Overview  Package   Class  Use  Tree  Deprecated  Index 
aerogear-controller 1.0.0.M1
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.aerogear.controller.router.decorators.cors
Class Cors

java.lang.Object
  extended by org.jboss.aerogear.controller.router.decorators.cors.Cors

public class Cors
extends Object

Cors is a helper class for handling Cross-Origin Resource Sharing (CORS) in AeroGear Controller.

Nested Class Summary
static class Cors.RequestHeader
           
static class Cors.ResponseHeader
           
 
Field Summary
private  CorsConfiguration corsConfig
           
private  javax.servlet.http.HttpServletRequest request
           
 
Constructor Summary
Cors(CorsConfiguration corsConfig, javax.servlet.http.HttpServletRequest request)
          Sole constructor.
 
Method Summary
 boolean areRequestHeadersValid()
          Checks that the configured preflight request headers (Cors.RequestHeader.HEADERS) are supported according to the underlying CorsConfiguration settings.
 boolean areRequestHeadersValid(Set<String> validHeaders)
          Checks that the preflight request headers (Cors.RequestHeader.HEADERS) are supported.
 boolean canHandleRequest()
          Determines if this instance can handle CORS requests.
 Set<String> getAllowedRequestHeaders()
          Returns the allowed set of Request Headers.
 Set<String> getAllowedRequestMethods()
          Returns the allowed set of Request Methods.
 String getRequestHeaders()
          Returns the Cors.RequestHeader.HEADERS request header.
 String getRequestMethod()
          Returns the Cors.RequestHeader.METHOD request header.
private  boolean hasHeader(String name)
           
 boolean hasOriginHeader()
          Determines if the current HttpServletRequest has an 'Origin' request header.
 boolean hasRequestHeaders()
          Determines if the current HttpServletRequest has a Cors.RequestHeader.HEADERS request header.
 boolean isCorsRequest()
          Determines if the current HttpServletRequest is a CORS request.
 boolean isCorsSupportEnabled()
          Determines if core support has been enabled by the CorsConfig instance.
 boolean isOptionsMethod()
          Determines if the the current HttpServletRequest's http method is 'OPTIONS'.
 boolean isPreflightRequest()
          Determines if the current HttpServletRequest qualifies as a 'Preflight' request.
 boolean isRequestMethodValid()
          Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported according to the CorsConfiguration settings.
 boolean isRequestMethodValid(Set<String> validMethods)
          Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported.
 Cors setAllowCredentials(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.ALLOW_CREDENTIALS to 'true' if allowCookies was set set to true in the underlying CorsConfiguration.
 Cors setAllowHeaders(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.ALLOW_HEADERS to configured values.
 Cors setAllowMethods(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.ALLOW_METHODS to the the configured comma separated list of http methods.
 Cors setAnyOrigin(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.ALLOW_ORIGIN to '*'.
 Cors setEchoOrigin(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.ALLOW_ORIGIN to be the same value that was passed in the 'Origin' request header.
 Cors setExposeHeaders(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.EXPOSE_HEADERS to the the configured comma separated list of headers.
 Cors setMaxAge(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.MAX_AGE to the configured max age value.
 Cors setOrigin(javax.servlet.http.HttpServletResponse response)
          Set the Cors.ResponseHeader.ALLOW_ORIGIN to either echo the 'Origin' or to support '*' depending on the underlying CorsConfiguration setting.
 Cors setOrigin(javax.servlet.http.HttpServletResponse response, String origin)
          Set the Cors.ResponseHeader.ALLOW_ORIGIN to the passed in value.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

request

private final javax.servlet.http.HttpServletRequest request

corsConfig

private final CorsConfiguration corsConfig
Constructor Detail

Cors

public Cors(CorsConfiguration corsConfig,
            javax.servlet.http.HttpServletRequest request)
Sole constructor.

Parameters:
corsConfig - The CorsConfig containing configuration options.
request - The HttpServletRequest that this instance will use.
Method Detail

isCorsRequest

public boolean isCorsRequest()
Determines if the current HttpServletRequest is a CORS request.

See http-origin section of the specification.

Returns:
true if the current request has an 'Origin' request header, otherwise false.

canHandleRequest

public boolean canHandleRequest()
Determines if this instance can handle CORS requests.

This is simply a convenience method and is the equivalent of calling isCorsSupportEnabled() && isCorsRequest()

Returns:
true is CORS support has been enabled and if the current request is a CORS request.

isCorsSupportEnabled

public boolean isCorsSupportEnabled()
Determines if core support has been enabled by the CorsConfig instance.

Returns:
true if support for CORS is enabled.

hasOriginHeader

public boolean hasOriginHeader()
Determines if the current HttpServletRequest has an 'Origin' request header.

Returns:
true if the current request has an 'Origin' request header, otherwise false.

isOptionsMethod

public boolean isOptionsMethod()
Determines if the the current HttpServletRequest's http method is 'OPTIONS'.

