org.springframework.web.cors.CorsUtils Java Examples

The following examples show how to use org.springframework.web.cors.CorsUtils. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CorsFilter.java    From halo with GNU General Public License v3.0 6 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;

    // Set customized header
    String originHeaderValue = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
    if (StringUtils.isNotBlank(originHeaderValue)) {
        httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, originHeaderValue);
    }
    httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, ALLOW_HEADERS);
    httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS");
    httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
    httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");

    if (!CorsUtils.isPreFlightRequest(httpServletRequest)) {
        chain.doFilter(httpServletRequest, httpServletResponse);
    }
}
 
Example #2
Source File: OAuthConfiguration.java    From pazuzu-registry with MIT License 6 votes vote down vote up
@Override
public void configure(final HttpSecurity http) throws Exception {

    // @formatter:off
    http
        .httpBasic()
            .disable()
        .anonymous()
        .and()
            .requestMatchers()
                .antMatchers("/api/**")
        .and()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.NEVER)
        .and()
            .authorizeRequests()
            .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
            .antMatchers("/api/health").permitAll()
            .antMatchers(HttpMethod.GET, "/api/**").permitAll()
            .antMatchers("/api/**").permitAll()
            //FIXME: disabled oauth
            .anyRequest().permitAll();
    // @formatter:on
}
 
Example #3
Source File: FrameworkServlet.java    From spring4-understanding with Apache License 2.0 6 votes vote down vote up
/**
 * Delegate OPTIONS requests to {@link #processRequest}, if desired.
 * <p>Applies HttpServlet's standard OPTIONS processing otherwise,
 * and also if there is still no 'Allow' header set after dispatching.
 * @see #doService
 */
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
		throws ServletException, IOException {

	if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
		processRequest(request, response);
		if (response.containsHeader("Allow")) {
			// Proper OPTIONS response coming from a handler - we're done.
			return;
		}
	}

	// Use response wrapper for Servlet 2.5 compatibility where
	// the getHeader() method does not exist
	super.doOptions(request, new HttpServletResponseWrapper(response) {
		@Override
		public void setHeader(String name, String value) {
			if ("Allow".equals(name)) {
				value = (StringUtils.hasLength(value) ? value + ", " : "") + RequestMethod.PATCH.name();
			}
			super.setHeader(name, value);
		}
	});
}
 
Example #4
Source File: AbstractHandlerMapping.java    From spring4-understanding with Apache License 2.0 6 votes vote down vote up
/**
 * Look up a handler for the given request, falling back to the default
 * handler if no specific one is found.
 * @param request current HTTP request
 * @return the corresponding handler instance, or the default handler
 * @see #getHandlerInternal
 */
@Override
public final HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception {
	Object handler = getHandlerInternal(request);
	if (handler == null) {
		handler = getDefaultHandler();
	}
	if (handler == null) {
		return null;
	}
	// Bean name or resolved handler?
	if (handler instanceof String) {
		String handlerName = (String) handler;
		handler = getApplicationContext().getBean(handlerName);
	}

	HandlerExecutionChain executionChain = getHandlerExecutionChain(handler, request);
	if (CorsUtils.isCorsRequest(request)) {
		CorsConfiguration globalConfig = this.corsConfigSource.getCorsConfiguration(request);
		CorsConfiguration handlerConfig = getCorsConfiguration(handler, request);
		CorsConfiguration config = (globalConfig != null ? globalConfig.combine(handlerConfig) : handlerConfig);
		executionChain = getCorsHandlerExecutionChain(request, executionChain, config);
	}
	return executionChain;
}
 
Example #5
Source File: CorsFilter.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
		FilterChain filterChain) throws ServletException, IOException {

	if (CorsUtils.isCorsRequest(request)) {
		CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(request);
		if (corsConfiguration != null) {
			boolean isValid = this.processor.processRequest(corsConfiguration, request, response);
			if (!isValid || CorsUtils.isPreFlightRequest(request)) {
				return;
			}
		}
	}

	filterChain.doFilter(request, response);
}
 
Example #6
Source File: FrameworkServlet.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Delegate OPTIONS requests to {@link #processRequest}, if desired.
 * <p>Applies HttpServlet's standard OPTIONS processing otherwise,
 * and also if there is still no 'Allow' header set after dispatching.
 * @see #doService
 */
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
		throws ServletException, IOException {

	if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
		processRequest(request, response);
		if (response.containsHeader("Allow")) {
			// Proper OPTIONS response coming from a handler - we're done.
			return;
		}
	}

