Class CorsFilterHeaplet

java.lang.Object
org.forgerock.openig.heap.GenericHeaplet
org.forgerock.openig.filter.CorsFilterHeaplet
All Implemented Interfaces:
Heaplet

public class CorsFilterHeaplet extends GenericHeaplet
A CorsFilterHeaplet configures a CorsFilter in a heap environment.

It will select an applicable CORS policy based on the request's Origin header value.

{
   "type": "CorsFilter",
   "config": {
     "policies"        : list<policy> [REQUIRED - List of CORS policies. ]
     "failureHandler"  : handler      [OPTIONAL - Handler called on failure. ]
   }
 }
 

Each CORS policy is defined as the following:

{
   "acceptedOrigins":  list<url>          [REQUIRED - List of URL for matching Origin (case insensitive).
                       "*"                            Use this literal to accept any origin. ]
   "acceptedMethods":  list<string>       [OPTIONAL - Set of accepted method names (case sensitive).
                       "*"                            Use this literal to accept any methods.
                                                      Defaults to none (no methods are accepted). ]
   "acceptedHeaders":  list<string>       [OPTIONAL - Set of accepted header names (case insensitive).
                       "*"                            Use this literal to accept all headers.
                                                      Defaults to none (no headers are accepted). ]
   "exposedHeaders":   list<string>       [OPTIONAL - List of exposed headers. Defaults to empty list. ]
   "maxAge":           duration           [OPTIONAL - Maximum duration to cache preflight result.
                                                      Defaults to omit header. ]
   "allowCredentials": boolean            [OPTIONAL - Are credentials allowed ? Defaults to false. ]
 }
 

The origins are defined as URLs with nothing else than scheme, hostname and optionally a port number (typically http://www.example.com). If port number is not defined, origins with either no port number or with the default port number (80 for http, 443 for https) are accepted.

  • Constructor Details

    • CorsFilterHeaplet

      public CorsFilterHeaplet()
  • Method Details