View Javadoc

1   /**
2    * Copyright (c) 2002-2011 "Neo Technology,"
3    * Network Engine for Objects in Lund AB [http://neotechnology.com]
4    *
5    * This file is part of Neo4j.
6    *
7    * Neo4j is free software: you can redistribute it and/or modify
8    * it under the terms of the GNU General Public License as published by
9    * the Free Software Foundation, either version 3 of the License, or
10   * (at your option) any later version.
11   *
12   * This program is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15   * GNU General Public License for more details.
16   *
17   * You should have received a copy of the GNU General Public License
18   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
19   */
20  package org.neo4j.server.rest.web;
21  
22  import com.sun.jersey.spi.container.ContainerRequest;
23  import com.sun.jersey.spi.container.ContainerResponse;
24  import com.sun.jersey.spi.container.ContainerResponseFilter;
25  
26  /**
27   * This filter adds the header "Access-Control-Allow-Origin : *" to all
28   * responses that goes through it. This allows modern browsers to do cross-site
29   * requests to us via javascript.
30   * 
31   * @author Jacob Hansson <jacob@voltvoodoo.com>
32   * 
33   */
34  public class AllowAjaxFilter implements ContainerResponseFilter
35  {
36  
37      private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
38      private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
39      private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
40      private static final String ACCESS_CONTROL_REQUEST_METHOD = "access-control-request-method";
41      private static final String ACCESS_CONTROL_REQUEST_HEADERS = "access-control-request-headers";
42  
43      public ContainerResponse filter( ContainerRequest request,
44              ContainerResponse response )
45      {
46  
47          response.getHttpHeaders().add( ACCESS_CONTROL_ALLOW_ORIGIN, "*" );
48  
49          // Allow all forms of requests
50          if ( request.getRequestHeaders().containsKey(
51                  ACCESS_CONTROL_REQUEST_METHOD ) )
52          {
53  
54              for ( String value : request.getRequestHeaders().get(
55                      ACCESS_CONTROL_REQUEST_METHOD ) )
56              {
57                  response.getHttpHeaders().add( ACCESS_CONTROL_ALLOW_METHODS,
58                          value );
59              }
60          }
61  
62          // Allow all types of headers
63          if ( request.getRequestHeaders().containsKey(
64                  ACCESS_CONTROL_REQUEST_HEADERS ) )
65          {
66              for ( String value : request.getRequestHeaders().get(
67                      ACCESS_CONTROL_REQUEST_HEADERS ) )
68              {
69                  response.getHttpHeaders().add( ACCESS_CONTROL_ALLOW_HEADERS,
70                          value );
71              }
72          }
73  
74          return response;
75      }
76  
77  }