Merged branch 'jetty-9.2.x' into 'master'.

This commit is contained in:
Simone Bordet 2015-03-25 11:11:49 +01:00
commit b8623c125f
1 changed files with 23 additions and 25 deletions

View File

@ -26,7 +26,6 @@ import java.util.Enumeration;
import java.util.List; import java.util.List;
import java.util.regex.Matcher; import java.util.regex.Matcher;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import javax.servlet.Filter; import javax.servlet.Filter;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
import javax.servlet.FilterConfig; import javax.servlet.FilterConfig;
@ -69,15 +68,15 @@ import org.eclipse.jetty.util.log.Logger;
* can be cached by the client. Default value is <b>1800</b> seconds, or 30 * can be cached by the client. Default value is <b>1800</b> seconds, or 30
* minutes</li> * minutes</li>
* <li><b>allowCredentials</b>, a boolean indicating if the resource allows * <li><b>allowCredentials</b>, a boolean indicating if the resource allows
* requests with credentials. Default value is <b>false</b></li> * requests with credentials. Default value is <b>true</b></li>
* <li><b>exposedHeaders</b>, a comma separated list of HTTP headers that * <li><b>exposedHeaders</b>, a comma separated list of HTTP headers that
* are allowed to be exposed on the client. Default value is the * are allowed to be exposed on the client. Default value is the
* <b>empty list</b></li> * <b>empty list</b></li>
* <li><b>chainPreflight</b>, if true preflight requests are chained to their * <li><b>chainPreflight</b>, if true preflight requests are chained to their
* target resource for normal handling (as an OPTION request). Otherwise the * target resource for normal handling (as an OPTION request). Otherwise the
* filter will response to the preflight. Default is true.</li> * filter will response to the preflight. Default is <b>true</b>.</li>
* </ul></p> * </ul></p>
* <p>A typical configuration could be: * <p>A typical configuration could be:</p>
* <pre> * <pre>
* &lt;web-app ...&gt; * &lt;web-app ...&gt;
* ... * ...
@ -91,7 +90,7 @@ import org.eclipse.jetty.util.log.Logger;
* &lt;/filter-mapping&gt; * &lt;/filter-mapping&gt;
* ... * ...
* &lt;/web-app&gt; * &lt;/web-app&gt;
* </pre></p> * </pre>
*/ */
public class CrossOriginFilter implements Filter public class CrossOriginFilter implements Filter
{ {
@ -193,8 +192,8 @@ public class CrossOriginFilter implements Filter
exposedHeaders.addAll(Arrays.asList(exposedHeadersConfig.split(","))); exposedHeaders.addAll(Arrays.asList(exposedHeadersConfig.split(",")));
String chainPreflightConfig = config.getInitParameter(OLD_CHAIN_PREFLIGHT_PARAM); String chainPreflightConfig = config.getInitParameter(OLD_CHAIN_PREFLIGHT_PARAM);
if (chainPreflightConfig!=null) // TODO remove this if (chainPreflightConfig != null)
LOG.warn("DEPRECATED CONFIGURATION: Use "+CHAIN_PREFLIGHT_PARAM+ " instead of "+OLD_CHAIN_PREFLIGHT_PARAM); LOG.warn("DEPRECATED CONFIGURATION: Use " + CHAIN_PREFLIGHT_PARAM + " instead of " + OLD_CHAIN_PREFLIGHT_PARAM);
else else
chainPreflightConfig = config.getInitParameter(CHAIN_PREFLIGHT_PARAM); chainPreflightConfig = config.getInitParameter(CHAIN_PREFLIGHT_PARAM);
if (chainPreflightConfig == null) if (chainPreflightConfig == null)
@ -204,13 +203,13 @@ public class CrossOriginFilter implements Filter
if (LOG.isDebugEnabled()) if (LOG.isDebugEnabled())
{ {
LOG.debug("Cross-origin filter configuration: " + LOG.debug("Cross-origin filter configuration: " +
ALLOWED_ORIGINS_PARAM + " = " + allowedOriginsConfig + ", " + ALLOWED_ORIGINS_PARAM + " = " + allowedOriginsConfig + ", " +
ALLOWED_METHODS_PARAM + " = " + allowedMethodsConfig + ", " + ALLOWED_METHODS_PARAM + " = " + allowedMethodsConfig + ", " +
