Introduction Controller method CORS configuration
27. CORS Support
27.1 Introduction
For security reasons, browsers prohibit AJAX calls to resources residing outside the current origin. For example, as you’re checking your bank account in one tab, you could have the evil.com website open in another tab. The scripts from evil.com should not be able to make AJAX requests to your bank API e.g., withdrawing money from your account using your credentials. Cross-origin resource sharing CORS is a W3C specification implemented by most browsers that allows you to specify in a flexible way what kind of cross domain requests are authorized, instead of using some less secured and less powerful hacks like IFRAME or JSONP. As of Spring Framework 4.2, CORS is supported out of the box. CORS requests including preflight ones with an OPTIONS method are automatically dispatched to the various registered HandlerMapping s. They handle CORS preflight requests and intercept CORS simple and actual requests thanks to a CorsProcessor implementation DefaultCorsProcessor by default in order to add the relevant CORS response headers like Access-Control-Allow-Origin based on the CORS configuration you have provided. Note Since CORS requests are automatically dispatched, you do not need to change the DispatcherServlet dispatchOptionsRequest init parameter value; using its default value false is the recommended approach.27.2 Controller method CORS configuration
You can add an CrossOrigin annotation to your RequestMapping annotated handler method in order to enable CORS on it. By default CrossOrigin allows all origins and the HTTP methods specified in the RequestMapping annotation: RestController RequestMappingaccount public class AccountController { CrossOrigin RequestMapping{id} public Account retrieve PathVariable Long id { ... } RequestMappingmethod = RequestMethod.DELETE, path = {id} public void remove PathVariable Long id { ... } } It is also possible to enable CORS for the whole controller: 4.3.9.RELEASE Spring Framework 664 CrossOriginorigins = http:domain2.com, maxAge = 3600 RestController RequestMappingaccount public class AccountController { RequestMapping{id} public Account retrieve PathVariable Long id { ... } RequestMappingmethod = RequestMethod.DELETE, path = {id} public void remove PathVariable Long id { ... } } In the above example CORS support is enabled for both the retrieve and the remove handler methods, and you can also see how you can customize the CORS configuration using CrossOrigin attributes. You can even use both controller-level and method-level CORS configurations; Spring will then combine attributes from both annotations to create merged CORS configuration. CrossOriginmaxAge = 3600 RestController RequestMappingaccount public class AccountController { CrossOriginhttp:domain2.com RequestMapping{id} public Account retrieve PathVariable Long id { ... } RequestMappingmethod = RequestMethod.DELETE, path = {id} public void remove PathVariable Long id { ... } }27.3 Global CORS configuration
Parts
» Dependency Injection and Inversion of Control Framework Modules
» Usage scenarios Introduction to the Spring Framework
» Java EE 6 and 7 Groovy Bean Definition DSL
» Core Container Improvements General Web Improvements
» WebSocket, SockJS, and STOMP Messaging Testing Improvements
» JMS Improvements Caching Improvements
» Web Improvements New Features and Enhancements in Spring Framework 1
» WebSocket Messaging Improvements Testing Improvements
» Core Container Improvements New Features and Enhancements in Spring Framework 4.2
» Data Access Improvements JMS Improvements Web Improvements
» Core Container Improvements Data Access Improvements Caching Improvements
» JMS Improvements Web Improvements WebSocket Messaging Improvements Testing Improvements
» Introduction to the Spring IoC container and beans
» Container overview The IoC container
» Bean overview The IoC container
» Dependencies The IoC container
» y.Baz beans The IoC container
» driverClassName = username = The IoC container
» email = spouse-ref = The IoC container
» y.Bar bean y.Foo constructor-arg y.Foo c:bar-ref baz-ref = y.Foo c:_0-ref _1-ref =
» y.z.MyValueCalculator b.c.ReplacementComputeValue Bean scopes
» y.Foo property Customizing the nature of a bean
» Bean definition inheritance The IoC container
» Container Extension Points The IoC container
» Annotation-based container configuration The IoC container
» Classpath scanning and managed components
» Using JSR 330 Standard Annotations
» Java-based container configuration The IoC container
» Environment abstraction The IoC container
» Registering a LoadTimeWeaver Additional Capabilities of the ApplicationContext
» The BeanFactory The IoC container
» Introduction The Resource interface
» Built-in Resource implementations Resources
» The ResourceLoaderAware interface Resources
» Resources as dependencies Application contexts and Resource paths
» Introduction Validation, Data Binding, and Type Conversion
» Validation using Spring’s Validator interface
» Resolving codes to error messages Bean manipulation and the BeanWrapper
» Spring Type Conversion Validation, Data Binding, and Type Conversion
» Spring Field Formatting Validation, Data Binding, and Type Conversion
» Configuring a global date time format
» Spring Validation Validation, Data Binding, and Type Conversion
» Introduction Feature Overview Spring Expression Language SpEL
» Expression Evaluation using Spring’s Expression Interface
» Expression support for defining bean definitions
» Language Reference Spring Expression Language SpEL
» 3e0 4 .getValueDouble. 4e0 2 .getValueDouble.
