List of usage examples for org.springframework.web.cors CorsUtils isPreFlightRequest
public static boolean isPreFlightRequest(HttpServletRequest request)
From source file:ca.uhn.fhir.rest.server.interceptor.CorsInterceptor.java
@Override public boolean incomingRequestPreProcessed(HttpServletRequest theRequest, HttpServletResponse theResponse) { if (CorsUtils.isCorsRequest(theRequest)) { boolean isValid; try {// ww w . ja va 2 s.c o m isValid = myCorsProcessor.processRequest(myConfig, theRequest, theResponse); } catch (IOException e) { throw new InternalErrorException(e); } if (!isValid || CorsUtils.isPreFlightRequest(theRequest)) { return false; } } return super.incomingRequestPreProcessed(theRequest, theResponse); }
From source file:org.springframework.boot.actuate.autoconfigure.cloudfoundry.CloudFoundrySecurityInterceptor.java
SecurityResponse preHandle(HttpServletRequest request, String endpointId) {
if (CorsUtils.isPreFlightRequest(request)) {
return SecurityResponse.success();
}/*from w ww . j a va2s . com*/
try {
if (!StringUtils.hasText(this.applicationId)) {
throw new CloudFoundryAuthorizationException(
CloudFoundryAuthorizationException.Reason.SERVICE_UNAVAILABLE,
"Application id is not available");
}
if (this.cloudFoundrySecurityService == null) {
throw new CloudFoundryAuthorizationException(
CloudFoundryAuthorizationException.Reason.SERVICE_UNAVAILABLE,
"Cloud controller URL is not available");
}
if (HttpMethod.OPTIONS.matches(request.getMethod())) {
return SUCCESS;
}
check(request, endpointId);
} catch (Exception ex) {
logger.error(ex);
if (ex instanceof CloudFoundryAuthorizationException) {
CloudFoundryAuthorizationException cfException = (CloudFoundryAuthorizationException) ex;
return new SecurityResponse(cfException.getStatusCode(),
"{\"security_error\":\"" + cfException.getMessage() + "\"}");
}
return new SecurityResponse(HttpStatus.INTERNAL_SERVER_ERROR, ex.getMessage());
}
return SecurityResponse.success();
}
From source file:org.springframework.boot.actuate.autoconfigure.cloudfoundry.servlet.CloudFoundrySecurityInterceptor.java
SecurityResponse preHandle(HttpServletRequest request, String endpointId) {
if (CorsUtils.isPreFlightRequest(request)) {
return SecurityResponse.success();
}// w ww. ja v a 2 s . c o m
try {
if (!StringUtils.hasText(this.applicationId)) {
throw new CloudFoundryAuthorizationException(Reason.SERVICE_UNAVAILABLE,
"Application id is not available");
}
if (this.cloudFoundrySecurityService == null) {
throw new CloudFoundryAuthorizationException(Reason.SERVICE_UNAVAILABLE,
"Cloud controller URL is not available");
}
if (HttpMethod.OPTIONS.matches(request.getMethod())) {
return SUCCESS;
}
check(request, endpointId);
} catch (Exception ex) {
logger.error(ex);
if (ex instanceof CloudFoundryAuthorizationException) {
CloudFoundryAuthorizationException cfException = (CloudFoundryAuthorizationException) ex;
return new SecurityResponse(cfException.getStatusCode(),
"{\"security_error\":\"" + cfException.getMessage() + "\"}");
}
return new SecurityResponse(HttpStatus.INTERNAL_SERVER_ERROR, ex.getMessage());
}
return SecurityResponse.success();
}
From source file:org.springframework.boot.actuate.cloudfoundry.CloudFoundrySecurityInterceptor.java
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception { if (CorsUtils.isPreFlightRequest(request)) { return true; }//from w w w.j a va2s . co m try { if (!StringUtils.hasText(this.applicationId)) { throw new CloudFoundryAuthorizationException(Reason.SERVICE_UNAVAILABLE, "Application id is not available"); } if (this.cloudFoundrySecurityService == null) { throw new CloudFoundryAuthorizationException(Reason.SERVICE_UNAVAILABLE, "Cloud controller URL is not available"); } HandlerMethod handlerMethod = (HandlerMethod) o; MvcEndpoint mvcEndpoint = (MvcEndpoint) handlerMethod.getBean(); check(request, mvcEndpoint); } catch (CloudFoundryAuthorizationException ex) { this.logger.error(ex); response.setContentType(MediaType.APPLICATION_JSON.toString()); response.getWriter().write("{\"security_error\":\"" + ex.getMessage() + "\"}"); response.setStatus(ex.getStatusCode().value()); return false; } return true; }
