cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1300084 - in /cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors: CrossOriginResourceSharing.java CrossOriginResourceSharingFilter.java
Date Tue, 13 Mar 2012 11:51:51 GMT
Author: sergeyb
Date: Tue Mar 13 11:51:51 2012
New Revision: 1300084

URL: http://svn.apache.org/viewvc?rev=1300084&view=rev
Log:
[CXF-4167] Also removing a couple of redundant annotation properties

Modified:
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java?rev=1300084&r1=1300083&r2=1300084&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
(original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
Tue Mar 13 11:51:51 2012
@@ -44,28 +44,20 @@ import java.lang.annotation.Target;
 @Inherited
 public @interface CrossOriginResourceSharing {
     /**
-     * If true, this resource will return
-     * <pre>Access-Control-Allow-Origin: *</pre>
-     * for a valid request.
-     */
-    boolean allowAllOrigins() default false;
-    /**
-     * A list of permitted origins. This is ignored 
-     * if {@link #allowAllOrigins()} is true.
+     * A list of permitted origins. This resource will 
+     * return * <pre>Access-Control-Allow-Origin: *</pre>
+     * for a valid request if the list is empty.
      */
     String[] allowOrigins() default { };
     /**
      * A list of headers that the client may include
-     * in an actual request.
+     * in an actual request. All the headers listed in 
+     * the Access-Control-Request-Headers will be allowed if
+     * the list is empty
      */
     String[] allowHeaders() default { };
     
     /**
-     * Act as if whatever headers are listed in the Access-Control-Request-Headers are 
-     * listed in allowHeaders. Convenient for dealing with Browser bugs. 
-     */
-    boolean allowAnyHeaders() default false;
-    /**
      * If true, this resource will return 
      * <pre>Access-Control-Allow-Credentials: true</pre>
      */

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java?rev=1300084&r1=1300083&r2=1300084&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
Tue Mar 13 11:51:51 2012
@@ -80,7 +80,7 @@ public class CrossOriginResourceSharingF
     private List<String> allowHeaders = Collections.emptyList();
     private boolean allowAllOrigins;
     private boolean allowCredentials;
-    private List<String> exposeHeaders = Collections.emptyList();
+    private List<String> exposeHeaders;
     private Integer maxAge;
     private Integer preflightFailStatus = 200;
     private boolean defaultOptionsMethodsHandlePreflight;
@@ -125,7 +125,7 @@ public class CrossOriginResourceSharingF
         }
         
         // 5.1.2 check all the origins
-        if (!effectiveAllowAllOrigins(ann) && !effectiveAllowOrigins(ann).containsAll(values))
{
+        if (!effectiveAllowOrigins(ann, values)) {
             return null;
         }
         
@@ -215,8 +215,7 @@ public class CrossOriginResourceSharingF
          */
 
         // 5.2.2 must be on the list or we must be matching *.
-        boolean effectiveAllowAllOrigins = effectiveAllowAllOrigins(ann);
-        if (!effectiveAllowAllOrigins && !effectiveAllowOrigins(ann).contains(origin))
{
+        if (!effectiveAllowOrigins(ann, Collections.singletonList(origin))) {
             return createPreflightResponse(m, false);
         }
 
@@ -227,7 +226,7 @@ public class CrossOriginResourceSharingF
         // This was indirectly enforced by getCorsMethod()
 
         // 5.2.6 reject if the header is not listed.
-        if (!effectiveAllowAnyHeaders(ann) && !effectiveAllowHeaders(ann).containsAll(requestHeaders))
{
+        if (!effectiveAllowHeaders(ann, requestHeaders)) {
             return createPreflightResponse(m, false);
         }
 
@@ -370,7 +369,7 @@ public class CrossOriginResourceSharingF
 
     private boolean effectiveAllowAllOrigins(CrossOriginResourceSharing ann) {
         if (ann != null) {
-            return ann.allowAllOrigins();
+            return ann.allowOrigins().length == 0;
         } else {
             return allowAllOrigins;
         }
@@ -384,39 +383,51 @@ public class CrossOriginResourceSharingF
         }
     }
 
-    private List<String> effectiveAllowOrigins(CrossOriginResourceSharing ann) {
-        List<String> actualOrigins = Collections.emptyList(); 
-        if (ann != null && ann.allowOrigins() != null) {
+    private boolean effectiveAllowOrigins(CrossOriginResourceSharing ann, List<String>
origins) {
+        if (effectiveAllowAllOrigins(ann)) {
+            return true;
+        }
+        List<String> actualOrigins = null; 
+        if (ann != null) {
             actualOrigins = Arrays.asList(ann.allowOrigins());
-        } 
+        } else {
+            actualOrigins = allowOrigins;
+        }
         
-        return actualOrigins.isEmpty() ? allowOrigins : actualOrigins;
+        return actualOrigins != null ? actualOrigins.containsAll(origins) : true;
     }
     
     private boolean effectiveAllowAnyHeaders(CrossOriginResourceSharing ann) {
         if (ann != null) {
-            return ann.allowAnyHeaders();
+            return ann.allowHeaders().length == 0;
         } else {
             return allowAnyHeaders;
         }
     }
     
-    private List<String> effectiveAllowHeaders(CrossOriginResourceSharing ann) {
-        List<String> actualHeaders = Collections.emptyList(); 
+    private boolean effectiveAllowHeaders(CrossOriginResourceSharing ann, List<String>
aHeaders) {
+        if (effectiveAllowAnyHeaders(ann)) {
+            return true;
+        }
+        List<String> actualHeaders = null; 
         if (ann != null && ann.allowHeaders() != null) {
             actualHeaders = Arrays.asList(ann.allowHeaders());
-        } 
+        } else {
+            actualHeaders = allowHeaders;
+        }
         
-        return actualHeaders.isEmpty() ? allowHeaders : actualHeaders;
+        return actualHeaders != null ? actualHeaders.containsAll(aHeaders) : true;
     }
 
     private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) {
-        List<String> actualExposeHeaders = Collections.emptyList(); 
-        if (ann != null && ann.exposeHeaders() != null) {
+        List<String> actualExposeHeaders = null; 
+        if (ann != null) {
             actualExposeHeaders = Arrays.asList(ann.exposeHeaders());
-        } 
+        } else {
+            actualExposeHeaders = exposeHeaders;
+        }
         
-        return actualExposeHeaders.isEmpty() ? exposeHeaders : actualExposeHeaders;
+        return actualExposeHeaders;
     }
 
     private Integer effectiveMaxAge(CrossOriginResourceSharing ann) {



Mime
View raw message