org.springframework.web.server.WebFilterChain Java Examples

The following examples show how to use org.springframework.web.server.WebFilterChain. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthWebFilter.java    From light-security with Apache License 2.0 7 votes vote down vote up
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    ServerHttpRequest request = exchange.getRequest();

    Mono<Boolean> mono = specList.stream()
            .filter(spec -> ReactiveRestfulMatchUtil.match(request, spec.getHttpMethod(), spec.getPath()))
            .findFirst()
            .map(spec -> {
                String expression = spec.getExpression();
                return ReactiveSpringElCheckUtil.check(
                        new StandardEvaluationContext(reactivePreAuthorizeExpressionRoot),
                        expression
                );

            })
            .orElse(Mono.just(true));

    return mono.filter(t -> t)
            .switchIfEmpty(Mono.error(new LightSecurityException("Access Denied")))
            .flatMap(t -> chain.filter(exchange));
}
 
Example #2
Source File: GatewayConfiguration.java    From microservice-integration with MIT License 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (CorsUtils.isCorsRequest(request)) {
            ServerHttpResponse response = ctx.getResponse();
            HttpHeaders headers = response.getHeaders();
            headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN);
            headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS);
            headers.add("Access-Control-Max-Age", MAX_AGE);
            headers.add("Access-Control-Allow-Headers",ALLOWED_HEADERS);
            if (request.getMethod() == HttpMethod.OPTIONS) {
                response.setStatusCode(HttpStatus.OK);
                return Mono.empty();
            }
        }
        return chain.filter(ctx);
    };
}
 
Example #3
Source File: CorsWebFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void nonCorsRequest() {
	WebFilterChain filterChain = filterExchange -> {
		try {
			HttpHeaders headers = filterExchange.getResponse().getHeaders();
			assertNull(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
			assertNull(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS));
		}
		catch (AssertionError ex) {
			return Mono.error(ex);
		}
		return Mono.empty();

	};
	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.get("https://domain1.com/test.html")
					.header(HOST, "domain1.com"));
	this.filter.filter(exchange, filterChain).block();
}
 
Example #4
Source File: CorsWebFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void validActualRequest() {
	WebFilterChain filterChain = filterExchange -> {
		try {
			HttpHeaders headers = filterExchange.getResponse().getHeaders();
			assertEquals("https://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
			assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS));
		}
		catch (AssertionError ex) {
			return Mono.error(ex);
		}
		return Mono.empty();

	};
	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.get("https://domain1.com/test.html")
					.header(HOST, "domain1.com")
					.header(ORIGIN, "https://domain2.com")
					.header("header2", "foo"));
	this.filter.filter(exchange, filterChain).block();
}
 
Example #5
Source File: CorsWebFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void sameOriginRequest() {
	WebFilterChain filterChain = filterExchange -> {
		try {
			HttpHeaders headers = filterExchange.getResponse().getHeaders();
			assertNull(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
			assertNull(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS));
		}
		catch (AssertionError ex) {
			return Mono.error(ex);
		}
		return Mono.empty();

	};
	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.get("https://domain1.com/test.html")
					.header(ORIGIN, "https://domain1.com"));
	this.filter.filter(exchange, filterChain).block();
}
 
Example #6
Source File: CorsConfig.java    From microservice-recruit with Apache License 2.0 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (CorsUtils.isCorsRequest(request)) {
            HttpHeaders requestHeaders = request.getHeaders();
            ServerHttpResponse response = ctx.getResponse();
            HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
            HttpHeaders headers = response.getHeaders();
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
            headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders
                    .getAccessControlRequestHeaders());
            if(requestMethod != null){
                headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
            }
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
            headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
            if (request.getMethod() == HttpMethod.OPTIONS) {
                response.setStatusCode(HttpStatus.OK);
                return Mono.empty();
            }
        }
        return chain.filter(ctx);
    };
}
 
Example #7
Source File: TracingWebFilter.java    From java-specialagent with Apache License 2.0 6 votes vote down vote up
@Override
public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) {
  final ServerHttpRequest request = exchange.getRequest();

  if (!shouldBeTraced(request)) {
    return chain.filter(exchange);
  }

  if (exchange.getAttribute(SERVER_SPAN_CONTEXT) != null) {
    if (LOG.isTraceEnabled()) {
      LOG.trace("Not tracing request " + request + " because it is already being traced");
    }
    return chain.filter(exchange);
  }

  return new TracingOperator(chain.filter(exchange), exchange, tracer, spanDecorators);
}
 
