Return-Path: 
 <dev-return-11695-apmail-cxf-dev-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-dev-archive@www.apache.org
Delivered-To: apmail-cxf-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 75BCE77AC
	for <apmail-cxf-dev-archive@www.apache.org>;
 Thu,  1 Dec 2011 16:01:40 +0000 (UTC)
Received: (qmail 89294 invoked by uid 500); 1 Dec 2011 16:01:39 -0000
Delivered-To: apmail-cxf-dev-archive@cxf.apache.org
Received: (qmail 89014 invoked by uid 500); 1 Dec 2011 16:01:39 -0000
Mailing-List: contact dev-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@cxf.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@cxf.apache.org>
List-Post: <mailto:dev@cxf.apache.org>
List-Id: <dev.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list dev@cxf.apache.org
Received: (qmail 89006 invoked by uid 99); 1 Dec 2011 16:01:39 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2011 16:01:39 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of sberyozkin@gmail.com designates
 74.125.83.41 as permitted sender)
Received: from [74.125.83.41] (HELO mail-ee0-f41.google.com) (74.125.83.41)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Dec 2011 16:01:31 +0000
Received: by eekc14 with SMTP id c14so1593645eek.0
        for <dev@cxf.apache.org>; Thu, 01 Dec 2011 08:01:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        bh=zfT/viuqqt0Rn3ZBsop3z2mhAKMrO8sIaTkXJEYZL5g=;
        b=wWbsW4mrHxplMJ5AU4sAyST8Kdvj5QmXr9L/53jekQYy+UYnyMxuhhxarY9SS/Cu5I
         +E2CtiJ1NsqJV7twt47t0df3tb/0xkckfUPjbkEu7OJqEEpDp0fteRN87N2AO3+0/upG
         Dor/jJvwVh5hv7AJxFlU7QyUQKossOCW43yvM=
Received: by 10.216.229.75 with SMTP id g53mr452994weq.31.1322755271315;
        Thu, 01 Dec 2011 08:01:11 -0800 (PST)
Received: from [192.168.2.3] ([89.100.138.187])
        by mx.google.com with ESMTPS id m30sm6303705wbo.14.2011.12.01.08.01.08
        (version=SSLv3 cipher=OTHER);
        Thu, 01 Dec 2011 08:01:08 -0800 (PST)
Message-ID: <4ED7A4C3.7010607@gmail.com>
Date: Thu, 01 Dec 2011 16:01:07 +0000
From: Sergey Beryozkin <sberyozkin@gmail.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
 rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11
MIME-Version: 1.0
To: dev@cxf.apache.org
Subject: Re: [proposal] Cross-Origin JAX-RS annotations
References: 
 <CALhtWkcoE6vdH+8PWG_fQWxfRrOgkmcsHLUJC551VAJ5n23OhA@mail.gmail.com>
	<4ED79E7D.1040504@gmail.com>
 <CALhtWkfWjhyT-oC0=a4S1qMeBmwxcurppDsm=9uM0WOupdeiOA@mail.gmail.com>
In-Reply-To: 
 <CALhtWkfWjhyT-oC0=a4S1qMeBmwxcurppDsm=9uM0WOupdeiOA@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

On 01/12/11 15:51, Benson Margulies wrote:
> On Thu, Dec 1, 2011 at 10:34 AM, Sergey Beryozkin<sberyozkin@gmail.com>  wrote:
>> On 01/12/11 14:51, Benson Margulies wrote:
>>>
>>> I propose to add the following
>>>
>>> @CorsAllowAllOrigins
>>> @CorsAllowOrigins(  "origin1.", ... "originN" )
>>> @CorsAllowMethods( "meth1" ... "methn" )
>>> @CorsExposeMethods( ... )
>>> @CorsMaxAge(integer)
>>> @CorsAllowCredentials(boolean)
>>>
>>> and make the filter look for them on resources and classes in the usual
>>> way.
>>>
>>> Any objections?
>>
>>
>> Can we collapse it all into a single annotation but with many properties ?
>> @Cors(origins = "...",
>>       methods = "a b c"
>>       allowCredentials = true
>>       )
>>
>> I'd prefer if possible to avoid the explosion of annotations.
>
> I hate space-separated. Can they be String[], or am I stuck with those spaces?
>

Yes, they can

>>
>> Re @CorsAllowMethods( "meth1" ... "methn" ) (or methods = "a b") - is it
>> HTTP methods ?
>
> yes.
>
>> Then how it work on a method annotated with say @POST ? May be it should be
>> a single method value only ?
>
> So we don't need this annotation. If any of the others are there, it
> would imply permission for the method.
>
OK
>> Re CorsAllowOrigins, is it relative URIs ? We'd probably need to think of
>> introducing properties such as absolute.uri, etc, to be reused by other
>> annotation such as SchemaLocation&  XMLInstruction
>
> Origin must be an absolute URI. In fact, it's a list of them due to redirects.
>
> You never need to list 'right here', right here is always allowed.
> It's only necessary to list other places, so I don't see the need for
> anything tricky.
>
Ok, I guess this is an optional property here. But if we have a redirect 
allowed to other endpoint hosted inside the same web app then we may 
have to deal with the substitution - I'll take care of it as I will need 
to do something about it in context of the other work too

Thanks, Sergey

>>
>> Thanks, Sergey


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/

Blog: http://sberyozkin.blogspot.com