org.springframework.web.cors.CorsConfiguration Java Examples
The following examples show how to use
org.springframework.web.cors.CorsConfiguration.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: WebSecurityConfiguration.java From microservices-basics-spring-boot with Apache License 2.0 | 7 votes |
@Bean public CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration configuration = new CorsConfiguration(); configuration.setAllowedOrigins(ImmutableList.of("*")); configuration.setAllowedMethods(ImmutableList.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); // setAllowCredentials(true) is important, otherwise: // The value of the 'Access-Control-Allow-Origin' header in the response must // not be the wildcard '*' when the request's credentials mode is 'include'. configuration.setAllowCredentials(true); // setAllowedHeaders is important! Without it, OPTIONS preflight request // will fail with 403 Invalid CORS request configuration.setAllowedHeaders(ImmutableList.of("*")); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", configuration); return source; }
Example #2
Source File: WebSecurityConfig.java From SpringSecurity-JWT-Vue-Deom with MIT License | 7 votes |
/** * 跨域配置 */ @Bean public CorsConfigurationSource corsConfigurationSource() { // 允许跨域访问的 URL List<String> allowedOriginsUrl = new ArrayList<>(); allowedOriginsUrl.add("http://localhost:8080"); allowedOriginsUrl.add("http://127.0.0.1:8080"); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); // 设置允许跨域访问的 URL config.setAllowedOrigins(allowedOriginsUrl); config.addAllowedHeader("*"); config.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); return source; }
Example #3
Source File: RequestMappingHandlerMapping.java From java-technology-stack with MIT License | 6 votes |
@Override protected CorsConfiguration initCorsConfiguration(Object handler, Method method, RequestMappingInfo mappingInfo) { HandlerMethod handlerMethod = createHandlerMethod(handler, method); Class<?> beanType = handlerMethod.getBeanType(); CrossOrigin typeAnnotation = AnnotatedElementUtils.findMergedAnnotation(beanType, CrossOrigin.class); CrossOrigin methodAnnotation = AnnotatedElementUtils.findMergedAnnotation(method, CrossOrigin.class); if (typeAnnotation == null && methodAnnotation == null) { return null; } CorsConfiguration config = new CorsConfiguration(); updateCorsConfig(config, typeAnnotation); updateCorsConfig(config, methodAnnotation); if (CollectionUtils.isEmpty(config.getAllowedMethods())) { for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) { config.addAllowedMethod(allowedMethod.name()); } } return config.applyPermitDefaultValues(); }
Example #4
Source File: CrossOriginTests.java From java-technology-stack with MIT License | 6 votes |
@Test public void ambiguousProducesPreFlightRequest() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setMethod("OPTIONS"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.request.setRequestURI("/ambiguous-produces"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, true); assertNotNull(config); assertArrayEquals(new String[] {"*"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray()); assertTrue(config.getAllowCredentials()); assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders())); assertNull(config.getMaxAge()); }
Example #5
Source File: SyndesisCorsConfiguration.java From syndesis with Apache License 2.0 | 6 votes |
@Bean public CorsFilter corsFilter() { return new CorsFilter(request -> { String pathInfo = request.getPathInfo(); if (pathInfo != null && (pathInfo.endsWith("/openapi.json") || pathInfo.endsWith("/openapi.yaml"))) { return new CorsConfiguration().applyPermitDefaultValues(); } CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(allowedOrigins); config.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH")); config.applyPermitDefaultValues(); return config; }); }
Example #6
Source File: CorsProperties.java From hsweb-framework with Apache License 2.0 | 6 votes |
CorsConfiguration applyPermitDefaultValues() { if (this.allowedOrigins == null) { this.addAllowedOrigin(); } if (this.allowedMethods == null) { this.setAllowedMethods(Arrays.asList( HttpMethod.GET.name(), HttpMethod.HEAD.name(), HttpMethod.POST.name())); } if (this.allowedHeaders == null) { this.addAllowedHeader(); } if (this.allowCredentials == null) { this.setAllowCredentials(true); } if (this.maxAge == null) { this.setMaxAge(1800L); } return this; }
Example #7
Source File: GlobalCorsConfig.java From mall-tiny with Apache License 2.0 | 6 votes |
/** * 允许跨域调用的过滤器 */ @Bean public CorsFilter corsFilter() { CorsConfiguration config = new CorsConfiguration(); //允许所有域名进行跨域调用 config.addAllowedOrigin("*"); //允许跨越发送cookie config.setAllowCredentials(true); //放行全部原始头信息 config.addAllowedHeader("*"); //允许所有请求方法跨域调用 config.addAllowedMethod("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/**", config); return new CorsFilter(source); }
Example #8