From source file:org.springframework.boot.actuate.endpoint.mvc.MvcEndpointSecurityInterceptor.java
@Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { if (CorsUtils.isPreFlightRequest(request) || !this.secure) { return true; }//from ww w . j a v a 2 s. c om HandlerMethod handlerMethod = (HandlerMethod) handler; if (HttpMethod.OPTIONS.matches(request.getMethod()) && !(handlerMethod.getBean() instanceof MvcEndpoint)) { return true; } MvcEndpoint mvcEndpoint = (MvcEndpoint) handlerMethod.getBean(); if (!mvcEndpoint.isSensitive()) { return true; } if (isUserAllowedAccess(request)) { return true; } sendFailureResponse(request, response); return false; }
From source file:org.springframework.web.cors.DefaultCorsProcessor.java
@Override @SuppressWarnings("resource") public boolean processRequest(@Nullable CorsConfiguration config, HttpServletRequest request, HttpServletResponse response) throws IOException { if (!CorsUtils.isCorsRequest(request)) { return true; }/*from w w w .j a v a 2 s.c om*/ ServletServerHttpResponse serverResponse = new ServletServerHttpResponse(response); if (responseHasCors(serverResponse)) { logger.debug("Skip CORS processing: response already contains \"Access-Control-Allow-Origin\" header"); return true; } ServletServerHttpRequest serverRequest = new ServletServerHttpRequest(request); if (WebUtils.isSameOrigin(serverRequest)) { logger.debug("Skip CORS processing: request is from same origin"); return true; } boolean preFlightRequest = CorsUtils.isPreFlightRequest(request); if (config == null) { if (preFlightRequest) { rejectRequest(serverResponse); return false; } else { return true; } } return handleInternal(serverRequest, serverResponse, config, preFlightRequest); }
From source file:org.springframework.web.servlet.handler.AbstractHandlerMethodMapping.java
/** * Look up the best-matching handler method for the current request. * If multiple matches are found, the best match is selected. * @param lookupPath mapping lookup path within the current servlet mapping * @param request the current request//from ww w. j a va 2s . co m * @return the best-matching handler method, or {@code null} if no match * @see #handleMatch(Object, String, HttpServletRequest) * @see #handleNoMatch(Set, String, HttpServletRequest) */ @Nullable protected HandlerMethod lookupHandlerMethod(String lookupPath, HttpServletRequest request) throws Exception { List<Match> matches = new ArrayList<>(); List<T> directPathMatches = this.mappingRegistry.getMappingsByUrl(lookupPath); if (directPathMatches != null) { addMatchingMappings(directPathMatches, matches, request); } if (matches.isEmpty()) { // No choice but to go through all mappings... addMatchingMappings(this.mappingRegistry.getMappings().keySet(), matches, request); } if (!matches.isEmpty()) { Comparator<Match> comparator = new MatchComparator(getMappingComparator(request)); matches.sort(comparator); Match bestMatch = matches.get(0); if (matches.size() > 1) { if (logger.isTraceEnabled()) { logger.trace(matches.size() + " matching mapppings: " + matches); } if (CorsUtils.isPreFlightRequest(request)) { return PREFLIGHT_AMBIGUOUS_MATCH; } Match secondBestMatch = matches.get(1); if (comparator.compare(bestMatch, secondBestMatch) == 0) { Method m1 = bestMatch.handlerMethod.getMethod(); Method m2 = secondBestMatch.handlerMethod.getMethod(); String uri = request.getRequestURI(); throw new IllegalStateException( "Ambiguous handler methods mapped for '" + uri + "': {" + m1 + ", " + m2 + "}"); } } handleMatch(bestMatch.mapping, lookupPath, request); return bestMatch.handlerMethod; } else { return handleNoMatch(this.mappingRegistry.getMappings().keySet(), lookupPath, request); } }