Package org.restlet.service

Class CorsService

  • public class CorsService
extends Service
    Application service that adds support of CORS. This service lets the target resource specifies the allowed methods. Example: 
     CorsService corsService = new CorsService();
 corsService.setAllowedOrigins(new HashSet(Arrays.asList("http://server.com")));
 corsService.setAllowedCredentials(true);
    Author:
    Manuel Boillod

    • Constructor Summary

      Constructors 
      Constructor Description
      CorsService()
      Constructor.
      CorsService​(boolean enabled)
      Constructor.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      Filter createInboundFilter​(Context context)
      Create the filter that should be invoked for incoming calls.
      java.util.Set<java.lang.String> getAllowedHeaders()
      Returns the modifiable set of headers allowed by the actual request on the current resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
      java.util.Set<java.lang.String> getAllowedOrigins()
      Returns the URI an origin server allows for the requested resource.
      java.util.Set<Method> getDefaultAllowedMethods()
      Returns the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
      java.util.Set<java.lang.String> getExposedHeaders()
      Returns a modifiable whitelist of headers an origin server allows for the requested resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
      int getMaxAge()
      Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
      In case of a negative value, the results of a preflight request is not meant to be cached.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
      boolean isAllowedCredentials()
      If true, adds 'Access-Control-Allow-Credentials' header.
      boolean isAllowingAllRequestedHeaders()
      If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header.
      boolean isSkippingResourceForCorsOptions()
      If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with the default methods.
      void setAllowedCredentials​(boolean allowedCredentials)
      If true, adds 'Access-Control-Allow-Credentials' header.
      void setAllowedHeaders​(java.util.Set<java.lang.String> allowedHeaders)
      Sets the value of the 'Access-Control-Allow-Headers' response header.
      void setAllowedOrigins​(java.util.Set<java.lang.String> allowedOrigins)
      Sets the value of 'Access-Control-Allow-Origin' header.
      void setAllowingAllRequestedHeaders​(boolean allowingAllRequestedHeaders)
      If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
      void setDefaultAllowedMethods​(java.util.Set<Method> defaultAllowedMethods)
      Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
      void setExposedHeaders​(java.util.Set<java.lang.String> exposedHeaders)
      Sets the value of 'Access-Control-Expose-Headers' response header.
      void setMaxAge​(int maxAge)
      Sets the value of 'Access-Control-Max-Age' response header.
      In case of negative value, the header is not set.
      void setSkippingResourceForCorsOptions​(boolean skipResourceForCorsOptions)
      Sets the value of skipResourceForCorsOptions field.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CorsService

        public CorsService()
        Constructor.

      • CorsService

        public CorsService​(boolean enabled)
        Constructor.
        Parameters:
        enabled - True if the service has been enabled.

    • Method Detail

      • createInboundFilter

        public Filter createInboundFilter​(Context context)
        Description copied from class: Service
        Create the filter that should be invoked for incoming calls.
        Overrides:
        createInboundFilter in class Service
        Parameters:
        context - The current context.
        Returns:
        The new filter or null.

      • getAllowedHeaders

        public java.util.Set<java.lang.String> getAllowedHeaders()
        Returns the modifiable set of headers allowed by the actual request on the current resource.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
        Returns:
        The set of headers allowed by the actual request on the current resource.

      • getAllowedOrigins

        public java.util.Set<java.lang.String> getAllowedOrigins()
        Returns the URI an origin server allows for the requested resource. Use "*" as a wildcard character.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Origin" header.
        Returns:
        The origin allowed by the requested resource.

      • getExposedHeaders

        public java.util.Set<java.lang.String> getExposedHeaders()
        Returns a modifiable whitelist of headers an origin server allows for the requested resource.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
        Returns:
        The set of headers an origin server allows for the requested resource.

      • getMaxAge

        public int getMaxAge()
        Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
        In case of a negative value, the results of a preflight request is not meant to be cached.
        Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
        Returns:
        Indicates how long the results of a preflight request can be cached in a preflight result cache.

      • isAllowedCredentials

        public boolean isAllowedCredentials()
        If true, adds 'Access-Control-Allow-Credentials' header.
        Returns:
        True, if the 'Access-Control-Allow-Credentials' header will be added.

      • isAllowingAllRequestedHeaders

        public boolean isAllowingAllRequestedHeaders()
        If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
        Returns:
        True to copy the value

      • isSkippingResourceForCorsOptions

        public boolean isSkippingResourceForCorsOptions()
        If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with the default methods. Default is false.
        Returns:
        True if the filter does not call the server resource for OPTIONS method of CORS request.

      • setAllowedCredentials

        public void setAllowedCredentials​(boolean allowedCredentials)
        If true, adds 'Access-Control-Allow-Credentials' header.
        Parameters:
        allowedCredentials - True to add the 'Access-Control-Allow-Credentials' header.

      • setAllowedHeaders

        public void setAllowedHeaders​(java.util.Set<java.lang.String> allowedHeaders)
        Sets the value of the 'Access-Control-Allow-Headers' response header. Used only if allowingAllRequestedHeaders is false.
        Parameters:
        allowedHeaders - The value of 'Access-Control-Allow-Headers' response header.

      • setAllowedOrigins

        public void setAllowedOrigins​(java.util.Set<java.lang.String> allowedOrigins)
        Sets the value of 'Access-Control-Allow-Origin' header.
        Parameters:
        allowedOrigins - The value of 'Access-Control-Allow-Origin' header.

      • setAllowingAllRequestedHeaders

        public void setAllowingAllRequestedHeaders​(boolean allowingAllRequestedHeaders)
        If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
        Parameters:
        allowingAllRequestedHeaders - True to copy the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

      • setDefaultAllowedMethods

        public void setDefaultAllowedMethods​(java.util.Set<Method> defaultAllowedMethods)
        Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
        Parameters:
        defaultAllowedMethods - The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

      • setExposedHeaders

        public void setExposedHeaders​(java.util.Set<java.lang.String> exposedHeaders)
        Sets the value of 'Access-Control-Expose-Headers' response header.
        Parameters:
        exposedHeaders - The value of 'Access-Control-Expose-Headers' response header.

      • setMaxAge

        public void setMaxAge​(int maxAge)
        Sets the value of 'Access-Control-Max-Age' response header.
        In case of negative value, the header is not set.
        Parameters:
        maxAge - The value of 'Access-Control-Max-Age' response header.

      • setSkippingResourceForCorsOptions

        public void setSkippingResourceForCorsOptions​(boolean skipResourceForCorsOptions)
        Sets the value of skipResourceForCorsOptions field.
        Parameters:
        skipResourceForCorsOptions - True if the filter does not call the server resource for OPTIONS method of CORS request.