org.springframework.web.server.WebFilterChain Java Examples
The following examples show how to use
org.springframework.web.server.WebFilterChain.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AuthWebFilter.java From light-security with Apache License 2.0 | 7 votes |
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); Mono<Boolean> mono = specList.stream() .filter(spec -> ReactiveRestfulMatchUtil.match(request, spec.getHttpMethod(), spec.getPath())) .findFirst() .map(spec -> { String expression = spec.getExpression(); return ReactiveSpringElCheckUtil.check( new StandardEvaluationContext(reactivePreAuthorizeExpressionRoot), expression ); }) .orElse(Mono.just(true)); return mono.filter(t -> t) .switchIfEmpty(Mono.error(new LightSecurityException("Access Denied"))) .flatMap(t -> chain.filter(exchange)); }
Example #2
Source File: GatewayConfiguration.java From microservice-integration with MIT License | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { ServerHttpResponse response = ctx.getResponse(); HttpHeaders headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN); headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS); headers.add("Access-Control-Max-Age", MAX_AGE); headers.add("Access-Control-Allow-Headers",ALLOWED_HEADERS); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
Example #3
Source File: CorsWebFilterTests.java From spring-analysis-note with MIT License | 6 votes |
@Test public void nonCorsRequest() { WebFilterChain filterChain = filterExchange -> { try { HttpHeaders headers = filterExchange.getResponse().getHeaders(); assertNull(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertNull(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)); } catch (AssertionError ex) { return Mono.error(ex); } return Mono.empty(); }; MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .get("https://domain1.com/test.html") .header(HOST, "domain1.com")); this.filter.filter(exchange, filterChain).block(); }
Example #4
Source File: CorsWebFilterTests.java From spring-analysis-note with MIT License | 6 votes |
@Test public void validActualRequest() { WebFilterChain filterChain = filterExchange -> { try { HttpHeaders headers = filterExchange.getResponse().getHeaders(); assertEquals("https://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)); } catch (AssertionError ex) { return Mono.error(ex); } return Mono.empty(); }; MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .get("https://domain1.com/test.html") .header(HOST, "domain1.com") .header(ORIGIN, "https://domain2.com") .header("header2", "foo")); this.filter.filter(exchange, filterChain).block(); }
Example #5
Source File: CorsWebFilterTests.java From spring-analysis-note with MIT License | 6 votes |
@Test public void sameOriginRequest() { WebFilterChain filterChain = filterExchange -> { try { HttpHeaders headers = filterExchange.getResponse().getHeaders(); assertNull(headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertNull(headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)); } catch (AssertionError ex) { return Mono.error(ex); } return Mono.empty(); }; MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .get("https://domain1.com/test.html") .header(ORIGIN, "https://domain1.com")); this.filter.filter(exchange, filterChain).block(); }
Example #6
Source File: CorsConfig.java From microservice-recruit with Apache License 2.0 | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders .getAccessControlRequestHeaders()); if(requestMethod != null){ headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); } headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*"); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
Example #7
Source File: TracingWebFilter.java From java-specialagent with Apache License 2.0 | 6 votes |
@Override public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) { final ServerHttpRequest request = exchange.getRequest(); if (!shouldBeTraced(request)) { return chain.filter(exchange); } if (exchange.getAttribute(SERVER_SPAN_CONTEXT) != null) { if (LOG.isTraceEnabled()) { LOG.trace("Not tracing request " + request + " because it is already being traced"); } return chain.filter(exchange); } return new TracingOperator(chain.filter(exchange), exchange, tracer, spanDecorators); }
Example #8
Source File: GatewayApplication.java From MyShopPlus with Apache License 2.0 | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (!CorsUtils.isCorsRequest(request)) { return chain.filter(ctx); } HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders()); if (requestMethod != null) { headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); } headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } return chain.filter(ctx); }; }
Example #9
Source File: TracingWebFilter.java From java-spring-web with Apache License 2.0 | 6 votes |
@Override public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) { final ServerHttpRequest request = exchange.getRequest(); if (!shouldBeTraced(request)) { return chain.filter(exchange); } if (exchange.getAttribute(SERVER_SPAN_CONTEXT) != null) { if (LOG.isTraceEnabled()) { LOG.trace("Not tracing request " + request + " because it is already being traced"); } return chain.filter(exchange); } return new TracingOperator(chain.filter(exchange), exchange, tracer, spanDecorators); }
