Module io.inverno.mod.security.http
Class CORSInterceptor<A extends ExchangeContext,B extends Exchange<A>>
java.lang.Object
io.inverno.mod.security.http.cors.CORSInterceptor<A,B>
- Type Parameters:
A
- the type of the exchange contextB
- the type of exchange handled by the handler
- All Implemented Interfaces:
ExchangeInterceptor<A,
B>
public class CORSInterceptor<A extends ExchangeContext,B extends Exchange<A>>
extends Object
implements ExchangeInterceptor<A,B>
A security interceptor that implements Cross-origin resource sharing (CORS) as defined by HTTP CORS protocol.
- Since:
- 1.5
- Author:
- Jeremy Kuhn
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
A CORS interceptor builder.protected static class
Represents an origin composed of a scheme, a host and a port. -
Field Summary
Modifier and TypeFieldDescriptionprotected final boolean
Flag indicating whether credentials must be allowed.protected final String
The allowed headers.protected final String
The allowed methods.protected final Set
<CORSInterceptor.Origin> The set of allowed origins.The set of allowed origins patterns.protected final boolean
Flag indicating whether private netword must be allowed.protected final String
The exposed headers.protected final boolean
Flag indicating whether the interceptor is a static interceptor (allow one static origin).protected final boolean
Flag indicating whether the interceptor is a wildcard interceptor (allow all origins).protected final Integer
The max age in seconds for CORS information cache. -
Constructor Summary
ModifierConstructorDescriptionprotected
CORSInterceptor
(Set<CORSInterceptor.Origin> allowedOrigins, Set<Pattern> allowedOriginsPattern, boolean allowCredentials, Set<String> allowedHeaders, Set<Method> allowedMethods, Set<String> exposedHeaders, Integer maxAge, boolean allowPrivateNetwork) Creates a CORS interceptor. -
Method Summary
Modifier and TypeMethodDescriptionstatic CORSInterceptor.Builder
Returns a CORS interceptor builder for the specified allowed origins.protected void
checkOrigin
(CORSInterceptor.Origin origin) Determines whether the origin is a valid origin.Intercepts the exchange before the exchange handler is invoked.protected boolean
isSameOrigin
(B exchange, CORSInterceptor.Origin origin) Determines whether the request was issued from the same origin.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface io.inverno.mod.http.server.ExchangeInterceptor
andThen, compose
-
Field Details
-
allowedOrigins
The set of allowed origins. -
allowedOriginsPattern
The set of allowed origins patterns. -
allowCredentials
protected final boolean allowCredentialsFlag indicating whether credentials must be allowed. -
allowedHeaders
The allowed headers. -
allowedMethods
The allowed methods. -
exposedHeaders
The exposed headers. -
maxAge
The max age in seconds for CORS information cache. -
allowPrivateNetwork
protected final boolean allowPrivateNetworkFlag indicating whether private netword must be allowed. -
isWildcard
protected final boolean isWildcardFlag indicating whether the interceptor is a wildcard interceptor (allow all origins). -
isStatic
protected final boolean isStaticFlag indicating whether the interceptor is a static interceptor (allow one static origin).
-
-
Constructor Details
-
CORSInterceptor
protected CORSInterceptor(Set<CORSInterceptor.Origin> allowedOrigins, Set<Pattern> allowedOriginsPattern, boolean allowCredentials, Set<String> allowedHeaders, Set<Method> allowedMethods, Set<String> exposedHeaders, Integer maxAge, boolean allowPrivateNetwork) Creates a CORS interceptor.
- Parameters:
allowedOrigins
- the set of allowed originsallowedOriginsPattern
- the set of allowed origins patternsallowCredentials
- true to allow credentials, false otherwiseallowedHeaders
- the set of allowed headersallowedMethods
- the set of allowed methodsexposedHeaders
- the set of exposed headersmaxAge
- the max ageallowPrivateNetwork
- true to allow private network, false otherwise
-
-
Method Details
-
builder
Returns a CORS interceptor builder for the specified allowed origins.
- Parameters:
allowedOrigins
- a list of static allowed origins- Returns:
- a new CORS interceptor builder
-
intercept
Description copied from interface:ExchangeInterceptor
Intercepts the exchange before the exchange handler is invoked.
- Specified by:
intercept
in interfaceExchangeInterceptor<A extends ExchangeContext,
B extends Exchange<A>> - Parameters:
exchange
- the server exchange to handle- Returns:
- a Mono emitting the exchange or an instrumented exchange to continue the exchange handling chain or an empty Mono to stop the exchange handling chain
-
isSameOrigin
Determines whether the request was issued from the same origin.
- Parameters:
exchange
- the exchangeorigin
- the target origin- Returns:
- true if the origin is the same, false otherwise or if it could not be determined
-
checkOrigin
protected void checkOrigin(CORSInterceptor.Origin origin) throws BadRequestException, ForbiddenException Determines whether the origin is a valid origin.
- Parameters:
origin
- the origin to check- Throws:
ForbiddenException
- if the origin is not authorizedBadRequestException
-