	// Use response wrapper for Servlet 2.5 compatibility where
	// the getHeader() method does not exist
	super.doOptions(request, new HttpServletResponseWrapper(response) {
		@Override
		public void setHeader(String name, String value) {
			if ("Allow".equals(name)) {
				value = (StringUtils.hasLength(value) ? value + ", " : "") + HttpMethod.PATCH.name();
			}
			super.setHeader(name, value);
		}
	});
}
 
Example #7
Source File: AbstractHandlerMapping.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Look up a handler for the given request, falling back to the default
 * handler if no specific one is found.
 * @param request current HTTP request
 * @return the corresponding handler instance, or the default handler
 * @see #getHandlerInternal
 */
@Override
public final HandlerExecutionChain getHandler(HttpServletRequest request) throws Exception {
	Object handler = getHandlerInternal(request);
	if (handler == null) {
		handler = getDefaultHandler();
	}
	if (handler == null) {
		return null;
	}
	// Bean name or resolved handler?
	if (handler instanceof String) {
		String handlerName = (String) handler;
		handler = getApplicationContext().getBean(handlerName);
	}

	HandlerExecutionChain executionChain = getHandlerExecutionChain(handler, request);
	if (CorsUtils.isCorsRequest(request)) {
		CorsConfiguration globalConfig = this.globalCorsConfigSource.getCorsConfiguration(request);
		CorsConfiguration handlerConfig = getCorsConfiguration(handler, request);
		CorsConfiguration config = (globalConfig != null ? globalConfig.combine(handlerConfig) : handlerConfig);
		executionChain = getCorsHandlerExecutionChain(request, executionChain, config);
	}
	return executionChain;
}
 
Example #8
Source File: RequestMethodsRequestCondition.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Check if any of the HTTP request methods match the given request and
 * return an instance that contains the matching HTTP request method only.
 * @param request the current request
 * @return the same instance if the condition is empty (unless the request
 * method is HTTP OPTIONS), a new condition with the matched request method,
 * or {@code null} if there is no match or the condition is empty and the
 * request method is OPTIONS.
 */
@Override
public RequestMethodsRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return matchPreFlight(request);
	}

	if (getMethods().isEmpty()) {
		if (RequestMethod.OPTIONS.name().equals(request.getMethod()) &&
				!DispatcherType.ERROR.equals(request.getDispatcherType())) {

			return null; // No implicit match for OPTIONS (we handle it)
		}
		return this;
	}

	return matchRequestMethod(request.getMethod());
}
 
Example #9
Source File: WebSecurityConfig.java    From fish-admin with MIT License 6 votes vote down vote up
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
            // we don't need CSRF because our token is invulnerable
            .csrf().disable()
            .authorizeRequests()
            // All urls must be authenticated (filter for token always fires (/**)
            .antMatchers(HttpMethod.OPTIONS, "/login").permitAll()
            .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
            .anyRequest().authenticated()
            .and()
            // Call our errorHandler if authentication/authorisation fails
            .exceptionHandling()
            .authenticationEntryPoint((httpServletRequest, httpServletResponse, e) -> httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"))
            .and()
            // don't create session
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            // 添加一个过滤器 所有访问 /login 的请求交给 JWTLoginFilter 来处理 这个类处理所有的JWT相关内容
            .and().addFilterBefore(new JwtAuthenticationTokenFilter("/login", authenticationManager()),
                    UsernamePasswordAuthenticationFilter.class)
            // 添加一个过滤器验证其他请求的Token是否合法
            .addFilterBefore(new JWTAuthenticationFilter(),
                    UsernamePasswordAuthenticationFilter.class);
    // disable page caching
    httpSecurity.headers().cacheControl();
}
 