ALLOWED_HEADERS_PARAM + " = " + allowedHeadersConfig + ", " + ALLOWED_HEADERS_PARAM + " = " + allowedHeadersConfig + ", " +
PREFLIGHT_MAX_AGE_PARAM + " = " + preflightMaxAgeConfig + ", " + PREFLIGHT_MAX_AGE_PARAM + " = " + preflightMaxAgeConfig + ", " +
ALLOW_CREDENTIALS_PARAM + " = " + allowedCredentialsConfig + "," + ALLOW_CREDENTIALS_PARAM + " = " + allowedCredentialsConfig + "," +
EXPOSED_HEADERS_PARAM + " = " + exposedHeadersConfig + "," + EXPOSED_HEADERS_PARAM + " = " + exposedHeadersConfig + "," +
CHAIN_PREFLIGHT_PARAM + " = " + chainPreflightConfig CHAIN_PREFLIGHT_PARAM + " = " + chainPreflightConfig
); );
} }
} }
@ -295,7 +294,7 @@ public class CrossOriginFilter implements Filter
{ {
if (allowedOrigin.contains("*")) if (allowedOrigin.contains("*"))
{ {
Matcher matcher = createMatcher(origin,allowedOrigin); Matcher matcher = createMatcher(origin, allowedOrigin);
if (matcher.matches()) if (matcher.matches())
return true; return true;
} }
@ -317,8 +316,8 @@ public class CrossOriginFilter implements Filter
private String parseAllowedWildcardOriginToRegex(String allowedOrigin) private String parseAllowedWildcardOriginToRegex(String allowedOrigin)
{ {
String regex = allowedOrigin.replace(".","\\."); String regex = allowedOrigin.replace(".", "\\.");
return regex.replace("*",".*"); // we want to be greedy here to match multiple subdomains, thus we use .* return regex.replace("*", ".*"); // we want to be greedy here to match multiple subdomains, thus we use .*
} }
private boolean isSimpleRequest(HttpServletRequest request) private boolean isSimpleRequest(HttpServletRequest request)
@ -360,7 +359,7 @@ public class CrossOriginFilter implements Filter
private void handlePreflightResponse(HttpServletRequest request, HttpServletResponse response, String origin) private void handlePreflightResponse(HttpServletRequest request, HttpServletResponse response, String origin)
{ {
boolean methodAllowed = isMethodAllowed(request); boolean methodAllowed = isMethodAllowed(request);
if (!methodAllowed) if (!methodAllowed)
return; return;
List<String> headersRequested = getAccessControlRequestHeaders(request); List<String> headersRequested = getAccessControlRequestHeaders(request);
@ -393,7 +392,7 @@ public class CrossOriginFilter implements Filter
return result; return result;
} }
List<String> getAccessControlRequestHeaders (HttpServletRequest request) private List<String> getAccessControlRequestHeaders(HttpServletRequest request)
{ {
String accessControlRequestHeaders = request.getHeader(ACCESS_CONTROL_REQUEST_HEADERS_HEADER); String accessControlRequestHeaders = request.getHeader(ACCESS_CONTROL_REQUEST_HEADERS_HEADER);
LOG.debug("{} is {}", ACCESS_CONTROL_REQUEST_HEADERS_HEADER, accessControlRequestHeaders); LOG.debug("{} is {}", ACCESS_CONTROL_REQUEST_HEADERS_HEADER, accessControlRequestHeaders);
@ -410,8 +409,7 @@ public class CrossOriginFilter implements Filter
} }
return requestedHeaders; return requestedHeaders;
} }
private boolean areHeadersAllowed(List<String> requestedHeaders) private boolean areHeadersAllowed(List<String> requestedHeaders)
{ {
if (anyHeadersAllowed) if (anyHeadersAllowed)
@ -419,13 +417,13 @@ public class CrossOriginFilter implements Filter
LOG.debug("Any header is allowed"); LOG.debug("Any header is allowed");
return true; return true;
} }
boolean result = true; boolean result = true;
for (String requestedHeader:requestedHeaders) for (String requestedHeader : requestedHeaders)
{ {
boolean headerAllowed = false; boolean headerAllowed = false;
for (String allowedHeader:allowedHeaders) for (String allowedHeader : allowedHeaders)
{ {
if (requestedHeader.equalsIgnoreCase(allowedHeader.trim())) if (requestedHeader.equalsIgnoreCase(allowedHeader.trim()))
{ {
headerAllowed = true; headerAllowed = true;