cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache CXF Documentation > JAX-RS CORS
Date Thu, 19 Jan 2012 18:16:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/1/_/styles/combined.css?spaceKey=CXF20DOC&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+CORS">JAX-RS
CORS</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~sergey_beryozkin">Sergey
Beryozkin</a>
    </h4>
        <br/>
                         <h4>Changes (1)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" > <br>CXF 2.5.1 introduces the
[initial support|http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/]
for the [Cross-Origin Resource Sharing|http://www.w3.org/TR/cors/] specification that &quot;defines
a mechanism to enable client-side cross-origin requests&quot;. <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">
<br>Please see the [package.html|http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/package.html]
for a good introduction of CORS and the way it is supported in CXF JAX-RS. <br> <br>Note
that the [CORS filter|http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/CrossOriginResourceSharingFilter.java]
uses the JAX-RS selection algorithm to ensure that the JAX-RS resource method capable of handling
the  request does exist. <br> <br>h1. Examples <br> <br>Here is the
test code showing how [CrossOriginResourceSharing|http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/CrossOriginResourceSharing.java]
annotations can be applied at the resource and individual method levels: <br> <br>{code:java}
<br>@CrossOriginResourceSharing( <br>        allowOrigins = { <br>     
     &quot;http://area51.mil:31415&quot; <br>        },  <br>        allowCredentials
= true,  <br>        maxAge = 1,  <br>        allowHeaders = { <br>    
      &quot;X-custom-1&quot;, &quot;X-custom-2&quot; <br>        },
 <br>        exposeHeaders = { <br>           &quot;X-custom-3&quot;,
&quot;X-custom-4&quot; <br>        } <br>) <br>public class AnnotatedCorsServer
{ <br>    @Context <br>    private HttpHeaders headers; <br> <br>
   @GET <br>    @Produces(&quot;text/plain&quot;) <br>    @Path(&quot;/simpleGet/{echo}&quot;)
<br>    public String simpleGet(@PathParam(&quot;echo&quot;) String echo) {
<br>        return echo; <br>    } <br> <br>    @POST <br> 
  @Produces(&quot;application/json&quot;) <br>    @Consumes(&quot;application/json&quot;)
<br>    @Path(&quot;/unannotatedPost&quot;) <br>    public Response postSomething()
{ <br>        return Response.ok().build(); <br>    } <br> <br>  
 @DELETE <br>    @Path(&quot;/delete&quot;) <br>    public Response deleteSomething()
{ <br>        return Response.ok().build(); <br>    } <br> <br>  
 // This method will do a preflight check itself, see a localPreflight property <br>
   @OPTIONS <br>    @Path(&quot;/delete&quot;) <br>    @CrossOriginResourceSharing(
<br>       localPreflight = true <br>    ) <br>    public Response deleteOptions()
{ <br>        String origin = headers.getRequestHeader(&quot;Origin&quot;).get(0);
<br>        if (&quot;http://area51.mil:3333&quot;.equals(origin)) { <br>
           return Response.ok() <br>                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS,
&quot;DELETE PUT&quot;) <br>                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS,
&quot;false&quot;) <br>                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN,
&quot;http://area51.mil:3333&quot;) <br>                           .build();
<br>        } else { <br>            return Response.ok().build(); <br>
       } <br>    } <br> <br>    @GET <br>    @CrossOriginResourceSharing(
<br>         allowOrigins = { &quot;http://area51.mil:31415&quot; },  <br>
        allowCredentials = true,  <br>         exposeHeaders = { &quot;X-custom-3&quot;,
&quot;X-custom-4&quot; } <br>    ) <br>    @Produces(&quot;text/plain&quot;)
<br>    @Path(&quot;/annotatedGet/{echo}&quot;) <br>    public String
annotatedGet(@PathParam(&quot;echo&quot;) String echo) { <br>        return
echo; <br>    } <br> <br>    /** <br>     * A method annotated to
test preflight. <br>     *  <br>     * @param input <br>     * @return <br>
    */ <br>    @PUT <br>    @Consumes(&quot;text/plain&quot;) <br>
   @Produces(&quot;text/plain&quot;) <br>    @Path(&quot;/annotatedPut&quot;)
<br>    public String annotatedPut(String input) { <br>        return input; <br>
   } <br>} <br> <br>{code} <br> <br>The server configuration
fragment: <br> <br>{code:xml} <br> <br>&lt;beans&gt; <br>
       &lt;bean id=&quot;cors-filter&quot; class=&quot;org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter&quot;/&gt;
<br> <br>	&lt;jaxrs:server id=&quot;service&quot; address=&quot;/rest&quot;&gt;
<br>		&lt;jaxrs:serviceBeans&gt; <br>			&lt;ref bean=&quot;cors-server&quot;
/&gt; <br>		&lt;/jaxrs:serviceBeans&gt; <br>		&lt;jaxrs:providers&gt;
<br>			&lt;ref bean=&quot;cors-filter&quot; /&gt; <br>		&lt;/jaxrs:providers&gt;
<br>	&lt;/jaxrs:server&gt; <br> <br>        &lt;bean id=&quot;cors-server&quot;
scope=&quot;prototype&quot;  <br>	      class=&quot;org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer&quot;
/&gt;  <br> <br>&lt;/beans&gt; <br> <br>{code} <br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <p><span style="font-size:2em;font-weight:bold"> JAX-RS: CORS </span></p>


