org.apache.cxf.rs.security.cors.CrossOriginResourceSharing Maven / Gradle / Ivy
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.cxf.rs.security.cors;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
/**
* Attach CORS information
* to a resource. This annotation is read by {@link CrossOriginResourceSharingFilter}.
* If this annotation is present on a method, or
* on the method's class (or its superclasses), then it completely
* overrides any parameters set in {@link CrossOriginResourceSharingFilter}.
* If a particular parameter of this annotation is not specified, then the
* default value is used, not the parameters of the filter.
*
* Note that the CORS specification censors the headers on a
* preflight OPTIONS request. As a result, the filter cannot determine
* exactly which method corresponds to the request, and so uses only
* class-level annotations to set policies.
*/
@Target({ElementType.TYPE, ElementType.METHOD })
@Retention(RetentionPolicy.RUNTIME)
@Inherited
public @interface CrossOriginResourceSharing {
/**
* If true, this resource will return
* Access-Control-Allow-Origin: *
* for a valid request
*/
boolean allowAllOrigins() default false;
/**
* A list of permitted origins. It is ignored if
* {@link #allowAllOrigins()} returns true
*/
String[] allowOrigins() default { };
/**
* A list of headers that the client may include
* in an actual request. All the headers listed in
* the Access-Control-Request-Headers will be allowed if
* the list is empty
*/
String[] allowHeaders() default { };
/**
* If true, this resource will return
* Access-Control-Allow-Credentials: true
*/
boolean allowCredentials() default false;
/**
* A list of headers to return in
* Access-Control-Expose-Headers.
*/
String[] exposeHeaders() default { };
/**
* The value to return in Access-Control-Max-Age.
* If this is negative, then no header is returned. The default
* value is -1.
*/
int maxAge() default -1;
}