diff options
author | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2013-09-26 20:33:20 +0000 |
---|---|---|
committer | lresende <lresende@13f79535-47bb-0310-9956-ffa450edef68> | 2013-09-26 20:33:20 +0000 |
commit | e5b7380c874745c989d1816b8f552504f038e1bc (patch) | |
tree | 3084133139737c821ce5384bd27fc2258e795826 /sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java | |
parent | 33b786453598495cde754c80f5a9397de68ff60e (diff) |
2.0 branch for possible maintenance release
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1526672 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to '')
-rw-r--r-- | sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java | 104 |
1 files changed, 104 insertions, 0 deletions
diff --git a/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java new file mode 100644 index 0000000000..ffb92f520f --- /dev/null +++ b/sca-java-2.x/branches/2.0/modules/common-http/src/main/java/org/apache/tuscany/sca/common/http/cors/CORSHeaderProcessor.java @@ -0,0 +1,104 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.tuscany.sca.common.http.cors; + +import java.io.IOException; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +public class CORSHeaderProcessor { + public static void processCORS(CORSConfiguration config, HttpServletRequest request, HttpServletResponse response) + throws IOException { + + if (config == null) { + String allowHeaders = request.getHeader("Access-Control-Request-Headers"); + if (allowHeaders == null) { + allowHeaders = "Content-Type, Accept, Origin, X-Requested-With"; + } + String allowMethods = request.getHeader("Access-Control-Request-Method"); + if (allowMethods == null) { + allowHeaders = "OPTIONS, HEAD, GET, POST, PUT, DELETE"; + } + + String allowOrigins = request.getHeader("Origin"); + if (allowOrigins == null) { + allowOrigins = "*"; + } + + response.setHeader("Access-Control-Allow-Origin", allowOrigins); + response.setHeader("Access-Control-Allow-Headers", allowHeaders); + response.setHeader("Access-Control-Allow-Credentials", "true"); + if ("OPTIONS".equalsIgnoreCase(request.getMethod())) { + response.setHeader("Access-Control-Allow-Methods", allowMethods); + response.setHeader("Access-Control-Max-Age", "1728000"); + } + return; + } + + if (config.isAllowCredentials()) { + response.setHeader("Access-Control-Allow-Credentials", "true"); + } + + if (config.getMaxAge() > 0) { + response.setHeader("Access-Control-Max-Age", Integer.toString(config.getMaxAge())); + } + + response.setHeader("Access-Control-Allow-Origin", getAllowOrigins(config, request)); + response.setHeader("Access-Control-Allow-Methods", getAllowMethods(config)); + response.setHeader("Access-Control-Allow-Headers", getAllowHeaders(config)); + response.setHeader("Access-Control-Expose-Headers", getExposeHeaders(config)); + } + + private static String getAllowOrigins(CORSConfiguration config, HttpServletRequest request) { + String allowOrigins = request.getHeader("Origin"); + if (allowOrigins == null) { + allowOrigins = "*"; + } + return getListValues(config.getAllowOrigins(), allowOrigins); + } + + private static String getAllowMethods(CORSConfiguration config) { + return getListValues(config.getAllowMethods(), "OPTIONS, HEAD, GET, POST, PUT, DELETE"); + } + + private static String getAllowHeaders(CORSConfiguration config) { + return getListValues(config.getAllowHeaders(), "X-Requested-With, Content-Type, Accept, Origin"); + } + + private static String getExposeHeaders(CORSConfiguration config) { + return getListValues(config.getExposeHeaders(), "X-Requested-With, Content-Type"); + } + + private static String getListValues(List<String> list, String defaultValue) { + StringBuffer values = new StringBuffer(); + if (list != null && list.isEmpty() == false) { + for (String value : list) { + values.append(value).append(","); + } + values.deleteCharAt(values.length()); + } else { + values.append(defaultValue); + } + + return values.toString(); + } +} |