Example usage for org.springframework.http HttpHeaders ORIGIN

List of usage examples for org.springframework.http HttpHeaders ORIGIN

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.http.*
  5. HttpHeaders
  6. ORIGIN

Introduction

In this page you can find the example usage for org.springframework.http HttpHeaders ORIGIN.

Prototype

String ORIGIN

To view the source code for org.springframework.http HttpHeaders ORIGIN.

Click Source Link

Document

The HTTP Origin header field name.

Usage

From source file:com.ge.predix.integration.test.ACSCorsFilterIT.java

@Test
public void testCorsXHRRequestFromAllowedOriginForSwaggerUIApi() throws Exception {
    HttpGet request = new HttpGet(this.acsBaseUrl + SWAGGER_API);
    request.setHeader(HttpHeaders.ORIGIN, "http://someone.predix.io");
    request.setHeader("X-Requested-With", "true");
    HttpResponse response = client.execute(request);
    System.out.println("Response Code : " + response.getStatusLine().getStatusCode());

    System.out.println("Access-Control-Allow-Origin : "
            + response.getHeaders("Access-Control-Allow-Origin")[0].getValue());

    Assert.assertEquals(response.getStatusLine().getStatusCode(), 200);

    Assert.assertTrue(response.containsHeader("Access-Control-Allow-Origin"));
}

From source file:zipkin.server.ZipkinServerCORSTest.java

@Test
public void shouldAllowConfiguredOrigin() throws Exception {
    mockMvc = MockMvcBuilders.webAppContextSetup(this.context).build();
    mockMvc.perform(get("/api/v1/traces").header(HttpHeaders.ORIGIN, "foo.example.com"))
            .andExpect(status().isOk());

    performAsync(post("/api/v1/spans").content("[]").header(HttpHeaders.ORIGIN, "foo.example.com"))
            .andExpect(status().isAccepted());
}

From source file:com.devicehive.websockets.WebSocketAuthenticationManager.java

public HiveAuthentication.HiveAuthDetails getDetails(WebSocketSession session) {
    List<String> originList = session.getHandshakeHeaders().get(HttpHeaders.ORIGIN);
    List<String> authList = session.getHandshakeHeaders().get(HttpHeaders.AUTHORIZATION);
    String origin = originList == null || originList.isEmpty() ? null : originList.get(0);
    String auth = authList == null || authList.isEmpty() ? null : authList.get(0);

    return new HiveAuthentication.HiveAuthDetails(session.getRemoteAddress().getAddress(), origin, auth);
}

From source file:zipkin.server.ZipkinServerCORSTest.java

@Test
public void shouldDisallowOrigin() throws Exception {
    mockMvc = MockMvcBuilders.webAppContextSetup(this.context).build();
    mockMvc.perform(get("/api/v1/traces").header(HttpHeaders.ORIGIN, "bar.example.com"))
            .andExpect(status().isForbidden());

    mockMvc.perform(post("/api/v1/spans").content("[]").header(HttpHeaders.ORIGIN, "bar.example.com"))
            .andExpect(status().isForbidden());
}

From source file:com.ge.predix.integration.test.ACSCorsFilterIT.java

@Test
public void testCorsXHRRequestFromNotWhitelistedOriginForSwaggerUIApi() throws Exception {
    HttpGet request = new HttpGet(this.acsBaseUrl + SWAGGER_API);
    request.setHeader(HttpHeaders.ORIGIN, "Origin: http://someone.predix.nert");
    request.setHeader("X-Requested-With", "true");
    HttpResponse response = client.execute(request);
    System.out.println("Response Code : " + response.getStatusLine().getStatusCode());

    System.out.println(//from ww  w . jav  a2 s.c  o m
            "Access-Control-Allow-Origin : " + response.getHeaders("Access-Control-Allow-Origin").length);

    Assert.assertEquals(response.getStatusLine().getStatusCode(), 403);
    Assert.assertFalse(response.containsHeader("Access-Control-Allow-Origin"));
}

From source file:com.ge.predix.integration.test.ACSCorsFilterIT.java

@Test
public void testCorsXHRRequestFromWhitelistedOriginForNonSwaggerUIApi() throws Exception {
    HttpGet request = new HttpGet(this.acsBaseUrl + "/acs");
    request.setHeader(HttpHeaders.ORIGIN, "http://someone.predix.io");
    request.setHeader("X-Requested-With", "true");
    HttpResponse response = client.execute(request);
    System.out.println("Response Code : " + response.getStatusLine().getStatusCode());

    System.out.println(/*w w w .ja  va2s .com*/
            "Access-Control-Allow-Origin : " + response.getHeaders("Access-Control-Allow-Origin").length);

    Assert.assertEquals(response.getStatusLine().getStatusCode(), 403);
    Assert.assertFalse(response.containsHeader("Access-Control-Allow-Origin"));
}

From source file:com.ge.predix.web.cors.CORSFilter.java

@Override
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
        final FilterChain filterChain) throws ServletException, IOException {

    if (!isCrossOriginRequest(request)) {
        filterChain.doFilter(request, response);
        return;//from   w w  w  .j  a v  a  2s  . co m
    }

    if (isXhrRequest(request)) {
        String method = request.getMethod();
        if (!isCorsXhrAllowedMethod(method)) {
            response.setStatus(HttpStatus.METHOD_NOT_ALLOWED.value());
            return;
        }
        String origin = request.getHeader(HttpHeaders.ORIGIN);
        // Validate the origin so we don't reflect back any potentially dangerous content.
        URI originURI;
        try {
            originURI = new URI(origin);
        } catch (URISyntaxException e) {
            response.setStatus(HttpStatus.FORBIDDEN.value());
            return;
        }

        String requestUri = request.getRequestURI();
        if (!isCorsXhrAllowedRequestUri(requestUri) || !isCorsXhrAllowedOrigin(origin)) {
            response.setStatus(HttpStatus.FORBIDDEN.value());
            return;
        }
        response.addHeader("Access-Control-Allow-Origin", originURI.toString());
        if ("OPTIONS".equals(request.getMethod())) {
            buildCorsXhrPreFlightResponse(request, response);
        } else {
            filterChain.doFilter(request, response);
        }
        return;
    }

    response.addHeader("Access-Control-Allow-Origin", "*");
    if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {
        // CORS "pre-flight" request
        response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        response.addHeader("Access-Control-Allow-Headers", "Authorization");
        response.addHeader("Access-Control-Max-Age", "1728000");
    } else {
        filterChain.doFilter(request, response);
    }
}

From source file:com.devicehive.auth.rest.HttpAuthenticationFilter.java

private HiveAuthentication.HiveAuthDetails createUserDetails(HttpServletRequest request)
        throws UnknownHostException {
    return new HiveAuthentication.HiveAuthDetails(InetAddress.getByName(request.getRemoteAddr()),
            request.getHeader(HttpHeaders.ORIGIN), request.getHeader(HttpHeaders.AUTHORIZATION));
}

From source file:com.ge.predix.web.cors.CORSFilter.java

private boolean isCrossOriginRequest(final HttpServletRequest request) {
    if (StringUtils.isEmpty(request.getHeader(HttpHeaders.ORIGIN))) {
        return false;
    }//from   w  ww  .  j a v a 2 s . c o  m
    return true;
}

From source file:zipkin.server.ZipkinServerIntegrationTest.java

@Test
public void shouldAllowAnyOriginByDefault() throws Exception {
    mockMvc.perform(get("/api/v1/traces").header(HttpHeaders.ORIGIN, "foo.example.com"))
            .andExpect(status().isOk());
}