org.springframework.boot.actuate.autoconfigure.endpoint.web.CorsEndpointProperties Maven / Gradle / Ivy
/*
* Copyright 2012-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.boot.actuate.autoconfigure.endpoint.web;
import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.List;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.boot.convert.DurationUnit;
import org.springframework.util.CollectionUtils;
import org.springframework.web.cors.CorsConfiguration;
/**
* Configuration properties for web endpoints' CORS support.
*
* @author Andy Wilkinson
* @since 2.0.0
*/
@ConfigurationProperties(prefix = "management.endpoints.web.cors")
public class CorsEndpointProperties {
/**
* Comma-separated list of origins to allow. '*' allows all origins. When credentials
* are allowed, '*' cannot be used and origin patterns should be configured instead.
* When no allowed origins or allowed origin patterns are set, CORS support is
* disabled.
*/
private List allowedOrigins = new ArrayList<>();
/**
* Comma-separated list of origin patterns to allow. Unlike allowed origins which only
* supports '*', origin patterns are more flexible (for example
* 'https://*.example.com') and can be used when credentials are allowed. When no
* allowed origin patterns or allowed origins are set, CORS support is disabled.
*/
private List allowedOriginPatterns = new ArrayList<>();
/**
* Comma-separated list of methods to allow. '*' allows all methods. When not set,
* defaults to GET.
*/
private List allowedMethods = new ArrayList<>();
/**
* Comma-separated list of headers to allow in a request. '*' allows all headers.
*/
private List allowedHeaders = new ArrayList<>();
/**
* Comma-separated list of headers to include in a response.
*/
private List exposedHeaders = new ArrayList<>();
/**
* Whether credentials are supported. When not set, credentials are not supported.
*/
private Boolean allowCredentials;
/**
* How long the response from a pre-flight request can be cached by clients. If a
* duration suffix is not specified, seconds will be used.
*/
@DurationUnit(ChronoUnit.SECONDS)
private Duration maxAge = Duration.ofSeconds(1800);
public List getAllowedOrigins() {
return this.allowedOrigins;
}
public void setAllowedOrigins(List allowedOrigins) {
this.allowedOrigins = allowedOrigins;
}
public List getAllowedOriginPatterns() {
return this.allowedOriginPatterns;
}
public void setAllowedOriginPatterns(List allowedOriginPatterns) {
this.allowedOriginPatterns = allowedOriginPatterns;
}
public List getAllowedMethods() {
return this.allowedMethods;
}
public void setAllowedMethods(List allowedMethods) {
this.allowedMethods = allowedMethods;
}
public List getAllowedHeaders() {
return this.allowedHeaders;
}
public void setAllowedHeaders(List allowedHeaders) {
this.allowedHeaders = allowedHeaders;
}
public List getExposedHeaders() {
return this.exposedHeaders;
}
public void setExposedHeaders(List exposedHeaders) {
this.exposedHeaders = exposedHeaders;
}
public Boolean getAllowCredentials() {
return this.allowCredentials;
}
public void setAllowCredentials(Boolean allowCredentials) {
this.allowCredentials = allowCredentials;
}
public Duration getMaxAge() {
return this.maxAge;
}
public void setMaxAge(Duration maxAge) {
this.maxAge = maxAge;
}
public CorsConfiguration toCorsConfiguration() {
if (CollectionUtils.isEmpty(this.allowedOrigins) && CollectionUtils.isEmpty(this.allowedOriginPatterns)) {
return null;
}
PropertyMapper map = PropertyMapper.get();
CorsConfiguration configuration = new CorsConfiguration();
map.from(this::getAllowedOrigins).to(configuration::setAllowedOrigins);
map.from(this::getAllowedOriginPatterns).to(configuration::setAllowedOriginPatterns);
map.from(this::getAllowedHeaders).whenNot(CollectionUtils::isEmpty).to(configuration::setAllowedHeaders);
map.from(this::getAllowedMethods).whenNot(CollectionUtils::isEmpty).to(configuration::setAllowedMethods);
map.from(this::getExposedHeaders).whenNot(CollectionUtils::isEmpty).to(configuration::setExposedHeaders);
map.from(this::getMaxAge).whenNonNull().as(Duration::getSeconds).to(configuration::setMaxAge);
map.from(this::getAllowCredentials).whenNonNull().to(configuration::setAllowCredentials);
return configuration;
}
}