Return-Path: 
 <commits-return-18638-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9844D9B18
	for <apmail-cxf-commits-archive@www.apache.org>;
 Tue, 13 Mar 2012 11:52:14 +0000 (UTC)
Received: (qmail 20616 invoked by uid 500); 13 Mar 2012 11:52:14 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 20539 invoked by uid 500); 13 Mar 2012 11:52:13 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 20531 invoked by uid 99); 13 Mar 2012 11:52:13 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Mar 2012 11:52:13 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Mar 2012 11:52:12 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 03C472388993;
	Tue, 13 Mar 2012 11:51:52 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1300084 - in
 /cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors:
 CrossOriginResourceSharing.java CrossOriginResourceSharingFilter.java
Date: Tue, 13 Mar 2012 11:51:51 -0000
To: commits@cxf.apache.org
From: sergeyb@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20120313115152.03C472388993@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: sergeyb
Date: Tue Mar 13 11:51:51 2012
New Revision: 1300084

URL: http://svn.apache.org/viewvc?rev=1300084&view=rev
Log:
[CXF-4167] Also removing a couple of redundant annotation properties

Modified:
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
    cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java?rev=1300084&r1=1300083&r2=1300084&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java (original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java Tue Mar 13 11:51:51 2012
@@ -44,28 +44,20 @@ import java.lang.annotation.Target;
 @Inherited
 public @interface CrossOriginResourceSharing {
     /**
-     * If true, this resource will return
-     * <pre>Access-Control-Allow-Origin: *</pre>
-     * for a valid request.
-     */
-    boolean allowAllOrigins() default false;
-    /**
-     * A list of permitted origins. This is ignored 
-     * if {@link #allowAllOrigins()} is true.
+     * A list of permitted origins. This resource will 
+     * return * <pre>Access-Control-Allow-Origin: *</pre>
+     * for a valid request if the list is empty.
      */
     String[] allowOrigins() default { };
     /**
      * A list of headers that the client may include
-     * in an actual request.
+     * in an actual request. All the headers listed in 
+     * the Access-Control-Request-Headers will be allowed if
+     * the list is empty
      */
     String[] allowHeaders() default { };
     
     /**
-     * Act as if whatever headers are listed in the Access-Control-Request-Headers are 
-     * listed in allowHeaders. Convenient for dealing with Browser bugs. 
-     */
-    boolean allowAnyHeaders() default false;
-    /**
      * If true, this resource will return 
      * <pre>Access-Control-Allow-Credentials: true</pre>
      */

Modified: cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java?rev=1300084&r1=1300083&r2=1300084&view=diff
==============================================================================
--- cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java (original)
+++ cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java Tue Mar 13 11:51:51 2012
@@ -80,7 +80,7 @@ public class CrossOriginResourceSharingF
     private List<String> allowHeaders = Collections.emptyList();
     private boolean allowAllOrigins;
     private boolean allowCredentials;
-    private List<String> exposeHeaders = Collections.emptyList();
+    private List<String> exposeHeaders;
     private Integer maxAge;
     private Integer preflightFailStatus = 200;
     private boolean defaultOptionsMethodsHandlePreflight;
@@ -125,7 +125,7 @@ public class CrossOriginResourceSharingF
         }
         
         // 5.1.2 check all the origins
-        if (!effectiveAllowAllOrigins(ann) && !effectiveAllowOrigins(ann).containsAll(values)) {
+        if (!effectiveAllowOrigins(ann, values)) {
             return null;
         }
         
@@ -215,8 +215,7 @@ public class CrossOriginResourceSharingF
          */
 
         // 5.2.2 must be on the list or we must be matching *.
-        boolean effectiveAllowAllOrigins = effectiveAllowAllOrigins(ann);
-        if (!effectiveAllowAllOrigins && !effectiveAllowOrigins(ann).contains(origin)) {
+        if (!effectiveAllowOrigins(ann, Collections.singletonList(origin))) {
             return createPreflightResponse(m, false);
         }
 
@@ -227,7 +226,7 @@ public class CrossOriginResourceSharingF
         // This was indirectly enforced by getCorsMethod()
 
         // 5.2.6 reject if the header is not listed.
-        if (!effectiveAllowAnyHeaders(ann) && !effectiveAllowHeaders(ann).containsAll(requestHeaders)) {
+        if (!effectiveAllowHeaders(ann, requestHeaders)) {
             return createPreflightResponse(m, false);
         }
 
@@ -370,7 +369,7 @@ public class CrossOriginResourceSharingF
 
     private boolean effectiveAllowAllOrigins(CrossOriginResourceSharing ann) {
         if (ann != null) {
-            return ann.allowAllOrigins();
+            return ann.allowOrigins().length == 0;
         } else {
             return allowAllOrigins;
         }
@@ -384,39 +383,51 @@ public class CrossOriginResourceSharingF
         }
     }
 
-    private List<String> effectiveAllowOrigins(CrossOriginResourceSharing ann) {
-        List<String> actualOrigins = Collections.emptyList(); 
-        if (ann != null && ann.allowOrigins() != null) {
+    private boolean effectiveAllowOrigins(CrossOriginResourceSharing ann, List<String> origins) {
+        if (effectiveAllowAllOrigins(ann)) {
+            return true;
+        }
+        List<String> actualOrigins = null; 
+        if (ann != null) {
             actualOrigins = Arrays.asList(ann.allowOrigins());
-        } 
+        } else {
+            actualOrigins = allowOrigins;
+        }
         
-        return actualOrigins.isEmpty() ? allowOrigins : actualOrigins;
+        return actualOrigins != null ? actualOrigins.containsAll(origins) : true;
     }
     
     private boolean effectiveAllowAnyHeaders(CrossOriginResourceSharing ann) {
         if (ann != null) {
-            return ann.allowAnyHeaders();
+            return ann.allowHeaders().length == 0;
         } else {
             return allowAnyHeaders;
         }
     }
     
-    private List<String> effectiveAllowHeaders(CrossOriginResourceSharing ann) {
-        List<String> actualHeaders = Collections.emptyList(); 
+    private boolean effectiveAllowHeaders(CrossOriginResourceSharing ann, List<String> aHeaders) {
+        if (effectiveAllowAnyHeaders(ann)) {
+            return true;
+        }
+        List<String> actualHeaders = null; 
         if (ann != null && ann.allowHeaders() != null) {
             actualHeaders = Arrays.asList(ann.allowHeaders());
-        } 
+        } else {
+            actualHeaders = allowHeaders;
+        }
         
-        return actualHeaders.isEmpty() ? allowHeaders : actualHeaders;
+        return actualHeaders != null ? actualHeaders.containsAll(aHeaders) : true;
     }
 
     private List<String> effectiveExposeHeaders(CrossOriginResourceSharing ann) {
-        List<String> actualExposeHeaders = Collections.emptyList(); 
-        if (ann != null && ann.exposeHeaders() != null) {
+        List<String> actualExposeHeaders = null; 
+        if (ann != null) {
             actualExposeHeaders = Arrays.asList(ann.exposeHeaders());
-        } 
+        } else {
+            actualExposeHeaders = exposeHeaders;
+        }
         
-        return actualExposeHeaders.isEmpty() ? exposeHeaders : actualExposeHeaders;
+        return actualExposeHeaders;
     }
 
     private Integer effectiveMaxAge(CrossOriginResourceSharing ann) {