Example #10
Source File: WebfluxRateLimitFilterrTest.java From bucket4j-spring-boot-starter with Apache License 2.0 | 6 votes |
@Before public void setup() throws URISyntaxException { rateLimitCheck1 = mock(RateLimitCheck.class); rateLimitCheck2 = mock(RateLimitCheck.class); rateLimitCheck3 = mock(RateLimitCheck.class); exchange = Mockito.mock(ServerWebExchange.class); ServerHttpRequest serverHttpRequest = Mockito.mock(ServerHttpRequest.class); URI uri = new URI("url"); when(serverHttpRequest.getURI()).thenReturn(uri); when(exchange.getRequest()).thenReturn(serverHttpRequest); serverHttpResponse = Mockito.mock(ServerHttpResponse.class); when(exchange.getResponse()).thenReturn(serverHttpResponse); chain = Mockito.mock(WebFilterChain.class); configuration = new FilterConfiguration(); configuration.setRateLimitChecks(Arrays.asList(rateLimitCheck1, rateLimitCheck2, rateLimitCheck3)); configuration.setUrl("url"); filter = new WebfluxWebFilter(configuration); }
Example #11
Source File: CorsWebFilterTests.java From spring-analysis-note with MIT License | 6 votes |
@Test public void validPreFlightRequest() throws ServletException, IOException { MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .options("https://domain1.com/test.html") .header(HOST, "domain1.com") .header(ORIGIN, "https://domain2.com") .header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name()) .header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2") ); WebFilterChain filterChain = filterExchange -> Mono.error( new AssertionError("Preflight requests must not be forwarded to the filter chain")); filter.filter(exchange, filterChain).block(); HttpHeaders headers = exchange.getResponse().getHeaders(); assertEquals("https://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("header1, header2", headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS)); assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)); assertEquals(123L, Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE))); }
Example #12
Source File: CorsWebFilterTests.java From spring-analysis-note with MIT License | 6 votes |
@Test public void invalidPreFlightRequest() throws ServletException, IOException { MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .options("https://domain1.com/test.html") .header(HOST, "domain1.com") .header(ORIGIN, "https://domain2.com") .header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name()) .header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2")); WebFilterChain filterChain = filterExchange -> Mono.error( new AssertionError("Preflight requests must not be forwarded to the filter chain")); filter.filter(exchange, filterChain).block(); assertNull(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); }
Example #13
Source File: CorsConfig.java From open-capacity-platform with Apache License 2.0 | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (!CorsUtils.isCorsRequest(request)) { return chain.filter(ctx); } HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders()); if (requestMethod != null) { headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); } headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } return chain.filter(ctx); }; }
Example #14
Source File: WebFluxSecurityCorsFilter.java From FEBS-Cloud with Apache License 2.0 | 6 votes |
@Override @SuppressWarnings("all") public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); if (CorsUtils.isCorsRequest(request)) { ServerHttpResponse response = exchange.getResponse(); HttpHeaders headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", "*"); headers.add("Access-Control-Allow-Methods", "*"); headers.add("Access-Control-Max-Age", "3600"); headers.add("Access-Control-Allow-Headers", "*"); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(exchange); }
Example #15
Source File: CorsConfig.java From spring-microservice-exam with MIT License | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (!CorsUtils.isCorsRequest(request)) return chain.filter(ctx); HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders()); if (requestMethod != null) headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, ALL); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } return chain.filter(ctx); }; }
Example #16
Source File: CorsConfig.java From simple-microservice with Apache License 2.0 | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders()); if (requestMethod != null) { headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); } headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*"); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
Example #17
Source File: ResourceServerConfiguration.java From open-cloud with MIT License | 6 votes |
/** * 跨域配置 * * @return */ public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders.getAccessControlRequestHeaders()); if (requestMethod != null) { headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); } headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*"); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
Example #18
Source File: AccessLogFilter.java From open-cloud with MIT License | 6 votes |
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { ServerHttpResponse response = exchange.getResponse(); DataBufferFactory bufferFactory = response.bufferFactory(); ServerHttpResponseDecorator decoratedResponse = new ServerHttpResponseDecorator(response) { @Override public Mono<Void> writeWith(Publisher<? extends DataBuffer> body) { if (body instanceof Flux) { Flux<? extends DataBuffer> fluxBody = (Flux<? extends DataBuffer>) body; return super.writeWith(fluxBody.map(dataBuffer -> { // probably should reuse buffers byte[] content = new byte[dataBuffer.readableByteCount()]; dataBuffer.read(content); //释放掉内存 DataBufferUtils.release(dataBuffer); return bufferFactory.wrap(content); })); } // if body is not a flux. never got there. return super.writeWith(body); } }; return chain.filter(exchange.mutate().response(decoratedResponse).build()).then(Mono.fromRunnable(()->{ accessLogService.sendLog(exchange, null); })); }
Example #19
Source File: GatewayContextFilter.java From open-cloud with MIT License | 6 votes |
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain){ ServerHttpRequest request = exchange.getRequest(); GatewayContext gatewayContext = new GatewayContext(); HttpHeaders headers = request.getHeaders(); gatewayContext.setRequestHeaders(headers); gatewayContext.getAllRequestData().addAll(request.getQueryParams()); /* * save gateway context into exchange */ exchange.getAttributes().put(GatewayContext.CACHE_GATEWAY_CONTEXT,gatewayContext); MediaType contentType = headers.getContentType(); if(headers.getContentLength()>0){ if(MediaType.APPLICATION_JSON.equals(contentType) || MediaType.APPLICATION_JSON_UTF8.equals(contentType)){ return readBody(exchange, chain,gatewayContext); } if(MediaType.APPLICATION_FORM_URLENCODED.equals(contentType)){ return readFormData(exchange, chain,gatewayContext); } } log.debug("[GatewayContext]ContentType:{},Gateway context is set with {}",contentType, gatewayContext); return chain.filter(exchange); }
Example #20
Source File: CorsWebFilterTests.java From java-technology-stack with MIT License | 6 votes |
@Test public void invalidPreFlightRequest() throws ServletException, IOException { MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .options("http://domain1.com/test.html") .header(HOST, "domain1.com") .header(ORIGIN, "http://domain2.com") .header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.DELETE.name()) .header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2")); WebFilterChain filterChain = (filterExchange) -> Mono.error( new AssertionError("Preflight requests must not be forwarded to the filter chain")); filter.filter(exchange, filterChain); assertNull(exchange.getResponse().getHeaders().getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); }
Example #21
Source File: CorsWebFilterTests.java From java-technology-stack with MIT License | 6 votes |
@Test public void validPreFlightRequest() throws ServletException, IOException { MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .options("http://domain1.com/test.html") .header(HOST, "domain1.com") .header(ORIGIN, "http://domain2.com") .header(ACCESS_CONTROL_REQUEST_METHOD, HttpMethod.GET.name()) .header(ACCESS_CONTROL_REQUEST_HEADERS, "header1, header2") ); WebFilterChain filterChain = (filterExchange) -> Mono.error( new AssertionError("Preflight requests must not be forwarded to the filter chain")); filter.filter(exchange, filterChain); HttpHeaders headers = exchange.getResponse().getHeaders(); assertEquals("http://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("header1, header2", headers.getFirst(ACCESS_CONTROL_ALLOW_HEADERS)); assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)); assertEquals(123L, Long.parseLong(headers.getFirst(ACCESS_CONTROL_MAX_AGE))); }
Example #22
Source File: CorsConfig.java From spring-cloud-sofastack-samples with Apache License 2.0 | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { ServerHttpResponse response = ctx.getResponse(); HttpHeaders headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN); headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS); headers.add("Access-Control-Allow-Headers", ALLOWED_HEADERS); headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE); headers.add("Access-Control-Allow-Credentials", "true"); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
Example #23
Source File: KeystoneAuthWebFilter.java From alcor with Apache License 2.0 | 6 votes |
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { String token = exchange.getRequest().getHeaders().getFirst(AUTHORIZE_TOKEN); if(token == null){ exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED); return exchange.getResponse().setComplete(); } String projectId = keystoneClient.verifyToken(token); if("".equals(projectId)){ exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED); return exchange.getResponse().setComplete(); } // rewrite uri path include project id ServerHttpRequest req = exchange.getRequest(); ServerWebExchangeUtils.addOriginalRequestUrl(exchange, req.getURI()); String path = req.getURI().getRawPath(); String newPath = path.replaceAll(neutronUrlPrefix, "/project/" + projectId); ServerHttpRequest request = req.mutate().path(newPath).build(); exchange.getAttributes().put(ServerWebExchangeUtils.GATEWAY_REQUEST_URL_ATTR, request.getURI()); return chain.filter(exchange.mutate().request(request).build()); }
Example #24
Source File: CorsConfig.java From microservice-recruit with Apache License 2.0 | 6 votes |
@Bean public WebFilter corsFilter() { return (ServerWebExchange ctx, WebFilterChain chain) -> { ServerHttpRequest request = ctx.getRequest(); if (CorsUtils.isCorsRequest(request)) { HttpHeaders requestHeaders = request.getHeaders(); ServerHttpResponse response = ctx.getResponse(); HttpMethod requestMethod = requestHeaders.getAccessControlRequestMethod(); HttpHeaders headers = response.getHeaders(); headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, requestHeaders.getOrigin()); headers.addAll(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, requestHeaders .getAccessControlRequestHeaders()); if(requestMethod != null){ headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, requestMethod.name()); } headers.add(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); headers.add(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "*"); headers.add(HttpHeaders.ACCESS_CONTROL_MAX_AGE, MAX_AGE); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(ctx); }; }
Example #25
Source File: CorsWebFilterTests.java From java-technology-stack with MIT License | 6 votes |
@Test public void validActualRequest() { WebFilterChain filterChain = (filterExchange) -> { try { HttpHeaders headers = filterExchange.getResponse().getHeaders(); assertEquals("http://domain2.com", headers.getFirst(ACCESS_CONTROL_ALLOW_ORIGIN)); assertEquals("header3, header4", headers.getFirst(ACCESS_CONTROL_EXPOSE_HEADERS)); } catch (AssertionError ex) { return Mono.error(ex); } return Mono.empty(); }; MockServerWebExchange exchange = MockServerWebExchange.from( MockServerHttpRequest .get("http://domain1.com/test.html") .header(HOST, "domain1.com") .header(ORIGIN, "http://domain2.com") .header("header2", "foo")); this.filter.filter(exchange, filterChain); }
Example #26
Source File: CrossFilter.java From soul with Apache License 2.0 | 6 votes |
@Override @SuppressWarnings("all") public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) { ServerHttpRequest request = exchange.getRequest(); if (CorsUtils.isCorsRequest(request)) { ServerHttpResponse response = exchange.getResponse(); HttpHeaders headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", ALLOWED_ORIGIN); headers.add("Access-Control-Allow-Methods", ALLOWED_METHODS); headers.add("Access-Control-Max-Age", MAX_AGE); headers.add("Access-Control-Allow-Headers", ALLOWED_HEADERS); headers.add("Access-Control-Expose-Headers", ALLOWED_EXPOSE); headers.add("Access-Control-Allow-Credentials", "true"); if (request.getMethod() == HttpMethod.OPTIONS) { response.setStatusCode(HttpStatus.OK); return Mono.empty(); } } return chain.filter(exchange); }
Example #27
Source File: WebfluxForwardingUtil.java From demo-spring-webflux-api-gateway with Apache License 2.0 | 5 votes |
/** * * @param forwardToPath: forward target path that begin with /. * @param exchange: the current source server exchange * @param forwardAttrs : the attributes that added to forward Exchange. * @return Mono<Void> to signal forwarding request completed. */ public static Mono<Void> forward(String forwardToPath,ServerWebExchange exchange,Map<String,Object> forwardAttrs){ WebFilterChain webFilterChain = (WebFilterChain)exchange.getAttributes().get(Constant.WEB_FILTER_ATTR_NAME); ServerHttpRequest forwardReq = exchange.getRequest().mutate().path(forwardToPath).build(); ServerWebExchange forwardExchange = exchange.mutate().request(forwardReq).build(); if(null != forwardAttrs && !forwardAttrs.isEmpty()) { forwardExchange.getAttributes().putAll(forwardAttrs); } return webFilterChain.filter(forwardExchange); }
Example #28
Source File: AbstractWebFilter.java From soul with Apache License 2.0 | 5 votes |
@Override public Mono<Void> filter(final ServerWebExchange exchange, final WebFilterChain chain) { final ServerHttpResponse response = exchange.getResponse(); response.getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8); return doFilter(exchange, chain).switchIfEmpty(Mono.just(false)) .flatMap(filterResult -> filterResult ? chain.filter(exchange) : doDenyResponse(exchange)); }
Example #29
Source File: SecurityWebFilter.java From spring-reactive-sample with GNU General Public License v3.0 | 5 votes |
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { if(!exchange.getRequest().getQueryParams().containsKey("user")){ exchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED); } return chain.filter(exchange); }
Example #30
Source File: MockServerSpecTests.java From java-technology-stack with MIT License | 5 votes |
@Override public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) { String name = "test-attribute"; String value = exchange.getAttributeOrDefault(name, ""); exchange.getAttributes().put(name, value + ":" + this.name); return chain.filter(exchange); }