Source File: CorsConfig.java From balance-transfer-java with Apache License 2.0 | 6 votes |
@Bean public FilterRegistrationBean corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("OPTIONS"); config.addAllowedMethod("HEAD"); config.addAllowedMethod("GET"); config.addAllowedMethod("PUT"); config.addAllowedMethod("POST"); config.addAllowedMethod("DELETE"); config.addAllowedMethod("PATCH"); source.registerCorsConfiguration("/**", config); // return new CorsFilter(source); final FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); bean.setOrder(0); return bean; }
Example #9
Source File: RequestMappingHandlerMapping.java From spring-analysis-note with MIT License | 6 votes |
@Override protected CorsConfiguration initCorsConfiguration(Object handler, Method method, RequestMappingInfo mappingInfo) { HandlerMethod handlerMethod = createHandlerMethod(handler, method); Class<?> beanType = handlerMethod.getBeanType(); CrossOrigin typeAnnotation = AnnotatedElementUtils.findMergedAnnotation(beanType, CrossOrigin.class); CrossOrigin methodAnnotation = AnnotatedElementUtils.findMergedAnnotation(method, CrossOrigin.class); if (typeAnnotation == null && methodAnnotation == null) { return null; } CorsConfiguration config = new CorsConfiguration(); updateCorsConfig(config, typeAnnotation); updateCorsConfig(config, methodAnnotation); if (CollectionUtils.isEmpty(config.getAllowedMethods())) { for (RequestMethod allowedMethod : mappingInfo.getMethodsCondition().getMethods()) { config.addAllowedMethod(allowedMethod.name()); } } return config.applyPermitDefaultValues(); }
Example #10
Source File: WebConfigurer.java From tutorials with MIT License | 6 votes |
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = jHipsterProperties.getCors(); if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) { log.debug("Registering CORS filter"); source.registerCorsConfiguration("/api/**", config); source.registerCorsConfiguration("/management/**", config); source.registerCorsConfiguration("/v2/api-docs", config); source.registerCorsConfiguration("/auth/**", config); source.registerCorsConfiguration("/*/api/**", config); source.registerCorsConfiguration("/*/management/**", config); source.registerCorsConfiguration("/*/oauth/**", config); } return new CorsFilter(source); }
Example #11
Source File: CrossConfig.java From swagger-showdoc with Apache License 2.0 | 6 votes |
@Bean public FilterRegistrationBean corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); // 设置你要允许的网站域名,如果全允许则设为 * config.addAllowedOrigin("*"); // 如果要限制 HEADER 或 METHOD 请自行更改 config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); // 这个顺序很重要哦,为避免麻烦请设置在最前 bean.setOrder(0); return bean; }
Example #12
Source File: CrossOriginTests.java From spring-analysis-note with MIT License | 6 votes |
@Test public void ambiguousProducesPreFlightRequest() throws Exception { this.handlerMapping.registerHandler(new MethodLevelController()); this.request.setMethod("OPTIONS"); this.request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "GET"); this.request.setRequestURI("/ambiguous-produces"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, true); assertNotNull(config); assertArrayEquals(new String[] {"*"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedHeaders().toArray()); assertTrue(config.getAllowCredentials()); assertTrue(CollectionUtils.isEmpty(config.getExposedHeaders())); assertNull(config.getMaxAge()); }
Example #13
Source File: AbstractHandlerMapping.java From spring4-understanding with Apache License 2.0 | 6 votes |
/** * Look up a handler for the given request, falling back to the default * handler if no specific one is found. * @param request current HTTP request * @return the corresponding handler instance, or the default handler * @see #getHandlerInternal */ @Override public final HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception { Object handler = getHandlerInternal(request); if (handler == null) { handler = getDefaultHandler(); } if (handler == null) { return null; } // Bean name or resolved handler? if (handler instanceof String) { String handlerName = (String) handler; handler = getApplicationContext().getBean(handlerName); } HandlerExecutionChain executionChain = getHandlerExecutionChain(handler, request); if (CorsUtils.isCorsRequest(request)) { CorsConfiguration globalConfig = this.corsConfigSource.getCorsConfiguration(request); CorsConfiguration handlerConfig = getCorsConfiguration(handler, request); CorsConfiguration config = (globalConfig != null ? globalConfig.combine(handlerConfig) : handlerConfig); executionChain = getCorsHandlerExecutionChain(request, executionChain, config); } return executionChain; }
Example #14
Source File: HandlerMappingIntrospectorTests.java From java-technology-stack with MIT License | 6 votes |
