Package org.springframework.web.filter
Class CorsFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.web.filter.OncePerRequestFilter
org.springframework.web.filter.CorsFilter
- All Implemented Interfaces:
Filter,Aware,BeanNameAware,DisposableBean,InitializingBean,EnvironmentAware,EnvironmentCapable,ServletContextAware
Filter to handle CORS pre-flight requests and intercept
CORS simple and actual requests with a CorsProcessor, and to update
the response, e.g. with CORS response headers, based on the policy matched
through the provided CorsConfigurationSource.
This is an alternative to configuring CORS in the Spring MVC Java config
and the Spring MVC XML namespace. It is useful for applications depending
only on spring-web (not on spring-webmvc) or for security constraints that
require CORS checks to be performed at Filter level.
This filter could be used in conjunction with DelegatingFilterProxy
in order to help with its initialization.
- Since:
- 4.2
- Author:
- Sebastien Deleuze
- See Also:
-
Field Summary
Fields inherited from class org.springframework.web.filter.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.springframework.web.filter.GenericFilterBean
logger -
Constructor Summary
ConstructorsConstructorDescriptionCorsFilter(CorsConfigurationSource configSource) Constructor accepting aCorsConfigurationSourceused by the filter to find theCorsConfigurationto use for each incoming request. -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) Same contract as fordoFilter, but guaranteed to be just invoked once per request within a single request thread.voidsetCorsProcessor(CorsProcessor processor) Configure a customCorsProcessorto use to apply the matchedCorsConfigurationfor a request.Methods inherited from class org.springframework.web.filter.OncePerRequestFilter
doFilter, doFilterNestedErrorDispatch, getAlreadyFilteredAttributeName, isAsyncDispatch, isAsyncStarted, shouldNotFilter, shouldNotFilterAsyncDispatch, shouldNotFilterErrorDispatchMethods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, afterPropertiesSet, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
CorsFilter
Constructor accepting aCorsConfigurationSourceused by the filter to find theCorsConfigurationto use for each incoming request.- See Also:
-
-
Method Details
-
setCorsProcessor
Configure a customCorsProcessorto use to apply the matchedCorsConfigurationfor a request.By default
DefaultCorsProcessoris used. -
doFilterInternal
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException Description copied from class:OncePerRequestFilterSame contract as fordoFilter, but guaranteed to be just invoked once per request within a single request thread. SeeOncePerRequestFilter.shouldNotFilterAsyncDispatch()for details.Provides HttpServletRequest and HttpServletResponse arguments instead of the default ServletRequest and ServletResponse ones.
- Specified by:
doFilterInternalin classOncePerRequestFilter- Throws:
ServletExceptionIOException
-