org.eclipse.jetty.servlets
Class CrossOriginFilter
java.lang.Object
org.eclipse.jetty.servlets.CrossOriginFilter
- All Implemented Interfaces:
- Filter
public class CrossOriginFilter
- extends Object
- implements Filter
Implementation of the
cross-origin resource sharing.
A typical example is to use this filter to allow cross-domain
cometd communication using the standard
long polling transport instead of the JSONP transport (that is less
efficient and less reactive to failures).
This filter allows the following configuration parameters:
- allowedOrigins, a comma separated list of origins that are
allowed to access the resources. Default value is *, meaning all
origins
- allowedMethods, a comma separated list of HTTP methods that
are allowed to be used when accessing the resources. Default value is
GET,POST
- allowedHeaders, a comma separated list of HTTP headers that
are allowed to be specified when accessing the resources. Default value
is X-Requested-With
- preflightMaxAge, the number of seconds that preflight requests
can be cached by the client. Default value is 1800 seconds, or 30
minutes
- allowCredentials, a boolean indicating if the resource allows
requests with credentials. Default value is false
A typical configuration could be:
<web-app ...>
...
<filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/cometd/*</url-pattern>
</filter-mapping>
...
</web-app>
- Version:
- $Revision$ $Date$
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ACCESS_CONTROL_REQUEST_METHOD_HEADER
public static final String ACCESS_CONTROL_REQUEST_METHOD_HEADER
- See Also:
- Constant Field Values
ACCESS_CONTROL_REQUEST_HEADERS_HEADER
public static final String ACCESS_CONTROL_REQUEST_HEADERS_HEADER
- See Also:
- Constant Field Values
ACCESS_CONTROL_ALLOW_ORIGIN_HEADER
public static final String ACCESS_CONTROL_ALLOW_ORIGIN_HEADER
- See Also:
- Constant Field Values
ACCESS_CONTROL_ALLOW_METHODS_HEADER
public static final String ACCESS_CONTROL_ALLOW_METHODS_HEADER
- See Also:
- Constant Field Values
ACCESS_CONTROL_ALLOW_HEADERS_HEADER
public static final String ACCESS_CONTROL_ALLOW_HEADERS_HEADER
- See Also:
- Constant Field Values
ACCESS_CONTROL_MAX_AGE_HEADER
public static final String ACCESS_CONTROL_MAX_AGE_HEADER
- See Also:
- Constant Field Values
ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER
public static final String ACCESS_CONTROL_ALLOW_CREDENTIALS_HEADER
- See Also:
- Constant Field Values
ALLOWED_ORIGINS_PARAM
public static final String ALLOWED_ORIGINS_PARAM
- See Also:
- Constant Field Values
ALLOWED_METHODS_PARAM
public static final String ALLOWED_METHODS_PARAM
- See Also:
- Constant Field Values
ALLOWED_HEADERS_PARAM
public static final String ALLOWED_HEADERS_PARAM
- See Also:
- Constant Field Values
PREFLIGHT_MAX_AGE_PARAM
public static final String PREFLIGHT_MAX_AGE_PARAM
- See Also:
- Constant Field Values
ALLOW_CREDENTIALS_PARAM
public static final String ALLOW_CREDENTIALS_PARAM
- See Also:
- Constant Field Values
CrossOriginFilter
public CrossOriginFilter()
init
public void init(FilterConfig config)
throws ServletException
- Specified by:
init in interface Filter
- Throws:
ServletException
doFilter
public void doFilter(ServletRequest request,
ServletResponse response,
FilterChain chain)
throws IOException,
ServletException
- Specified by:
doFilter in interface Filter
- Throws:
IOException
ServletException
isEnabled
protected boolean isEnabled(HttpServletRequest request)
destroy
public void destroy()
- Specified by:
destroy in interface Filter
Copyright © 1995-2011 Mort Bay Consulting. All Rights Reserved.