Example #8
Source File: GatewayApplication.java    From MyShopPlus with Apache License 2.0 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (!CorsUtils.isCorsRequest(request)) {
            return chain.filter(ctx);
        }
        HttpHeaders requestHeaders = request.getHeaders();
        ServerHttpResponse response = ctx.getResponse();
        HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
        HttpHeaders headers = response.getHeaders();
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
        headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders());
        if (requestMethod != null) {
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
        }
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL);
        headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
        if (request.getMethod() == HttpMethod.OPTIONS) {
            response.setStatusCode(HttpStatus.OK);
            return Mono.empty();
        }
        return chain.filter(ctx);
    };
}
 
Example #9
Source File: TracingWebFilter.java    From java-spring-web with Apache License 2.0 6 votes vote down vote up
@Override
public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) {
    final ServerHttpRequest request = exchange.getRequest();

    if (!shouldBeTraced(request)) {
        return chain.filter(exchange);
    }

    if (exchange.getAttribute(SERVER_SPAN_CONTEXT) != null) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Not tracing request " + request + " because it is already being traced");
        }
        return chain.filter(exchange);
    }

    return new TracingOperator(chain.filter(exchange), exchange, tracer, spanDecorators);
}
 
Example #10
Source File: WebfluxRateLimitFilterrTest.java    From bucket4j-spring-boot-starter with Apache License 2.0 6 votes vote down vote up
@Before
  public void setup() throws URISyntaxException {
  	rateLimitCheck1 = mock(RateLimitCheck.class);
      rateLimitCheck2 = mock(RateLimitCheck.class);
      rateLimitCheck3 = mock(RateLimitCheck.class);

      exchange = Mockito.mock(ServerWebExchange.class);
      
      ServerHttpRequest serverHttpRequest = Mockito.mock(ServerHttpRequest.class);
      URI uri = new URI("url");
      when(serverHttpRequest.getURI()).thenReturn(uri);
when(exchange.getRequest()).thenReturn(serverHttpRequest);

serverHttpResponse = Mockito.mock(ServerHttpResponse.class);
      when(exchange.getResponse()).thenReturn(serverHttpResponse);
      
chain = Mockito.mock(WebFilterChain.class);
      
      configuration = new FilterConfiguration();
      configuration.setRateLimitChecks(Arrays.asList(rateLimitCheck1, rateLimitCheck2, rateLimitCheck3));
      configuration.setUrl("url");
      filter = new WebfluxWebFilter(configuration);
  }
 
Example #11
Source File: CorsWebFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void validPreFlightRequest() throws ServletException, IOException {

	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.options("https://domain1.com/test.html")
					.header(HOST, "domain1.com")
					.header(ORIGIN, "https://domain2.com")
					.header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name())
					.header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2")
	);

	WebFilterChain filterChain = filterExchange -> Mono.error(
			new AssertionError("Preflight requests must not be forwarded to the filter chain"));
	filter.filter(exchange, filterChain).block();

	HttpHeaders headers = exchange.getResponse().getHeaders();
	assertEquals("https://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
	assertEquals("header1, header2", headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS));
	assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS));
	assertEquals(123L, Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE)));
}
 
Example #12
Source File: CorsWebFilterTests.java    From spring-analysis-note with MIT License 6 votes vote down vote up
@Test
public void invalidPreFlightRequest() throws ServletException, IOException {

	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.options("https://domain1.com/test.html")
					.header(HOST, "domain1.com")
					.header(ORIGIN, "https://domain2.com")
					.header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name())
					.header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));

	WebFilterChain filterChain = filterExchange -> Mono.error(
			new AssertionError("Preflight requests must not be forwarded to the filter chain"));

	filter.filter(exchange, filterChain).block();

	assertNull(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
}
 
Example #13
Source File: CorsConfig.java    From open-capacity-platform with Apache License 2.0 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
	return (ServerWebExchange ctx, WebFilterChain chain) -> {
		ServerHttpRequest request = ctx.getRequest();
		if (!CorsUtils.isCorsRequest(request)) {
			return chain.filter(ctx);
		}
		HttpHeaders requestHeaders = request.getHeaders();
		ServerHttpResponse response = ctx.getResponse();
		HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
		HttpHeaders headers = response.getHeaders();
		headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
		headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders());
		if (requestMethod != null) {
			headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
		}
		headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
		headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL);
		headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
		if (request.getMethod() == HttpMethod.OPTIONS) {
			response.setStatusCode(HttpStatus.OK);
			return Mono.empty();
		}
		return chain.filter(ctx);
	};
}
 
