cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1300509 - in /cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors: CrossOriginResourceSharing.java CrossOriginResourceSharingFilter.java
Date Wed, 14 Mar 2012 11:23:59 GMT
Author: sergeyb
Date: Wed Mar 14 11:23:58 2012
New Revision: 1300509

URL: http://svn.apache.org/viewvc?rev=1300509&view=rev
Log:
[CXF-4167] restoring allowAllOrigins for a moment

Modified:
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java?rev=1300509&r1=1300508&r2=1300509&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
(original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
Wed Mar 14 11:23:58 2012
@@ -44,9 +44,14 @@ import java.lang.annotation.Target;
 @Inherited
 public @interface CrossOriginResourceSharing {
     /**
-     * A list of permitted origins. This resource will 
-     * return * <pre>Access-Control-Allow-Origin: *</pre>
-     * for a valid request if the list is empty.
+     * If true, this resource will return 
+     * <pre>Access-Control-Allow-Origin: *</pre>
+     * for a valid request 
+     */
+    boolean allowAllOrigins() default false;
+    /**
+     * A list of permitted origins. It is ignored if
+     * {@link #allowAllOrigins()} returns true
      */
     String[] allowOrigins() default { };
     /**

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java?rev=1300509&r1=1300508&r2=1300509&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
(original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
Wed Mar 14 11:23:58 2012
@@ -78,13 +78,11 @@ public class CrossOriginResourceSharingF
      */
     private List<String> allowOrigins = Collections.emptyList();
     private List<String> allowHeaders = Collections.emptyList();
-    private boolean allowAllOrigins;
     private boolean allowCredentials;
-    private List<String> exposeHeaders;
+    private List<String> exposeHeaders = Collections.emptyList();
     private Integer maxAge;
     private Integer preflightFailStatus = 200;
     private boolean defaultOptionsMethodsHandlePreflight;
-    private boolean allowAnyHeaders;
     
     
     private CrossOriginResourceSharing getAnnotation(OperationResourceInfo ori) {
@@ -369,9 +367,9 @@ public class CrossOriginResourceSharingF
 
     private boolean effectiveAllowAllOrigins(CrossOriginResourceSharing ann) {
         if (ann != null) {
-            return ann.allowOrigins().length == 0;
+            return ann.allowAllOrigins();
         } else {
-            return allowAllOrigins;
+            return allowOrigins.isEmpty();
         }
     }
 
@@ -387,21 +385,23 @@ public class CrossOriginResourceSharingF
         if (effectiveAllowAllOrigins(ann)) {
             return true;
         }
-        List<String> actualOrigins = null; 
+        List<String> actualOrigins = Collections.emptyList(); 
         if (ann != null) {
             actualOrigins = Arrays.asList(ann.allowOrigins());
-        } else {
+        } 
+        
+        if (actualOrigins.isEmpty()) {
             actualOrigins = allowOrigins;
         }
         
-        return actualOrigins != null ? actualOrigins.containsAll(origins) : true;
+        return actualOrigins.containsAll(origins);
     }
     
     private boolean effectiveAllowAnyHeaders(CrossOriginResourceSharing ann) {
         if (ann != null) {
             return ann.allowHeaders().length == 0;
         } else {
-            return allowAnyHeaders;
+            return allowHeaders.isEmpty();
         }
     }
     
@@ -410,13 +410,13 @@ public class CrossOriginResourceSharingF
             return true;
         }
         List<String> actualHeaders = null; 
-        if (ann != null && ann.allowHeaders() != null) {
+        if (ann != null) {
             actualHeaders = Arrays.asList(ann.allowHeaders());
         } else {
             actualHeaders = allowHeaders;
         }
         
-        return actualHeaders != null ? actualHeaders.containsAll(aHeaders) : true;
+        return actualHeaders.containsAll(aHeaders);
     }
 
     private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) {
@@ -516,18 +516,6 @@ public class CrossOriginResourceSharingF
         return allowOrigins;
     }
 
-    /**
-     * Whether to implement Access-Control-Allow-Origin: *
-     * 
-     * @param allowAllOrigins if true, all origins are accepted and 
-     * "*" is returned in the header. Sections
-     * 5.1.1 and 5.1.2, and 5.2.1 and 5.2.2. If false, then the list of allowed origins must
be
-     */
-    public void setAllowAllOrigins(boolean allowAllOrigins) {
-        this.allowAllOrigins = allowAllOrigins;
-    }
-
-    
     public List<String> getAllowHeaders() {
         return allowHeaders;
     }
@@ -607,19 +595,5 @@ public class CrossOriginResourceSharingF
         this.defaultOptionsMethodsHandlePreflight = defaultOptionsMethodsHandlePreflight;
     }
 
-    public boolean isAllowAnyHeaders() {
-        return allowAnyHeaders;
-    }
-
-    /**
-     * Completely relax the Access-Control-Request-Headers check. 
-     * Any headers in this header will be permitted. Handy for 
-     * dealing with Chrome / Firefox / Safari incompatibilities.
-     * @param allowAnyHeader whether to allow any header. If <tt>false</tt>,
-     * respect the allowHeaders property.
-     */
-    public void setAllowAnyHeaders(boolean allowAnyHeader) {
-        this.allowAnyHeaders = allowAnyHeader;
-    }
-
+    
 }



Mime
View raw message