org.spincast.core.filters

Class SpincastFilters<R extends IRequestContext<?>>

java.lang.Object

org.spincast.core.filters.SpincastFilters<R>

All Implemented Interfaces:

ISpincastFilters<R>

public class SpincastFilters<R extends IRequestContext<?>>
extends Object
implements ISpincastFilters<R>

Spincast filters implementations.

Field Summary

Fields

Modifier and Type	Field and Description
protected org.slf4j.Logger	logger

Constructor Summary

Constructors

Constructor and Description
SpincastFilters(ICorsFilter corsFilter) Constructor

Method Summary

Modifier and Type	Method and Description
void	addSecurityHeaders(R context) Adds some recommended security headers.
void	cors(R context) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Cross-Origin Resource Sharing (Cors) handling.
protected ICorsFilterClient	createCorsFilterClient(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Creates a client for the cors filter.
protected Set<HttpMethod>	getCorsDefaultAllowedMethods() The HTTP methods allowed by default.
protected Set<String>	getCorsDefaultAllowedOrigins() The origins allowed, by default.
protected Set<String>	getCorsDefaultExtraHeadersAllowedToBeRead() The extra headers allowed to be read, by default,
protected Set<String>	getCorsDefaultExtraHeadersAllowedToBeSent() The extra headers allowed to be sent, by default,
protected boolean	getCorsDefaultIsCookiesAllowed() Are cookies allowed by default?
protected int	getCorsDefaultMaxAgeInSeconds() If <= 0, the "Access-Control-Max-Age" header won't be sent.
protected ICorsFilter	getCorsFilter()
void	saveGeneratedResource(R context, String pathForGeneratedResource) Used by Spincast to save a "dynamic resource" once it is generated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

Constructor Detail

SpincastFilters

@Inject
public SpincastFilters(ICorsFilter corsFilter)

Constructor

Method Detail

getCorsFilter

protected ICorsFilter getCorsFilter()

saveGeneratedResource

public void saveGeneratedResource(R context,
                                  String pathForGeneratedResource)

Description copied from interface: ISpincastFilters

Used by Spincast to save a "dynamic resource" once it is generated.

Specified by:

saveGeneratedResource in interface ISpincastFilters<R extends IRequestContext<?>>

addSecurityHeaders

public void addSecurityHeaders(R context)

Description copied from interface: ISpincastFilters

Adds some recommended security headers.

Specified by:

addSecurityHeaders in interface ISpincastFilters<R extends IRequestContext<?>>

See Also:

https://www.owasp.org/index.php/List_of_useful_HTTP_headers

cors

public void cors(R context)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all origins, allows cookies, allows all HTTP methods, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything AND to add extra headers to be read, use :

cors(context, Sets.newHashSet("*"), Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

cors

public void cors(R context,
                 Set<String> allowedOrigins)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows allows cookies, allows all HTTP methods for the specified origins, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything for those origins AND to add extra headers to be read, use : cors(context, allowedOrigins, Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows cookies, allows all HTTP methods and all headers will be allowed to be sent by the browser, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all cookies and all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

allowCookies - Should cookies be allowed?

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies,
                 Set<HttpMethod> allowedMethods)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies,
                 Set<HttpMethod> allowedMethods,
                 int maxAgeInSeconds)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

maxAgeInSeconds - The maximum number of seconds a preflight response can be cached without querying again. If <= 0, the "Access-Control-Max-Age" header won't be sent.

createCorsFilterClient

protected ICorsFilterClient createCorsFilterClient(R context,
                                                   Set<String> allowedOrigins,
                                                   Set<String> extraHeadersAllowedToBeRead,
                                                   Set<String> extraHeadersAllowedToBeSent,
                                                   boolean allowCookies,
                                                   Set<HttpMethod> allowedMethods,
                                                   int maxAgeInSeconds)

Creates a client for the cors filter.

getCorsDefaultMaxAgeInSeconds

protected int getCorsDefaultMaxAgeInSeconds()

If <= 0, the "Access-Control-Max-Age" header won't be sent.

getCorsDefaultAllowedOrigins

protected Set<String> getCorsDefaultAllowedOrigins()

The origins allowed, by default.

getCorsDefaultExtraHeadersAllowedToBeRead

protected Set<String> getCorsDefaultExtraHeadersAllowedToBeRead()

The extra headers allowed to be read, by default,

getCorsDefaultExtraHeadersAllowedToBeSent

protected Set<String> getCorsDefaultExtraHeadersAllowedToBeSent()

The extra headers allowed to be sent, by default,

getCorsDefaultIsCookiesAllowed

protected boolean getCorsDefaultIsCookiesAllowed()

Are cookies allowed by default?

getCorsDefaultAllowedMethods

protected Set<HttpMethod> getCorsDefaultAllowedMethods()

The HTTP methods allowed by default.