org.spincast.core.filters

Class SpincastFilters<R extends IRequestContext<?>>

java.lang.Object

org.spincast.core.filters.SpincastFilters<R>

All Implemented Interfaces:

ISpincastFilters<R>

public class SpincastFilters<R extends IRequestContext<?>>
extends Object
implements ISpincastFilters<R>

Spincast filters implementations.

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_CACHE_BUSTER
static String	DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_LANG_ABREV
static String	DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_SPINCAST_CURRENT_VERSION
static String	DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_SPINCAST_CURRENT_VERSION_IS_SNAPSHOT
protected org.slf4j.Logger	logger

Constructor Summary

Constructors

Constructor and Description
SpincastFilters(ICorsFilter corsFilter, ISpincastConfig spincastConfig, IServer server, ISpincastUtils spincastUtils) Constructor

Method Summary

Modifier and Type	Method and Description
void	addDefaultGlobalTemplateVariables(R context) Adds some default variables so they are available by default to the templating engine (in a request scope).
void	addSecurityHeaders(R context) Adds some recommended security headers.
void	cache(R context)
void	cache(R context, int seconds)
void	cache(R context, int seconds, boolean isPrivate)
void	cache(R context, int seconds, boolean isPrivate, Integer cdnSeconds)
void	cors(R context) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Cross-Origin Resource Sharing (Cors) handling.
protected ICorsFilterClient	createCorsFilterClient(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Creates a client for the cors filter.
protected Integer	getCacheCdnSecondsByDefault()
protected int	getCacheSecondsByDefault()
protected Set<HttpMethod>	getCorsDefaultAllowedMethods() The HTTP methods allowed by default.
protected Set<String>	getCorsDefaultAllowedOrigins() The origins allowed, by default.
protected Set<String>	getCorsDefaultExtraHeadersAllowedToBeRead() The extra headers allowed to be read, by default,
protected Set<String>	getCorsDefaultExtraHeadersAllowedToBeSent() The extra headers allowed to be sent, by default,
protected boolean	getCorsDefaultIsCookiesAllowed() Are cookies allowed by default?
protected int	getCorsDefaultMaxAgeInSeconds() If <= 0, the "Access-Control-Max-Age" header won't be sent.
protected ICorsFilter	getCorsFilter()
protected IServer	getServer()
protected ISpincastConfig	getSpincastConfig()
protected ISpincastUtils	getSpincastUtils()
protected boolean	isCachePrivateByDefault()
boolean	saveGeneratedResource(R context, String pathForGeneratedResource) Used by Spincast to save a "dynamic resource" once it is generated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_LANG_ABREV

public static final String DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_LANG_ABREV

See Also:

Constant Field Values

DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_SPINCAST_CURRENT_VERSION

public static final String DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_SPINCAST_CURRENT_VERSION

See Also:

Constant Field Values

DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_SPINCAST_CURRENT_VERSION_IS_SNAPSHOT

public static final String DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_SPINCAST_CURRENT_VERSION_IS_SNAPSHOT

See Also:

Constant Field Values

DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_CACHE_BUSTER

public static final String DEFAULT_GLOBAL_TEMPLATING_VAR_KEY_CACHE_BUSTER

See Also:

Constant Field Values

Constructor Detail

SpincastFilters

@Inject
public SpincastFilters(ICorsFilter corsFilter,
                                ISpincastConfig spincastConfig,
                                IServer server,
                                ISpincastUtils spincastUtils)

Constructor

Method Detail

getCorsFilter

protected ICorsFilter getCorsFilter()

getSpincastConfig

protected ISpincastConfig getSpincastConfig()

getServer

protected IServer getServer()

getSpincastUtils

protected ISpincastUtils getSpincastUtils()

saveGeneratedResource

public boolean saveGeneratedResource(R context,
                                     String pathForGeneratedResource)

Description copied from interface: ISpincastFilters

Used by Spincast to save a "dynamic resource" once it is generated.

