cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sergkorney <>
Subject Re: CORS
Date Fri, 11 Nov 2011 19:46:18 GMT
Thank you very much for the hint. I have added initial draft to support
handling authenticated CORS requests for GET methods. And it works just fine
(with cxf 2.5.0).
Here is jaxrs input filter :

public class JaxrsCorsInputFilter implements RequestHandler {

	final static String HEADER_ORIGIN = "origin";
    private HttpHeaders headers;
	public Response handleRequest(Message m, ClassResourceInfo resourceClass) {
        if ("OPTIONS".equals(m.get(Message.HTTP_REQUEST_METHOD))) {
            return Response.status(Status.SERVICE_UNAVAILABLE).build();
        List<String> values = headers.getRequestHeader(HEADER_ORIGIN);
        if (values != null ) {
        	if (true) {//check here if request came from allowed origin
                m.getExchange().put(HEADER_ORIGIN, values);
		return null;


And here is jaxrs output filter:

public class JaxrsCorsOutputFilter implements ResponseHandler {

	private final static String HEADER_AC_ALLOW_ORIGIN =
	private final static String HEADER_AC_ALLOW_CREDENTIALS =
	private final static String HEADER_AC_EXPOSE_HEADERS =

	public Response handleResponse(Message m, OperationResourceInfo ori,
			Response response) {
        Object objOrigin =
        if (objOrigin instanceof List<?> ) {
        	List<String> origin = (List<String>) objOrigin;
			Map<String, List&lt;String>> headers = (Map<String,
    	    if (headers == null) {
        	    headers = new TreeMap<String,
            	m.put(Message.PROTOCOL_HEADERS, headers);
    	    headers.put(HEADER_AC_ALLOW_ORIGIN, origin);
        	headers.put(HEADER_AC_ALLOW_CREDENTIALS, Arrays.asList(new
        	headers.put(HEADER_AC_EXPOSE_HEADERS, Arrays.asList(new
		return response;


View this message in context:
Sent from the cxf-dev mailing list archive at

View raw message