public class CorsFilter extends OncePerRequestFilter
Filter to handle CORS pre-flight requests and intercept
CORS simple and actual requests with a CorsProcessor, and to update
the response, e.g. with CORS response headers, based on the policy matched
through the provided CorsConfigurationSource.
This is an alternative to configuring CORS in the Spring MVC Java config
and the Spring MVC XML namespace. It is useful for applications depending
only on spring-web (not on spring-webmvc) or for security constraints that
require CORS checks to be performed at Filter level.
This filter could be used in conjunction with DelegatingFilterProxy
in order to help with its initialization.
UrlBasedCorsConfigurationSourceALREADY_FILTERED_SUFFIXlogger| Constructor and Description |
|---|
CorsFilter(CorsConfigurationSource configSource)
Constructor accepting a
CorsConfigurationSource used by the filter
to find the CorsConfiguration to use for each incoming request. |
| Modifier and Type | Method and Description |
|---|---|
protected void |
doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain)
Same contract as for
doFilter, but guaranteed to be
just invoked once per request within a single request thread. |
void |
setCorsProcessor(CorsProcessor processor)
Configure a custom
CorsProcessor to use to apply the matched
CorsConfiguration for a request. |
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchaddRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContextpublic CorsFilter(CorsConfigurationSource configSource)
CorsConfigurationSource used by the filter
to find the CorsConfiguration to use for each incoming request.UrlBasedCorsConfigurationSourcepublic void setCorsProcessor(CorsProcessor processor)
CorsProcessor to use to apply the matched
CorsConfiguration for a request.
By default DefaultCorsProcessor is used.
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException
OncePerRequestFilterdoFilter, but guaranteed to be
just invoked once per request within a single request thread.
See OncePerRequestFilter.shouldNotFilterAsyncDispatch() for details.
Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
doFilterInternal in class OncePerRequestFilterServletExceptionIOException