源代码

001/**
002 * Copyright (c) 2015-2022, Michael Yang 杨福海 (fuhai999@gmail.com).
003 * <p>
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 * <p>
008 * http://www.apache.org/licenses/LICENSE-2.0
009 * <p>
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016package io.jboot.web.cors;
017
018import com.jfinal.aop.Interceptor;
019import com.jfinal.aop.Invocation;
020import com.jfinal.ext.cors.EnableCORS;
021import io.jboot.aop.InterceptorBuilder;
022import io.jboot.aop.Interceptors;
023import io.jboot.aop.annotation.AutoLoad;
024import io.jboot.utils.StrUtil;
025
026import javax.servlet.http.HttpServletResponse;
027import java.lang.reflect.Method;
028
029/**
030 * @author Michael Yang 杨福海 （fuhai999@gmail.com）
031 * @version V1.0
032 * @Title: CORS 处理相关 拦截器
033 */
034@AutoLoad
035public class CORSInterceptor implements Interceptor, InterceptorBuilder {
036
037    private static final String METHOD_OPTIONS = "OPTIONS";
038
039
040    @Override
041    public void intercept(Invocation inv) {
042
043        EnableCORS enableCORS = getAnnotation(inv);
044
045        if (enableCORS == null) {
046            inv.invoke();
047            return;
048        }
049
050        process(inv, CORSConfig.fromAnnotation(enableCORS));
051    }
052
053
054    private EnableCORS getAnnotation(Invocation inv) {
055        EnableCORS enableCORS = inv.getController().getClass().getAnnotation(EnableCORS.class);
056        return enableCORS != null ? enableCORS : inv.getMethod().getAnnotation(EnableCORS.class);
057    }
058
059
060    public static void process(Invocation inv, CORSConfig config) {
061        //配置 http 头信息
062        configHeaders(inv.getController().getResponse(), config);
063
064        String method = inv.getController().getRequest().getMethod();
065        if (METHOD_OPTIONS.equalsIgnoreCase(method)) {
066            inv.getController().renderText("");
067        } else {
068            inv.invoke();
069        }
070    }
071
072
073    private static void configHeaders(HttpServletResponse response, CORSConfig config) {
074        response.setHeader("Access-Control-Allow-Origin", config.getAllowOrigin());
075        response.setHeader("Access-Control-Allow-Methods", config.getAllowMethods());
076        response.setHeader("Access-Control-Allow-Headers", config.getAllowHeaders());
077        response.setHeader("Access-Control-Max-Age", config.getMaxAge());
078        response.setHeader("Access-Control-Allow-Credentials", config.getAllowCredentials());
079
080        if (StrUtil.isNotBlank(config.getExposeHeaders())) {
081            response.setHeader("Access-Control-Expose-Headers", config.getExposeHeaders());
082        }
083
084        if (StrUtil.isNotBlank(config.getRequestHeaders())) {
085            response.setHeader("Access-Control-Request-Headers", config.getRequestHeaders());
086        }
087
088        if (StrUtil.isNotBlank(config.getRequestMethod())) {
089            response.setHeader("Access-Control-Request-Method", config.getRequestMethod());
090        }
091
092        if (StrUtil.isNotBlank(config.getOrigin())) {
093            response.setHeader("Origin", config.getOrigin());
094        }
095    }
096
097
098    @Override
099    public void build(Class<?> targetClass, Method method, Interceptors interceptors) {
100        if (Util.isController(targetClass) && Util.hasAnnotation(targetClass, method, EnableCORS.class)) {
101            interceptors.addToFirstIfNotExist(CORSInterceptor.class);
102        }
103    }
104
105}