Example #10
Source File: SecurityTokenConfig.java    From poseidon with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(HttpSecurity http) throws Exception {
	http.csrf().disable().cors().and()
			// make sure we use stateless session; session won't be used to store
			// user's state.
			.sessionManagement()
			.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
			// handle an authorized attempts
			.exceptionHandling()
			.authenticationEntryPoint((req, rsp, e) -> rsp
					.sendError(HttpServletResponse.SC_UNAUTHORIZED))
			.and()
			// Add a filter to validate the tokens with every request
			.addFilterAfter(new JwtTokenAuthenticationFilter(jwtConfig),
					UsernamePasswordAuthenticationFilter.class)
			// authorization requests config
			.authorizeRequests().requestMatchers(CorsUtils::isCorsRequest).permitAll()
			.antMatchers(HttpMethod.POST, jwtConfig.getUri()).permitAll()
			.antMatchers(HttpMethod.GET, router.getWeb_shop_cart_service(),
					router.getWeb_view_service(), router.getMember_service())
			.permitAll()
			// required here)
			// .antMatchers("/view" + "/admin/**").hasRole("")
			// Any other request must be authenticated
			.anyRequest().authenticated();
}
 
Example #11
Source File: CorsFilter.java    From java-technology-stack with MIT License 6 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
		FilterChain filterChain) throws ServletException, IOException {

	if (CorsUtils.isCorsRequest(request)) {
		CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(request);
		if (corsConfiguration != null) {
			boolean isValid = this.processor.processRequest(corsConfiguration, request, response);
			if (!isValid || CorsUtils.isPreFlightRequest(request)) {
				return;
			}
		}
	}

	filterChain.doFilter(request, response);
}
 
Example #12
Source File: FrameworkServlet.java    From java-technology-stack with MIT License 6 votes vote down vote up
/**
 * Delegate OPTIONS requests to {@link #processRequest}, if desired.
 * <p>Applies HttpServlet's standard OPTIONS processing otherwise,
 * and also if there is still no 'Allow' header set after dispatching.
 * @see #doService
 */
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
		throws ServletException, IOException {

	if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
		processRequest(request, response);
		if (response.containsHeader("Allow")) {
			// Proper OPTIONS response coming from a handler - we're done.
			return;
		}
	}

	// Use response wrapper in order to always add PATCH to the allowed methods
	super.doOptions(request, new HttpServletResponseWrapper(response) {
		@Override
		public void setHeader(String name, String value) {
			if ("Allow".equals(name)) {
				value = (StringUtils.hasLength(value) ? value + ", " : "") + HttpMethod.PATCH.name();
			}
			super.setHeader(name, value);
		}
	});
}
 
Example #13
Source File: RequestMethodsRequestCondition.java    From java-technology-stack with MIT License 6 votes vote down vote up
/**
 * Check if any of the HTTP request methods match the given request and
 * return an instance that contains the matching HTTP request method only.
 * @param request the current request
 * @return the same instance if the condition is empty (unless the request
 * method is HTTP OPTIONS), a new condition with the matched request method,
 * or {@code null} if there is no match or the condition is empty and the
 * request method is OPTIONS.
 */
@Override
@Nullable
public RequestMethodsRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return matchPreFlight(request);
	}

	if (getMethods().isEmpty()) {
		if (RequestMethod.OPTIONS.name().equals(request.getMethod()) &&
				!DispatcherType.ERROR.equals(request.getDispatcherType())) {

			return null; // No implicit match for OPTIONS (we handle it)
		}
		return this;
	}

	return matchRequestMethod(request.getMethod());
}
 
Example #14
Source File: RequestMethodsRequestCondition.java    From spring-analysis-note with MIT License 6 votes vote down vote up
/**
 * Check if any of the HTTP request methods match the given request and
 * return an instance that contains the matching HTTP request method only.
 * @param request the current request
 * @return the same instance if the condition is empty (unless the request
 * method is HTTP OPTIONS), a new condition with the matched request method,
 * or {@code null} if there is no match or the condition is empty and the
 * request method is OPTIONS.
 */
@Override
@Nullable
public RequestMethodsRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return matchPreFlight(request);
	}

	if (getMethods().isEmpty()) {
		if (RequestMethod.OPTIONS.name().equals(request.getMethod()) &&
				!DispatcherType.ERROR.equals(request.getDispatcherType())) {

			return null; // We handle OPTIONS transparently, so don't match if no explicit declarations
		}
		return this;
	}

	return matchRequestMethod(request.getMethod());
}
 
Example #15
Source File: ConsumesRequestCondition.java    From java-technology-stack with MIT License 6 votes vote down vote up
/**
 * Checks if any of the contained media type expressions match the given
 * request 'Content-Type' header and returns an instance that is guaranteed
 * to contain matching expressions only. The match is performed via
 * {@link MediaType#includes(MediaType)}.
 * @param request the current request
 * @return the same instance if the condition contains no expressions;
 * or a new condition with matching expressions only;
 * or {@code null} if no expressions match
 */
@Override
@Nullable
public ConsumesRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return PRE_FLIGHT_MATCH;
	}
	if (isEmpty()) {
		return this;
	}

