org.spincast.core.filters

Class SpincastFiltersDefault<R extends RequestContext<?>>

java.lang.Object

org.spincast.core.filters.SpincastFiltersDefault<R>

All Implemented Interfaces:

SpincastFilters<R>

public class SpincastFiltersDefault<R extends RequestContext<?>>
extends Object
implements SpincastFilters<R>

Spincast filters implementations.

Field Summary

Fields

Modifier and Type	Field and Description
protected org.slf4j.Logger	logger

Constructor Summary

Constructors

Constructor and Description
SpincastFiltersDefault(CorsFilter corsFilter, SpincastConfig spincastConfig, Server server, SpincastUtils spincastUtils) Constructor

Method Summary

Modifier and Type	Method and Description
void	addDefaultGlobalTemplateVariables(R context) Adds some default variables so they are available to any template rendering (in a request scope).
void	addSecurityHeaders(R context) Adds some recommended security headers.
void	cache(R context)
void	cache(R context, int seconds)
void	cache(R context, int seconds, boolean isPrivate)
void	cache(R context, int seconds, boolean isPrivate, Integer cdnSeconds)
void	cors(R context) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods) Cross-Origin Resource Sharing (Cors) handling.
void	cors(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Cross-Origin Resource Sharing (Cors) handling.
protected CorsFilterClient	createCorsFilterClient(R context, Set<String> allowedOrigins, Set<String> extraHeadersAllowedToBeRead, Set<String> extraHeadersAllowedToBeSent, boolean allowCookies, Set<HttpMethod> allowedMethods, int maxAgeInSeconds) Creates a client for the cors filter.
protected Integer	getCacheCdnSecondsByDefault()
protected int	getCacheSecondsByDefault()
protected Set<HttpMethod>	getCorsDefaultAllowedMethods() The HTTP methods allowed by default.
protected Set<String>	getCorsDefaultAllowedOrigins() The origins allowed, by default.
protected Set<String>	getCorsDefaultExtraHeadersAllowedToBeRead() The extra headers allowed to be read, by default,
protected Set<String>	getCorsDefaultExtraHeadersAllowedToBeSent() The extra headers allowed to be sent, by default,
protected boolean	getCorsDefaultIsCookiesAllowed() Are cookies allowed by default?
protected int	getCorsDefaultMaxAgeInSeconds() If <= 0, the "Access-Control-Max-Age" header won't be sent.
protected CorsFilter	getCorsFilter()
protected Server	getServer()
protected SpincastConfig	getSpincastConfig()
protected SpincastUtils	getSpincastUtils()
protected boolean	isCachePrivateByDefault()
boolean	saveGeneratedResource(R context, String pathForGeneratedResource) Used by Spincast to save a "dynamic resource" once it is generated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

Constructor Detail

SpincastFiltersDefault

@Inject
public SpincastFiltersDefault(CorsFilter corsFilter,
                                       SpincastConfig spincastConfig,
                                       Server server,
                                       SpincastUtils spincastUtils)

Constructor

Method Detail

getCorsFilter

protected CorsFilter getCorsFilter()

getSpincastConfig

protected SpincastConfig getSpincastConfig()

getServer

protected Server getServer()

getSpincastUtils

protected SpincastUtils getSpincastUtils()

saveGeneratedResource

public boolean saveGeneratedResource(R context,
                                     String pathForGeneratedResource)

Description copied from interface: SpincastFilters

Used by Spincast to save a "dynamic resource" once it is generated.

Specified by:

saveGeneratedResource in interface SpincastFilters<R extends RequestContext<?>>

Returns:

true if the resource was succesfully saved on disk.

addSecurityHeaders

public void addSecurityHeaders(R context)

Description copied from interface: SpincastFilters

Adds some recommended security headers.

Specified by:

addSecurityHeaders in interface SpincastFilters<R extends RequestContext<?>>

See Also:

https://www.owasp.org/index.php/List_of_useful_HTTP_headers

cors

public void cors(R context)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all origins, allows cookies, allows all HTTP methods, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything AND to add extra headers to be read, use :

cors(context, Sets.newHashSet("*"), Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

cors

public void cors(R context,
                 Set<String> allowedOrigins)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows allows cookies, allows all HTTP methods for the specified origins, all headers will be allowed to be sent by the browser, but no extra headers will be available to be read by the browser.

