CORSRequestFilter.java example

Explorer
linshare-core-master
- src
/*
 * LinShare is an open source filesharing software, part of the LinPKI software
 * suite, developed by Linagora.
 * 
 * Copyright (C) 2015 LINAGORA
 * 
 * This program is free software: you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License as published by the Free
 * Software Foundation, either version 3 of the License, or (at your option) any
 * later version, provided you comply with the Additional Terms applicable for
 * LinShare software by Linagora pursuant to Section 7 of the GNU Affero General
 * Public License, subsections (b), (c), and (e), pursuant to which you must
 * notably (i) retain the display of the “LinShare™” trademark/logo at the top
 * of the interface window, the display of the “You are using the Open Source
 * and free version of LinShare™, powered by Linagora © 2009–2015. Contribute to
 * Linshare R&D by subscribing to an Enterprise offer!” infobox and in the
 * e-mails sent with the Program, (ii) retain all hypertext links between
 * LinShare and linshare.org, between linagora.com and Linagora, and (iii)
 * refrain from infringing Linagora intellectual property rights over its
 * trademarks and commercial brands. Other Additional Terms apply, see
 * <http://www.linagora.com/licenses/> for more details.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
 * details.
 * 
 * You should have received a copy of the GNU Affero General Public License and
 * its applicable Additional Terms for LinShare along with this program. If not,
 * see <http://www.gnu.org/licenses/> for the GNU Affero General Public License
 * version 3 and <http://www.linagora.com/licenses/> for the Additional Terms
 * applicable to LinShare software.
 */
package org.linagora.linshare.auth;

import java.io.IOException;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.filter.OncePerRequestFilter;

/**
 * PreflightedRequestFilter is used to cut the filter chain when current request
 * is a preflighted one. Search for CORS, same-origin policy and HTTP access
 * control for more information.
 * 
 * @author nbertrand
 */
public class CORSRequestFilter extends OncePerRequestFilter {

	public CORSRequestFilter() throws ServletException {
		super();
	}

	@Override
	protected void doFilterInternal(HttpServletRequest req,
			HttpServletResponse res, FilterChain chain)
			throws ServletException, IOException {
		if (req.getHeader("Origin") == null) {
			chain.doFilter(req, res);
			return;
		}

		res.addHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
		res.addHeader("Access-Control-Allow-Credentials", "true");

		/*
		 * Request is a preflighted one
		 */
		if (req.getHeader("Access-Control-Request-Method") != null
				&& req.getMethod().equals("OPTIONS")) {
			res.addHeader("Access-Control-Allow-Methods",
					"GET, POST, PUT, DELETE");
			res.addHeader("Access-Control-Allow-Headers",
					"Accept, Authorization, Cache-Control, Content-Type, Origin, X-Requested-With");
			res.addHeader("Access-Control-Max-Age", "1728000");

			logger.debug("Preflighted OPTIONS request, no filter applied.");
			return;
		}
		chain.doFilter(req, res);
	}
}