• Home
• org.springframework.boot
• spring-boot-actuator-autoconfigure
• 2.5.10
• source code
• CorsEndpointProperties.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.springframework.boot.actuate.autoconfigure.endpoint.web.CorsEndpointProperties Maven / Gradle / Ivy

/*
 * Copyright 2012-2021 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.springframework.boot.actuate.autoconfigure.endpoint.web;

import java.time.Duration;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.List;

import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.PropertyMapper;
import org.springframework.boot.convert.DurationUnit;
import org.springframework.util.CollectionUtils;
import org.springframework.web.cors.CorsConfiguration;

/**
 * Configuration properties for web endpoints' CORS support.
 *
 * @author Andy Wilkinson
 * @since 2.0.0
 */
@ConfigurationProperties(prefix = "management.endpoints.web.cors")
public class CorsEndpointProperties {

	/**
	 * Comma-separated list of origins to allow. '*' allows all origins. When credentials
	 * are allowed, '*' cannot be used and origin patterns should be configured instead.
	 * When no allowed origins or allowed origin patterns are set, CORS support is
	 * disabled.
	 */
	private List allowedOrigins = new ArrayList<>();

	/**
	 * Comma-separated list of origin patterns to allow. Unlike allowed origins which only
	 * supports '*', origin patterns are more flexible (for example
	 * 'https://*.example.com') and can be used when credentials are allowed. When no
	 * allowed origin patterns or allowed origins are set, CORS support is disabled.
	 */
	private List allowedOriginPatterns = new ArrayList<>();

	/**
	 * Comma-separated list of methods to allow. '*' allows all methods. When not set,
	 * defaults to GET.
	 */
	private List allowedMethods = new ArrayList<>();

	/**
	 * Comma-separated list of headers to allow in a request. '*' allows all headers.
	 */
	private List allowedHeaders = new ArrayList<>();

	/**
	 * Comma-separated list of headers to include in a response.
	 */
	private List exposedHeaders = new ArrayList<>();

	/**
	 * Whether credentials are supported. When not set, credentials are not supported.
	 */
	private Boolean allowCredentials;

	/**
	 * How long the response from a pre-flight request can be cached by clients. If a
	 * duration suffix is not specified, seconds will be used.
	 */
	@DurationUnit(ChronoUnit.SECONDS)
	private Duration maxAge = Duration.ofSeconds(1800);

	public List getAllowedOrigins() {
		return this.allowedOrigins;
	}

	public void setAllowedOrigins(List allowedOrigins) {
		this.allowedOrigins = allowedOrigins;
	}

	public List getAllowedOriginPatterns() {
		return this.allowedOriginPatterns;
	}

	public void setAllowedOriginPatterns(List allowedOriginPatterns) {
		this.allowedOriginPatterns = allowedOriginPatterns;
	}

	public List getAllowedMethods() {
		return this.allowedMethods;
	}

	public void setAllowedMethods(List allowedMethods) {
		this.allowedMethods = allowedMethods;
	}

	public List getAllowedHeaders() {
		return this.allowedHeaders;
	}

	public void setAllowedHeaders(List allowedHeaders) {
		this.allowedHeaders = allowedHeaders;
	}

	public List getExposedHeaders() {
		return this.exposedHeaders;
	}

	public void setExposedHeaders(List exposedHeaders) {
		this.exposedHeaders = exposedHeaders;
	}

	public Boolean getAllowCredentials() {
		return this.allowCredentials;
	}

	public void setAllowCredentials(Boolean allowCredentials) {
		this.allowCredentials = allowCredentials;
	}

	public Duration getMaxAge() {
		return this.maxAge;
	}

	public void setMaxAge(Duration maxAge) {
		this.maxAge = maxAge;
	}

	public CorsConfiguration toCorsConfiguration() {
		if (CollectionUtils.isEmpty(this.allowedOrigins) && CollectionUtils.isEmpty(this.allowedOriginPatterns)) {
			return null;
		}
		PropertyMapper map = PropertyMapper.get();
		CorsConfiguration configuration = new CorsConfiguration();
		map.from(this::getAllowedOrigins).to(configuration::setAllowedOrigins);
		map.from(this::getAllowedOriginPatterns).to(configuration::setAllowedOriginPatterns);
		map.from(this::getAllowedHeaders).whenNot(CollectionUtils::isEmpty).to(configuration::setAllowedHeaders);
		map.from(this::getAllowedMethods).whenNot(CollectionUtils::isEmpty).to(configuration::setAllowedMethods);
		map.from(this::getExposedHeaders).whenNot(CollectionUtils::isEmpty).to(configuration::setExposedHeaders);
		map.from(this::getMaxAge).whenNonNull().as(Duration::getSeconds).to(configuration::setMaxAge);
		map.from(this::getAllowCredentials).whenNonNull().to(configuration::setAllowCredentials);
		return configuration;
	}

}