Returns:
true if the current request' http method is 'OPTIONS', otherwise false.

isPreflightRequest

public boolean isPreflightRequest()
Determines if the current HttpServletRequest qualifies as a 'Preflight' request.

See preflight-request section of the specification.

Returns:
true if the current request qualifies as a preflight, otherwise false.

isRequestMethodValid

public boolean isRequestMethodValid(Set<String> validMethods)
Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported.

Parameters:
validMethods - a set of methods that are allowed.
Returns:
true if the current request method is one of the allowed http methods.

isRequestMethodValid

public boolean isRequestMethodValid()
Checks that the preflight request method (Cors.RequestHeader.METHOD) is supported according to the CorsConfiguration settings.

Returns:
true if the current request method is one of the allowed http methods.

hasRequestHeaders

public boolean hasRequestHeaders()
Determines if the current HttpServletRequest has a Cors.RequestHeader.HEADERS request header.

Returns:
true if the current request methods has a RequestHeader.HEADERS header.

getRequestHeaders

public String getRequestHeaders()
Returns the Cors.RequestHeader.HEADERS request header.

Returns:
String if the current request methods has a RequestHeader.HEADERS header.

getRequestMethod

public String getRequestMethod()
Returns the Cors.RequestHeader.METHOD request header.

Returns:
true if the current request methods has a RequestHeader.HEADERS header.

getAllowedRequestMethods

public Set<String> getAllowedRequestMethods()
Returns the allowed set of Request Methods.

Returns:
Set of allowed Request Methods.

getAllowedRequestHeaders

public Set<String> getAllowedRequestHeaders()
Returns the allowed set of Request Headers.

Returns:
Set of allowed Request Headers.

setEchoOrigin

public Cors setEchoOrigin(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.ALLOW_ORIGIN to be the same value that was passed in the 'Origin' request header.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.
Returns:
Cors to support methods chaining.

setOrigin

public Cors setOrigin(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.ALLOW_ORIGIN to either echo the 'Origin' or to support '*' depending on the underlying CorsConfiguration setting.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.
Returns:
Cors to support methods chaining.

setOrigin

public Cors setOrigin(javax.servlet.http.HttpServletResponse response,
                      String origin)
Set the Cors.ResponseHeader.ALLOW_ORIGIN to the passed in value.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.
Returns:
Cors to support methods chaining.

setAnyOrigin

public Cors setAnyOrigin(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.ALLOW_ORIGIN to '*'.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_ORIGIN should be set.
Returns:
Cors to support methods chaining.

setAllowCredentials

public Cors setAllowCredentials(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.ALLOW_CREDENTIALS to 'true' if allowCookies was set set to true in the underlying CorsConfiguration.

By default cookies are not included in CORS requests but by setting this header cookies will be added to CORS request.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_CREDENTIALS should be set.
Returns:
Cors to support methods chaining.

setExposeHeaders

public Cors setExposeHeaders(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.EXPOSE_HEADERS to the the configured comma separated list of headers.

During a simple CORS request only certain response headers are made available to a calling client: To expose other headers they need to be specified which what this method enables.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader#EXPOSE_HEADERS should be set.
Returns:
Cors to support methods chaining.

setAllowMethods

public Cors setAllowMethods(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.ALLOW_METHODS to the the configured comma separated list of http methods.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.ALLOW_METHODS should be set.
Returns:
Cors to support methods chaining.

setMaxAge

public Cors setMaxAge(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.MAX_AGE to the configured max age value.

When making a preflight request the client has to perform two request with can be inefficient. This setting enables the caching of the preflight response for the specified time. During this time no preflight request will be made.

Parameters:
response - the HttpServletResponse for which the response header ResponseHeader.MAX_AGE should be set.
Returns:
Cors to support methods chaining.

areRequestHeadersValid

public boolean areRequestHeadersValid(Set<String> validHeaders)
Checks that the preflight request headers (Cors.RequestHeader.HEADERS) are supported.

Parameters:
validHeaders - a set of headers that are allowed.
Returns:
true if the current request headers are supported.

areRequestHeadersValid

public boolean areRequestHeadersValid()
Checks that the configured preflight request headers (Cors.RequestHeader.HEADERS) are supported according to the underlying CorsConfiguration settings.

Returns:
true if the current request headers are not supported.

setAllowHeaders

public Cors setAllowHeaders(javax.servlet.http.HttpServletResponse response)
Set the Cors.ResponseHeader.ALLOW_HEADERS to configured values.

Returns:
Cors to support methods chaining.

hasHeader

private boolean hasHeader(String name)
Overview  Package   Class  Use  Tree  Deprecated  Index 
aerogear-controller 1.0.0.M1
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012 JBoss, a division of Red Hat, Inc.. All Rights Reserved.