import java.io.IOException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; @Provider public class CORSFilter implements ContainerResponseFilter { @Override public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException { response.getHeaders().add("Access-Control-Allow-Origin", "*"); response.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization"); response.getHeaders().add("Access-Control-Allow-Credentials", "true"); response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD"); } }
package com.yourdomain.package; import java.io.IOException; import javax.ws.rs.container.ContainerRequestContext; import javax.ws.rs.container.ContainerResponseContext; import javax.ws.rs.container.ContainerResponseFilter; import javax.ws.rs.ext.Provider; @Provider public class CORSFilter implements ContainerResponseFilter { @Override public void filter(final ContainerRequestContext requestContext, final ContainerResponseContext cres) throws IOException { cres.getHeaders().add("Access-Control-Allow-Origin", "*"); cres.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization"); cres.getHeaders().add("Access-Control-Allow-Credentials", "true"); cres.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD"); cres.getHeaders().add("Access-Control-Max-Age", "1209600"); } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { if (!cacheResponseHeader.isEmpty()) { responseContext.getHeaders().add(HttpHeaders.CACHE_CONTROL, cacheResponseHeader); } }
@Override public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException { containerResponseContext.getHeaders().add("Access-Control-Allow-Origin", "*"); } });
@Override public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException { containerResponseContext.getHeaders().add("Access-Control-Allow-Origin", "*"); } });
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { responseContext.getHeaders().putSingle(CommonConstants.Controller.HOST_HTTP_HEADER, _controllerHost); responseContext.getHeaders().putSingle(CommonConstants.Controller.VERSION_HTTP_HEADER, _controllerVersion); } }
@Override public void filter(final ContainerRequestContext request, final ContainerResponseContext response) throws IOException { final Long startTime = (Long) request.getProperty(RUNTIME_PROPERTY); if (startTime != null) { final float seconds = (currentTimeProvider.get() - startTime) / NANOS_IN_SECOND; response.getHeaders().putSingle(RUNTIME_HEADER, String.format(Locale.ROOT, "%.6f", seconds)); } } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { final Timer.Context context = (Timer.Context) requestContext.getProperty("metricsTimerContext"); if (context == null) return; final long elapsedNanos = context.stop(); responseContext.getHeaders().add("X-Runtime-Microseconds", TimeUnit.NANOSECONDS.toMicros(elapsedNanos)); } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { // Add no-cache to XMLHttpRequests, to avoid browsers caching results String requestedWith = requestContext.getHeaders().getFirst("X-Requested-With"); if ("XMLHttpRequest".equals(requestedWith)) { responseContext.getHeaders().add("Cache-Control", "no-cache"); } } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { responseContext.getHeaders().add("X-Graylog-Node-ID", nodeId.toString()); } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { if (responseContext.hasEntity()) { Exception e = (Exception) responseContext.getEntity(); if (exceptionClass.isAssignableFrom(e.getClass()) || (e.getCause() != null && exceptionClass.isAssignableFrom(e.getCause().getClass()))) { meter.mark(); } responseContext.setEntity(null); responseContext.getHeaders().add("X-Exceptions-Thrown", e.toString() + " : " + meter.getCount()); } } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { // we have already added the necessary headers for OPTIONS requests below if ("options".equalsIgnoreCase(requestContext.getRequest().getMethod())) { if(Response.Status.Family.familyOf(responseContext.getStatus()) == Response.Status.Family.SUCCESSFUL) { return; } responseContext.setStatus(Response.Status.NO_CONTENT.getStatusCode()); responseContext.setEntity(""); } String origin = requestContext.getHeaders().getFirst("Origin"); if (origin != null && !origin.isEmpty()) { responseContext.getHeaders().add("Access-Control-Allow-Origin", origin); responseContext.getHeaders().add("Access-Control-Allow-Credentials", true); responseContext.getHeaders().add("Access-Control-Allow-Headers", "Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With, X-Requested-By"); responseContext.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // In order to avoid redoing the preflight thingy for every request, see http://stackoverflow.com/a/12021982/1088469 responseContext.getHeaders().add("Access-Control-Max-Age", "600"); // 10 minutes seems to be the maximum allowable value } }