By default, only those headers are available to be read :

• Cache-Control
• Content-Language
• Content-Type
• Expires
• Last-Modified
• Pragma

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

If you want to allow everything for those origins AND to add extra headers to be read, use : cors(context, allowedOrigins, Sets.newHashSet("extra-header-to-read1", "extra-header-to-read2"));

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows cookies, allows all HTTP methods and all headers will be allowed to be sent by the browser, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all cookies and all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

This overload allows all HTTP methods, for the specified origins.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins will be allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are exposed : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request.

allowCookies - Should cookies be allowed?

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies,
                 Set<HttpMethod> allowedMethods)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

Send a Max-Age of 24h. The Max-Age is the maximum number of seconds a preflight response can be cached without querying again.

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

cors

public void cors(R context,
                 Set<String> allowedOrigins,
                 Set<String> extraHeadersAllowedToBeRead,
                 Set<String> extraHeadersAllowedToBeSent,
                 boolean allowCookies,
                 Set<HttpMethod> allowedMethods,
                 int maxAgeInSeconds)

Description copied from interface: SpincastFilters

Cross-Origin Resource Sharing (Cors) handling.

Specified by:

cors in interface SpincastFilters<R extends RequestContext<?>>

allowedOrigins - The origins to allow ("http://api.bob.com" for example). If one of the origins is "*", then all origins are allowed!

extraHeadersAllowedToBeRead - The extra headers the browser will have permission to read from the response. By default, only those headers are available : Cache-Control Content-Language Content-Type Expires Last-Modified Pragma

extraHeadersAllowedToBeSent - The extra headers the browser will be allowed to send with the actual (post preflight) request. If one of the headers is "*", then all headers are allowed to be sent!

allowCookies - Should cookies be allowed?

allowedMethods - The HTTP method allowed. "OPTIONS" will be addded if not specified, as it should always be allowed.

maxAgeInSeconds - The maximum number of seconds a preflight response can be cached without querying again. If <= 0, the "Access-Control-Max-Age" header won't be sent.

createCorsFilterClient

protected CorsFilterClient createCorsFilterClient(R context,
                                                  Set<String> allowedOrigins,
                                                  Set<String> extraHeadersAllowedToBeRead,
                                                  Set<String> extraHeadersAllowedToBeSent,
                                                  boolean allowCookies,
                                                  Set<HttpMethod> allowedMethods,
                                                  int maxAgeInSeconds)

Creates a client for the cors filter.

getCorsDefaultMaxAgeInSeconds

protected int getCorsDefaultMaxAgeInSeconds()

If <= 0, the "Access-Control-Max-Age" header won't be sent.

getCorsDefaultAllowedOrigins

protected Set<String> getCorsDefaultAllowedOrigins()

The origins allowed, by default.

getCorsDefaultExtraHeadersAllowedToBeRead

protected Set<String> getCorsDefaultExtraHeadersAllowedToBeRead()

The extra headers allowed to be read, by default,

getCorsDefaultExtraHeadersAllowedToBeSent

protected Set<String> getCorsDefaultExtraHeadersAllowedToBeSent()

The extra headers allowed to be sent, by default,

getCorsDefaultIsCookiesAllowed

protected boolean getCorsDefaultIsCookiesAllowed()

Are cookies allowed by default?

getCorsDefaultAllowedMethods

protected Set<HttpMethod> getCorsDefaultAllowedMethods()

The HTTP methods allowed by default.

cache

public void cache(R context)

Specified by:

cache in interface SpincastFilters<R extends RequestContext<?>>

cache

public void cache(R context,
                  int seconds)

Specified by:

cache in interface SpincastFilters<R extends RequestContext<?>>

cache

public void cache(R context,
                  int seconds,
                  boolean isPrivate)

Specified by:

cache in interface SpincastFilters<R extends RequestContext<?>>

cache

public void cache(R context,
                  int seconds,
                  boolean isPrivate,
                  Integer cdnSeconds)

Specified by:

cache in interface SpincastFilters<R extends RequestContext<?>>

getCacheSecondsByDefault

protected int getCacheSecondsByDefault()

isCachePrivateByDefault

protected boolean isCachePrivateByDefault()

getCacheCdnSecondsByDefault

protected Integer getCacheCdnSecondsByDefault()

addDefaultGlobalTemplateVariables

public void addDefaultGlobalTemplateVariables(R context)

Description copied from interface: SpincastFilters

Adds some default variables so they are available to any template rendering (in a request scope).

Specified by:

addDefaultGlobalTemplateVariables in interface SpincastFilters<R extends RequestContext<?>>