Example #14
Source File: WebFluxSecurityCorsFilter.java    From FEBS-Cloud with Apache License 2.0 6 votes vote down vote up
@Override
@SuppressWarnings("all")
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    ServerHttpRequest request = exchange.getRequest();
    if (CorsUtils.isCorsRequest(request)) {
        ServerHttpResponse response = exchange.getResponse();
        HttpHeaders headers = response.getHeaders();
        headers.add("Access-Control-Allow-Origin", "*");
        headers.add("Access-Control-Allow-Methods", "*");
        headers.add("Access-Control-Max-Age", "3600");
        headers.add("Access-Control-Allow-Headers", "*");
        if (request.getMethod() == HttpMethod.OPTIONS) {
            response.setStatusCode(HttpStatus.OK);
            return Mono.empty();
        }
    }
    return chain.filter(exchange);
}
 
Example #15
Source File: CorsConfig.java    From spring-microservice-exam with MIT License 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (!CorsUtils.isCorsRequest(request))
            return chain.filter(ctx);
        HttpHeaders requestHeaders = request.getHeaders();
        ServerHttpResponse response = ctx.getResponse();
        HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
        HttpHeaders headers = response.getHeaders();
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
        headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders());
        if (requestMethod != null)
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
        headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL);
        headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
        if (request.getMethod() == HttpMethod.OPTIONS) {
            response.setStatusCode(HttpStatus.OK);
            return Mono.empty();
        }
        return chain.filter(ctx);
    };
}
 
Example #16
Source File: CorsConfig.java    From simple-microservice with Apache License 2.0 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
  return (ServerWebExchange ctx, WebFilterChain chain) -> {
    ServerHttpRequest request = ctx.getRequest();
    if (CorsUtils.isCorsRequest(request)) {
      HttpHeaders requestHeaders = request.getHeaders();
      ServerHttpResponse response = ctx.getResponse();
      HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
      HttpHeaders headers = response.getHeaders();
      headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
      headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders());
      if (requestMethod != null) {
        headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
      }
      headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
      headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
      headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
      if (request.getMethod() == HttpMethod.OPTIONS) {
        response.setStatusCode(HttpStatus.OK);
        return Mono.empty();
      }

    }
    return chain.filter(ctx);
  };
}
 
Example #17
Source File: ResourceServerConfiguration.java    From open-cloud with MIT License 6 votes vote down vote up
/**
 * 跨域配置
 *
 * @return
 */
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (CorsUtils.isCorsRequest(request)) {
            HttpHeaders requestHeaders = request.getHeaders();
            ServerHttpResponse response = ctx.getResponse();
            HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
            HttpHeaders headers = response.getHeaders();
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
            headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders());
            if (requestMethod != null) {
                headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
            }
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
            headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
            if (request.getMethod() == HttpMethod.OPTIONS) {
                response.setStatusCode(HttpStatus.OK);
                return Mono.empty();
            }
        }
        return chain.filter(ctx);
    };
}
 
Example #18
Source File: AccessLogFilter.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    ServerHttpResponse response = exchange.getResponse();
    DataBufferFactory bufferFactory = response.bufferFactory();
    ServerHttpResponseDecorator decoratedResponse = new ServerHttpResponseDecorator(response) {
        @Override
        public Mono<Void> writeWith(Publisher<? extends DataBuffer> body) {
            if (body instanceof Flux) {
                Flux<? extends DataBuffer> fluxBody = (Flux<? extends DataBuffer>) body;
                return super.writeWith(fluxBody.map(dataBuffer -> {
                    // probably should reuse buffers
                    byte[] content = new byte[dataBuffer.readableByteCount()];
                    dataBuffer.read(content);
                    //释放掉内存
                    DataBufferUtils.release(dataBuffer);
                    return bufferFactory.wrap(content);
                }));
            }
            // if body is not a flux. never got there.
            return super.writeWith(body);
        }
    };
    return chain.filter(exchange.mutate().response(decoratedResponse).build()).then(Mono.fromRunnable(()->{
        accessLogService.sendLog(exchange, null);
    }));
}
 
