List of usage examples for io.netty.handler.codec.http HttpHeaderNames ACCESS_CONTROL_REQUEST_METHOD
AsciiString ACCESS_CONTROL_REQUEST_METHOD
To view the source code for io.netty.handler.codec.http HttpHeaderNames ACCESS_CONTROL_REQUEST_METHOD.
Click Source Link
From source file:org.ballerinalang.net.http.CorsHeaderGenerator.java
License:Open Source License
private static Map<String, String> processPreflightRequest(String originValue, HttpCarbonMessage cMsg) { Map<String, String> responseHeaders = new HashMap<>(); //6.2.1 - request must have origin, must have one origin. List<String> requestOrigins = getOriginValues(originValue); if (requestOrigins == null || requestOrigins.size() != 1) { bLog.info("{} origin header field parsing failed", ACTION); return null; }// w ww .ja v a 2s .co m String origin = requestOrigins.get(0); //6.2.3 - request must have access-control-request-method, must be single-valued List<String> requestMethods = getHeaderValues(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), cMsg); if (requestMethods == null || requestMethods.size() != 1) { String error = requestMethods == null ? "Access-Control-Request-Method header is unavailable" : "Access-Control-Request-Method header value must be single-valued"; bLog.info("{} {}", ACTION, error); return null; } String requestMethod = requestMethods.get(0); CorsHeaders resourceCors = getResourceCors(cMsg, requestMethod); if (resourceCors == null || !resourceCors.isAvailable()) { String error = resourceCors == null ? "access control request method not allowed" : "CORS headers not declared properly"; bLog.info("{} {}", ACTION, error); return null; } if (!isEffectiveMethod(requestMethod, resourceCors.getAllowMethods())) { bLog.info("{} access control request method not allowed", ACTION); return null; } //6.2.2 - request origin must be on the list or match with *. if (!isEffectiveOrigin(Arrays.asList(origin), resourceCors.getAllowOrigins())) { bLog.info("{} origin not allowed", ACTION); return null; } //6.2.4 - get list of request headers. List<String> requestHeaders = getHeaderValues(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), cMsg); if (!isEffectiveHeader(requestHeaders, resourceCors.getAllowHeaders())) { bLog.info("{} header field parsing failed", ACTION); return null; } //6.2.7 - set origin and credentials setAllowOriginAndCredentials(Arrays.asList(origin), resourceCors, responseHeaders); //6.2.9 - set allow-methods responseHeaders.put(HttpHeaderNames.ACCESS_CONTROL_ALLOW_METHODS.toString(), requestMethod); //6.2.10 - set allow-headers if (requestHeaders != null) { responseHeaders.put(HttpHeaderNames.ACCESS_CONTROL_ALLOW_HEADERS.toString(), DispatcherUtil.concatValues(requestHeaders, false)); } //6.2.8 - set max-age responseHeaders.put(HttpHeaderNames.ACCESS_CONTROL_MAX_AGE.toString(), String.valueOf(resourceCors.getMaxAge())); return responseHeaders; }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test for CORS override at two levels with preflight") public void testPreFlightReqServiceResourceCorsOverride() { String path = "/hello1/test1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.wso2.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_POST); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "X-PINGOTHER"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/*from ww w.j av a2 s . c o m*/ assertEqualsCorsResponse(response, 200, "http://www.wso2.com", "true", "X-PINGOTHER", "POST", "-1"); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight without origin header") public void testPreFlightReqwithNoOrigin() { String path = "/hello1/test1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_POST); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "X-PINGOTHER"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);//from www . j av a 2 s . c o m assertEqualsCorsResponse(response, 200, null, null, null, null, null); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight with unavailable HTTP methods") public void testPreFlightReqwithUnavailableMethod() { String path = "/hello1/test1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.wso2.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_PUT); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "X-PINGOTHER"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/*from www . ja va 2 s . com*/ assertEqualsCorsResponse(response, 200, null, null, null, null, null); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test for preflight with Head as request method to a GET method annotated resource") public void testPreFlightReqwithHeadMethod() { String path = "/hello1/test2"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.m3.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_HEAD); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "CORELATION_ID"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/*from w ww. j av a 2 s.c om*/ assertEqualsCorsResponse(response, 200, "http://www.m3.com", "true", "CORELATION_ID", HttpConstants.HTTP_METHOD_HEAD, "1"); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight for invalid headers") public void testPreFlightReqwithInvalidHeaders() { String path = "/hello1/test1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.wso2.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_POST); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "WSO2"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/*from w w w. j a v a 2 s . c om*/ assertEqualsCorsResponse(response, 200, null, null, null, null, null); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight without headers") public void testPreFlightReqwithNoHeaders() { String path = "/hello1/test1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.wso2.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_POST); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/*www. j a v a2 s.c om*/ assertEqualsCorsResponse(response, 200, "http://www.wso2.com", "true", null, HttpConstants.HTTP_METHOD_POST, "-1"); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight with method restriction at service level") public void testPreFlightReqwithRestrictedMethodsServiceLevel() { String path = "/hello3/info1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.m3.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_POST); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "X-PINGOTHER"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/* www .jav a 2 s .c o m*/ assertEqualsCorsResponse(response, 200, null, null, null, null, null); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight with method restriction at resource level") public void testPreFlightReqwithRestrictedMethodsResourceLevel() { String path = "/hello2/test2"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.bbc.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_DELETE); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "X-PINGOTHER"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);//from w w w .j av a 2s .c o m assertEqualsCorsResponse(response, 200, null, null, null, null, null); }
From source file:org.ballerinalang.stdlib.services.cors.HTTPCorsTest.java
License:Open Source License
@Test(description = "Test preflight with allowed method at service level") public void testPreFlightReqwithAllowedMethod() { String path = "/hello3/info1"; HTTPTestRequest cMsg = MessageUtils.generateHTTPMessage(path, "OPTIONS", "Hello there"); cMsg.setHeader(HttpHeaderNames.ORIGIN.toString(), "http://www.m3.com"); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_METHOD.toString(), HttpConstants.HTTP_METHOD_PUT); cMsg.setHeader(HttpHeaderNames.ACCESS_CONTROL_REQUEST_HEADERS.toString(), "X-PINGOTHER"); HttpCarbonMessage response = Services.invokeNew(complieResult, TEST_EP, cMsg); Assert.assertNotNull(response);/*from w ww. jav a 2 s . co m*/ assertEqualsCorsResponse(response, 200, "http://www.m3.com", "true", "X-PINGOTHER", "PUT", "1"); }