All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jooby.handlers.Cors Maven / Gradle / Ivy

/**
 *                                  Apache License
 *                            Version 2.0, January 2004
 *                         http://www.apache.org/licenses/
 *
 *    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 *
 *    1. Definitions.
 *
 *       "License" shall mean the terms and conditions for use, reproduction,
 *       and distribution as defined by Sections 1 through 9 of this document.
 *
 *       "Licensor" shall mean the copyright owner or entity authorized by
 *       the copyright owner that is granting the License.
 *
 *       "Legal Entity" shall mean the union of the acting entity and all
 *       other entities that control, are controlled by, or are under common
 *       control with that entity. For the purposes of this definition,
 *       "control" means (i) the power, direct or indirect, to cause the
 *       direction or management of such entity, whether by contract or
 *       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 *       outstanding shares, or (iii) beneficial ownership of such entity.
 *
 *       "You" (or "Your") shall mean an individual or Legal Entity
 *       exercising permissions granted by this License.
 *
 *       "Source" form shall mean the preferred form for making modifications,
 *       including but not limited to software source code, documentation
 *       source, and configuration files.
 *
 *       "Object" form shall mean any form resulting from mechanical
 *       transformation or translation of a Source form, including but
 *       not limited to compiled object code, generated documentation,
 *       and conversions to other media types.
 *
 *       "Work" shall mean the work of authorship, whether in Source or
 *       Object form, made available under the License, as indicated by a
 *       copyright notice that is included in or attached to the work
 *       (an example is provided in the Appendix below).
 *
 *       "Derivative Works" shall mean any work, whether in Source or Object
 *       form, that is based on (or derived from) the Work and for which the
 *       editorial revisions, annotations, elaborations, or other modifications
 *       represent, as a whole, an original work of authorship. For the purposes
 *       of this License, Derivative Works shall not include works that remain
 *       separable from, or merely link (or bind by name) to the interfaces of,
 *       the Work and Derivative Works thereof.
 *
 *       "Contribution" shall mean any work of authorship, including
 *       the original version of the Work and any modifications or additions
 *       to that Work or Derivative Works thereof, that is intentionally
 *       submitted to Licensor for inclusion in the Work by the copyright owner
 *       or by an individual or Legal Entity authorized to submit on behalf of
 *       the copyright owner. For the purposes of this definition, "submitted"
 *       means any form of electronic, verbal, or written communication sent
 *       to the Licensor or its representatives, including but not limited to
 *       communication on electronic mailing lists, source code control systems,
 *       and issue tracking systems that are managed by, or on behalf of, the
 *       Licensor for the purpose of discussing and improving the Work, but
 *       excluding communication that is conspicuously marked or otherwise
 *       designated in writing by the copyright owner as "Not a Contribution."
 *
 *       "Contributor" shall mean Licensor and any individual or Legal Entity
 *       on behalf of whom a Contribution has been received by Licensor and
 *       subsequently incorporated within the Work.
 *
 *    2. Grant of Copyright License. Subject to the terms and conditions of
 *       this License, each Contributor hereby grants to You a perpetual,
 *       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 *       copyright license to reproduce, prepare Derivative Works of,
 *       publicly display, publicly perform, sublicense, and distribute the
 *       Work and such Derivative Works in Source or Object form.
 *
 *    3. Grant of Patent License. Subject to the terms and conditions of
 *       this License, each Contributor hereby grants to You a perpetual,
 *       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 *       (except as stated in this section) patent license to make, have made,
 *       use, offer to sell, sell, import, and otherwise transfer the Work,
 *       where such license applies only to those patent claims licensable
 *       by such Contributor that are necessarily infringed by their
 *       Contribution(s) alone or by combination of their Contribution(s)
 *       with the Work to which such Contribution(s) was submitted. If You
 *       institute patent litigation against any entity (including a
 *       cross-claim or counterclaim in a lawsuit) alleging that the Work
 *       or a Contribution incorporated within the Work constitutes direct
 *       or contributory patent infringement, then any patent licenses
 *       granted to You under this License for that Work shall terminate
 *       as of the date such litigation is filed.
 *
 *    4. Redistribution. You may reproduce and distribute copies of the
 *       Work or Derivative Works thereof in any medium, with or without
 *       modifications, and in Source or Object form, provided that You
 *       meet the following conditions:
 *
 *       (a) You must give any other recipients of the Work or
 *           Derivative Works a copy of this License; and
 *
 *       (b) You must cause any modified files to carry prominent notices
