CrossOriginFilter.java

package org.nutz.mvc.filter;

import org.nutz.lang.Strings;
import org.nutz.log.Log;
import org.nutz.log.Logs;
import org.nutz.mvc.ActionContext;
import org.nutz.mvc.ActionFilter;
import org.nutz.mvc.View;
import org.nutz.mvc.view.VoidView;

import javax.servlet.http.HttpServletResponse;

/**
 * 如果是OPTIONS请求，那么返回自定义的Access-Control-Allow-*头部
 */
public class CrossOriginFilter implements ActionFilter {

    private static final Log log = Logs.get();

    protected String origin;
    protected String methods;
    protected String headers;
    protected String credentials;

    public CrossOriginFilter() {
        this("*", "get, post, put, delete, options", "origin, content-type, accept", "true");
    }

    public CrossOriginFilter(String origin, String methods, String headers, String credentials) {
        this.origin = origin;
        this.methods = methods;
        this.headers = headers;
        this.credentials = credentials;
    }

    public View match(ActionContext ac) {
        HttpServletResponse resp = ac.getResponse();
        if (!Strings.isBlank(origin))
            resp.addHeader("Access-Control-Allow-Origin", origin);
        if (!Strings.isBlank(methods))
            resp.addHeader("Access-Control-Allow-Methods", methods);
        if (!Strings.isBlank(headers))
            resp.addHeader("Access-Control-Allow-Headers", headers);
        if (!Strings.isBlank(credentials))
            resp.addHeader("Access-Control-Allow-Credentials", credentials);
        
        if ("OPTIONS".equals(ac.getRequest().getMethod())) {
            if (log.isDebugEnabled())
                log.debugf("Feedback -- [%s] [%s] [%s] [%s]", origin, methods, headers, credentials);
            return new VoidView();
        }
        return null;
    }
}