Examples with AVAILABLE_HTTP_METHODS - io.micronaut.http.HttpAttributes.AVAILABLE_HTTP

Example 1 with AVAILABLE_HTTP_METHODS

use of io.micronaut.http.HttpAttributes.AVAILABLE_HTTP_METHODS in project micronaut-core by micronaut-projects.

the class CorsFilter method handleRequest.

/**
 * Handles a CORS {@link HttpRequest}.
 *
 * @param request The {@link HttpRequest} object
 * @return An optional {@link MutableHttpResponse}. The request should proceed normally if empty
 */
protected Optional<MutableHttpResponse<?>> handleRequest(HttpRequest request) {
    HttpHeaders headers = request.getHeaders();
    Optional<String> originHeader = headers.getOrigin();
    if (originHeader.isPresent()) {
        String requestOrigin = originHeader.get();
        boolean preflight = CorsUtil.isPreflightRequest(request);
        Optional<CorsOriginConfiguration> optionalConfig = getConfiguration(requestOrigin);
        if (optionalConfig.isPresent()) {
            CorsOriginConfiguration config = optionalConfig.get();
            HttpMethod requestMethod = request.getMethod();
            List<HttpMethod> allowedMethods = config.getAllowedMethods();
            HttpMethod methodToMatch = preflight ? headers.getFirst(ACCESS_CONTROL_REQUEST_METHOD, CONVERSION_CONTEXT_HTTP_METHOD).orElse(requestMethod) : requestMethod;
            if (!isAnyMethod(allowedMethods)) {
                if (allowedMethods.stream().noneMatch(method -> method.equals(methodToMatch))) {
                    return Optional.of(HttpResponse.status(HttpStatus.FORBIDDEN));
                }
            }
            Optional<? extends ArrayList<HttpMethod>> availableHttpMethods = (Optional<? extends ArrayList<HttpMethod>>) request.getAttribute(AVAILABLE_HTTP_METHODS, new ArrayList<HttpMethod>().getClass());
            if (preflight && availableHttpMethods.isPresent() && availableHttpMethods.get().stream().anyMatch(method -> method.equals(methodToMatch))) {
                Optional<List<String>> accessControlHeaders = headers.get(ACCESS_CONTROL_REQUEST_HEADERS, ConversionContext.LIST_OF_STRING);
                List<String> allowedHeaders = config.getAllowedHeaders();
                if (!isAny(allowedHeaders) && accessControlHeaders.isPresent()) {
                    if (!accessControlHeaders.get().stream().allMatch(header -> allowedHeaders.stream().anyMatch(allowedHeader -> allowedHeader.equalsIgnoreCase(header.trim())))) {
                        return Optional.of(HttpResponse.status(HttpStatus.FORBIDDEN));
                    }
                }
                MutableHttpResponse<Object> ok = HttpResponse.ok();
                handleResponse(request, ok);
                return Optional.of(ok);
            }
        }
    }
    return Optional.empty();
}

Also used : AVAILABLE_HTTP_METHODS(io.micronaut.http.HttpAttributes.AVAILABLE_HTTP_METHODS) Filter(io.micronaut.http.annotation.Filter) Publishers(io.micronaut.core.async.publisher.Publishers) ServerFilterChain(io.micronaut.http.filter.ServerFilterChain) ArgumentConversionContext(io.micronaut.core.convert.ArgumentConversionContext) HttpHeaders(io.micronaut.http.HttpHeaders) ArrayList(java.util.ArrayList) Matcher(java.util.regex.Matcher) HttpStatus(io.micronaut.http.HttpStatus) Map(java.util.Map) HttpResponse(io.micronaut.http.HttpResponse) HttpRequest(io.micronaut.http.HttpRequest) ServerFilterPhase(io.micronaut.http.filter.ServerFilterPhase) HttpMethod(io.micronaut.http.HttpMethod) HttpServerConfiguration(io.micronaut.http.server.HttpServerConfiguration) Publisher(org.reactivestreams.Publisher) MutableHttpResponse(io.micronaut.http.MutableHttpResponse) Collectors(java.util.stream.Collectors) StringUtils(io.micronaut.core.util.StringUtils) List(java.util.List) ConversionContext(io.micronaut.core.convert.ConversionContext) ImmutableArgumentConversionContext(io.micronaut.core.convert.ImmutableArgumentConversionContext) HttpServerFilter(io.micronaut.http.filter.HttpServerFilter) Optional(java.util.Optional) Pattern(java.util.regex.Pattern) HttpHeaders(io.micronaut.http.HttpHeaders) Optional(java.util.Optional) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) HttpMethod(io.micronaut.http.HttpMethod)

Aggregations

Publishers (io.micronaut.core.async.publisher.Publishers)1 ArgumentConversionContext (io.micronaut.core.convert.ArgumentConversionContext)1 ConversionContext (io.micronaut.core.convert.ConversionContext)1 ImmutableArgumentConversionContext (io.micronaut.core.convert.ImmutableArgumentConversionContext)1 StringUtils (io.micronaut.core.util.StringUtils)1 AVAILABLE_HTTP_METHODS (io.micronaut.http.HttpAttributes.AVAILABLE_HTTP_METHODS)1 HttpHeaders (io.micronaut.http.HttpHeaders)1 HttpMethod (io.micronaut.http.HttpMethod)1 HttpRequest (io.micronaut.http.HttpRequest)1 HttpResponse (io.micronaut.http.HttpResponse)1 HttpStatus (io.micronaut.http.HttpStatus)1 MutableHttpResponse (io.micronaut.http.MutableHttpResponse)1 Filter (io.micronaut.http.annotation.Filter)1 HttpServerFilter (io.micronaut.http.filter.HttpServerFilter)1 ServerFilterChain (io.micronaut.http.filter.ServerFilterChain)1 ServerFilterPhase (io.micronaut.http.filter.ServerFilterPhase)1 HttpServerConfiguration (io.micronaut.http.server.HttpServerConfiguration)1 ArrayList (java.util.ArrayList)1 List (java.util.List)1 Map (java.util.Map)1