 *           stating that You changed the files; and
 *
 *       (c) You must retain, in the Source form of any Derivative Works
 *           that You distribute, all copyright, patent, trademark, and
 *           attribution notices from the Source form of the Work,
 *           excluding those notices that do not pertain to any part of
 *           the Derivative Works; and
 *
 *       (d) If the Work includes a "NOTICE" text file as part of its
 *           distribution, then any Derivative Works that You distribute must
 *           include a readable copy of the attribution notices contained
 *           within such NOTICE file, excluding those notices that do not
 *           pertain to any part of the Derivative Works, in at least one
 *           of the following places: within a NOTICE text file distributed
 *           as part of the Derivative Works; within the Source form or
 *           documentation, if provided along with the Derivative Works; or,
 *           within a display generated by the Derivative Works, if and
 *           wherever such third-party notices normally appear. The contents
 *           of the NOTICE file are for informational purposes only and
 *           do not modify the License. You may add Your own attribution
 *           notices within Derivative Works that You distribute, alongside
 *           or as an addendum to the NOTICE text from the Work, provided
 *           that such additional attribution notices cannot be construed
 *           as modifying the License.
 *
 *       You may add Your own copyright statement to Your modifications and
 *       may provide additional or different license terms and conditions
 *       for use, reproduction, or distribution of Your modifications, or
 *       for any such Derivative Works as a whole, provided Your use,
 *       reproduction, and distribution of the Work otherwise complies with
 *       the conditions stated in this License.
 *
 *    5. Submission of Contributions. Unless You explicitly state otherwise,
 *       any Contribution intentionally submitted for inclusion in the Work
 *       by You to the Licensor shall be under the terms and conditions of
 *       this License, without any additional terms or conditions.
 *       Notwithstanding the above, nothing herein shall supersede or modify
 *       the terms of any separate license agreement you may have executed
 *       with Licensor regarding such Contributions.
 *
 *    6. Trademarks. This License does not grant permission to use the trade
 *       names, trademarks, service marks, or product names of the Licensor,
 *       except as required for reasonable and customary use in describing the
 *       origin of the Work and reproducing the content of the NOTICE file.
 *
 *    7. Disclaimer of Warranty. Unless required by applicable law or
 *       agreed to in writing, Licensor provides the Work (and each
 *       Contributor provides its Contributions) on an "AS IS" BASIS,
 *       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 *       implied, including, without limitation, any warranties or conditions
 *       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
 *       PARTICULAR PURPOSE. You are solely responsible for determining the
 *       appropriateness of using or redistributing the Work and assume any
 *       risks associated with Your exercise of permissions under this License.
 *
 *    8. Limitation of Liability. In no event and under no legal theory,
 *       whether in tort (including negligence), contract, or otherwise,
 *       unless required by applicable law (such as deliberate and grossly
 *       negligent acts) or agreed to in writing, shall any Contributor be
 *       liable to You for damages, including any direct, indirect, special,
 *       incidental, or consequential damages of any character arising as a
 *       result of this License or out of the use or inability to use the
 *       Work (including but not limited to damages for loss of goodwill,
 *       work stoppage, computer failure or malfunction, or any and all
 *       other commercial damages or losses), even if such Contributor
 *       has been advised of the possibility of such damages.
 *
 *    9. Accepting Warranty or Additional Liability. While redistributing
 *       the Work or Derivative Works thereof, You may choose to offer,
 *       and charge a fee for, acceptance of support, warranty, indemnity,
 *       or other liability obligations and/or rights consistent with this
 *       License. However, in accepting such obligations, You may act only
 *       on Your own behalf and on Your sole responsibility, not on behalf
 *       of any other Contributor, and only if You agree to indemnify,
 *       defend, and hold each Contributor harmless for any liability
 *       incurred by, or claims asserted against, such Contributor by reason
 *       of your accepting any such warranty or additional liability.
 *
 *    END OF TERMS AND CONDITIONS
 *
 *    APPENDIX: How to apply the Apache License to your work.
 *
 *       To apply the Apache License to your work, attach the following
 *       boilerplate notice, with the fields enclosed by brackets "{}"
 *       replaced with your own identifying information. (Don't include
 *       the brackets!)  The text should be enclosed in the appropriate
 *       comment syntax for the file format. We also recommend that a
 *       file or class name and description of purpose be included on the
 *       same "printed page" as the copyright notice for easier
 *       identification within third-party archives.
 *
 *    Copyright 2014 Edgar Espina
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */
package org.jooby.handlers;

