Skip to content

Commit c813a24

Browse files
authored
Add CORS support for SE and MP applications to 2.x (helidon-io#1633)
1 parent b1de962 commit c813a24

41 files changed

Lines changed: 4777 additions & 0 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

bom/pom.xml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,11 @@
6868
<artifactId>helidon-webserver-tyrus</artifactId>
6969
<version>${helidon.version}</version>
7070
</dependency>
71+
<dependency>
72+
<groupId>io.helidon.webserver</groupId>
73+
<artifactId>helidon-webserver-cors</artifactId>
74+
<version>${helidon.version}</version>
75+
</dependency>
7176
<!-- Helidon Jersey -->
7277
<dependency>
7378
<groupId>io.helidon.jersey</groupId>
@@ -161,6 +166,11 @@
161166
<artifactId>helidon-microprofile-grpc-client</artifactId>
162167
<version>${helidon.version}</version>
163168
</dependency>
169+
<dependency>
170+
<groupId>io.helidon.microprofile</groupId>
171+
<artifactId>helidon-microprofile-cors</artifactId>
172+
<version>${helidon.version}</version>
173+
</dependency>
164174
<!-- media -->
165175
<dependency>
166176
<groupId>io.helidon.media</groupId>
@@ -808,6 +818,12 @@
808818
<artifactId>helidon-microprofile-openapi</artifactId>
809819
<version>${helidon.version}</version>
810820
</dependency>
821+
<!-- CORS support -->
822+
<dependency>
823+
<groupId>io.helidon.webserver.cors</groupId>
824+
<artifactId>helidon-cors</artifactId>
825+
<version>${helidon.version}</version>
826+
</dependency>
811827
</dependencies>
812828
</dependencyManagement>
813829
</project>

microprofile/bundles/helidon-microprofile/pom.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -74,6 +74,10 @@
7474
<groupId>io.helidon.microprofile.tracing</groupId>
7575
<artifactId>helidon-microprofile-tracing</artifactId>
7676
</dependency>
77+
<dependency>
78+
<groupId>io.helidon.microprofile</groupId>
79+
<artifactId>helidon-microprofile-cors</artifactId>
80+
</dependency>
7781
<dependency>
7882
<groupId>org.glassfish.jersey.media</groupId>
7983
<artifactId>jersey-media-json-binding</artifactId>