<div>
<ul>
    <li><a href='#JAX-RSCORS-Introduction'>Introduction</a></li>
    <li><a href='#JAX-RSCORS-Examples'>Examples</a></li>
</ul></div>

<h1><a name="JAX-RSCORS-Introduction"></a>Introduction</h1>

<p>CXF 2.5.1 introduces the <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/"
class="external-link" rel="nofollow">initial support</a> for the <a href="http://www.w3.org/TR/cors/"
class="external-link" rel="nofollow">Cross-Origin Resource Sharing</a> specification
that "defines a mechanism to enable client-side cross-origin requests".</p>

<p>Please see the <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/package.html"
class="external-link" rel="nofollow">package.html</a> for a good introduction of
CORS and the way it is supported in CXF JAX-RS.</p>

<p>Note that the <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/CrossOriginResourceSharingFilter.java"
class="external-link" rel="nofollow">CORS filter</a> uses the JAX-RS selection algorithm
to ensure that the JAX-RS resource method capable of handling the  request does exist.</p>

<h1><a name="JAX-RSCORS-Examples"></a>Examples</h1>

<p>Here is the test code showing how <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/frontend/jaxrs/src/main/java/org/apache/cxf/jaxrs/cors/CrossOriginResourceSharing.java"
class="external-link" rel="nofollow">CrossOriginResourceSharing</a> annotations can
be applied at the resource and individual method levels:</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
@CrossOriginResourceSharing(
        allowOrigins = {
           <span class="code-quote">"http:<span class="code-comment">//area51.mil:31415"</span>
</span>        }, 
        allowCredentials = <span class="code-keyword">true</span>, 
        maxAge = 1, 
        allowHeaders = {
           <span class="code-quote">"X-custom-1"</span>, <span class="code-quote">"X-custom-2"</span>
        }, 
        exposeHeaders = {
           <span class="code-quote">"X-custom-3"</span>, <span class="code-quote">"X-custom-4"</span>
        }
)
<span class="code-keyword">public</span> class AnnotatedCorsServer {
    @Context
    <span class="code-keyword">private</span> HttpHeaders headers;

    @GET
    @Produces(<span class="code-quote">"text/plain"</span>)
    @Path(<span class="code-quote">"/simpleGet/{echo}"</span>)
    <span class="code-keyword">public</span> <span class="code-object">String</span>
simpleGet(@PathParam(<span class="code-quote">"echo"</span>) <span class="code-object">String</span>
echo) {
        <span class="code-keyword">return</span> echo;
    }
    