	MediaType contentType;
	try {
		contentType = (StringUtils.hasLength(request.getContentType()) ?
				MediaType.parseMediaType(request.getContentType()) :
				MediaType.APPLICATION_OCTET_STREAM);
	}
	catch (InvalidMediaTypeException ex) {
		return null;
	}

	Set<ConsumeMediaTypeExpression> result = new LinkedHashSet<>(this.expressions);
	result.removeIf(expression -> !expression.match(contentType));
	return (!result.isEmpty() ? new ConsumesRequestCondition(result) : null);
}
 
Example #16
Source File: SecurityConfiguration.java    From cymbal with Apache License 2.0 6 votes vote down vote up
@Override
protected void configure(final HttpSecurity http) throws Exception {
    http.headers().frameOptions().disable();
    http.csrf().disable();

    http.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
            .antMatchers("/api/**").permitAll()
            .anyRequest().authenticated();

    http.logout().permitAll();

    http.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and()
            .addFilter(this.authenticationProcessingFilter)
            .addFilterBefore(this.logoutFilter, authenticationProcessingFilter.getClass())
            .addFilterBefore(this.singleSignOutFilter, authenticationProcessingFilter.getClass());
}
 
Example #17
Source File: FrameworkServlet.java    From spring-analysis-note with MIT License 6 votes vote down vote up
/**
 * Delegate OPTIONS requests to {@link #processRequest}, if desired.
 * <p>Applies HttpServlet's standard OPTIONS processing otherwise,
 * and also if there is still no 'Allow' header set after dispatching.
 * @see #doService
 */
@Override
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
		throws ServletException, IOException {

	if (this.dispatchOptionsRequest || CorsUtils.isPreFlightRequest(request)) {
		processRequest(request, response);
		if (response.containsHeader("Allow")) {
			// Proper OPTIONS response coming from a handler - we're done.
			return;
		}
	}

	// Use response wrapper in order to always add PATCH to the allowed methods
	super.doOptions(request, new HttpServletResponseWrapper(response) {
		@Override
		public void setHeader(String name, String value) {
			if ("Allow".equals(name)) {
				value = (StringUtils.hasLength(value) ? value + ", " : "") + HttpMethod.PATCH.name();
			}
			super.setHeader(name, value);
		}
	});
}
 
Example #18
Source File: CorsFilter.java    From spring-analysis-note with MIT License 5 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
		FilterChain filterChain) throws ServletException, IOException {

	CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(request);
	boolean isValid = this.processor.processRequest(corsConfiguration, request, response);
	if (!isValid || CorsUtils.isPreFlightRequest(request)) {
		return;
	}
	filterChain.doFilter(request, response);
}
 
Example #19
Source File: ConsumesRequestCondition.java    From spring-analysis-note with MIT License 5 votes vote down vote up
/**
 * Checks if any of the contained media type expressions match the given
 * request 'Content-Type' header and returns an instance that is guaranteed
 * to contain matching expressions only. The match is performed via
 * {@link MediaType#includes(MediaType)}.
 * @param request the current request
 * @return the same instance if the condition contains no expressions;
 * or a new condition with matching expressions only;
 * or {@code null} if no expressions match
 */
@Override
@Nullable
public ConsumesRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return EMPTY_CONDITION;
	}
	if (isEmpty()) {
		return this;
	}
	if (!hasBody(request) && !this.bodyRequired) {
		return EMPTY_CONDITION;
	}

	// Common media types are cached at the level of MimeTypeUtils

	MediaType contentType;
	try {
		contentType = StringUtils.hasLength(request.getContentType()) ?
				MediaType.parseMediaType(request.getContentType()) :
				MediaType.APPLICATION_OCTET_STREAM;
	}
	catch (InvalidMediaTypeException ex) {
		return null;
	}

