View Javadoc

1   package com.atlassian.plugins.rest.module.filter;
2   
3   import com.atlassian.plugins.rest.common.security.CorsHeaders;
4   import com.atlassian.plugins.rest.common.security.jersey.CorsResourceFilter;
5   import com.sun.jersey.spi.container.ContainerRequest;
6   import com.sun.jersey.spi.container.ContainerRequestFilter;
7   import org.apache.commons.lang.StringUtils;
8   
9   import javax.ws.rs.HttpMethod;
10  import javax.ws.rs.core.MultivaluedMap;
11  import javax.ws.rs.ext.Provider;
12  import java.util.HashSet;
13  import java.util.Set;
14  
15  import static com.atlassian.plugins.rest.common.security.jersey.CorsResourceFilter.extractOrigin;
16  import static javax.ws.rs.core.HttpHeaders.ACCEPT;
17  import static javax.ws.rs.core.MediaType.APPLICATION_ATOM_XML;
18  import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
19  import static javax.ws.rs.core.MediaType.APPLICATION_XML;
20  import static javax.ws.rs.core.MediaType.TEXT_HTML;
21  import static javax.ws.rs.core.MediaType.TEXT_PLAIN;
22  import static javax.ws.rs.core.MediaType.WILDCARD;
23  
24  /**
25   * This is a filter to force Jersey to handle OPTIONS when part of a preflight cors check.
26   *
27   * @since 2.6
28   */
29  @Provider
30  public class CorsAcceptOptionsPreflightFilter implements ContainerRequestFilter
31  {
32      public ContainerRequest filter(final ContainerRequest request)
33      {
34          if (request.getMethod().equals(HttpMethod.OPTIONS))
35          {
36              String origin = extractOrigin(request);
37              String targetMethod = request.getHeaderValue(CorsHeaders.ACCESS_CONTROL_REQUEST_METHOD.value());
38              if (targetMethod != null && origin != null)
39              {
40                  request.setMethod(targetMethod);
41                  request.getProperties().put(CorsResourceFilter.CORS_PREFLIGHT_REQUESTED, "true");
42              }
43          }
44          return request;
45      }
46  }