Class UrlBasedCorsConfigurationSource
- All Implemented Interfaces:
CorsConfigurationSource
CorsConfigurationSource that uses URL path patterns to select the
CorsConfiguration for a request.
Pattern matching can be done with a PathMatcher or with pre-parsed
PathPatterns. The syntax is largely the same with the latter being more
tailored for web usage and more efficient. The choice depends on the presence of a
resolved String lookupPath or a
parsed RequestPath
with a fallback on PathMatcher but the fallback can be disabled.
For more details, please see setAllowInitLookupPath(boolean).
- Since:
- 4.2
- Author:
- Sebastien Deleuze, Rossen Stoyanchev
- See Also:
-
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor withPathPatternParser.defaultInstance.Constructor with aPathPatternParserto parse patterns with. -
Method Summary
Modifier and TypeMethodDescriptiongetCorsConfiguration(HttpServletRequest request) Return aCorsConfigurationbased on the incoming request.Return all configured CORS mappings.voidregisterCorsConfiguration(String pattern, CorsConfiguration config) Variant ofsetCorsConfigurations(Map)to register one mapping at a time.voidsetAllowInitLookupPath(boolean allowInitLookupPath) When enabled, if there is neither aesolvedString lookupPath nor aparsedRequestPaththen use theconfiguredUrlPathHelperto resolve a String lookupPath.voidsetAlwaysUseFullPath(boolean alwaysUseFullPath) Deprecated.voidsetCorsConfigurations(Map<String, CorsConfiguration> corsConfigurations) Set the CORS configuration mappings.voidDeprecated.as of 5.3 in favor ofUrlPathHelper.PATH_ATTRIBUTE.voidsetPathMatcher(PathMatcher pathMatcher) Configure aPathMatcherto use for pattern matching.voidsetRemoveSemicolonContent(boolean removeSemicolonContent) Deprecated.as of 5.3 in favor of usingsetUrlPathHelper(UrlPathHelper), if at all.voidsetUrlDecode(boolean urlDecode) Deprecated.as of 5.3 in favor of usingsetUrlPathHelper(UrlPathHelper), if at all.voidsetUrlPathHelper(UrlPathHelper urlPathHelper) Configure theUrlPathHelperto resolve the lookupPath.
-
Constructor Details
-
UrlBasedCorsConfigurationSource
public UrlBasedCorsConfigurationSource()Default constructor withPathPatternParser.defaultInstance. -
UrlBasedCorsConfigurationSource
Constructor with aPathPatternParserto parse patterns with.- Parameters:
parser- the parser to use- Since:
- 5.3
-
-
Method Details
-
setAlwaysUseFullPath
Deprecated.as of 5.3 in favor of usingsetUrlPathHelper(UrlPathHelper), if at all. For further details, please seesetAllowInitLookupPath(boolean).Shortcut to thesame propertyon the configuredUrlPathHelper. -
setUrlDecode
Deprecated.as of 5.3 in favor of usingsetUrlPathHelper(UrlPathHelper), if at all. For further details, please seesetAllowInitLookupPath(boolean).Shortcut to thesame propertyon the configuredUrlPathHelper. -
setRemoveSemicolonContent
Deprecated.as of 5.3 in favor of usingsetUrlPathHelper(UrlPathHelper), if at all. For further details, please seesetAllowInitLookupPath(boolean).Shortcut to thesame propertyon the configuredUrlPathHelper. -
setUrlPathHelper
Configure theUrlPathHelperto resolve the lookupPath. This may not be necessary if the lookupPath is expected to be pre-resolved or if parsedPathPatternsare used instead. For further details on that, seesetAllowInitLookupPath(boolean).By default this is
UrlPathHelper.defaultInstance. -
setAllowInitLookupPath
public void setAllowInitLookupPath(boolean allowInitLookupPath) When enabled, if there is neither aesolvedString lookupPath nor aparsedRequestPaththen use theconfiguredUrlPathHelperto resolve a String lookupPath. This in turn determines use of URL pattern matching withPathMatcheror with parsedPathPatterns.In Spring MVC, either a resolved String lookupPath or a parsed
RequestPathis always available withinDispatcherServletprocessing. However in a ServletFiltersuch asCorsFilterthat may or may not be the case.By default this is set to
truein which case lazy lookupPath initialization is allowed. Set this tofalsewhen an application is using parsedPathPatternsin which case theRequestPathcan be parsed earlier viaServletRequestPathFilter.- Parameters:
allowInitLookupPath- whether to disable lazy initialization and fail if not already resolved- Since:
- 5.3
-
setLookupPathAttributeName
Deprecated.as of 5.3 in favor ofUrlPathHelper.PATH_ATTRIBUTE.Configure the name of the attribute that holds the lookupPath extracted viaUrlPathHelper.getLookupPathForRequest(HttpServletRequest).By default this is
UrlPathHelper.PATH_ATTRIBUTE.- Parameters:
name- the request attribute to check- Since:
- 5.2
-
setPathMatcher
Configure aPathMatcherto use for pattern matching.This is an advanced property that should be used only when a customized
AntPathMatcheror a custom PathMatcher is required.By default this is
AntPathMatcher.Note: Setting
PathMatcherenforces use of String pattern matching even when aparsedRequestPathis available. -
setCorsConfigurations
Set the CORS configuration mappings.For pattern syntax see
AntPathMatcherandPathPatternas well as class-level Javadoc for details on which one may in use. Generally the syntax is largely the same withPathPatternmore tailored for web usage.- Parameters:
corsConfigurations- the mappings to use- See Also:
-
registerCorsConfiguration
Variant ofsetCorsConfigurations(Map)to register one mapping at a time.- Parameters:
pattern- the mapping patternconfig- the CORS configuration to use for the pattern- See Also:
-
getCorsConfigurations
Return all configured CORS mappings. -
getCorsConfiguration
Description copied from interface:CorsConfigurationSourceReturn aCorsConfigurationbased on the incoming request.- Specified by:
getCorsConfigurationin interfaceCorsConfigurationSource- Returns:
- the associated
CorsConfiguration, ornullif none
-
setUrlPathHelper(UrlPathHelper), if at all.