org.eclipse.jetty.servlets
类 CrossOriginFilter

java.lang.Object
  org.eclipse.jetty.servlets.CrossOriginFilter

所有已实现的接口：

Filter

public class CrossOriginFilter
extends Object
implements Filter

Implementation of the cross-origin resource sharing.

A typical example is to use this filter to allow cross-domain cometd communication using the standard long polling transport instead of the JSONP transport (that is less efficient and less reactive to failures).

This filter allows the following configuration parameters:

• allowedOrigins, a comma separated list of origins that are allowed to access the resources. Default value is *, meaning all origins.
  If an allowed origin contains one or more * characters (for example http://*.domain.com), then "*" characters are converted to ".*", "." characters are escaped to "\." and the resulting allowed origin interpreted as a regular expression.
  Allowed origins can therefore be more complex expressions such as https?://*.domain.[a-z]{3} that matches http or https, multiple subdomains and any 3 letter top-level domain (.com, .net, .org, etc.).
• allowedMethods, a comma separated list of HTTP methods that are allowed to be used when accessing the resources. Default value is GET,POST,HEAD
• allowedHeaders, a comma separated list of HTTP headers that are allowed to be specified when accessing the resources. Default value is X-Requested-With,Content-Type,Accept,Origin
• preflightMaxAge, the number of seconds that preflight requests can be cached by the client. Default value is 1800 seconds, or 30 minutes
• allowCredentials, a boolean indicating if the resource allows requests with credentials. Default value is false
• exposeHeaders, a comma separated list of HTTP headers that are allowed to be exposed on the client. Default value is the empty list
• chainPreflight, if true preflight requests are chained to their target resource for normal handling (as an OPTION request). Otherwise the filter will response to the preflight. Default is true.

A typical configuration could be:

 <web-app ...>
     ...
     <filter>
         <filter-name>cross-origin</filter-name>
         <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
     </filter>
     <filter-mapping>
         <filter-name>cross-origin</filter-name>
         <url-pattern>/cometd/*</url-pattern>
     </filter-mapping>
     ...
 </web-app>
 

字段摘要

static String	ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER
static String	ACCESS_CONTROL_ALLOW_HEADERS_HEADER
static String	ACCESS_CONTROL_ALLOW_METHODS_HEADER
static String	ACCESS_CONTROL_ALLOW_ORIGIN_HEADER
static String	ACCESS_CONTROL_EXPOSE_HEADERS_HEADER
static String	ACCESS_CONTROL_MAX_AGE_HEADER
static String	ACCESS_CONTROL_REQUEST_HEADERS_HEADER
static String	ACCESS_CONTROL_REQUEST_METHOD_HEADER
static String	ALLOW_CREDENTIALS_PARAM
static String	ALLOWED_HEADERS_PARAM
static String	ALLOWED_METHODS_PARAM
static String	ALLOWED_ORIGINS_PARAM
static String	CHAIN_PREFLIGHT_PARAM
static String	EXPOSED_HEADERS_PARAM
static String	OLD_CHAIN_PREFLIGHT_PARAM
static String	PREFLIGHT_MAX_AGE_PARAM

构造方法摘要

CrossOriginFilter()

方法摘要

void	destroy() Called by the web container to indicate to a filter that it is being taken out of service.
void	doFilter(ServletRequest request, ServletResponse response, FilterChain chain) The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain.
void	init(FilterConfig config) Called by the web container to indicate to a filter that it is being placed into service.
protected boolean	isEnabled(HttpServletRequest request)

从类 java.lang.Object 继承的方法

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细信息

ACCESS_CONTROL_REQUEST_METHOD_HEADER

public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_REQUEST_HEADERS_HEADER

public static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

public static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_ALLOW_METHODS_HEADER

public static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_ALLOW_HEADERS_HEADER

public static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_MAX_AGE_HEADER

public static final String ACCESS_CONTROL_MAX_AGE_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

另请参见：

常量字段值

ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

public static final String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

另请参见：

常量字段值

ALLOWED_ORIGINS_PARAM

public static final String ALLOWED_ORIGINS_PARAM

另请参见：

常量字段值

ALLOWED_METHODS_PARAM

public static final String ALLOWED_METHODS_PARAM

另请参见：

常量字段值

ALLOWED_HEADERS_PARAM

public static final String ALLOWED_HEADERS_PARAM

另请参见：

常量字段值

PREFLIGHT_MAX_AGE_PARAM

public static final String PREFLIGHT_MAX_AGE_PARAM

另请参见：

常量字段值

ALLOW_CREDENTIALS_PARAM

public static final String ALLOW_CREDENTIALS_PARAM

另请参见：

常量字段值

EXPOSED_HEADERS_PARAM

public static final String EXPOSED_HEADERS_PARAM

另请参见：

常量字段值

OLD_CHAIN_PREFLIGHT_PARAM

public static final String OLD_CHAIN_PREFLIGHT_PARAM

另请参见：

常量字段值

CHAIN_PREFLIGHT_PARAM

public static final String CHAIN_PREFLIGHT_PARAM

另请参见：

常量字段值

构造方法详细信息

CrossOriginFilter

public CrossOriginFilter()

方法详细信息

init

public void init(FilterConfig config)
          throws ServletException

从接口 Filter 复制的描述

Called by the web container to indicate to a filter that it is being placed into service.

The servlet container calls the init method exactly once after instantiating the filter. The init method must complete successfully before the filter is asked to do any filtering work.

The web container cannot place the filter into service if the init method either

1. Throws a ServletException
2. Does not return within a time period defined by the web container

指定者：

接口 Filter 中的 init

抛出：

ServletException

doFilter

public void doFilter(ServletRequest request,
                     ServletResponse response,
                     FilterChain chain)
              throws IOException,
                     ServletException

从接口 Filter 复制的描述

The doFilter method of the Filter is called by the container each time a request/response pair is passed through the chain due to a client request for a resource at the end of the chain. The FilterChain passed in to this method allows the Filter to pass on the request and response to the next entity in the chain.

A typical implementation of this method would follow the following pattern:

1. Examine the request
2. Optionally wrap the request object with a custom implementation to filter content or headers for input filtering
3. Optionally wrap the response object with a custom implementation to filter content or headers for output filtering
4. • Either invoke the next entity in the chain using the FilterChain object (chain.doFilter()),
   • or not pass on the request/response pair to the next entity in the filter chain to block the request processing
5. Directly set headers on the response after invocation of the next entity in the filter chain.

指定者：

接口 Filter 中的 doFilter

抛出：

IOException

ServletException

isEnabled

protected boolean isEnabled(HttpServletRequest request)

destroy

public void destroy()

从接口 Filter 复制的描述

Called by the web container to indicate to a filter that it is being taken out of service.

This method is only called once all threads within the filter's doFilter method have exited or after a timeout period has passed. After the web container calls this method, it will not call the doFilter method again on this instance of the filter.

This method gives the filter an opportunity to clean up any resources that are being held (for example, memory, file handles, threads) and make sure that any persistent state is synchronized with the filter's current state in memory.

指定者：

接口 Filter 中的 destroy