Interface CorsAuthorizer
public interface CorsAuthorizer
Contract for types that authorize CORS requests.
Standard implementations can be acquired via these factory methods:
withRejectAllPolicy()(don't permit CORS requests)withAcceptAllPolicy()(permit all CORS requests, not recommended for production)withWhitelistedOrigins(Set)(permit whitelisted origins only)withWhitelistAuthorizer(Function)(permit origins via function)
- Author:
- Mark Allen
-
Method Summary
Modifier and TypeMethodDescriptionAuthorizes a non-preflight CORS request.authorizePreflight(Request request, CorsPreflight corsPreflight, Map<HttpMethod, ResourceMethod> availableResourceMethodsByHttpMethod) Authorizes a CORS preflight request.static CorsAuthorizerstatic CorsAuthorizerstatic CorsAuthorizerwithWhitelistAuthorizer(Function<String, Boolean> whitelistAuthorizer) static CorsAuthorizerwithWhitelistedOrigins(Set<String> whitelistedOrigins)
-
Method Details
-
authorize
Authorizes a non-preflight CORS request.- Parameters:
request- the request to authorizecors- the CORS data provided in the request- Returns:
- a
CorsResponseif authorized, orOptional.empty()if not authorized
-
authorizePreflight
@Nonnull Optional<CorsPreflightResponse> authorizePreflight(@Nonnull Request request, @Nonnull CorsPreflight corsPreflight, @Nonnull Map<HttpMethod, ResourceMethod> availableResourceMethodsByHttpMethod) Authorizes a CORS preflight request.- Parameters:
request- the preflight request to authorizecorsPreflight- the CORS preflight data provided in the requestavailableResourceMethodsByHttpMethod- Resource Methods that are available to serve requests according to parameters specified by the preflight data- Returns:
- a
CorsPreflightResponseif authorized, orOptional.empty()if not authorized
-
withAcceptAllPolicy
-
withRejectAllPolicy
-
withWhitelistedOrigins
-
withWhitelistAuthorizer
@Nonnull static CorsAuthorizer withWhitelistAuthorizer(@Nonnull Function<String, Boolean> whitelistAuthorizer)
-