unmigrated-inline-wiki-markup |
---|
{span:style=font-size:2em;font-weight:bold} JAX-RS: CORS {span} |
...
Table of Contents |
---|
Introduction
CXF 2.5.1
...
introduces
...
the
...
...
...
for
...
the
...
...
...
...
specification
...
that
...
"defines
...
a
...
mechanism
...
to
...
enable
...
client-side
...
cross-origin
...
requests".
...
This
...
...
...
provides
...
a
...
very
...
good
...
explanation
...
of
...
CORS.
...
Please
...
see
...
the
...
...
for
...
a
...
good
...
introduction
...
to
...
CORS
...
and
...
the
...
way
...
it
...
is
...
supported
...
in
...
CXF
...
JAX-RS.
...
Note
...
that
...
the
...
...
...
uses
...
the
...
JAX-RS
...
selection
...
algorithm
...
to
...
ensure
...
that
...
the
...
JAX-RS
...
resource
...
method
...
capable
...
of
...
handling
...
the
...
request
...
does
...
exist.
...
Maven
...
dependencies
Code Block | ||||
---|---|---|---|---|
| ||||
{code:xml} <dependency> <groupId>org.apache.cxf</groupId> <artifactId>cxf-rt-rs-security-cors</artifactId> <version>2.6.1</version> </dependency> {code} h1. Examples Here is the test code showing how [CrossOriginResourceSharing|http://svn.apache.org/repos/asf/cxf/trunk/rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharing.java] annotations can be applied at the resource and individual method levels. Note that an origin is restricted to |
Examples
Here is the test code showing how CrossOriginResourceSharing annotations can be applied at the resource and individual method levels.
Note that an origin is restricted to "http://area51.mil:31415"
...
by
...
the
...
'allowOrigins'
...
property,
...
which
...
may
...
contain
...
multiple
...
URI
...
values.
...
A
...
boolean
...
'allowAllOrigins'
...
property
...
can
...
be
...
used
...
instead
...
(to
...
simplify
...
the
...
testing
...
or
...
when
...
it
...
is
...
deemed
...
it
...
is
...
secure
...
enough
...
within
...
a
...
given
...
environment
...
to
...
allow
...
for
...
all
...
the
...
origins).
Code Block | ||||
---|---|---|---|---|
| ||||
{code:java} @CrossOriginResourceSharing( allowOrigins = { "http://area51.mil:31415" }, allowCredentials = true, maxAge = 1, allowHeaders = { "X-custom-1", "X-custom-2" }, exposeHeaders = { "X-custom-3", "X-custom-4" } ) public class AnnotatedCorsServer { @Context private HttpHeaders headers; @GET @Produces("text/plain") @Path("/simpleGet/{echo}") public String simpleGet(@PathParam("echo") String echo) { return echo; } @POST @Produces("application/json") @Consumes("application/json") @Path("/unannotatedPost") public Response postSomething() { return Response.ok().build(); } @DELETE @Path("/delete") public Response deleteSomething() { return Response.ok().build(); } // This method will do a preflight check itself @OPTIONS @Path("/") @LocalPreflight public Response options() { String origin = headers.getRequestHeader("Origin").get(0); if ("http://area51.mil:3333".equals(origin)) { return Response.ok() .header(CorsHeaderConstants.HEADER_AC_ALLOW_METHODS, "DELETE PUT") .header(CorsHeaderConstants.HEADER_AC_ALLOW_CREDENTIALS, "false") .header(CorsHeaderConstants.HEADER_AC_ALLOW_ORIGIN, "http://area51.mil:3333") .build(); } else { return Response.ok().build(); } } @GET @CrossOriginResourceSharing( allowOrigins = { "http://area51.mil:31415" }, allowCredentials = true, exposeHeaders = { "X-custom-3", "X-custom-4" } ) @Produces("text/plain") @Path("/annotatedGet/{echo}") public String annotatedGet(@PathParam("echo") String echo) { return echo; } /** * A method annotated to test preflight. * * @param input * @return */ @PUT @Consumes("text/plain") @Produces("text/plain") @Path("/annotatedPut") public String annotatedPut(String input) { return input; } } {code} |
The
...
server
...
configuration
...
fragment:
Code Block | ||||
---|---|---|---|---|
| ||||
{code:xml} <beans> <bean id="cors-filter" class="org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter"/> <jaxrs:server id="service" address="/rest"> <jaxrs:serviceBeans> <ref bean="cors-server" /> </jaxrs:serviceBeans> <jaxrs:providers> <ref bean="cors-filter" /> </jaxrs:providers> </jaxrs:server> <bean id="cors-server" scope="prototype" class="org.apache.cxf.systest.jaxrs.cors.AnnotatedCorsServer" /> </beans> {code} |