    @POST
    @Produces(<span class="code-quote">"application/json"</span>)
    @Consumes(<span class="code-quote">"application/json"</span>)
    @Path(<span class="code-quote">"/unannotatedPost"</span>)
    <span class="code-keyword">public</span> Response postSomething() {
        <span class="code-keyword">return</span> Response.ok().build();
    }

    @DELETE
    @Path(<span class="code-quote">"/delete"</span>)
    <span class="code-keyword">public</span> Response deleteSomething() {
        <span class="code-keyword">return</span> Response.ok().build();
    }

    <span class="code-comment">// This method will <span class="code-keyword">do</span>
a preflight check itself, see a localPreflight property
</span>    @OPTIONS
    @Path(<span class="code-quote">"/delete"</span>)
    @CrossOriginResourceSharing(
       localPreflight = <span class="code-keyword">true</span>
    )
    <span class="code-keyword">public</span> Response deleteOptions() {
        <span class="code-object">String</span> origin = headers.getRequestHeader(<span
class="code-quote">"Origin"</span>).get(0);
        <span class="code-keyword">if</span> (<span class="code-quote">"http:<span
class="code-comment">//area51.mil:3333"</span>.equals(origin)) {
</span>            <span class="code-keyword">return</span> Response.ok()
                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, <span class="code-quote">"DELETE
PUT"</span>)
                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, <span
class="code-quote">"<span class="code-keyword">false</span>"</span>)
                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN, <span class="code-quote">"http:<span
class="code-comment">//area51.mil:3333"</span>)
</span>                           .build();
        } <span class="code-keyword">else</span> {
            <span class="code-keyword">return</span> Response.ok().build();
        }
    }

    @GET
    @CrossOriginResourceSharing(
         allowOrigins = { <span class="code-quote">"http:<span class="code-comment">//area51.mil:31415"</span>
}, 
</span>         allowCredentials = <span class="code-keyword">true</span>,

         exposeHeaders = { <span class="code-quote">"X-custom-3"</span>, <span
class="code-quote">"X-custom-4"</span> }
    )
    @Produces(<span class="code-quote">"text/plain"</span>)
    @Path(<span class="code-quote">"/annotatedGet/{echo}"</span>)
    <span class="code-keyword">public</span> <span class="code-object">String</span>
annotatedGet(@PathParam(<span class="code-quote">"echo"</span>) <span class="code-object">String</span>
echo) {
        <span class="code-keyword">return</span> echo;
    }

    /**
     * A method annotated to test preflight.
     * 
     * @param input
     * @<span class="code-keyword">return</span>
     */
    @PUT
    @Consumes(<span class="code-quote">"text/plain"</span>)
    @Produces(<span class="code-quote">"text/plain"</span>)
    @Path(<span class="code-quote">"/annotatedPut"</span>)
    <span class="code-keyword">public</span> <span class="code-object">String</span>
annotatedPut(<span class="code-object">String</span> input) {
        <span class="code-keyword">return</span> input;
    }
}

</pre>
</div></div>

<p>The server configuration fragment:</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml">

<span class="code-tag">&lt;beans&gt;</span>
        <span class="code-tag">&lt;bean id=<span class="code-quote">"cors-filter"</span>
class=<span class="code-quote">"org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter"</span>/&gt;</span>

	<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"service"</span>
address=<span class="code-quote">"/rest"</span>&gt;</span>
		<span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
			<span class="code-tag">&lt;ref bean=<span class="code-quote">"cors-server"</span>
/&gt;</span>
		<span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
		<span class="code-tag">&lt;jaxrs:providers&gt;</span>
			<span class="code-tag">&lt;ref bean=<span class="code-quote">"cors-filter"</span>
/&gt;</span>
		<span class="code-tag">&lt;/jaxrs:providers&gt;</span>
	<span class="code-tag">&lt;/jaxrs:server&gt;</span>

        &lt;bean id=<span class="code-quote">"cors-server"</span> scope=<span
class="code-quote">"prototype"</span> 
	      class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer"</span>
/&gt; 

<span class="code-tag">&lt;/beans&gt;</span>

</pre>
</div></div>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+CORS">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=27835071&revisedVersion=2&originalVersion=1">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+CORS?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message