@Override public void filter(final ContainerRequestContext requestContext, final ContainerResponseContext responseContext) throws IOException { if (HttpMethod.OPTIONS.equals(requestContext.getMethod())) { final MultivaluedMap<String, Object> headers = responseContext.getHeaders(); if (!headers.containsKey(ACCEPT_PATCH_HEADER)) { headers.putSingle(ACCEPT_PATCH_HEADER, MediaType.APPLICATION_JSON_PATCH_JSON); } } } }
@Override public void filter(final ContainerRequestContext request, final ContainerResponseContext response) throws IOException { final MediaType type = response.getMediaType(); if (type != null && !type.getParameters().containsKey(MediaType.CHARSET_PARAMETER)) { final MediaType typeWithCharset = type.withCharset(UTF_8); response.getHeaders().putSingle(HttpHeaders.CONTENT_TYPE, typeWithCharset); } } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { if (responseContext.getStatusInfo().equals(Response.Status.UNAUTHORIZED)) { final String requestedWith = requestContext.getHeaderString(HttpHeaders.X_REQUESTED_WITH); if ("XMLHttpRequest".equalsIgnoreCase(requestedWith)) { responseContext.getHeaders().remove(HttpHeaders.WWW_AUTHENTICATE); } } } }
/** * CORS response filter. Allow requests from anywhere. * Just echo back the contents of the Origin header. * Allow credentials if the transport layer is secure. */ @Override public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException { String origin = request.getHeaderString("Origin"); // case insensitive MultivaluedMap<String, Object> headers = response.getHeaders(); headers.add("Access-Control-Allow-Origin", origin); boolean secureTransport = request.getSecurityContext().isSecure(); headers.add("Access-Control-Allow-Credentials", secureTransport); }
@Override public void filter(ContainerRequestContext request, ContainerResponseContext response) throws IOException { if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString())) { response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString(), HEADERS_ALL); } if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS.toString())) { response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_CREDENTIALS.toString(), true); } if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString())) { response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString(), METHODS_ALL); } if (!response.getHeaders().containsKey(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString())) { String origin = request.getHeaderString(HttpHeaderNames.ORIGIN.toString()); String allowed = Context.getConfig().getString("web.origin"); if (origin == null) { response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), ORIGIN_ALL); } else if (allowed == null || allowed.equals(ORIGIN_ALL) || allowed.contains(origin)) { response.getHeaders().add(HttpHeaderNames.ACCESS_CONTROL_ALLOW_ORIGIN.toString(), origin); } } }
@Override public void filter(final ContainerRequestContext request, final ContainerResponseContext response) throws IOException { String id = request.getHeaderString(REQUEST_ID); if (Strings.isNullOrEmpty(id)) { id = generateRandomUuid().toString(); } logger.trace("method={} path={} request_id={} status={} length={}", request.getMethod(), request.getUriInfo().getPath(), id, response.getStatus(), response.getLength()); response.getHeaders().putSingle(REQUEST_ID, id); }
@Override @SuppressWarnings("unchecked") public void filter(ContainerRequestContext request, ContainerResponseContext response) { final Object entity = response.getEntity(); if (entity != null && !uriInfo.getMatchedResources().isEmpty()) { Class<?> entityClass = entity.getClass(); HeaderProcessor lhp = new HeaderProcessor(entityClass); lhp.processLinkHeaders(entity, uriInfo, rmc, response.getHeaders()); FieldProcessor lp = new FieldProcessor(entityClass); lp.processLinks(entity, uriInfo, rmc, rlcc); } } }
@Override public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException { final Response.StatusType responseStatus = responseContext.getStatusInfo(); final String requestPath = requestContext.getUriInfo().getAbsolutePath().getPath(); final List<MediaType> acceptableMediaTypes = requestContext.getAcceptableMediaTypes(); final boolean acceptsHtml = acceptableMediaTypes.stream() .anyMatch(mediaType -> mediaType.isCompatible(MediaType.TEXT_HTML_TYPE) || mediaType.isCompatible(MediaType.APPLICATION_XHTML_XML_TYPE)); final boolean isGetRequest = "get".equalsIgnoreCase(requestContext.getMethod()); if (isGetRequest && responseStatus == Response.Status.NOT_FOUND && acceptsHtml && !requestPath.startsWith("/" + HttpConfiguration.PATH_API)) { final String entity = indexHtmlGenerator.get(requestContext.getHeaders()); responseContext.setStatusInfo(Response.Status.OK); responseContext.setEntity(entity, new Annotation[0], MediaType.TEXT_HTML_TYPE); responseContext.getHeaders().putSingle("X-UA-Compatible", "IE=edge"); } } }