Specified by:

saveGeneratedResource in interface ISpincastFilters<R extends IRequestContext<?>>

Returns:

true if the resource was succesfully saved on disk.

addSecurityHeaders

public void addSecurityHeaders(R context)

Description copied from interface: ISpincastFilters

Adds some recommended security headers.

Specified by:

addSecurityHeaders in interface ISpincastFilters<R extends IRequestContext<?>>

See Also:

https://www.owasp.org/index.php/List_of_useful_HTTP_headers

cors

public void cors(R context)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all origins, allows cookies, allows all HTTP methods, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything AND to add extra headers to be read, use :

cors(context, Sets.newHashSet("*"), Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

cors

public void cors(R context,
                 Set<String> allowedOrigins)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows allows cookies, allows all HTTP methods for the specified origins, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything for those origins AND to add extra headers to be read, use : cors(context, allowedOrigins, Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows cookies, allows all HTTP methods and all headers will be allowed to be sent by the browser, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all cookies and all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

allowCookies - Should cookies be allowed?

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies,
                 Set<HttpMethod> allowedMethods)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies,
                 Set<HttpMethod> allowedMethods,
                 int maxAgeInSeconds)

Description copied from interface: ISpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

Specified by:

cors in interface ISpincastFilters<R extends IRequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

maxAgeInSeconds - The maximum number of seconds a preflight response can be cached without querying again. If <= 0, the "Access-Control-Max-Age" header won't be sent.

createCorsFilterClient

protected ICorsFilterClient createCorsFilterClient(R context,
                                                   Set<String> allowedOrigins,
                                                   Set<String> extraHeadersAllowedToBeRead,
                                                   Set<String> extraHeadersAllowedToBeSent,
                                                   boolean allowCookies,
                                                   Set<HttpMethod> allowedMethods,
                                                   int maxAgeInSeconds)

Creates a client for the cors filter.

getCorsDefaultMaxAgeInSeconds

protected int getCorsDefaultMaxAgeInSeconds()

If <= 0, the "Access-Control-Max-Age" header won't be sent.

getCorsDefaultAllowedOrigins

protected Set<String> getCorsDefaultAllowedOrigins()

The origins allowed, by default.

getCorsDefaultExtraHeadersAllowedToBeRead

protected Set<String> getCorsDefaultExtraHeadersAllowedToBeRead()

The extra headers allowed to be read, by default,

getCorsDefaultExtraHeadersAllowedToBeSent

protected Set<String> getCorsDefaultExtraHeadersAllowedToBeSent()

The extra headers allowed to be sent, by default,

getCorsDefaultIsCookiesAllowed

protected boolean getCorsDefaultIsCookiesAllowed()

Are cookies allowed by default?

getCorsDefaultAllowedMethods

protected Set<HttpMethod> getCorsDefaultAllowedMethods()

The HTTP methods allowed by default.

cache

public void cache(R context)

Specified by:

cache in interface ISpincastFilters<R extends IRequestContext<?>>

cache

public void cache(R context,
                  int seconds)

Specified by:

cache in interface ISpincastFilters<R extends IRequestContext<?>>

cache

public void cache(R context,
                  int seconds,
                  boolean isPrivate)

Specified by:

cache in interface ISpincastFilters<R extends IRequestContext<?>>

cache

public void cache(R context,
                  int seconds,
                  boolean isPrivate,
                  Integer cdnSeconds)

Specified by:

cache in interface ISpincastFilters<R extends IRequestContext<?>>

getCacheSecondsByDefault

protected int getCacheSecondsByDefault()

isCachePrivateByDefault

protected boolean isCachePrivateByDefault()

getCacheCdnSecondsByDefault

protected Integer getCacheCdnSecondsByDefault()

addDefaultGlobalTemplateVariables

public void addDefaultGlobalTemplateVariables(R context)

Description copied from interface: ISpincastFilters

Adds some default variables so they are available by default to the templating engine (in a request scope).

Specified by:

addDefaultGlobalTemplateVariables in interface ISpincastFilters<R extends IRequestContext<?>>