	List<ConsumeMediaTypeExpression> result = getMatchingExpressions(contentType);
	return !CollectionUtils.isEmpty(result) ? new ConsumesRequestCondition(result) : null;
}
 
Example #20
Source File: CorsFilter.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
		FilterChain filterChain) throws ServletException, IOException {

	if (CorsUtils.isCorsRequest(request)) {
		CorsConfiguration corsConfiguration = this.configSource.getCorsConfiguration(request);
		if (corsConfiguration != null) {
			boolean isValid = this.processor.processRequest(corsConfiguration, request, response);
			if (!isValid || CorsUtils.isPreFlightRequest(request)) {
				return;
			}
		}
	}
	filterChain.doFilter(request, response);
}
 
Example #21
Source File: AbstractSockJsService.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
@Override
public CorsConfiguration getCorsConfiguration(HttpServletRequest request) {
	if (!this.suppressCors && CorsUtils.isCorsRequest(request)) {
		CorsConfiguration config = new CorsConfiguration();
		config.addAllowedOrigin("*");
		config.addAllowedMethod("*");
		config.setAllowCredentials(true);
		config.setMaxAge(ONE_YEAR);
		config.addAllowedHeader("*");
		return config;
	}
	return null;
}
 
Example #22
Source File: AbstractHandlerMethodMapping.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
/**
 * Look up the best-matching handler method for the current request.
 * If multiple matches are found, the best match is selected.
 * @param lookupPath mapping lookup path within the current servlet mapping
 * @param request the current request
 * @return the best-matching handler method, or {@code null} if no match
 * @see #handleMatch(Object, String, HttpServletRequest)
 * @see #handleNoMatch(Set, String, HttpServletRequest)
 */
protected HandlerMethod lookupHandlerMethod(String lookupPath, HttpServletRequest request) throws Exception {
	List<Match> matches = new ArrayList<Match>();
	List<T> directPathMatches = this.mappingRegistry.getMappingsByUrl(lookupPath);
	if (directPathMatches != null) {
		addMatchingMappings(directPathMatches, matches, request);
	}
	if (matches.isEmpty()) {
		// No choice but to go through all mappings...
		addMatchingMappings(this.mappingRegistry.getMappings().keySet(), matches, request);
	}

	if (!matches.isEmpty()) {
		Comparator<Match> comparator = new MatchComparator(getMappingComparator(request));
		Collections.sort(matches, comparator);
		if (logger.isTraceEnabled()) {
			logger.trace("Found " + matches.size() + " matching mapping(s) for [" +
					lookupPath + "] : " + matches);
		}
		Match bestMatch = matches.get(0);
		if (matches.size() > 1) {
			if (CorsUtils.isPreFlightRequest(request)) {
				return PREFLIGHT_AMBIGUOUS_MATCH;
			}
			Match secondBestMatch = matches.get(1);
			if (comparator.compare(bestMatch, secondBestMatch) == 0) {
				Method m1 = bestMatch.handlerMethod.getMethod();
				Method m2 = secondBestMatch.handlerMethod.getMethod();
				throw new IllegalStateException("Ambiguous handler methods mapped for HTTP path '" +
						request.getRequestURL() + "': {" + m1 + ", " + m2 + "}");
			}
		}
		handleMatch(bestMatch.mapping, lookupPath, request);
		return bestMatch.handlerMethod;
	}
	else {
		return handleNoMatch(this.mappingRegistry.getMappings().keySet(), lookupPath, request);
	}
}
 
Example #23
Source File: HeadersRequestCondition.java    From spring-analysis-note with MIT License 5 votes vote down vote up
/**
 * Returns "this" instance if the request matches all expressions;
 * or {@code null} otherwise.
 */
@Override
@Nullable
public HeadersRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return PRE_FLIGHT_MATCH;
	}
	for (HeaderExpression expression : this.expressions) {
		if (!expression.match(request)) {
			return null;
		}
	}
	return this;
}
 
