CustomHeadersCORSFilter.java

package it.miriade.infobus.web.filters;

import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 * Permette di impostare <strong>qualunque</strong> header nel CORS filter, ovvero ogni init-param viene direttamente mappato ad un header:
 * 
 * <pre>
 * &lt;init-param&gt;
 * 	&lt;param-name&gt;Access-Control-Allow-Methods&lt;/param-name&gt;
 * 	&lt;param-value&gt;GET,POST,PUT,DELETE,OPTIONS,HEAD&lt;/param-value&gt;
 * &lt;/init-param&gt;
 * &lt;init-param&gt;
 * 	&lt;param-name&gt;pinco-pallo&lt;/param-name&gt;
 * 	&lt;param-value&gt;pallo-pinco&lt;/param-value&gt;
 * &lt;/init-param&gt;
 * </pre>
 * 
 * Viene tradotto programmaticamente in:
 * 
 * <pre>
 * httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,DELETE,OPTIONS,HEAD");
 * httpServletResponse.setHeader("pinco-pallo", "pallo-pinco");
 * </pre>
 * 
 * @author svaponi
 */
public class CustomHeadersCORSFilter implements Filter {

	/*
	 * Default header names
	 */
	public static final String Access_Control_Allow_Headers = "Access-Control-Allow-Headers";
	public static final String Access_Control_Allow_Methods = "Access-Control-Allow-Methods";
	public static final String Access_Control_Allow_Origin = "Access-Control-Allow-Origin";
	public static final String Access_Control_Max_Age = "Access-Control-Max-Age";

	/*
	 * Default header values (valori comunemente usati)
	 */
	public static final String Allow_Headers_Default = "Access-Control-Allow-Headers,Access-Control-Allow-Methods,Access-Control-Allow-Origin,Access-Control-Max-Age,Authorization,Content-Type,X-Requested-With";
	public static final String Allow_Methods_Default = "GET,POST,PUT,DELETE,OPTIONS";
	public static final String Allow_Origin_Default = "*";
	public static final String MAX_AGE_Default = "3600";
	
	private final Logger logger = LoggerFactory.getLogger(this.getClass());
	private Map<String, String> accessControlHeaders;


	@Override
	public void init(FilterConfig filterConfig) throws ServletException {

		accessControlHeaders = new HashMap<String, String>();
		accessControlHeaders.put(Access_Control_Allow_Headers, Allow_Headers_Default);
		accessControlHeaders.put(Access_Control_Allow_Methods, Allow_Methods_Default);
		accessControlHeaders.put(Access_Control_Allow_Origin, Allow_Origin_Default);
		accessControlHeaders.put(Access_Control_Max_Age, MAX_AGE_Default);

		String value;
		for (String param: Collections.list(filterConfig.getInitParameterNames())) {
			value = filterConfig.getInitParameter(param);
			accessControlHeaders.put(param, value);
		}

		if (logger.isDebugEnabled())
			for (String headerName : accessControlHeaders.keySet())
				logger.debug("CORS filter header \"{}\" => \"{}\" ", headerName, accessControlHeaders.get(headerName));
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
			throws IOException, ServletException {

		boolean isHttpResponse = response instanceof HttpServletResponse;
		HttpServletResponse httpResponse = null;

		if (isHttpResponse) {
			httpResponse = ((HttpServletResponse) response);
			for (String headerName : accessControlHeaders.keySet())
				httpResponse.setHeader(headerName, accessControlHeaders.get(headerName));
		}

		chain.doFilter(request, response);		
	}
	
	@Override
	public void destroy() {
	}
}