microprofile/cors/pom.xml

Lines changed: 70 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,70 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
4+
Copyright (c) 2019, 2020 Oracle and/or its affiliates.
5+
6+
Licensed under the Apache License, Version 2.0 (the "License");
7+
you may not use this file except in compliance with the License.
8+
You may obtain a copy of the License at
9+
10+
http://www.apache.org/licenses/LICENSE-2.0
11+
12+
Unless required by applicable law or agreed to in writing, software
13+
distributed under the License is distributed on an "AS IS" BASIS,
14+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
See the License for the specific language governing permissions and
16+
limitations under the License.
17+
18+
-->
19+
20+
<project xmlns="http://maven.apache.org/POM/4.0.0"
21+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
22+
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
23+
<modelVersion>4.0.0</modelVersion>
24+
<parent>
25+
<groupId>io.helidon.microprofile</groupId>
26+
<artifactId>helidon-microprofile-project</artifactId>
27+
<version>2.0.0-SNAPSHOT</version>
28+
</parent>
29+
30+
<artifactId>helidon-microprofile-cors</artifactId>
31+
<name>Helidon Microprofile CORS</name>
32+
33+
<dependencies>
34+
<dependency>
35+
<groupId>javax.ws.rs</groupId>
36+
<artifactId>javax.ws.rs-api</artifactId>
37+
<scope>provided</scope>
38+
</dependency>
39+
<dependency>
40+
<groupId>io.helidon.jersey</groupId>
41+
<artifactId>helidon-jersey-common</artifactId>
42+
</dependency>
43+
<dependency>
44+
<groupId>io.helidon.webserver</groupId>
45+
<artifactId>helidon-webserver</artifactId>
46+
</dependency>
47+
<dependency>
48+
<groupId>io.helidon.webserver</groupId>
49+
<artifactId>helidon-webserver-jersey</artifactId>
50+
</dependency>
51+
<dependency>
52+
<groupId>io.helidon.microprofile.config</groupId>
53+
<artifactId>helidon-microprofile-config</artifactId>
54+
</dependency>
55+
<dependency>
56+
<groupId>io.helidon.webserver</groupId>
57+
<artifactId>helidon-webserver-cors</artifactId>
58+
</dependency>
59+
<dependency>
60+
<groupId>io.helidon.microprofile.bundles</groupId>
61+
<artifactId>internal-test-libs</artifactId>
62+
<scope>test</scope>
63+
</dependency>
64+
<dependency>
65+
<groupId>io.helidon.microprofile.server</groupId>
66+
<artifactId>helidon-microprofile-server</artifactId>
67+
<scope>test</scope>
68+
</dependency>
69+
</dependencies>
70+
</project>
Lines changed: 184 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,184 @@
1+
/*
2+
* Copyright (c) 2020 Oracle and/or its affiliates.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*
16+
*/
17+
package io.helidon.microprofile.cors;
18+
19+
import java.util.List;
20+
import java.util.Optional;
21+
import java.util.function.Supplier;
22+
23+
import javax.ws.rs.container.ContainerRequestContext;
24+
import javax.ws.rs.container.ContainerResponseContext;
25+
import javax.ws.rs.core.MultivaluedHashMap;
26+
import javax.ws.rs.core.MultivaluedMap;
27+
import javax.ws.rs.core.Response;
28+
29+
import io.helidon.webserver.cors.CorsSupportBase;
30+
import io.helidon.webserver.cors.CrossOriginConfig;
31+
32+
/**
33+
* MP implementation of {@link CorsSupportBase}.
34+
*/
35+
class CorsSupportMp extends CorsSupportBase {
36+
37+
/**
38+
*
39+
* @return a new builder of CorsSupportMp
40+
*/
41+
static Builder builder() {
42+
return new Builder();
43+
}
44+
45+
private CorsSupportMp(Builder builder) {
46+
super(builder);
47+
}
48+
49+
/**
50+
* <em>Not for developer use.</em> Submits a request adapter and response adapter for CORS processing.
51+
*
52+
* @param requestAdapter wrapper around the request
53+
* @param responseAdapter wrapper around the response
54+
* @return Optional of the response type U; present if the response should be returned, empty if request processing should
55+
* continue
56+
*/
57+
@Override
58+
protected <T, U> Optional<U> processRequest(RequestAdapter<T> requestAdapter,
59+
ResponseAdapter<U> responseAdapter) {
60+
return super.processRequest(requestAdapter, responseAdapter);
61+
}
62+
63+
/**
64+
* <em>Not for developer user.</em> Gets a response ready to participate in the CORS protocol.
65+
*
66+
* @param requestAdapter wrapper around the request
67+
* @param responseAdapter wrapper around the response
68+
*/
69+
@Override
70+
protected <T, U> void prepareResponse(RequestAdapter<T> requestAdapter, ResponseAdapter<U> responseAdapter) {
71+
super.prepareResponse(requestAdapter, responseAdapter);
72+
}
73+
74+
static class Builder extends CorsSupportBase.Builder<CorsSupportMp, Builder> {
75+
76+
@Override
77+
public CorsSupportMp build() {
78+
return new CorsSupportMp(this);
79+
}
80+
81+
@Override
82+
protected Builder me() {
83+
return this;
84+
}
85+
86+
@Override
87+
protected Builder secondaryLookupSupplier(
88+
Supplier<Optional<CrossOriginConfig>> secondaryLookupSupplier) {