@Test public void getCorsConfigurationPreFlight() throws Exception { AnnotationConfigWebApplicationContext cxt = new AnnotationConfigWebApplicationContext(); cxt.register(TestConfig.class); cxt.refresh(); // PRE-FLIGHT MockHttpServletRequest request = new MockHttpServletRequest("OPTIONS", "/path"); request.addHeader("Origin", "http://localhost:9000"); request.addHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_METHOD, "POST"); CorsConfiguration corsConfig = getIntrospector(cxt).getCorsConfiguration(request); assertNotNull(corsConfig); assertEquals(Collections.singletonList("http://localhost:9000"), corsConfig.getAllowedOrigins()); assertEquals(Collections.singletonList("POST"), corsConfig.getAllowedMethods()); }
Example #15
Source File: CrossOriginTests.java From java-technology-stack with MIT License | 5 votes |
@Test public void classLevel() throws Exception { this.handlerMapping.registerHandler(new ClassLevelController()); this.request.setRequestURI("/foo"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertFalse(config.getAllowCredentials()); this.request.setRequestURI("/bar"); chain = this.handlerMapping.getHandler(request); config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertFalse(config.getAllowCredentials()); this.request.setRequestURI("/baz"); chain = this.handlerMapping.getHandler(request); config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"*"}, config.getAllowedOrigins().toArray()); assertTrue(config.getAllowCredentials()); }
Example #16
Source File: CrossOriginTests.java From spring-analysis-note with MIT License | 5 votes |
@Test // SPR-13468 public void classLevelComposedAnnotation() throws Exception { this.handlerMapping.registerHandler(new ClassLevelMappingWithComposedAnnotation()); this.request.setRequestURI("/foo"); HandlerExecutionChain chain = this.handlerMapping.getHandler(request); CorsConfiguration config = getCorsConfiguration(chain, false); assertNotNull(config); assertArrayEquals(new String[] {"GET"}, config.getAllowedMethods().toArray()); assertArrayEquals(new String[] {"http://www.foo.com/"}, config.getAllowedOrigins().toArray()); assertTrue(config.getAllowCredentials()); }
Example #17
Source File: CorsUrlHandlerMappingTests.java From java-technology-stack with MIT License | 5 votes |
@Test public void actualRequestWithGlobalCorsConfig() throws Exception { CorsConfiguration mappedConfig = new CorsConfiguration(); mappedConfig.addAllowedOrigin("*"); this.handlerMapping.setCorsConfigurations(Collections.singletonMap("/welcome.html", mappedConfig)); String origin = "http://domain2.com"; ServerWebExchange exchange = createExchange(HttpMethod.GET, "/welcome.html", origin); Object actual = this.handlerMapping.getHandler(exchange).block(); assertNotNull(actual); assertSame(this.welcomeController, actual); assertEquals("*", exchange.getResponse().getHeaders().getFirst(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN)); }
Example #18
Source File: CorsConfig.java From Pixiv-Illustration-Collection-Backend with Apache License 2.0 | 5 votes |
private CorsConfiguration buildConfig() { CorsConfiguration corsConfiguration = new CorsConfiguration(); corsConfiguration.addAllowedOrigin("*"); // 1允许任何域名使用 corsConfiguration.addAllowedHeader("*"); // 2允许任何头 corsConfiguration.addAllowedMethod("*"); // 3允许任何方法(post、get等) return corsConfiguration; }
Example #19
Source File: DevelopmentConfig.java From eds-starter6-jpa with Apache License 2.0 | 5 votes |
@Bean public FilterRegistrationBean<CorsFilter> corsFilterRegistration() { FilterRegistrationBean<CorsFilter> filter = new FilterRegistrationBean<>(); CorsConfiguration config = new CorsConfiguration(); config.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL)); config.setAllowedMethods(Collections.singletonList(CorsConfiguration.ALL)); config.setAllowedHeaders(Collections.singletonList(CorsConfiguration.ALL)); config.setAllowCredentials(true); filter.setFilter(new CorsFilter(r -> config)); filter.setUrlPatterns(Collections.singleton("/*")); filter.setOrder(SecurityProperties.DEFAULT_FILTER_ORDER - 1); return filter; }
Example #20
Source File: WebConfigurer.java From albedo with GNU Lesser General Public License v3.0 | 5 votes |
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = applicationProperties.getCors(); if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) { log.debug("Registering CORS filter"); source.registerCorsConfiguration(applicationProperties.getAdminPath("/**"), config); source.registerCorsConfiguration("/management/**", config); source.registerCorsConfiguration("/v2/api-docs", config); } return new CorsFilter(source); }
Example #21
Source File: SecurityManagedConfiguration.java From hawkbit with Eclipse Public License 1.0 | 5 votes |
@Bean @ConditionalOnProperty(prefix = "hawkbit.server.security.cors", name = "enabled", matchIfMissing = false) CorsConfigurationSource corsConfigurationSource() { final CorsConfiguration restCorsConfiguration = new CorsConfiguration(); restCorsConfiguration.setAllowedOrigins(securityProperties.getCors().getAllowedOrigins()); restCorsConfiguration.setAllowCredentials(true); restCorsConfiguration.setAllowedHeaders(securityProperties.getCors().getAllowedHeaders()); restCorsConfiguration.setAllowedMethods(securityProperties.getCors().getAllowedMethods()); final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); source.registerCorsConfiguration("/rest/**", restCorsConfiguration); return source; }