Example #24
Source File: RequestMappingInfo.java    From spring4-understanding with Apache License 2.0 5 votes vote down vote up
/**
 * Checks if all conditions in this request mapping info match the provided request and returns
 * a potentially new request mapping info with conditions tailored to the current request.
 * <p>For example the returned instance may contain the subset of URL patterns that match to
 * the current request, sorted with best matching patterns on top.
 * @return a new instance in case all conditions match; or {@code null} otherwise
 */
@Override
public RequestMappingInfo getMatchingCondition(HttpServletRequest request) {
	RequestMethodsRequestCondition methods = this.methodsCondition.getMatchingCondition(request);
	ParamsRequestCondition params = this.paramsCondition.getMatchingCondition(request);
	HeadersRequestCondition headers = this.headersCondition.getMatchingCondition(request);
	ConsumesRequestCondition consumes = this.consumesCondition.getMatchingCondition(request);
	ProducesRequestCondition produces = this.producesCondition.getMatchingCondition(request);

	if (methods == null || params == null || headers == null || consumes == null || produces == null) {
		if (CorsUtils.isPreFlightRequest(request)) {
			methods = getAccessControlRequestMethodCondition(request);
			if (methods == null || params == null) {
				return null;
			}
		}
		else {
			return null;
		}
	}

	PatternsRequestCondition patterns = this.patternsCondition.getMatchingCondition(request);
	if (patterns == null) {
		return null;
	}

	RequestConditionHolder custom = this.customConditionHolder.getMatchingCondition(request);
	if (custom == null) {
		return null;
	}

	return new RequestMappingInfo(this.name, patterns,
			methods, params, headers, consumes, produces, custom.getCondition());
}
 
Example #25
Source File: ProducesRequestCondition.java    From spring-analysis-note with MIT License 5 votes vote down vote up
/**
 * Checks if any of the contained media type expressions match the given
 * request 'Content-Type' header and returns an instance that is guaranteed
 * to contain matching expressions only. The match is performed via
 * {@link MediaType#isCompatibleWith(MediaType)}.
 * @param request the current request
 * @return the same instance if there are no expressions;
 * or a new condition with matching expressions;
 * or {@code null} if no expressions match.
 */
@Override
@Nullable
public ProducesRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return EMPTY_CONDITION;
	}
	if (isEmpty()) {
		return this;
	}
	List<MediaType> acceptedMediaTypes;
	try {
		acceptedMediaTypes = getAcceptedMediaTypes(request);
	}
	catch (HttpMediaTypeException ex) {
		return null;
	}
	List<ProduceMediaTypeExpression> result = getMatchingExpressions(acceptedMediaTypes);
	if (!CollectionUtils.isEmpty(result)) {
		return new ProducesRequestCondition(result, this);
	}
	else if (MediaType.ALL.isPresentIn(acceptedMediaTypes)) {
		return EMPTY_CONDITION;
	}
	else {
		return null;
	}
}
 
Example #26
Source File: AbstractHandlerMethodMapping.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Look up the best-matching handler method for the current request.
 * If multiple matches are found, the best match is selected.
 * @param lookupPath mapping lookup path within the current servlet mapping
 * @param request the current request
 * @return the best-matching handler method, or {@code null} if no match
 * @see #handleMatch(Object, String, HttpServletRequest)
 * @see #handleNoMatch(Set, String, HttpServletRequest)
 */
protected HandlerMethod lookupHandlerMethod(String lookupPath, HttpServletRequest request) throws Exception {
	List<Match> matches = new ArrayList<Match>();
	List<T> directPathMatches = this.mappingRegistry.getMappingsByUrl(lookupPath);
	if (directPathMatches != null) {
		addMatchingMappings(directPathMatches, matches, request);
	}
	if (matches.isEmpty()) {
		// No choice but to go through all mappings...
		addMatchingMappings(this.mappingRegistry.getMappings().keySet(), matches, request);
	}

	if (!matches.isEmpty()) {
		Comparator<Match> comparator = new MatchComparator(getMappingComparator(request));
		Collections.sort(matches, comparator);
		if (logger.isTraceEnabled()) {
			logger.trace("Found " + matches.size() + " matching mapping(s) for [" +
					lookupPath + "] : " + matches);
		}
		Match bestMatch = matches.get(0);
		if (matches.size() > 1) {
			if (CorsUtils.isPreFlightRequest(request)) {
				return PREFLIGHT_AMBIGUOUS_MATCH;
			}
			Match secondBestMatch = matches.get(1);
			if (comparator.compare(bestMatch, secondBestMatch) == 0) {
				Method m1 = bestMatch.handlerMethod.getMethod();
				Method m2 = secondBestMatch.handlerMethod.getMethod();
				throw new IllegalStateException("Ambiguous handler methods mapped for HTTP path '" +
						request.getRequestURL() + "': {" + m1 + ", " + m2 + "}");
			}
		}
		handleMatch(bestMatch.mapping, lookupPath, request);
		return bestMatch.handlerMethod;
	}
	else {
		return handleNoMatch(this.mappingRegistry.getMappings().keySet(), lookupPath, request);
	}
}
 