Example #19
Source File: GatewayContextFilter.java    From open-cloud with MIT License 6 votes vote down vote up
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain){
    ServerHttpRequest request = exchange.getRequest();
    GatewayContext gatewayContext = new GatewayContext();
    HttpHeaders headers = request.getHeaders();
    gatewayContext.setRequestHeaders(headers);
    gatewayContext.getAllRequestData().addAll(request.getQueryParams());
    /*
     * save gateway context into exchange
     */
    exchange.getAttributes().put(GatewayContext.CACHE_GATEWAY_CONTEXT,gatewayContext);
    MediaType contentType = headers.getContentType();
    if(headers.getContentLength()>0){
        if(MediaType.APPLICATION_JSON.equals(contentType) || MediaType.APPLICATION_JSON_UTF8.equals(contentType)){
            return readBody(exchange, chain,gatewayContext);
        }
        if(MediaType.APPLICATION_FORM_URLENCODED.equals(contentType)){
            return readFormData(exchange, chain,gatewayContext);
        }
    }
    log.debug("[GatewayContext]ContentType:{},Gateway context is set with {}",contentType, gatewayContext);
    return chain.filter(exchange);

}
 
Example #20
Source File: CorsWebFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void invalidPreFlightRequest() throws ServletException, IOException {

	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.options("http://domain1.com/test.html")
					.header(HOST, "domain1.com")
					.header(ORIGIN, "http://domain2.com")
					.header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name())
					.header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2"));

	WebFilterChain filterChain = (filterExchange) -> Mono.error(
			new AssertionError("Preflight requests must not be forwarded to the filter chain"));

	filter.filter(exchange, filterChain);

	assertNull(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
}
 
Example #21
Source File: CorsWebFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void validPreFlightRequest() throws ServletException, IOException {

	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.options("http://domain1.com/test.html")
					.header(HOST, "domain1.com")
					.header(ORIGIN, "http://domain2.com")
					.header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name())
					.header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2")
	);

	WebFilterChain filterChain = (filterExchange) -> Mono.error(
			new AssertionError("Preflight requests must not be forwarded to the filter chain"));
	filter.filter(exchange, filterChain);

	HttpHeaders headers = exchange.getResponse().getHeaders();
	assertEquals("http://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
	assertEquals("header1, header2", headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS));
	assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS));
	assertEquals(123L, Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE)));
}
 
Example #22
Source File: CorsConfig.java    From spring-cloud-sofastack-samples with Apache License 2.0 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (CorsUtils.isCorsRequest(request)) {
            ServerHttpResponse response = ctx.getResponse();
            HttpHeaders headers = response.getHeaders();
            headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN);
            headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS);
            headers.add("Access-Control-Allow-Headers", ALLOWED_HEADERS);
            headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE);
            headers.add("Access-Control-Allow-Credentials", "true");
            if (request.getMethod() == HttpMethod.OPTIONS) {
                response.setStatusCode(HttpStatus.OK);
                return Mono.empty();
            }
        }
        return chain.filter(ctx);
    };
}
 
Example #23
Source File: KeystoneAuthWebFilter.java    From alcor with Apache License 2.0 6 votes vote down vote up
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    String token = exchange.getRequest().getHeaders().getFirst(AUTHORIZE_TOKEN);
    if(token == null){
        exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
        return exchange.getResponse().setComplete();
    }
    String projectId = keystoneClient.verifyToken(token);
    if("".equals(projectId)){
        exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
        return exchange.getResponse().setComplete();
    }
    // rewrite uri path include project id
    ServerHttpRequest req = exchange.getRequest();
    ServerWebExchangeUtils.addOriginalRequestUrl(exchange, req.getURI());
    String path = req.getURI().getRawPath();
    String newPath = path.replaceAll(neutronUrlPrefix, "/project/" + projectId);
    ServerHttpRequest request = req.mutate().path(newPath).build();
    exchange.getAttributes().put(ServerWebExchangeUtils.GATEWAY_REQUEST_URL_ATTR, request.getURI());
    return chain.filter(exchange.mutate().request(request).build());
}
 
Example #24
Source File: CorsConfig.java    From microservice-recruit with Apache License 2.0 6 votes vote down vote up
@Bean
public WebFilter corsFilter() {
    return (ServerWebExchange ctx, WebFilterChain chain) -> {
        ServerHttpRequest request = ctx.getRequest();
        if (CorsUtils.isCorsRequest(request)) {
            HttpHeaders requestHeaders = request.getHeaders();
            ServerHttpResponse response = ctx.getResponse();
            HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod();
            HttpHeaders headers = response.getHeaders();
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin());
            headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders
                    .getAccessControlRequestHeaders());
            if(requestMethod != null){
                headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name());
            }
            headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*");
            headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE);
            if (request.getMethod() == HttpMethod.OPTIONS) {
                response.setStatusCode(HttpStatus.OK);
                return Mono.empty();
            }
        }
        return chain.filter(ctx);
    };
}
 
Example #25
Source File: CorsWebFilterTests.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Test
public void validActualRequest() {
	WebFilterChain filterChain = (filterExchange) -> {
		try {
			HttpHeaders headers = filterExchange.getResponse().getHeaders();
			assertEquals("http://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN));
			assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS));
		} catch (AssertionError ex) {
			return Mono.error(ex);
		}
		return Mono.empty();

	};
	MockServerWebExchange exchange = MockServerWebExchange.from(
			MockServerHttpRequest
					.get("http://domain1.com/test.html")
					.header(HOST, "domain1.com")
					.header(ORIGIN, "http://domain2.com")
					.header("header2", "foo"));
	this.filter.filter(exchange, filterChain);
}
 
Example #26
Source File: CrossFilter.java    From soul with Apache License 2.0 6 votes vote down vote up
@Override
@SuppressWarnings("all")
public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) {
    ServerHttpRequest request = exchange.getRequest();
    if (CorsUtils.isCorsRequest(request)) {
        ServerHttpResponse response = exchange.getResponse();
        HttpHeaders headers = response.getHeaders();
        headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN);
        headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS);
        headers.add("Access-Control-Max-Age", MAX_AGE);
        headers.add("Access-Control-Allow-Headers", ALLOWED_HEADERS);
        headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE);
        headers.add("Access-Control-Allow-Credentials", "true");
        if (request.getMethod() == HttpMethod.OPTIONS) {
            response.setStatusCode(HttpStatus.OK);
            return Mono.empty();
        }
    }
    return chain.filter(exchange);
}
 
Example #27
Source File: WebfluxForwardingUtil.java    From demo-spring-webflux-api-gateway with Apache License 2.0 5 votes vote down vote up
/**
 * 
 * @param forwardToPath: forward target path that begin with /.
 * @param exchange: the current source server exchange
 * @param forwardAttrs : the attributes that added to forward Exchange.
 * @return Mono<Void> to signal forwarding request completed.
 */
public static Mono<Void> forward(String forwardToPath,ServerWebExchange exchange,Map<String,Object> forwardAttrs){
    WebFilterChain webFilterChain = (WebFilterChain)exchange.getAttributes().get(Constant.WEB_FILTER_ATTR_NAME);
    ServerHttpRequest forwardReq = exchange.getRequest().mutate().path(forwardToPath).build();
    ServerWebExchange forwardExchange = exchange.mutate().request(forwardReq).build();
       if(null != forwardAttrs && !forwardAttrs.isEmpty()) {
       		forwardExchange.getAttributes().putAll(forwardAttrs);
       }
       return webFilterChain.filter(forwardExchange);
}
 
Example #28
Source File: AbstractWebFilter.java    From soul with Apache License 2.0 5 votes vote down vote up
@Override
public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) {
    final ServerHttpResponse response = exchange.getResponse();
    response.getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8);
    return doFilter(exchange, chain).switchIfEmpty(Mono.just(false))
            .flatMap(filterResult -> filterResult ? chain.filter(exchange) : doDenyResponse(exchange));
}
 
Example #29
Source File: SecurityWebFilter.java    From spring-reactive-sample with GNU General Public License v3.0 5 votes vote down vote up
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
    if(!exchange.getRequest().getQueryParams().containsKey("user")){
        exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
    }
    return chain.filter(exchange);
}
 
Example #30
Source File: MockServerSpecTests.java    From java-technology-stack with MIT License 5 votes vote down vote up
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
	String name = "test-attribute";
	String value = exchange.getAttributeOrDefault(name, "");
	exchange.getAttributes().put(name, value + ":" + this.name);
	return chain.filter(exchange);
}