import static java.util.Objects.requireNonNull;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

import javax.inject.Inject;
import javax.inject.Named;

import com.google.common.collect.ImmutableList;
import com.typesafe.config.Config;

/**
 * 

Cross-origin resource sharing

*

* Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts, * JavaScript, etc.) on a web page to be requested from another domain outside the domain from which * the resource originated. *

* *

* This class represent the available options for configure CORS in Jooby. *

* *

usage

* *
 * {
 *   use("*", new CorsHandler(new Cors()));
 * }
 * 
* *

* Previous example, adds a cors filter using the default cors options. *

* * @author edgar * @since 0.8.0 */ public class Cors { private static class Matcher implements Predicate { private List values; private Predicate predicate; private boolean wild; public Matcher(final List values, final Predicate predicate) { this.values = ImmutableList.copyOf(values); this.predicate = predicate; this.wild = values.contains("*"); } @Override public boolean test(final T value) { return predicate.test(value); } } private boolean enabled; private Matcher origin; private boolean credentials; private Matcher requestMehods; private Matcher> requestHeaders; private int maxAge; private List exposedHeaders; /** * Creates {@link Cors} options from {@link Config}: * *
   *  origin: "*"
   *  credentials: true
   *  allowedMethods: [GET, POST]
   *  allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin]
   *  exposedHeaders: []
   * 
* * @param config Config to use. */ @Inject public Cors(@Named("cors") final Config config) { requireNonNull(config, "Config is required."); this.enabled = config.hasPath("enabled") ? config.getBoolean("enabled") : true; withOrigin(list(config.getAnyRef("origin"))); this.credentials = config.getBoolean("credentials"); withMethods(list(config.getAnyRef("allowedMethods"))); withHeaders(list(config.getAnyRef("allowedHeaders"))); withMaxAge((int) config.getDuration("maxAge", TimeUnit.SECONDS)); withExposedHeaders(config.hasPath("exposedHeaders") ? list(config.getAnyRef("exposedHeaders")) : Collections.emptyList()); } /** * Creates default {@link Cors}. Default options are: * *
   *  origin: "*"
   *  credentials: true
   *  allowedMethods: [GET, POST]
   *  allowedHeaders: [X-Requested-With, Content-Type, Accept, Origin]
   *  exposedHeaders: []
   * 
*/ public Cors() { this.enabled = true; withOrigin("*"); credentials = true; withMethods("GET", "POST"); withHeaders("X-Requested-With", "Content-Type", "Accept", "Origin"); withMaxAge(1800); withExposedHeaders(); } /** * Set {@link #credentials()} to false. * * @return This cors. */ public Cors withoutCreds() { this.credentials = false; return this; } /** * @return True, if cors is enabled. Controlled by: cors.enabled property. Default * is: true. */ public boolean enabled() { return enabled; } /** * Disabled cors (enabled = false). * * @return This cors. */ public Cors disabled() { enabled = false; return this; } /** * If true, set the Access-Control-Allow-Credentials header. Controlled by: * cors.credentials property. Default is: true * * @return If the Access-Control-Allow-Credentials header must be set. */ public boolean credentials() { return this.credentials; } /** * @return True if any origin is accepted. */ public boolean anyOrigin() { return origin.wild; } /** * An origin must be a "*" (any origin), a domain name (like, http://foo.com) and/or a regex * (like, http://*.domain.com). * * @return List of valid origins: Default is: * */ public List origin() { return origin.values; } /** * Test if the given origin is allowed or not. * * @param origin The origin to test. * @return True if the origin is allowed. */ public boolean allowOrigin(final String origin) { return this.origin.test(origin); } /** * Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, * http://foo.com) and/or a regex (like, http://*.domain.com). * * @param origin One ore more origin. * @return This cors. */ public Cors withOrigin(final String... origin) { return withOrigin(Arrays.asList(origin)); } /** * Set the allowed origins. An origin must be a "*" (any origin), a domain name (like, * http://foo.com) and/or a regex (like, http://*.domain.com). * * @param origin One ore more origin. * @return This cors. */ public Cors withOrigin(final List origin) { this.origin = firstMatch(requireNonNull(origin, "Origins are required.")); return this; } /** * True if the method is allowed. * * @param method Method to test. * @return True if the method is allowed. */ public boolean allowMethod(final String method) { return this.requestMehods.test(method); } /** * @return List of allowed methods. */ public List allowedMethods() { return requestMehods.values; } /** * Set one or more allowed methods. * * @param methods One or more method. * @return This cors. */ public Cors withMethods(final String... methods) { return withMethods(Arrays.asList(methods)); } /** * Set one or more allowed methods. * * @param methods One or more method. * @return This cors. */ public Cors withMethods(final List methods) { this.requestMehods = firstMatch(methods); return this; } /** * @return True if any header is allowed: *. */ public boolean anyHeader() { return requestHeaders.wild; } /** * @param header A header to test. * @return True if a header is allowed. */ public boolean allowHeader(final String header) { return allowHeaders(ImmutableList.of(header)); } /** * True if all the headers are allowed. * * @param headers Headers to test. * @return True if all the headers are allowed. */ public boolean allowHeaders(final String... headers) { return allowHeaders(Arrays.asList(headers)); } /** * True if all the headers are allowed. * * @param headers Headers to test. * @return True if all the headers are allowed. */ public boolean allowHeaders(final List headers) { return this.requestHeaders.test(headers); } /** * @return List of allowed headers. Default are: X-Requested-With, * Content-Type, Accept and Origin. */ public List allowedHeaders() { return requestHeaders.values; } /** * Set one or more allowed headers. Possible values are a header name or * if any * header is allowed. * * @param headers Headers to set. * @return This cors. */ public Cors withHeaders(final String... headers) { return withHeaders(Arrays.asList(headers)); } /** * Set one or more allowed headers. Possible values are a header name or * if any * header is allowed. * * @param headers Headers to set. * @return This cors. */ public Cors withHeaders(final List headers) { this.requestHeaders = allMatch(headers); return this; } /** * @return List of exposed headers. */ public List exposedHeaders() { return exposedHeaders; } /** * Set the list of exposed headers. * * @param exposedHeaders Headers to expose. * @return This cors. */ public Cors withExposedHeaders(final String... exposedHeaders) { return withExposedHeaders(Arrays.asList(exposedHeaders)); } /** * Set the list of exposed headers. * * @param exposedHeaders Headers to expose. * @return This cors. */ public Cors withExposedHeaders(final List exposedHeaders) { this.exposedHeaders = requireNonNull(exposedHeaders, "Exposed headers are required."); return this; } /** * @return Preflight max age. How many seconds a client can cache a preflight request. */ public int maxAge() { return maxAge; } /** * Set the preflight max age header. That's how many seconds a client can cache a preflight * request. * * @param preflightMaxAge Number of seconds or -1 to turn this off. * @return This cors. */ public Cors withMaxAge(final int preflightMaxAge) { this.maxAge = preflightMaxAge; return this; } @SuppressWarnings({"unchecked", "rawtypes" }) private List list(final Object value) { return value instanceof List ? (List) value : ImmutableList.of(value.toString()); } private static Matcher> allMatch(final List values) { Predicate predicate = firstMatch(values); Predicate> allmatch = it -> it.stream().allMatch(predicate); return new Matcher>(values, allmatch); } private static Matcher firstMatch(final List values) { List patterns = values.stream() .map(Cors::rewrite) .collect(Collectors.toList()); Predicate predicate = it -> patterns.stream() .filter(pattern -> pattern.matcher(it).matches()) .findFirst() .isPresent(); return new Matcher(values, predicate); } private static Pattern rewrite(final String origin) { return Pattern.compile(origin.replace(".", "\\.").replace("*", ".*"), Pattern.CASE_INSENSITIVE); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy