preflight request will be made.

Parameters:

response - the HttpServletResponse for which the response header ResponseHeader.MAX_AGE should be set.

Returns:

Cors to support methods chaining.

areRequestHeadersValid

public boolean areRequestHeadersValid(List<String> validHeaders)

Checks that the preflight request headers (Cors.RequestHeader.HEADERS) are supported.

Parameters:

validHeaders - a set of headers that are allowed.

Returns:

true if the current request headers are supported.

areRequestHeadersValid

public boolean areRequestHeadersValid()

Checks that the configured preflight request headers (Cors.RequestHeader.HEADERS) are supported according to the underlying CorsConfiguration settings.

Returns:

true if the current request headers are not supported.

setAllowHeaders

public Cors setAllowHeaders(javax.servlet.http.HttpServletResponse response)

Set the Cors.ResponseHeader.ALLOW_HEADERS to configured values.

Returns:

Cors to support methods chaining.

asString

private String asString(Collection<String> strings)

hasHeader

private boolean hasHeader(String name)