cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache CXF Documentation > JAX-RS CORS
Date Tue, 04 Jun 2013 08:52:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/2042/9/1/_/styles/combined.css?spaceKey=CXF20DOC&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+CORS">JAX-RS
CORS</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~sergey_beryozkin">Sergey
Beryozkin</a>
    </h4>
        <br/>
                         <h4>Changes (2)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >h1. Examples <br> <br></td></tr>
            <tr><td class="diff-changed-lines" >Here is the test code showing
how [CrossOriginResourceSharing|http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java]
annotations can be applied at the resource and individual method <span class="diff-changed-words">levels<span
class="diff-deleted-chars"style="color:#999;background-color:#fdd;text-decoration:line-through;">:</span><span
class="diff-added-chars"style="background-color: #dfd;">.</span></span> <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">Note
that an origin is restricted to &quot;http://area51.mil:31415&quot; by the &#39;allowOrigins&#39;
property, which may contain multiple URI values. A boolean &#39;allowAllOrigins&#39;
property can be used instead (to simplify the testing or when it is deemed it is secure enough
within a given environment to allow for all the origins).   <br> <br></td></tr>
            <tr><td class="diff-unchanged" >{code:java} <br>@CrossOriginResourceSharing(
<br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <p><span style="font-size:2em;font-weight:bold"> JAX-RS: CORS </span></p>


<div>
<ul>
    <li><a href='#JAX-RSCORS-Introduction'>Introduction</a></li>
    <li><a href='#JAX-RSCORS-Mavendependencies'>Maven dependencies</a></li>
    <li><a href='#JAX-RSCORS-Examples'>Examples</a></li>
</ul></div>

<h1><a name="JAX-RSCORS-Introduction"></a>Introduction</h1>

<p>CXF 2.5.1 introduces the <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/"
class="external-link" rel="nofollow">initial support</a> for the <a href="http://www.w3.org/TR/cors/"
class="external-link" rel="nofollow">Cross-Origin Resource Sharing</a> specification
that "defines a mechanism to enable client-side cross-origin requests".</p>

<p>This <a href="https://developer.mozilla.org/en/http_access_control" class="external-link"
rel="nofollow">Mozilla.org page</a> provides a very good explanation of CORS.</p>

<p>Please see the <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/package.html"
class="external-link" rel="nofollow">package.html</a> for a good introduction to
CORS and the way it is supported in CXF JAX-RS.</p>

<p>Note that the <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java"
class="external-link" rel="nofollow">CORS filter</a> uses the JAX-RS selection algorithm
to ensure that the JAX-RS resource method capable of handling the  request does exist.</p>

<h1><a name="JAX-RSCORS-Mavendependencies"></a>Maven dependencies</h1>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml">
<span class="code-tag">&lt;dependency&gt;</span>
  <span class="code-tag">&lt;groupId&gt;</span>org.apache.cxf<span
class="code-tag">&lt;/groupId&gt;</span>
  <span class="code-tag">&lt;artifactId&gt;</span>cxf-rt-rs-security-cors<span
class="code-tag">&lt;/artifactId&gt;</span>
  <span class="code-tag">&lt;version&gt;</span>2.6.1<span class="code-tag">&lt;/version&gt;</span>
<span class="code-tag">&lt;/dependency&gt;</span>
</pre>
</div></div>

<h1><a name="JAX-RSCORS-Examples"></a>Examples</h1>

<p>Here is the test code showing how <a href="http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java"
class="external-link" rel="nofollow">CrossOriginResourceSharing</a> annotations can
be applied at the resource and individual method levels.</p>

<p>Note that an origin is restricted to "http://area51.mil:31415" by the 'allowOrigins'
property, which may contain multiple URI values. A boolean 'allowAllOrigins' property can
be used instead (to simplify the testing or when it is deemed it is secure enough within a
given environment to allow for all the origins).  </p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
@CrossOriginResourceSharing(
        allowOrigins = {
           <span class="code-quote">"http:<span class="code-comment">//area51.mil:31415"</span>
</span>        }, 
        allowCredentials = <span class="code-keyword">true</span>, 
        maxAge = 1, 
        allowHeaders = {
           <span class="code-quote">"X-custom-1"</span>, <span class="code-quote">"X-custom-2"</span>
        }, 
        exposeHeaders = {
           <span class="code-quote">"X-custom-3"</span>, <span class="code-quote">"X-custom-4"</span>
        }
)
<span class="code-keyword">public</span> class AnnotatedCorsServer {
    @Context
    <span class="code-keyword">private</span> HttpHeaders headers;

    @GET
    @Produces(<span class="code-quote">"text/plain"</span>)
    @Path(<span class="code-quote">"/simpleGet/{echo}"</span>)
    <span class="code-keyword">public</span> <span class="code-object">String</span>
simpleGet(@PathParam(<span class="code-quote">"echo"</span>) <span class="code-object">String</span>
echo) {
        <span class="code-keyword">return</span> echo;
    }
    
