public class CorsConfiguration
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ALL
Wildcard representing all origins, methods, or headers.
|
private java.lang.Boolean |
allowCredentials |
private java.util.List<java.lang.String> |
allowedHeaders |
private java.util.List<java.lang.String> |
allowedMethods |
private java.util.List<java.lang.String> |
allowedOrigins |
private java.util.List<java.lang.String> |
exposedHeaders |
private java.lang.Long |
maxAge |
Constructor and Description |
---|
CorsConfiguration()
Construct a new, empty
CorsConfiguration instance. |
CorsConfiguration(CorsConfiguration other)
Construct a new
CorsConfiguration instance by copying all
values from the supplied CorsConfiguration . |
Modifier and Type | Method and Description |
---|---|
void |
addAllowedHeader(java.lang.String allowedHeader)
Add an actual request header to allow.
|
void |
addAllowedMethod(HttpMethod method)
Add an HTTP method to allow.
|
void |
addAllowedMethod(java.lang.String method)
Add an HTTP method to allow.
|
void |
addAllowedOrigin(java.lang.String origin)
Add an origin to allow.
|
void |
addExposedHeader(java.lang.String exposedHeader)
Add a response header to expose.
|
java.util.List<java.lang.String> |
checkHeaders(java.util.List<java.lang.String> requestHeaders)
Check the supplied request headers (or the headers listed in the
Access-Control-Request-Headers of a pre-flight request) against
the configured allowed headers. |
java.util.List<HttpMethod> |
checkHttpMethod(HttpMethod requestMethod)
Check the HTTP request method (or the method from the
Access-Control-Request-Method header on a pre-flight request)
against the configured allowed methods. |
java.lang.String |
checkOrigin(java.lang.String requestOrigin)
Check the origin of the request against the configured allowed origins.
|
CorsConfiguration |
combine(CorsConfiguration other)
Combine the supplied
CorsConfiguration with this one. |
private java.util.List<java.lang.String> |
combine(java.util.List<java.lang.String> source,
java.util.List<java.lang.String> other) |
java.lang.Boolean |
getAllowCredentials()
Return the configured
allowCredentials flag, possibly null . |
java.util.List<java.lang.String> |
getAllowedHeaders()
Return the allowed actual request headers, possibly
null . |
java.util.List<java.lang.String> |
getAllowedMethods()
Return the allowed HTTP methods, possibly
null in which case
only "GET" is allowed. |
java.util.List<java.lang.String> |
getAllowedOrigins()
Return the configured origins to allow, possibly
null . |
java.util.List<java.lang.String> |
getExposedHeaders()
Return the configured response headers to expose, possibly
null . |
java.lang.Long |
getMaxAge()
Return the configured
maxAge value, possibly null . |
void |
setAllowCredentials(java.lang.Boolean allowCredentials)
Whether user credentials are supported.
|
void |
setAllowedHeaders(java.util.List<java.lang.String> allowedHeaders)
Set the list of headers that a pre-flight request can list as allowed
for use during an actual request.
|
void |
setAllowedMethods(java.util.List<java.lang.String> allowedMethods)
Set the HTTP methods to allow, e.g.
|
void |
setAllowedOrigins(java.util.List<java.lang.String> allowedOrigins)
Set the origins to allow, e.g.
|
void |
setExposedHeaders(java.util.List<java.lang.String> exposedHeaders)
Set the list of response headers other than simple headers (i.e.
|
void |
setMaxAge(java.lang.Long maxAge)
Configure how long, in seconds, the response from a pre-flight request
can be cached by clients.
|
public static final java.lang.String ALL
private java.util.List<java.lang.String> allowedOrigins
private java.util.List<java.lang.String> allowedMethods
private java.util.List<java.lang.String> allowedHeaders
private java.util.List<java.lang.String> exposedHeaders
private java.lang.Boolean allowCredentials
private java.lang.Long maxAge
public CorsConfiguration()
CorsConfiguration
instance.public CorsConfiguration(CorsConfiguration other)
CorsConfiguration
instance by copying all
values from the supplied CorsConfiguration
.public CorsConfiguration combine(CorsConfiguration other)
CorsConfiguration
with this one.
Properties of this configuration are overridden by any non-null properties of the supplied one.
CorsConfiguration
or this
configuration if the supplied configuration is null
private java.util.List<java.lang.String> combine(java.util.List<java.lang.String> source, java.util.List<java.lang.String> other)
public void setAllowedOrigins(java.util.List<java.lang.String> allowedOrigins)
"http://domain1.com"
.
The special value "*"
allows all domains.
By default this is not set.
public java.util.List<java.lang.String> getAllowedOrigins()
null
.addAllowedOrigin(String)
,
setAllowedOrigins(List)
public void addAllowedOrigin(java.lang.String origin)
public void setAllowedMethods(java.util.List<java.lang.String> allowedMethods)
"GET"
, "POST"
,
"PUT"
, etc.
The special value "*"
allows all methods.
If not set, only "GET"
is allowed.
By default this is not set.
public java.util.List<java.lang.String> getAllowedMethods()
null
in which case
only "GET"
is allowed.public void addAllowedMethod(HttpMethod method)
public void addAllowedMethod(java.lang.String method)
public void setAllowedHeaders(java.util.List<java.lang.String> allowedHeaders)
The special value "*"
allows actual requests to send any
header.
A header name is not required to be listed if it is one of:
Cache-Control
, Content-Language
, Expires
,
Last-Modified
, or Pragma
.
By default this is not set.
public java.util.List<java.lang.String> getAllowedHeaders()
null
.addAllowedHeader(String)
,
setAllowedHeaders(List)
public void addAllowedHeader(java.lang.String allowedHeader)
public void setExposedHeaders(java.util.List<java.lang.String> exposedHeaders)
Cache-Control
, Content-Language
, Content-Type
,
Expires
, Last-Modified
, or Pragma
) that an
actual response might have and can be exposed.
Note that "*"
is not a valid exposed header value.
By default this is not set.
public java.util.List<java.lang.String> getExposedHeaders()
null
.addExposedHeader(String)
,
setExposedHeaders(List)
public void addExposedHeader(java.lang.String exposedHeader)
Note that "*"
is not a valid exposed header value.
public void setAllowCredentials(java.lang.Boolean allowCredentials)
By default this is not set (i.e. user credentials are not supported).
public java.lang.Boolean getAllowCredentials()
allowCredentials
flag, possibly null
.setAllowCredentials(Boolean)
public void setMaxAge(java.lang.Long maxAge)
By default this is not set.
public java.lang.Long getMaxAge()
maxAge
value, possibly null
.setMaxAge(Long)
public java.lang.String checkOrigin(java.lang.String requestOrigin)
requestOrigin
- the origin to checknull
which
means the request origin is not allowedpublic java.util.List<HttpMethod> checkHttpMethod(HttpMethod requestMethod)
Access-Control-Request-Method
header on a pre-flight request)
against the configured allowed methods.requestMethod
- the HTTP request method to checknull
if the supplied requestMethod
is not allowedpublic java.util.List<java.lang.String> checkHeaders(java.util.List<java.lang.String> requestHeaders)
Access-Control-Request-Headers
of a pre-flight request) against
the configured allowed headers.requestHeaders
- the request headers to checknull
if none of the supplied request headers is allowed