89+
super.secondaryLookupSupplier(secondaryLookupSupplier);
90+
return this;
91+
}
92+
}
93+
94+
static class RequestAdapterMp implements RequestAdapter<ContainerRequestContext> {
95+
96+
private final ContainerRequestContext requestContext;
97+
98+
RequestAdapterMp(ContainerRequestContext requestContext) {
99+
this.requestContext = requestContext;
100+
}
101+
102+
@Override
103+
public String path() {
104+
return requestContext.getUriInfo().getPath();
105+
}
106+
107+
@Override
108+
public Optional<String> firstHeader(String s) {
109+
return Optional.ofNullable(requestContext.getHeaders().getFirst(s));
110+
}
111+
112+
@Override
113+
public boolean headerContainsKey(String s) {
114+
return requestContext.getHeaders().containsKey(s);
115+
}
116+
117+
@Override
118+
public List<String> allHeaders(String s) {
119+
return requestContext.getHeaders().get(s);
120+
}
121+
122+
@Override
123+
public String method() {
124+
return requestContext.getMethod();
125+
}
126+
127+
@Override
128+
public ContainerRequestContext request() {
129+
return requestContext;
130+
}
131+
132+
@Override
133+
public void next() {
134+
}
135+
136+
@Override
137+
public String toString() {
138+
return String.format("RequestAdapterMp{path=%s, method=%s, headers=%s}", path(), method(),
139+
requestContext.getHeaders());
140+
}
141+
}
142+
143+
static class ResponseAdapterMp implements ResponseAdapter<Response> {
144+
145+
private final MultivaluedMap<String, Object> headers;
146+
147+
ResponseAdapterMp(ContainerResponseContext responseContext) {
148+
headers = responseContext.getHeaders();
149+
}
150+
151+
ResponseAdapterMp() {
152+
headers = new MultivaluedHashMap<>();
153+
}
154+
155+
@Override
156+
public ResponseAdapter<Response> header(String key, String value) {
157+
headers.add(key, value);
158+
return this;
159+
}
160+
161+
@Override
162+
public ResponseAdapter<Response> header(String key, Object value) {
163+
headers.add(key, value);
164+
return this;
165+
}
166+
167+
@Override
168+
public Response forbidden(String message) {
169+
return Response.status(Response.Status.FORBIDDEN).entity(message).build();
170+
}
171+
172+
@Override
173+
public Response ok() {
174+
Response.ResponseBuilder builder = Response.ok();
175+
/*
176+
* The Helidon CORS support code invokes ok() only for creating a CORS preflight response. In these cases no user
177+
* code will have a chance to set headers in the response. That means we can use replaceAll here because the only
178+
* headers needed in the response are the ones set using this adapter.
179+
*/
180+
builder.replaceAll(headers);
181+
return builder.build();
182+
}
183+
}
184+
}
Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
/*
2+
* Copyright (c) 2020 Oracle and/or its affiliates.
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package io.helidon.microprofile.cors;
18+
19+
import java.lang.annotation.Documented;
20+
import java.lang.annotation.Retention;
21+
import java.lang.annotation.Target;
22+
23+
import static io.helidon.webserver.cors.CrossOriginConfig.DEFAULT_AGE;
24+
import static java.lang.annotation.ElementType.METHOD;
25+
import static java.lang.annotation.RetentionPolicy.RUNTIME;
26+
27+
/**
28+
* CrossOrigin annotation.
29+
*/
30+
@Target(METHOD)
31+
@Retention(RUNTIME)
32+
@Documented
33+
public @interface CrossOrigin {
34+
35+
/**
36+
* A list of origins that are allowed such as {@code "http://foo.com"} or
37+
* {@code "*"} to allow all origins. Corresponds to header {@code
38+
* Access-Control-Allow-Origin}.
39+
*
40+
* @return Allowed origins.
41+
*/
42+
String[] value() default {"*"};
43+
44+
/**
45+
* A list of request headers that are allowed or {@code "*"} to allow all headers.
46+
* Corresponds to {@code Access-Control-Allow-Headers}.
47+
*
48+
* @return Allowed headers.
49+
*/
50+
String[] allowHeaders() default {"*"};
51+
52+
/**
53+
* A list of response headers allowed for clients other than the "standard"
54+
* ones. Corresponds to {@code Access-Control-Expose-Headers}.
55+
*
56+
* @return Exposed headers.
57+
*/
58+
String[] exposeHeaders() default {};
59+
60+
/**
61+
* A list of supported HTTP request methods. In response to pre-flight
62+
* requests. Corresponds to {@code Access-Control-Allow-Methods}.
63+
*
64+
* @return Allowed methods.
65+
*/
66+
String[] allowMethods() default {"*"};
67+
68+
/**
69+
* Whether the client can send cookies or credentials. Corresponds to {@code
70+
* Access-Control-Allow-Credentials}.
71+
*
72+
* @return Allowed credentials.
73+
*/
74+
boolean allowCredentials() default false;
75+
76+
/**
77+
* Pre-flight response duration in seconds. After time expires, a new pre-flight
78+
* request is required. Corresponds to {@code Access-Control-Max-Age}.
79+
*
80+
* @return Max age.
81+
*/
82+
long maxAge() default DEFAULT_AGE;
83+
}

0 commit comments

Comments
 (0)