Package org.restlet.service

Class CorsService

java.lang.Object
org.restlet.service.Service
org.restlet.service.CorsService
public class CorsService extends Service
Application service that adds support of CORS. This service lets the target resource specifies the allowed methods. Example: 
 CorsService corsService = new CorsService();
 corsService.setAllowedOrigins(new HashSet(Arrays.asList("http://server.com")));
 corsService.setAllowedCredentials(true);
Author:
Manuel Boillod

  • Constructor Summary

    Constructors
    Constructor
    Description
    CorsService()
    Constructor.
    CorsService(boolean enabled)
    Constructor.

  • Method Summary

    Modifier and Type
    Method
    Description
    Filter
    createInboundFilter(Context context)
    Create the filter that should be invoked for incoming calls.
    Set<String>
    getAllowedHeaders()
    Returns the modifiable set of headers allowed by the actual request on the current resource.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
    Set<String>
    getAllowedOrigins()
    Returns the URI an origin server allows for the requested resource.
    Set<Method>
    getDefaultAllowedMethods()
    Returns the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
    Set<String>
    getExposedHeaders()
    Returns a modifiable whitelist of headers an origin server allows for the requested resource.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
    int
    getMaxAge()
    Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
    In case of a negative value, the results of a preflight request is not meant to be cached.
    Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
    boolean
    isAllowedCredentials()
    If true, adds 'Access-Control-Allow-Credentials' header.
    boolean
    isAllowingAllRequestedHeaders()
    If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header.
    boolean
    isSkippingResourceForCorsOptions()
    If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with the default methods.
    void
    setAllowedCredentials(boolean allowedCredentials)
    If true, adds 'Access-Control-Allow-Credentials' header.
    void
    setAllowedHeaders(Set<String> allowedHeaders)
    Sets the value of the 'Access-Control-Allow-Headers' response header.
    void
    setAllowedOrigins(Set<String> allowedOrigins)
    Sets the value of 'Access-Control-Allow-Origin' header.
    void
    setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)
    If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header.
    void
    setDefaultAllowedMethods(Set<Method> defaultAllowedMethods)
    Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
    void
    setExposedHeaders(Set<String> exposedHeaders)
    Sets the value of 'Access-Control-Expose-Headers' response header.
    void
    setMaxAge(int maxAge)
    Sets the value of 'Access-Control-Max-Age' response header.
    In case of negative value, the header is not set.
    void
    setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)
    Sets the value of skipResourceForCorsOptions field.

    Methods inherited from class org.restlet.service.Service

    createOutboundFilter, getContext, isEnabled, isStarted, isStopped, setContext, setEnabled, start, stop

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • CorsService

      public CorsService()
      Constructor.

    • CorsService

      public CorsService(boolean enabled)
      Constructor.
      Parameters:
      enabled - True if the service has been enabled.

  • Method Details

    • createInboundFilter

      public Filter createInboundFilter(Context context)
      Description copied from class: Service
      Create the filter that should be invoked for incoming calls.
      Overrides:
      createInboundFilter in class Service
      Parameters:
      context - The current context.
      Returns:
      The new filter or null.

    • getAllowedHeaders

      public Set<String> getAllowedHeaders()
      Returns the modifiable set of headers allowed by the actual request on the current resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Headers" header.
      Returns:
      The set of headers allowed by the actual request on the current resource.

    • getAllowedOrigins

      public Set<String> getAllowedOrigins()
      Returns the URI an origin server allows for the requested resource. Use "*" as a wildcard character.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Allow-Origin" header.
      Returns:
      The origin allowed by the requested resource.

    • getDefaultAllowedMethods

      public Set<Method> getDefaultAllowedMethods()
      Returns the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
      Returns:
      The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

    • getExposedHeaders

      public Set<String> getExposedHeaders()
      Returns a modifiable whitelist of headers an origin server allows for the requested resource.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Expose-Headers" header.
      Returns:
      The set of headers an origin server allows for the requested resource.

    • getMaxAge

      public int getMaxAge()
      Indicates how long (in seconds) the results of a preflight request can be cached in a preflight result cache.
      In case of a negative value, the results of a preflight request is not meant to be cached.
      Note that when used with HTTP connectors, this property maps to the "Access-Control-Max-Age" header.
      Returns:
      Indicates how long the results of a preflight request can be cached in a preflight result cache.

    • isAllowedCredentials

      public boolean isAllowedCredentials()
      If true, adds 'Access-Control-Allow-Credentials' header.
      Returns:
      True, if the 'Access-Control-Allow-Credentials' header will be added.

    • isAllowingAllRequestedHeaders

      public boolean isAllowingAllRequestedHeaders()
      If true, indicates that the value of 'Access-Control-Request-Headers' request header will be copied into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
      Returns:
      True to copy the value

    • isSkippingResourceForCorsOptions

      public boolean isSkippingResourceForCorsOptions()
      If true, the filter does not call the server resource for OPTIONS method of CORS request and set Access-Control-Allow-Methods header with the default methods. Default is false.
      Returns:
      True if the filter does not call the server resource for OPTIONS method of CORS request.

    • setAllowedCredentials

      public void setAllowedCredentials(boolean allowedCredentials)
      If true, adds 'Access-Control-Allow-Credentials' header.
      Parameters:
      allowedCredentials - True to add the 'Access-Control-Allow-Credentials' header.

    • setAllowedHeaders

      public void setAllowedHeaders(Set<String> allowedHeaders)
      Sets the value of the 'Access-Control-Allow-Headers' response header. Used only if allowingAllRequestedHeaders is false.
      Parameters:
      allowedHeaders - The value of 'Access-Control-Allow-Headers' response header.

    • setAllowedOrigins

      public void setAllowedOrigins(Set<String> allowedOrigins)
      Sets the value of 'Access-Control-Allow-Origin' header.
      Parameters:
      allowedOrigins - The value of 'Access-Control-Allow-Origin' header.

    • setAllowingAllRequestedHeaders

      public void setAllowingAllRequestedHeaders(boolean allowingAllRequestedHeaders)
      If true, copies the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.
      Parameters:
      allowingAllRequestedHeaders - True to copy the value of 'Access-Control-Request-Headers' request header into the 'Access-Control-Allow-Headers' response header. If false, use allowedHeaders.

    • setDefaultAllowedMethods

      public void setDefaultAllowedMethods(Set<Method> defaultAllowedMethods)
      Sets the list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.
      Parameters:
      defaultAllowedMethods - The list of methods allowed by default, used when skippingResourceForCorsOptions is turned on.

    • setExposedHeaders

      public void setExposedHeaders(Set<String> exposedHeaders)
      Sets the value of 'Access-Control-Expose-Headers' response header.
      Parameters:
      exposedHeaders - The value of 'Access-Control-Expose-Headers' response header.

    • setMaxAge

      public void setMaxAge(int maxAge)
      Sets the value of 'Access-Control-Max-Age' response header.
      In case of negative value, the header is not set.
      Parameters:
      maxAge - The value of 'Access-Control-Max-Age' response header.

    • setSkippingResourceForCorsOptions

      public void setSkippingResourceForCorsOptions(boolean skipResourceForCorsOptions)
      Sets the value of skipResourceForCorsOptions field.
      Parameters:
      skipResourceForCorsOptions - True if the filter does not call the server resource for OPTIONS method of CORS request.