private void setAllowOriginAndCredentials(Message m, CrossOriginResourceSharing ann, List<String> headerOriginValues) { boolean allowCreds = effectiveAllowCredentials(ann); m.getExchange().put(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, allowCreds); String originResponse; if (!allowCreds && effectiveAllowAllOrigins(ann)) { originResponse = "*"; } else { originResponse = concatValues(headerOriginValues, true); } m.getExchange().put(CorsHeaderConstants.HEADER_ORIGIN, originResponse); }
private boolean effectiveAllowHeaders(CrossOriginResourceSharing ann, List<String> aHeaders) { if (effectiveAllowAnyHeaders(ann)) { return true; } List<String> actualHeaders = null; if (ann != null) { actualHeaders = Arrays.asList(ann.allowHeaders()); } else { actualHeaders = allowHeaders; } Set<String> actualHeadersSet = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); actualHeadersSet.addAll(actualHeaders); return actualHeadersSet.containsAll(aHeaders); }
private Response simpleRequest(Message m, Method resourceMethod) { CrossOriginResourceSharing ann = getAnnotation(resourceMethod, CrossOriginResourceSharing.class); List<String> headerOriginValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true); // 5.1.1 there has to be an origin if (headerOriginValues == null || headerOriginValues.isEmpty()) { return null; } // 5.1.2 check all the origins if (!effectiveAllowOrigins(ann, headerOriginValues)) { return null; } // handle 5.1.3 setAllowOriginAndCredentials(m, ann, headerOriginValues); // 5.1.4 List<String> effectiveExposeHeaders = effectiveExposeHeaders(ann); if (effectiveExposeHeaders != null && effectiveExposeHeaders.size() != 0) { m.getExchange().put(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders); } // note what kind of processing we're doing. m.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), SIMPLE_REQUEST); return null; }
List<String> headerOriginValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true); if (headerOriginValues == null || headerOriginValues.size() != 1) { return null; List<String> requestMethodValues = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, false); if (requestMethodValues == null || requestMethodValues.size() != 1) { return createPreflightResponse(m, false); method = getResourceMethod(m, requestMethod); if (method == null) { return null; Method optionsMethod = getResourceMethod(m, "OPTIONS"); if (optionsMethod != null) { preflightAnnotation = getAnnotation(optionsMethod, LocalPreflight.class); CrossOriginResourceSharing ann = getAnnotation(method, CrossOriginResourceSharing.class); if (!effectiveAllowOrigins(ann, Collections.singletonList(origin))) { return createPreflightResponse(m, false); List<String> requestHeaders = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, false); if (!effectiveAllowHeaders(ann, requestHeaders)) { return createPreflightResponse(m, false); if (effectiveMaxAge(ann) != null) { m.getExchange().put(CorsHeaderConstants.HEADER_AC_MAX_AGE, effectiveMaxAge(ann).toString());
List<String> headerOriginValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true); if (headerOriginValues == null || headerOriginValues.size() != 1) { return null; List<String> requestMethodValues = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, false); if (requestMethodValues == null || requestMethodValues.size() != 1) { return createPreflightResponse(m, false); Method method = getPreflightMethod(m, requestMethod); if (method == null) { return null; : getAnnotation(opResInfo.getAnnotatedMethod(), LocalPreflight.class); if (preflightAnnotation != null || defaultOptionsMethodsHandlePreflight) { m.put(LOCAL_PREFLIGHT, "true"); CrossOriginResourceSharing ann = getAnnotation(method, CrossOriginResourceSharing.class); ann = ann == null ? corsAnn : ann; if (!effectiveAllowOrigins(ann, Collections.singletonList(origin))) { return createPreflightResponse(m, false); List<String> requestHeaders = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, false); if (!effectiveAllowHeaders(ann, requestHeaders)) { return createPreflightResponse(m, false); if (effectiveMaxAge(ann) != null) { m.getExchange().put(CorsHeaderConstants.HEADER_AC_MAX_AGE,effectiveMaxAge(ann).toString());
= getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS); if (effectiveExposeHeaders != null) { addHeaders(rbuilder, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders, false); addHeaders(rbuilder, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS), false); List<String> rqAllowedHeaders = getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS); if (rqAllowedHeaders != null) { addHeaders(rbuilder, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS, rqAllowedHeaders, false);
private void addHeaders(ResponseBuilder rb, String key, List<String> values, boolean spaceSeparated) { String sb = concatValues(values, spaceSeparated); rb.header(key, sb); }
private boolean effectiveAllowOrigins(CrossOriginResourceSharing ann, List<String> origins) { if (effectiveAllowAllOrigins(ann)) { return true; } List<String> actualOrigins = Collections.emptyList(); if (ann != null) { actualOrigins = Arrays.asList(ann.allowOrigins()); } if (actualOrigins.isEmpty()) { actualOrigins = allowOrigins; } return actualOrigins.containsAll(origins); }
List<String> headerOriginValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true); if (headerOriginValues == null || headerOriginValues.size() != 1) { return null; List<String> requestMethodValues = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_METHOD, false); if (requestMethodValues == null || requestMethodValues.size() != 1) { return createPreflightResponse(m, false); method = getResourceMethod(m, requestMethod); if (method == null) { return null; Method optionsMethod = getResourceMethod(m, "OPTIONS"); if (optionsMethod != null) { preflightAnnotation = getAnnotation(optionsMethod, LocalPreflight.class); CrossOriginResourceSharing ann = getAnnotation(method, CrossOriginResourceSharing.class); if (!effectiveAllowOrigins(ann, Collections.singletonList(origin))) { return createPreflightResponse(m, false); List<String> requestHeaders = getHeaderValues(CorsHeaderConstants.HEADER_AC_REQUEST_HEADERS, false); if (!effectiveAllowHeaders(ann, requestHeaders)) { return createPreflightResponse(m, false); if (effectiveMaxAge(ann) != null) { m.getExchange().put(CorsHeaderConstants.HEADER_AC_MAX_AGE, effectiveMaxAge(ann).toString());
= getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS); if (effectiveExposeHeaders != null) { addHeaders(responseContext, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders, false); addHeaders(responseContext, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS), false); List<String> rqAllowedHeaders = getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS); if (rqAllowedHeaders != null) { addHeaders(responseContext, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS, rqAllowedHeaders, false);
private void addHeaders(ContainerResponseContext responseContext, String key, List<String> values, boolean spaceSeparated) { String sb = concatValues(values, spaceSeparated); responseContext.getHeaders().putSingle(key, sb); }
private boolean effectiveAllowOrigins(CrossOriginResourceSharing ann, List<String> origins) { if (effectiveAllowAllOrigins(ann)) { return true; } List<String> actualOrigins = Collections.emptyList(); if (ann != null) { actualOrigins = Arrays.asList(ann.allowOrigins()); } if (actualOrigins.isEmpty()) { actualOrigins = allowOrigins; } return actualOrigins.containsAll(origins); }
private Response simpleRequest(Message m, Method resourceMethod) { CrossOriginResourceSharing ann = getAnnotation(resourceMethod, CrossOriginResourceSharing.class); List<String> headerOriginValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true); // 5.1.1 there has to be an origin if (headerOriginValues == null || headerOriginValues.isEmpty()) { return null; } // 5.1.2 check all the origins if (!effectiveAllowOrigins(ann, headerOriginValues)) { return null; } // handle 5.1.3 setAllowOriginAndCredentials(m, ann, headerOriginValues); // 5.1.4 List<String> effectiveExposeHeaders = effectiveExposeHeaders(ann); if (effectiveExposeHeaders != null && effectiveExposeHeaders.size() != 0) { m.getExchange().put(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders); } // note what kind of processing we're doing. m.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), SIMPLE_REQUEST); return null; }
private void setAllowOriginAndCredentials(Message m, CrossOriginResourceSharing ann, List<String> headerOriginValues) { boolean allowCreds = effectiveAllowCredentials(ann); m.getExchange().put(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, allowCreds); String originResponse; if (!allowCreds && effectiveAllowAllOrigins(ann)) { originResponse = "*"; } else { originResponse = concatValues(headerOriginValues, true); } m.getExchange().put(CorsHeaderConstants.HEADER_ORIGIN, originResponse); }
= getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS); if (effectiveExposeHeaders != null) { addHeaders(responseContext, CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders, false); addHeaders(responseContext, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_ALLOW_METHODS), false); List<String> rqAllowedHeaders = getHeadersFromInput(m, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS); if (rqAllowedHeaders != null) { addHeaders(responseContext, CorsHeaderConstants.HEADER_AC_ALLOW_HEADERS, rqAllowedHeaders, false);
private void addHeaders(ContainerResponseContext responseContext, String key, List<String> values, boolean spaceSeparated) { String sb = concatValues(values, spaceSeparated); responseContext.getHeaders().putSingle(key, sb); }
private boolean effectiveAllowOrigins(CrossOriginResourceSharing ann, List<String> origins) { if (effectiveAllowAllOrigins(ann)) { return true; } List<String> actualOrigins = Collections.emptyList(); if (ann != null) { actualOrigins = Arrays.asList(ann.allowOrigins()); } if (actualOrigins.isEmpty()) { actualOrigins = allowOrigins; } return actualOrigins.containsAll(origins); }
private boolean effectiveAllowHeaders(CrossOriginResourceSharing ann, List<String> aHeaders) { if (effectiveAllowAnyHeaders(ann)) { return true; } List<String> actualHeaders = null; if (ann != null) { actualHeaders = Arrays.asList(ann.allowHeaders()); } else { actualHeaders = allowHeaders; } Set<String> actualHeadersSet = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); actualHeadersSet.addAll(actualHeaders); return actualHeadersSet.containsAll(aHeaders); }
private Response simpleRequest(Message m, CrossOriginResourceSharing ann) { List<String> headerOriginValues = getHeaderValues(CorsHeaderConstants.HEADER_ORIGIN, true); // 5.1.1 there has to be an origin if (headerOriginValues == null || headerOriginValues.size() == 0) { return null; } // 5.1.2 check all the origins if (!effectiveAllowOrigins(ann, headerOriginValues)) { return null; } // handle 5.1.3 setAllowOriginAndCredentials(m, ann, headerOriginValues); // 5.1.4 List<String> effectiveExposeHeaders = effectiveExposeHeaders(ann); if (effectiveExposeHeaders != null && effectiveExposeHeaders.size() != 0) { m.getExchange().put(CorsHeaderConstants.HEADER_AC_EXPOSE_HEADERS, effectiveExposeHeaders); } // note what kind of processing we're doing. m.getExchange().put(CrossOriginResourceSharingFilter.class.getName(), SIMPLE_REQUEST); return null; }
private void setAllowOriginAndCredentials(Message m, CrossOriginResourceSharing ann, List<String> headerOriginValues) { boolean allowCreds = effectiveAllowCredentials(ann); m.getExchange().put(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, allowCreds); String originResponse; if (!allowCreds && effectiveAllowAllOrigins(ann)) { originResponse = "*"; } else { originResponse = concatValues(headerOriginValues, true); } m.getExchange().put(CorsHeaderConstants.HEADER_ORIGIN, originResponse); }