Re: CORS

[Sergey Beryozkin]

Very good, thanks,

On 11/11/11 19:46, sergkorney wrote:
Thank you very much for the hint. I have added initial draft to support
handling authenticated CORS requests for GET methods. And it works just fine
(with cxf 2.5.0).
Here is jaxrs input filter :
public class JaxrsCorsInputFilter implements RequestHandler {

        final static String HEADER_ORIGIN = "origin";
        
     @Context
     private HttpHeaders headers;
        
        @Override
        public Response handleRequest(Message m, ClassResourceInfo 
resourceClass) {
         if ("OPTIONS".equals(m.get(Message.HTTP_REQUEST_METHOD))) {
             return Response.status(Status.SERVICE_UNAVAILABLE).build();
         }
         List<String>  values = headers.getRequestHeader(HEADER_ORIGIN);
         if (values != null ) {

Can you please prototype some example code here, instead of "if (true) ?

                if (true) {//check here if request came from allowed origin
                 m.getExchange().put(HEADER_ORIGIN, values);
                }
         }

                return null;
        }

}


And here is jaxrs output filter:

public class JaxrsCorsOutputFilter implements ResponseHandler {

        private final static String HEADER_AC_ALLOW_ORIGIN =
"Access-Control-Allow-Origin";
        private final static String HEADER_AC_ALLOW_CREDENTIALS =
"Access-Control-Allow-Credentials";
        private final static String HEADER_AC_EXPOSE_HEADERS =
"Access-Control-Expose-Headers";

        @Override
        public Response handleResponse(Message m, OperationResourceInfo ori,
                        Response response) {
         Object objOrigin =
m.getExchange().get(JaxrsCorsInputFilter.HEADER_ORIGIN);
         if (objOrigin instanceof List<?>  ) {
                List<String>  origin = (List<String>) objOrigin;
                        Map<String, List&lt;String>>  headers = (Map<String,
List&lt;String>>)m.get(Message.PROTOCOL_HEADERS);
            if (headers == null) {
                    headers = new TreeMap<String,
List&lt;String>>(String.CASE_INSENSITIVE_ORDER);
                m.put(Message.PROTOCOL_HEADERS, headers);
                }
            headers.put(HEADER_AC_ALLOW_ORIGIN, origin);
                headers.put(HEADER_AC_ALLOW_CREDENTIALS, Arrays.asList(new
String[]{"true"}));
                headers.put(HEADER_AC_EXPOSE_HEADERS, Arrays.asList(new
String[]{"GET"}));
         }
                return response;
        }

}


I think at this stage I will add a section dedicated to CORS to the wiki 
and copy this code there, this is what we did originally for JSONP 
before moving it to the trunk, I'd just need to prepare myself a bit 
better to in order to understand what can be configured there, etc;

Please replace if(true) with a more specific code and we will proceed 
from there

Cheers, Sergey


--
View this message in context: 
http://cxf.547215.n5.nabble.com/CORS-tp4970153p4985376.html
Sent from the cxf-dev mailing list archive at Nabble.com.