@Provider
public class CorsImplSupplierFilter
extends org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter
Enables support for Cross Origin Resource Sharing (CORS) filtering on Apache Brooklyn REST API.
If enabled, the allowed origins for the CORS headers should be configured
using the brooklyn.experimental.feature.corsCxfFeature.allowedOrigins=[]
property.
If brooklyn.experimental.feature.corsCxfFeature.allowedOrigins
is not is not supplied then allowedOrigins will be a wildcard on all domains.
Not specifying allowedOrigins
is strongly discouraged.
Currently there is no support for varying these headers on a per-API-resource basis, that is, the same configured headers are applied to all requests.
Apache Brooklyn API requests should be exposed to third party web apps with great attention.
Apache Brooklyn API calls do not use CORS annotations so findResourceMethod is set to false.Modifier and Type | Field and Description |
---|---|
static ConfigKey<java.lang.Boolean> |
ALLOW_CREDENTIALS |
static ConfigKey<java.util.List<java.lang.String>> |
ALLOW_HEADERS |
static ConfigKey<java.util.List<java.lang.String>> |
ALLOW_ORIGINS |
static ConfigKey<java.lang.Boolean> |
BLOCK_CORS_IF_UNAUTHORIZED |
static ConfigKey<java.util.List<java.lang.String>> |
EXPOSE_HEADERS |
static ConfigKey<java.lang.Integer> |
MAX_AGE |
static ConfigKey<java.lang.Integer> |
PREFLIGHT_FAIL_STATUS |
Constructor and Description |
---|
CorsImplSupplierFilter() |
CorsImplSupplierFilter(ManagementContext mgmt) |
Modifier and Type | Method and Description |
---|---|
void |
filter(javax.ws.rs.container.ContainerRequestContext requestContext) |
void |
filter(javax.ws.rs.container.ContainerRequestContext requestContext,
javax.ws.rs.container.ContainerResponseContext responseContext) |
boolean |
isEnableCors() |
void |
setAllowHeaders(java.lang.String allowHeaders) |
void |
setAllowOrigins(java.lang.String allowedOrigins) |
void |
setEnableCors(boolean enabled) |
void |
setExposeHeaders(java.lang.String exposeHeaders) |
void |
setMaxAge(java.lang.Integer maxAge) |
getAllowHeaders, getAllowOrigins, getExposeHeaders, getMaxAge, isAllowCredentials, setAllowCredentials, setAllowHeaders, setAllowOrigins, setBlockCorsIfUnauthorized, setDefaultOptionsMethodsHandlePreflight, setExposeHeaders, setFindResourceMethod, setPreflightErrorStatus
public static final ConfigKey<java.util.List<java.lang.String>> ALLOW_ORIGINS
CrossOriginResourceSharingFilter#setAllowOrigins(List)
public static final ConfigKey<java.util.List<java.lang.String>> ALLOW_HEADERS
CrossOriginResourceSharingFilter#setAllowHeaders(List)
public static final ConfigKey<java.lang.Boolean> ALLOW_CREDENTIALS
CrossOriginResourceSharingFilter.setAllowCredentials(boolean)
public static final ConfigKey<java.util.List<java.lang.String>> EXPOSE_HEADERS
CrossOriginResourceSharingFilter#setExposeHeaders(List)
public static final ConfigKey<java.lang.Integer> MAX_AGE
CrossOriginResourceSharingFilter.setMaxAge(Integer)
public static final ConfigKey<java.lang.Integer> PREFLIGHT_FAIL_STATUS
CrossOriginResourceSharingFilter.setPreflightErrorStatus(Integer)
public static final ConfigKey<java.lang.Boolean> BLOCK_CORS_IF_UNAUTHORIZED
public CorsImplSupplierFilter()
public CorsImplSupplierFilter(@Nullable ManagementContext mgmt)
public void setEnableCors(boolean enabled)
public void setMaxAge(java.lang.Integer maxAge)
setMaxAge
in class org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter
public boolean isEnableCors()
public void setAllowOrigins(java.lang.String allowedOrigins)
public void setAllowHeaders(java.lang.String allowHeaders)
public void setExposeHeaders(java.lang.String exposeHeaders)
public void filter(javax.ws.rs.container.ContainerRequestContext requestContext)
filter
in interface javax.ws.rs.container.ContainerRequestFilter
filter
in class org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter
public void filter(javax.ws.rs.container.ContainerRequestContext requestContext, javax.ws.rs.container.ContainerResponseContext responseContext)
filter
in interface javax.ws.rs.container.ContainerResponseFilter
filter
in class org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter