org.eclipse.jetty.servlets

Class CrossOriginFilter

java.lang.Object

org.eclipse.jetty.servlets.CrossOriginFilter

All Implemented Interfaces:

Filter

public class CrossOriginFilter
extends Object
implements Filter

Implementation of the cross-origin resource sharing.

A typical example is to use this filter to allow cross-domain cometd communication using the standard long polling transport instead of the JSONP transport (that is less efficient and less reactive to failures).

This filter allows the following configuration parameters:

• allowedOrigins, a comma separated list of origins that are allowed to access the resources. Default value is *, meaning all origins.
  If an allowed origin contains one or more * characters (for example http://*.domain.com), then "*" characters are converted to ".*", "." characters are escaped to "\." and the resulting allowed origin interpreted as a regular expression.
  Allowed origins can therefore be more complex expressions such as https?://*.domain.[a-z]{3} that matches http or https, multiple subdomains and any 3 letter top-level domain (.com, .net, .org, etc.).
• allowedMethods, a comma separated list of HTTP methods that are allowed to be used when accessing the resources. Default value is GET,POST,HEAD
• allowedHeaders, a comma separated list of HTTP headers that are allowed to be specified when accessing the resources. Default value is X-Requested-With,Content-Type,Accept,Origin. If the value is a single "*", this means that any headers will be accepted.
• preflightMaxAge, the number of seconds that preflight requests can be cached by the client. Default value is 1800 seconds, or 30 minutes
• allowCredentials, a boolean indicating if the resource allows requests with credentials. Default value is false
• exposedHeaders, a comma separated list of HTTP headers that are allowed to be exposed on the client. Default value is the empty list
• chainPreflight, if true preflight requests are chained to their target resource for normal handling (as an OPTION request). Otherwise the filter will response to the preflight. Default is true.

A typical configuration could be:

 <web-app ...>
     ...
     <filter>
         <filter-name>cross-origin</filter-name>
         <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
     </filter>
     <filter-mapping>
         <filter-name>cross-origin</filter-name>
         <url-pattern>/cometd/*</url-pattern>
     </filter-mapping>
     ...
 </web-app>
 

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER
static String	ACCESS_CONTROL_ALLOW_HEADERS_HEADER
static String	ACCESS_CONTROL_ALLOW_METHODS_HEADER
static String	ACCESS_CONTROL_ALLOW_ORIGIN_HEADER
static String	ACCESS_CONTROL_EXPOSE_HEADERS_HEADER
static String	ACCESS_CONTROL_MAX_AGE_HEADER
static String	ACCESS_CONTROL_REQUEST_HEADERS_HEADER
static String	ACCESS_CONTROL_REQUEST_METHOD_HEADER
static String	ALLOW_CREDENTIALS_PARAM
static String	ALLOWED_HEADERS_PARAM
static String	ALLOWED_METHODS_PARAM
static String	ALLOWED_ORIGINS_PARAM
static String	CHAIN_PREFLIGHT_PARAM
static String	EXPOSED_HEADERS_PARAM
static String	OLD_CHAIN_PREFLIGHT_PARAM
static String	PREFLIGHT_MAX_AGE_PARAM

Constructor Summary

Constructors

Constructor and Description
CrossOriginFilter()

Method Summary

Methods

Modifier and Type	Method and Description
void	destroy()
void	doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
void	init(FilterConfig config)
protected boolean	isEnabled(HttpServletRequest request)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACCESS_CONTROL_REQUEST_METHOD_HEADER

public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_REQUEST_HEADERS_HEADER

public static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

public static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_ALLOW_METHODS_HEADER

public static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_ALLOW_HEADERS_HEADER

public static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_MAX_AGE_HEADER

public static final String ACCESS_CONTROL_MAX_AGE_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER

See Also:

Constant Field Values

ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

public static final String ACCESS_CONTROL_EXPOSE_HEADERS_HEADER

See Also:

Constant Field Values

ALLOWED_ORIGINS_PARAM

public static final String ALLOWED_ORIGINS_PARAM

See Also:

Constant Field Values

ALLOWED_METHODS_PARAM

public static final String ALLOWED_METHODS_PARAM

See Also:

Constant Field Values

ALLOWED_HEADERS_PARAM

public static final String ALLOWED_HEADERS_PARAM

See Also:

Constant Field Values

PREFLIGHT_MAX_AGE_PARAM

public static final String PREFLIGHT_MAX_AGE_PARAM

See Also:

Constant Field Values

ALLOW_CREDENTIALS_PARAM

public static final String ALLOW_CREDENTIALS_PARAM

See Also:

Constant Field Values

EXPOSED_HEADERS_PARAM

public static final String EXPOSED_HEADERS_PARAM

See Also:

Constant Field Values

OLD_CHAIN_PREFLIGHT_PARAM

public static final String OLD_CHAIN_PREFLIGHT_PARAM

See Also:

Constant Field Values

CHAIN_PREFLIGHT_PARAM

public static final String CHAIN_PREFLIGHT_PARAM

See Also:

Constant Field Values

Constructor Detail

CrossOriginFilter

public CrossOriginFilter()

Method Detail

init

public void init(FilterConfig config)
          throws ServletException

Specified by:

init in interface Filter

Throws:

ServletException

doFilter

public void doFilter(ServletRequest request,
            ServletResponse response,
            FilterChain chain)
              throws IOException,
                     ServletException

Specified by:

doFilter in interface Filter

Throws:

IOException

ServletException

isEnabled

protected boolean isEnabled(HttpServletRequest request)

destroy

public void destroy()

Specified by:

destroy in interface Filter