Thank you very much for the hint. I have added initial draft to support
handling authenticated CORS requests for GET methods. And it works just fine
(with cxf 2.5.0).
Here is jaxrs input filter :
public class JaxrsCorsInputFilter implements RequestHandler {
final static String HEADER_ORIGIN = "origin";
@Context
private HttpHeaders headers;
@Override
public Response handleRequest(Message m, ClassResourceInfo
resourceClass) {
if ("OPTIONS".equals(m.get(Message.HTTP_REQUEST_METHOD))) {
return Response.status(Status.SERVICE_UNAVAILABLE).build();
}
List<String> values = headers.getRequestHeader(HEADER_ORIGIN);
if (values != null ) {
if (true) {//check here if request came from allowed origin
m.getExchange().put(HEADER_ORIGIN, values);
}
}
return null;
}
}
And here is jaxrs output filter:
public class JaxrsCorsOutputFilter implements ResponseHandler {
private final static String HEADER_AC_ALLOW_ORIGIN =
"Access-Control-Allow-Origin";
private final static String HEADER_AC_ALLOW_CREDENTIALS =
"Access-Control-Allow-Credentials";
private final static String HEADER_AC_EXPOSE_HEADERS =
"Access-Control-Expose-Headers";
@Override
public Response handleResponse(Message m, OperationResourceInfo ori,
Response response) {
Object objOrigin =
m.getExchange().get(JaxrsCorsInputFilter.HEADER_ORIGIN);
if (objOrigin instanceof List<?> ) {
List<String> origin = (List<String>) objOrigin;
Map<String, List<String>> headers = (Map<String,
List<String>>)m.get(Message.PROTOCOL_HEADERS);
if (headers == null) {
headers = new TreeMap<String,
List<String>>(String.CASE_INSENSITIVE_ORDER);
m.put(Message.PROTOCOL_HEADERS, headers);
}
headers.put(HEADER_AC_ALLOW_ORIGIN, origin);
headers.put(HEADER_AC_ALLOW_CREDENTIALS, Arrays.asList(new
String[]{"true"}));
headers.put(HEADER_AC_EXPOSE_HEADERS, Arrays.asList(new
String[]{"GET"}));
}
return response;
}
}
--
View this message in context:
http://cxf.547215.n5.nabble.com/CORS-tp4970153p4985376.html
Sent from the cxf-dev mailing list archive at Nabble.com.