Example #22
Source File: WebConfigurer.java From jhipster-ribbon-hystrix with GNU General Public License v3.0 | 5 votes |
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = jHipsterProperties.getCors(); if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) { source.registerCorsConfiguration("/api/**", config); source.registerCorsConfiguration("/v2/api-docs", config); source.registerCorsConfiguration("/oauth/**", config); } return new CorsFilter(source); }
Example #23
Source File: CorsRegistry.java From spring4-understanding with Apache License 2.0 | 5 votes |
protected Map<String, CorsConfiguration> getCorsConfigurations() { Map<String, CorsConfiguration> configs = new LinkedHashMap<String, CorsConfiguration>(this.registrations.size()); for (CorsRegistration registration : this.registrations) { configs.put(registration.getPathPattern(), registration.getCorsConfiguration()); } return configs; }
Example #24
Source File: DefaultCorsProcessor.java From java-technology-stack with MIT License | 5 votes |
@Override public boolean process(@Nullable CorsConfiguration config, ServerWebExchange exchange) { ServerHttpRequest request = exchange.getRequest(); ServerHttpResponse response = exchange.getResponse(); if (!CorsUtils.isCorsRequest(request)) { return true; } if (responseHasCors(response)) { logger.trace("Skip: response already contains \"Access-Control-Allow-Origin\""); return true; } if (CorsUtils.isSameOrigin(request)) { logger.trace("Skip: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(response); return false; } else { return true; } } return handleInternal(exchange, config, preFlightRequest); }
Example #25
Source File: SecurityConfig.java From incubator-wikift with Apache License 2.0 | 5 votes |
@Bean public FilterRegistrationBean corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); bean.setOrder(0); return bean; }
Example #26
Source File: AbstractHandlerMethodMapping.java From lams with GNU General Public License v2.0 | 5 votes |
public void register(T mapping, Object handler, Method method) { this.readWriteLock.writeLock().lock(); try { HandlerMethod handlerMethod = createHandlerMethod(handler, method); assertUniqueMethodMapping(handlerMethod, mapping); if (logger.isInfoEnabled()) { logger.info("Mapped \"" + mapping + "\" onto " + handlerMethod); } this.mappingLookup.put(mapping, handlerMethod); List<String> directUrls = getDirectUrls(mapping); for (String url : directUrls) { this.urlLookup.add(url, mapping); } String name = null; if (getNamingStrategy() != null) { name = getNamingStrategy().getName(handlerMethod, mapping); addMappingName(name, handlerMethod); } CorsConfiguration corsConfig = initCorsConfiguration(handler, method, mapping); if (corsConfig != null) { this.corsLookup.put(handlerMethod, corsConfig); } this.registry.put(mapping, new MappingRegistration<T>(mapping, handlerMethod, directUrls, name)); } finally { this.readWriteLock.writeLock().unlock(); } }
Example #27
Source File: WebConfigurer.java From TeamDojo with Apache License 2.0 | 5 votes |
@Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = jHipsterProperties.getCors(); if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) { log.debug("Registering CORS filter"); source.registerCorsConfiguration("/api/**", config); source.registerCorsConfiguration("/management/**", config); source.registerCorsConfiguration("/v2/api-docs", config); } return new CorsFilter(source); }
Example #28
Source File: SecurityConfig.java From xmall with MIT License | 5 votes |
/** * 允许跨域调用的过滤器 */ @Bean public CorsFilter corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.setAllowCredentials(true); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); bean.setOrder(0); return new CorsFilter(source); }
Example #29
Source File: ApplicationConfig.java From ZTuoExchange_framework with MIT License | 5 votes |
@Bean public FilterRegistrationBean corsFilter() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.addAllowedOrigin("*"); config.setAllowCredentials(true); config.addAllowedHeader("*"); config.addAllowedMethod("*"); source.registerCorsConfiguration("/**", config); FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source)); bean.setOrder(0); return bean; }
Example #30
Source File: CorsConfig.java From sophia_scaffolding with Apache License 2.0 | 5 votes |
@Bean public CorsWebFilter corsFilter() { CorsConfiguration config = new CorsConfiguration(); config.addAllowedMethod("*"); config.addAllowedOrigin("*"); config.addAllowedHeader("*"); UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(new PathPatternParser()); source.registerCorsConfiguration("/**", config); return new CorsWebFilter(source); }