    @POST
    @Produces(<span class="code-quote">"application/json"</span>)
    @Consumes(<span class="code-quote">"application/json"</span>)
    @Path(<span class="code-quote">"/unannotatedPost"</span>)
    <span class="code-keyword">public</span> Response postSomething() {
        <span class="code-keyword">return</span> Response.ok().build();
    }

    @DELETE
    @Path(<span class="code-quote">"/delete"</span>)
    <span class="code-keyword">public</span> Response deleteSomething() {
        <span class="code-keyword">return</span> Response.ok().build();
    }

    <span class="code-comment">// This method will <span class="code-keyword">do</span>
a preflight check itself
</span>    @OPTIONS
    @Path(<span class="code-quote">"/"</span>)
    @LocalPreflight
    <span class="code-keyword">public</span> Response options() {
        <span class="code-object">String</span> origin = headers.getRequestHeader(<span
class="code-quote">"Origin"</span>).get(0);
        <span class="code-keyword">if</span> (<span class="code-quote">"http:<span
class="code-comment">//area51.mil:3333"</span>.equals(origin)) {
</span>            <span class="code-keyword">return</span> Response.ok()
                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, <span class="code-quote">"DELETE
PUT"</span>)
                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, <span
class="code-quote">"<span class="code-keyword">false</span>"</span>)
                           .header(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN, <span class="code-quote">"http:<span
class="code-comment">//area51.mil:3333"</span>)
</span>                           .build();
        } <span class="code-keyword">else</span> {
            <span class="code-keyword">return</span> Response.ok().build();
        }
    }

    @GET
    @CrossOriginResourceSharing(
         allowOrigins = { <span class="code-quote">"http:<span class="code-comment">//area51.mil:31415"</span>
}, 
</span>         allowCredentials = <span class="code-keyword">true</span>,

         exposeHeaders = { <span class="code-quote">"X-custom-3"</span>, <span
class="code-quote">"X-custom-4"</span> }
    )
    @Produces(<span class="code-quote">"text/plain"</span>)
    @Path(<span class="code-quote">"/annotatedGet/{echo}"</span>)
    <span class="code-keyword">public</span> <span class="code-object">String</span>
annotatedGet(@PathParam(<span class="code-quote">"echo"</span>) <span class="code-object">String</span>
echo) {
        <span class="code-keyword">return</span> echo;
    }

    /**
     * A method annotated to test preflight.
     * 
     * @param input
     * @<span class="code-keyword">return</span>
     */
    @PUT
    @Consumes(<span class="code-quote">"text/plain"</span>)
    @Produces(<span class="code-quote">"text/plain"</span>)
    @Path(<span class="code-quote">"/annotatedPut"</span>)
    <span class="code-keyword">public</span> <span class="code-object">String</span>
annotatedPut(<span class="code-object">String</span> input) {
        <span class="code-keyword">return</span> input;
    }
}

</pre>
</div></div>

<p>The server configuration fragment:</p>

<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-xml">

<span class="code-tag">&lt;beans&gt;</span>
        <span class="code-tag">&lt;bean id=<span class="code-quote">"cors-filter"</span>
class=<span class="code-quote">"org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter"</span>/&gt;</span>

	<span class="code-tag">&lt;jaxrs:server id=<span class="code-quote">"service"</span>
address=<span class="code-quote">"/rest"</span>&gt;</span>
		<span class="code-tag">&lt;jaxrs:serviceBeans&gt;</span>
			<span class="code-tag">&lt;ref bean=<span class="code-quote">"cors-server"</span>
/&gt;</span>
		<span class="code-tag">&lt;/jaxrs:serviceBeans&gt;</span>
		<span class="code-tag">&lt;jaxrs:providers&gt;</span>
			<span class="code-tag">&lt;ref bean=<span class="code-quote">"cors-filter"</span>
/&gt;</span>
		<span class="code-tag">&lt;/jaxrs:providers&gt;</span>
	<span class="code-tag">&lt;/jaxrs:server&gt;</span>

        &lt;bean id=<span class="code-quote">"cors-server"</span> scope=<span
class="code-quote">"prototype"</span> 
	      class=<span class="code-quote">"org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer"</span>
/&gt; 

<span class="code-tag">&lt;/beans&gt;</span>

</pre>
</div></div>
    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;">
            <a href="https://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
        </div>
        <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+CORS">View
Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=27835071&revisedVersion=10&originalVersion=9">View
Changes</a>
                |
        <a href="https://cwiki.apache.org/confluence/display/CXF20DOC/JAX-RS+CORS?showComments=true&amp;showCommentArea=true#addcomment">Add
Comment</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message