cn.ponfee.commons.web

类 WebContext.WebContextFilter

java.lang.Object

cn.ponfee.commons.web.WebContext.WebContextFilter

所有已实现的接口:

javax.servlet.Filter

封闭类:

WebContext

public static class WebContext.WebContextFilter
extends Object
implements javax.servlet.Filter

Implementation of the cross-origin resource sharing.

A typical example is to use this filter to allow cross-domain cometd communication using the standard long polling transport instead of the JSONP transport (that is less efficient and less reactive to failures).

This filter allows the following configuration parameters:

allowedOrigins

a comma separated list of origins that are allowed to access the resources. Default value is *, meaning all origins. Note that using wild cards can result in security problems for requests identifying hosts that do not exist.

If an allowed origin contains one or more * characters (for example http://*.domain.com), then "*" characters are converted to ".*", "." characters are escaped to "\." and the resulting allowed origin interpreted as a regular expression.

Allowed origins can therefore be more complex expressions such as https?://*.domain.[a-z]{3} that matches http or https, multiple subdomains and any 3 letter top-level domain (.com, .net, .org, etc.).

allowedTimingOrigins

a comma separated list of origins that are allowed to time the resource. Default value is the empty string, meaning no origins.

The check whether the timing header is set, will be performed only if the user gets general access to the resource using the allowedOrigins.

allowedMethods

a comma separated list of HTTP methods that are allowed to be used when accessing the resources. Default value is GET,POST,HEAD

allowedHeaders

a comma separated list of HTTP headers that are allowed to be specified when accessing the resources. Default value is X-Requested-With,Content-Type,Accept,Origin. If the value is a single "*", this means that any headers will be accepted.

preflightMaxAge

the number of seconds that preflight requests can be cached by the client. Default value is 1800 seconds, or 30 minutes

allowCredentials

a boolean indicating if the resource allows requests with credentials. Default value is true

exposedHeaders

a comma separated list of HTTP headers that are allowed to be exposed on the client. Default value is the empty list

chainPreflight

if true preflight requests are chained to their target resource for normal handling (as an OPTION request). Otherwise the filter will response to the preflight. Default is true.

A typical configuration could be: ------------------------------------------------------------------------------- Plan A:

  〈filter>
    〈filter-name>00000-web-context-filter
    〈filter-class>cn.ponfee.commons.web.WebContext$WebContextFilter
    〈init-param>
      allowedOrigins
      〈param-value>http://localhost:8080,http://127.0.0.1:8080  
    〈/init-param>
    〈init-param>
      〈param-name>allowedMethods
      〈param-value>GET,POST,HEAD
    〈/init-param>
    〈init-param>
      〈param-name>allowedHeaders
      〈param-value>X-Requested-With,Content-Type,Accept,Origin
    〈/init-param>
  〈/filter>
  〈filter-mapping>
    〈filter-name>00000-web-context-filter
    〈url-pattern>/*
  〈/filter-mapping>
 

Reference from org.eclipse.jetty.servlets.CrossOriginFilter

另请参阅:

Plan B: Spring mvc xml config 过滤器：根据filterName的属性值的首字母排序的顺序执行

字段概要

字段

限定符和类型	字段和说明
static String	ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER
static String	ACCESS_CONTROL_ALLOW_HEADERS_HEADER
static String	ACCESS_CONTROL_ALLOW_METHODS_HEADER
static String	ACCESS_CONTROL_ALLOW_ORIGIN_HEADER
static String	ACCESS_CONTROL_EXPOSE_HEADERS_HEADER
static String	ACCESS_CONTROL_MAX_AGE_HEADER
static String	ACCESS_CONTROL_REQUEST_HEADERS_HEADER
static String	ACCESS_CONTROL_REQUEST_METHOD_HEADER
static String	ALLOW_CREDENTIALS_PARAM
static String	ALLOWED_HEADERS_PARAM
static String	ALLOWED_METHODS_PARAM
static String	ALLOWED_ORIGINS_PARAM
static String	ALLOWED_TIMING_ORIGINS_PARAM
static String	CHAIN_PREFLIGHT_PARAM
static String	EXPOSED_HEADERS_PARAM
static String	PREFLIGHT_MAX_AGE_PARAM
static String	TIMING_ALLOW_ORIGIN_HEADER

构造器概要

构造器

构造器和说明
WebContextFilter()

方法概要

限定符和类型	方法和说明
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse resp, javax.servlet.FilterChain chain)
void	init(javax.servlet.FilterConfig config)
protected boolean	isEnabled(javax.servlet.http.HttpServletRequest request)

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

ACCESS_CONTROL_REQUEST_METHOD_HEADER

public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_REQUEST_HEADERS_HEADER

public static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

public static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_ALLOW_METHODS_HEADER

public static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_ALLOW_HEADERS_HEADER

public static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_MAX_AGE_HEADER

public static final String ACCESS_CONTROL_MAX_AGE_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

另请参阅:

常量字段值

ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

public static final String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

另请参阅:

常量字段值

TIMING_ALLOW_ORIGIN_HEADER

public static final String TIMING_ALLOW_ORIGIN_HEADER

另请参阅:

常量字段值

ALLOWED_ORIGINS_PARAM

public static final String ALLOWED_ORIGINS_PARAM

另请参阅:

常量字段值

ALLOWED_TIMING_ORIGINS_PARAM

public static final String ALLOWED_TIMING_ORIGINS_PARAM

另请参阅:

常量字段值

ALLOWED_METHODS_PARAM

public static final String ALLOWED_METHODS_PARAM

另请参阅:

常量字段值

ALLOWED_HEADERS_PARAM

public static final String ALLOWED_HEADERS_PARAM

另请参阅:

常量字段值

PREFLIGHT_MAX_AGE_PARAM

public static final String PREFLIGHT_MAX_AGE_PARAM

另请参阅:

常量字段值

ALLOW_CREDENTIALS_PARAM

public static final String ALLOW_CREDENTIALS_PARAM

另请参阅:

常量字段值

EXPOSED_HEADERS_PARAM

public static final String EXPOSED_HEADERS_PARAM

另请参阅:

常量字段值

CHAIN_PREFLIGHT_PARAM

public static final String CHAIN_PREFLIGHT_PARAM

另请参阅:

常量字段值

构造器详细资料

WebContextFilter

public WebContextFilter()

方法详细资料

init

public void init(javax.servlet.FilterConfig config)

指定者:

init 在接口中 javax.servlet.Filter

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse resp,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

指定者:

doFilter 在接口中 javax.servlet.Filter

抛出:

IOException

javax.servlet.ServletException

destroy

public void destroy()

指定者:

destroy 在接口中 javax.servlet.Filter

isEnabled

protected boolean isEnabled(javax.servlet.http.HttpServletRequest request)