org.jasig.web.filter

Class SimpleCorsFilter

java.lang.Object

org.jasig.web.filter.SimpleCorsFilter

All Implemented Interfaces:

javax.servlet.Filter

Direct Known Subclasses:

ComponentCorsFilter

public class SimpleCorsFilter
extends Object
implements javax.servlet.Filter

Default behavior for this filter is to allow origins from * (ie anywhere). It is not reccomended to use this default behavior except for development testing. When configuring the filter, the filter configuration parameters will overwrite any value set in a spring or other configuration file doing dependency injection and initialization.
Multiple ways to configure this:
** Config within web.xml:

 <filter>
   <filter-name>Simple CORS Filter</filter-name>
   <filter-class>org.jasig.web.filter.SimpleCorsFilter</filter-class>
   <init-param>
     <!-- Comma separated domain names -->
     <param-name>allowOrigin</param-name>
     <param-value>someDomain.org, another.com, jasig.org, apereo.org</param-value>

     <param-name>maxAge</param-name>
     <param-value>3600</param-value>

     <!-- Comma separated methods allowed -->
     <param-name>allowMethod</param-name>
     <param-value>POST, GET</param-value>

     <!--Comma separated list of allowed header values -->
     <param-name>allowHeaders</param-name>
     <param-value>Origin, X-Requested-With, Content-Type, Accept</param-value>
   </init-param>
 </filter>
 

** Config with Spring Context

1. Configure web.xml using DelegatingFilterProxy
   
   

   
    <filter>
      <filter-name>corsFilter</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      <init-param>
        <param-name>targetBeanName</param-name>
        <param-value>corsFilter</param-value>
      </init-param>
    </filter>
    ...
    <filter-mapping>
      <filter-name>corsFilter</filter-name>
      <url-pattern>*.html</url-pattern> <!-- set appropriately -->
    </filter-mapping>
    

2. Create your filter in your spring content config XML file (eg applicationContext.xml)

   
    <bean name="corsFilter" class="org.jasig.web.filter.SimpleCorsFilter">
      <property name="allowMethod">POST,GET,PUT</property>
      <property name="maxAge">360</property>
    </bean>
    

Author:

chasegawa@unicon.net

See Also:

ComponentCorsFilter, Filter

Constructor Summary

Constructors

Constructor and Description
SimpleCorsFilter()

Method Summary

Modifier and Type	Method and Description
void	destroy()
void	doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain) Sets the headers to support CORS
void	init(javax.servlet.FilterConfig filterConfig)
void	setAllowHeaders(String allowHeaders) Defaults to "Origin, X-Requested-With, Content-Type, Accept" This value can be overwritten by any value configured in filter config parameters of web.xml
void	setAllowMethod(String allowMethod) Defaults to "POST, GET, PUT, OPTIONS, DELETE, HEAD" This value can be overwritten by any value configured in filter config parameters of web.xml
void	setAllowOrigin(String allowOrigin) Defaults to * This value can be overwritten by any value configured in filter config parameters of web.xml
void	setMaxAge(String maxAge) Defaults to 3600 This value can be overwritten by any value configured in filter config parameters of web.xml

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SimpleCorsFilter

public SimpleCorsFilter()

Method Detail

destroy

public void destroy()

Specified by:

destroy in interface javax.servlet.Filter

See Also:

Filter.destroy()

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Sets the headers to support CORS

Specified by:

doFilter in interface javax.servlet.Filter

Throws:

IOException

javax.servlet.ServletException

See Also:

Filter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)

init

public void init(javax.servlet.FilterConfig filterConfig)

Specified by:

init in interface javax.servlet.Filter

See Also:

Filter.init(javax.servlet.FilterConfig)

setAllowHeaders

public void setAllowHeaders(String allowHeaders)

Defaults to "Origin, X-Requested-With, Content-Type, Accept" This value can be overwritten by any value configured in filter config parameters of web.xml

Parameters:

allowHeaders - comma-separated list of HTTP Headers to allow

setAllowMethod

public void setAllowMethod(String allowMethod)

Defaults to "POST, GET, PUT, OPTIONS, DELETE, HEAD" This value can be overwritten by any value configured in filter config parameters of web.xml

Parameters:

allowMethod - comma-separated list of HTTP Methods

setAllowOrigin

public void setAllowOrigin(String allowOrigin)

Defaults to * This value can be overwritten by any value configured in filter config parameters of web.xml

Parameters:

allowOrigin - comma separated list of domains to use in setting "Access-Control-Allow-Origin"

setMaxAge

public void setMaxAge(String maxAge)

Defaults to 3600 This value can be overwritten by any value configured in filter config parameters of web.xml

Parameters:

maxAge - max time in seconds that a preflight request can be in cache