java source code of CrossOriginInterceptor

Project: javaee8-jaxrs-sample (GitHub Link)

javaee8-jaxrs-sample-master
- LICENSE
- backend
  - src
    - main
      - resources
        ValidationMessages_en.properties
        messages_en.properties
        META-INF
        persistence.xml
        orm.xml
      - java
        com
        github
        hantsy
        ee8sample
        security
        cors
        CrossOriginInterceptor.java
        CrossOrigin.java
        CorsResponseFilter.java
        jwt
        JwtCredential.java
        JpaIdentityStore.java
        JwtRememberMeIdentityStore.java
        package-info.java
        TokenProvider.java
        JwtAuthenticationMechanism.java
        AuthenticatedUserInfoProducer.java
        UserInfo.java
        Authenticated.java
        hash
        PasswordEncoder.java
        plain
        PlainPasswordEncoder.java
        PasswordEncoderProducer.java
        bcrypt
        BCrypt.java
        package-info.java
        BCryptPasswordEncoder.java
        Crypto.java
        Resources.java
        JaxrsActiviator.java
        Utils.java
        Constants.java
        aggregate
        PageMetadata.java
        PostSummaryList.java
        AggregateResource.java
        PostDetails.java
        PostSummary.java
        Bootstrap.java
        domain
        support
        AuditEntityListener.java
        AbstractEntity.java
        AbstractRepository.java
        AbstractAuditableEntity.java
        Count.java
        Username.java
        Existed.java
        Favorite.java
        Post.java
        Comment.java
        repository
        CommentRepository.java
        PostRepository.java
        FavoriteRepository.java
        UserRepository.java
        User.java
        SlugWithTitle.java
        Slug.java
        rest
        user
        UsersResource.java
        EmailWasTakenExceptionMapper.java
        CurrentUserResource.java
        UsernameWasTakenException.java
        EmailWasTakenException.java
        RegisterForm.java
        UserForm.java
        UsernameWasTakenExceptionMapper.java
        UserResource.java
        UserMessageBodyWiter.java
        post
        CommentNotFoundExceptionMapper.java
        CommentsResource.java
        PostResource.java
        PostNotFoundExceptionMapper.java
        PostsResource.java
        CommentForm.java
        PostNotFoundException.java
        CommentNotFoundException.java
        FavoritesResource.java
        PostForm.java
        auth
        AuthResource.java
      - webapp
        WEB-INF
        glassfish-web.xml
        beans.xml
        web.xml
    - test
      - resources
        test-web.xml
        arquillian.xml
        META-INF
        test-beans.xml
        test-orm.xml
        test-persistence.xml
      - java
        com
        github
        hantsy
        ee8sample
        security
        hash
        PlainPasswordEncoderTest.java
        BCryptPasswordEncoderTest.java
        domain
        repository
        PostRepositoryIT.java
        rest
        PostResourceIT.java
        UserResourceWithoutAuthIT.java
        JwtTokenAuthentication.java
        EdgeResourceIT.java
        PostResourceWithoutAuthIT.java
        AuthResourceIT.java
        UserResourceIT.java
        CurrentUserResourceIT.java
  - pom.xml
- README.md
- .gitignore

/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package com.github.hantsy.ee8sample.security.cors;

import static com.github.hantsy.ee8sample.security.cors.CorsResponseFilter.ALLOWED_METHODS;
import static com.github.hantsy.ee8sample.security.cors.CorsResponseFilter.DEFAULT_ALLOWED_HEADERS;
import static com.github.hantsy.ee8sample.security.cors.CorsResponseFilter.MAX_AGE;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;

/**
 *
 * @author hantsy
 */
@Interceptor
@CrossOrigin
@RequestScoped
public class CrossOriginInterceptor {

    @Inject
    HttpServletRequest request;

    @AroundInvoke
    protected Object invoke(InvocationContext ctx) throws Exception {
        ctx.getParameters();
        if (request.getHeader("Origin") != null) {
            return crossOriginResponse((Response) ctx.proceed(), request.getHeader("Origin"));
        } else {
            return ctx.proceed();
        }
    }

    public Response crossOriginResponse(Response response, String origin) {
        if (origin != null) {
            return Response
                .fromResponse(response)
                .header("Access-Control-Allow-Origin", origin)
                .header("Access-Control-Allow-Credentials", "true")
                .header("Access-Control-Allow-Methods", ALLOWED_METHODS)
                .header("Access-Control-Max-Age", MAX_AGE)
                .header("Access-Control-Allow-Headers", DEFAULT_ALLOWED_HEADERS)
                .build();
        }
        return response;
    }
}