Example #27
Source File: ProducesRequestCondition.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks if any of the contained media type expressions match the given
 * request 'Content-Type' header and returns an instance that is guaranteed
 * to contain matching expressions only. The match is performed via
 * {@link MediaType#isCompatibleWith(MediaType)}.
 * @param request the current request
 * @return the same instance if there are no expressions;
 * or a new condition with matching expressions;
 * or {@code null} if no expressions match.
 */
@Override
public ProducesRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return PRE_FLIGHT_MATCH;
	}
	if (isEmpty()) {
		return this;
	}
	List<MediaType> acceptedMediaTypes;
	try {
		acceptedMediaTypes = getAcceptedMediaTypes(request);
	}
	catch (HttpMediaTypeException ex) {
		return null;
	}
	Set<ProduceMediaTypeExpression> result = new LinkedHashSet<ProduceMediaTypeExpression>(expressions);
	for (Iterator<ProduceMediaTypeExpression> iterator = result.iterator(); iterator.hasNext();) {
		ProduceMediaTypeExpression expression = iterator.next();
		if (!expression.match(acceptedMediaTypes)) {
			iterator.remove();
		}
	}
	if (!result.isEmpty()) {
		return new ProducesRequestCondition(result, this.contentNegotiationManager);
	}
	else if (acceptedMediaTypes.contains(MediaType.ALL)) {
		return EMPTY_CONDITION;
	}
	else {
		return null;
	}
}
 
Example #28
Source File: HeadersRequestCondition.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Returns "this" instance if the request matches all expressions;
 * or {@code null} otherwise.
 */
@Override
public HeadersRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return PRE_FLIGHT_MATCH;
	}
	for (HeaderExpression expression : expressions) {
		if (!expression.match(request)) {
			return null;
		}
	}
	return this;
}
 
Example #29
Source File: HeadersRequestCondition.java    From java-technology-stack with MIT License 5 votes vote down vote up
/**
 * Returns "this" instance if the request matches all expressions;
 * or {@code null} otherwise.
 */
@Override
@Nullable
public HeadersRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return PRE_FLIGHT_MATCH;
	}
	for (HeaderExpression expression : this.expressions) {
		if (!expression.match(request)) {
			return null;
		}
	}
	return this;
}
 
Example #30
Source File: ConsumesRequestCondition.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Checks if any of the contained media type expressions match the given
 * request 'Content-Type' header and returns an instance that is guaranteed
 * to contain matching expressions only. The match is performed via
 * {@link MediaType#includes(MediaType)}.
 * @param request the current request
 * @return the same instance if the condition contains no expressions;
 * or a new condition with matching expressions only;
 * or {@code null} if no expressions match.
 */
@Override
public ConsumesRequestCondition getMatchingCondition(HttpServletRequest request) {
	if (CorsUtils.isPreFlightRequest(request)) {
		return PRE_FLIGHT_MATCH;
	}
	if (isEmpty()) {
		return this;
	}
	MediaType contentType;
	try {
		contentType = StringUtils.hasLength(request.getContentType()) ?
				MediaType.parseMediaType(request.getContentType()) :
				MediaType.APPLICATION_OCTET_STREAM;
	}
	catch (InvalidMediaTypeException ex) {
		return null;
	}
	Set<ConsumeMediaTypeExpression> result = new LinkedHashSet<ConsumeMediaTypeExpression>(this.expressions);
	for (Iterator<ConsumeMediaTypeExpression> iterator = result.iterator(); iterator.hasNext();) {
		ConsumeMediaTypeExpression expression = iterator.next();
		if (!expression.match(contentType)) {
			iterator.remove();
		}
	}
	return (result.isEmpty()) ? null : new ConsumesRequestCondition(result);
}