org.restlet.service

Class CorsService

java.lang.Object

org.restlet.service.Service

org.restlet.service.CorsService

public class CorsService
extends Service

Application service that adds support of CORS. This service lets the target resource specifies the allowed methods. Example:

 CorsService corsService = new CorsService();
 corsService.setAllowedOrigins(new HashSet(Arrays.asList("http://server.com")));
 corsService.setAllowedCredentials(true);
 

Author:

Manuel Boillod

Constructor Summary

Constructors

Constructor and Description
CorsService() Constructor.
CorsService(boolean enabled) Constructor.

Method Summary

Modifier and Type	Method and Description
Filter	createInboundFilter(Context context) Create the filter that should be invoked for incoming calls.
Set<String>	getAllowedHeaders() Returns the modifiable set of headers allowed by the actual request on the current resource. Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
Set<String>	getAllowedOrigins() Returns the URI an origin server allows for the requested resource.
Set<Method>	getDefaultAllowedMethods() Returns the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
Set<String>	getExposedHeaders() Returns a modifiable whitelist of headers an origin server allows for the requested resource. Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
int	getMaxAge() Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache. In case of a negative value, the results of a preflight request is not meant to be cached. Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
boolean	isAllowedCredentials() If true, adds 'Access-Control-Allow-Credentials' header.
boolean	isAllowingAllRequestedHeaders() If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header.
boolean	isSkippingResourceForCorsOptions() If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with the default methods.
void	setAllowedCredentials(boolean allowedCredentials) If true, adds 'Access-Control-Allow-Credentials' header.
void	setAllowedHeaders(Set<String> allowedHeaders) Sets the value of the 'Access-Control-Allow-Headers' response header.
void	setAllowedOrigins(Set<String> allowedOrigins) Sets the value of 'Access-Control-Allow-Origin' header.
void	setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders) If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
void	setDefaultAllowedMethods(Set<Method> defaultAllowedMethods) Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
void	setExposedHeaders(Set<String> exposedHeaders) Sets the value of 'Access-Control-Expose-Headers' response header.
void	setMaxAge(int maxAge) Sets the value of 'Access-Control-Max-Age' response header. In case of negative value, the header is not set.
void	setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions) Sets the value of skipResourceForCorsOptions field.

Methods inherited from class org.restlet.service.Service

createOutboundFilter, getContext, isEnabled, isStarted, isStopped, setContext, setEnabled, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CorsService

public CorsService()

Constructor.

CorsService

public CorsService(boolean enabled)

Constructor.

Parameters:

enabled - True if the service has been enabled.

Method Detail

createInboundFilter

public Filter createInboundFilter(Context context)

Description copied from class: Service

Create the filter that should be invoked for incoming calls.

Overrides:

createInboundFilter in class Service

Parameters:

context - The current context.

Returns:

The new filter or null.

getAllowedHeaders

public Set<String> getAllowedHeaders()

Returns the modifiable set of headers allowed by the actual request on the current resource.
Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.

Returns:

The set of headers allowed by the actual request on the current resource.

getAllowedOrigins

public Set<String> getAllowedOrigins()

Returns the URI an origin server allows for the requested resource. Use "*" as a wildcard character.
Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Origin" header.

Returns:

The origin allowed by the requested resource.

getDefaultAllowedMethods

public Set<Method> getDefaultAllowedMethods()

Returns the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

Returns:

The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

getExposedHeaders

public Set<String> getExposedHeaders()

Returns a modifiable whitelist of headers an origin server allows for the requested resource.
Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.

Returns:

The set of headers an origin server allows for the requested resource.

getMaxAge

public int getMaxAge()

Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
In case of a negative value, the results of a preflight request is not meant to be cached.
Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.

Returns:

Indicates how long the results of a preflight request can be cached in a preflight result cache.

isAllowedCredentials

public boolean isAllowedCredentials()

If true, adds 'Access-Control-Allow-Credentials' header.

Returns:

True, if the 'Access-Control-Allow-Credentials' header will be added.

isAllowingAllRequestedHeaders

public boolean isAllowingAllRequestedHeaders()

If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

Returns:

True to copy the value

isSkippingResourceForCorsOptions

public boolean isSkippingResourceForCorsOptions()

If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with the default methods. Default is false.

Returns:

True if the filter does not call the server resource for OPTIONS method of CORS request.

setAllowedCredentials

public void setAllowedCredentials(boolean allowedCredentials)

If true, adds 'Access-Control-Allow-Credentials' header.

Parameters:

allowedCredentials - True to add the 'Access-Control-Allow-Credentials' header.

setAllowedHeaders

public void setAllowedHeaders(Set<String> allowedHeaders)

Sets the value of the 'Access-Control-Allow-Headers' response header. Used only if allowingAllRequestedHeaders is false.

Parameters:

allowedHeaders - The value of 'Access-Control-Allow-Headers' response header.

setAllowedOrigins

public void setAllowedOrigins(Set<String> allowedOrigins)

Sets the value of 'Access-Control-Allow-Origin' header.

Parameters:

allowedOrigins - The value of 'Access-Control-Allow-Origin' header.

setAllowingAllRequestedHeaders

public void setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)

If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

Parameters:

allowingAllRequestedHeaders - True to copy the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

setDefaultAllowedMethods

public void setDefaultAllowedMethods(Set<Method> defaultAllowedMethods)

Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

Parameters:

defaultAllowedMethods - The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

setExposedHeaders

public void setExposedHeaders(Set<String> exposedHeaders)

Sets the value of 'Access-Control-Expose-Headers' response header.

Parameters:

exposedHeaders - The value of 'Access-Control-Expose-Headers' response header.

setMaxAge

public void setMaxAge(int maxAge)

Sets the value of 'Access-Control-Max-Age' response header.
In case of negative value, the header is not set.

Parameters:

maxAge - The value of 'Access-Control-Max-Age' response header.

setSkippingResourceForCorsOptions

public void setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)

Sets the value of skipResourceForCorsOptions field.

Parameters:

skipResourceForCorsOptions - True if the filter does not call the server resource for OPTIONS method of CORS request.