cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sergkorney <sergkor...@gmail.com>
Subject Re: CORS
Date Fri, 11 Nov 2011 19:46:18 GMT
Thank you very much for the hint. I have added initial draft to support
handling authenticated CORS requests for GET methods. And it works just fine
(with cxf 2.5.0).
Here is jaxrs input filter :

public class JaxrsCorsInputFilter implements RequestHandler {

	final static String HEADER_ORIGIN = "origin";
	
    @Context
    private HttpHeaders headers;
	
	@Override
	public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
        if ("OPTIONS".equals(m.get(Message.HTTP_REQUEST_METHOD))) {
            return Response.status(Status.SERVICE_UNAVAILABLE).build();
        }
        List<String> values = headers.getRequestHeader(HEADER_ORIGIN);
        if (values != null ) {
        	if (true) {//check here if request came from allowed origin
                m.getExchange().put(HEADER_ORIGIN, values);
        	}
        }
        
		return null;
	}

}


And here is jaxrs output filter:

public class JaxrsCorsOutputFilter implements ResponseHandler {

	private final static String HEADER_AC_ALLOW_ORIGIN =
"Access-Control-Allow-Origin";
	private final static String HEADER_AC_ALLOW_CREDENTIALS =
"Access-Control-Allow-Credentials";
	private final static String HEADER_AC_EXPOSE_HEADERS =
"Access-Control-Expose-Headers";

	@Override
	public Response handleResponse(Message m, OperationResourceInfo ori,
			Response response) {
        Object objOrigin =
m.getExchange().get(JaxrsCorsInputFilter.HEADER_ORIGIN);
        if (objOrigin instanceof List<?> ) {
        	List<String> origin = (List<String>) objOrigin;
			Map<String, List&lt;String>> headers = (Map<String,
List&lt;String>>)m.get(Message.PROTOCOL_HEADERS);
    	    if (headers == null) {
        	    headers = new TreeMap<String,
List&lt;String>>(String.CASE_INSENSITIVE_ORDER);
            	m.put(Message.PROTOCOL_HEADERS, headers);
	        }
    	    headers.put(HEADER_AC_ALLOW_ORIGIN, origin);
        	headers.put(HEADER_AC_ALLOW_CREDENTIALS, Arrays.asList(new
String[]{"true"}));
        	headers.put(HEADER_AC_EXPOSE_HEADERS, Arrays.asList(new
String[]{"GET"}));
        }
		return response;
	}

}


--
View this message in context: http://cxf.547215.n5.nabble.com/CORS-tp4970153p4985376.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message