» Classes used in the examples
» Introduction Aspect Oriented Programming with Spring
» Schema-based AOP support Aspect Oriented Programming with Spring
» y.service.DefaultFooService y.SimpleProfiler aop:config
» Choosing which AOP declaration style to use
» Mixing aspect types Proxying mechanisms
» Introduction Pointcut API in Spring
» Advisor API in Spring Using the ProxyFactoryBean to create AOP proxies
» Concise proxy definitions Spring AOP APIs
» Creating AOP proxies programmatically with the ProxyFactory Manipulating advised objects
» Using the auto-proxy facility
» Using TargetSources Spring AOP APIs
» Mock Objects Unit Testing support Classes
» Overview Goals of Integration Testing
» JDBC Testing Support Annotations
» Spring TestContext Framework Integration Testing
» loginAction-ref = username = userPreferences-ref = theme =
» PetClinic Example Integration Testing
» Understanding the Spring Framework transaction abstraction
» Synchronizing resources with transactions
» Declarative transaction management Transaction Management
» y.service.DefaultFooService Transaction Management
» y.service.DefaultFooService y.SimpleProfiler y.service.DefaultFooService
» y.SimpleProfiler Transaction Management
» Programmatic transaction management Transaction Management
» Choosing between programmatic and declarative transaction management Transaction bound event
» Application server-specific integration Transaction Management
» Introduction Consistent exception hierarchy
» Annotations used for configuring DAO or Repository classes
» Introduction to Spring Framework JDBC
» Using the JDBC core classes to control basic JDBC processing and error handling
» Controlling database connections Data access with JDBC
» JDBC batch operations Data access with JDBC
» Simplifying JDBC operations with the SimpleJdbc classes
» Modeling JDBC operations as Java objects
» Common problems with parameter and data value handling
» Embedded database support Data access with JDBC
» Initializing a DataSource Data access with JDBC
» Introduction to ORM with Spring
» General ORM integration considerations
» Hibernate Object Relational Mapping ORM Data Access
» JDO Object Relational Mapping ORM Data Access
» Introduction Marshaller and Unmarshaller
» Using Marshaller and Unmarshaller
» XML Schema-based Configuration JAXB
» Castor Marshalling XML using OX Mappers
» XMLBeans JiBX Marshalling XML using OX Mappers
» XStream Marshalling XML using OX Mappers
» Introduction to Spring Web MVC framework
» The DispatcherServlet Web MVC framework
» Handler mappings Web MVC framework
» Resolving views Web MVC framework
» Using flash attributes Web MVC framework
» Building URIs Web MVC framework
» Using locales Web MVC framework
» Using themes Web MVC framework
» Spring’s multipart file upload support
» Handling exceptions Web MVC framework
» Web Security Convention over configuration support
» y.RegistrationController HTTP caching support
» Code-based Servlet container initialization
» Configuring Spring MVC Web MVC framework
» simpleDateFormat = Web MVC framework
» Introduction Thymeleaf Groovy Markup Templates
» Velocity FreeMarker View technologies
» Document views PDFExcel Property
» Feed Views JSON Mapping View
» Introduction Integrating with other web frameworks
» Common configuration Integrating with other web frameworks
» JavaServer Faces 1.2 Apache Struts 2.x
» Introduction Portlet MVC Framework
» The DispatcherPortlet Portlet MVC Framework
» The ViewRendererServlet Controllers Portlet MVC Framework
» Handler mappings Portlet MVC Framework
» Views and resolving them Multipart file upload support
» Handling exceptions Annotation-based controller configuration
» absolute-ordering absolute-ordering WebSocket API
» SockJS Fallback Options WebSocket Support
» STOMP Over WebSocket Messaging Architecture
» Introduction Controller method CORS configuration
» Global CORS configuration Advanced Customization
» Introduction Remoting and web services using Spring
» Using Hessian or Burlap to remotely call services via HTTP
» Exposing services using HTTP invokers
» Web services Remoting and web services using Spring
» JMS Remoting and web services using Spring
» Accessing RESTful services on the Client
» Introduction Accessing EJBs Enterprise JavaBeans EJB integration
» Introduction JMS Java Message Service
» Using Spring JMS JMS Java Message Service
» Sending a Message JMS Java Message Service
» Receiving a message JMS Java Message Service
» Support for JCA Message Endpoints
» Annotation-driven listener endpoints JMS Java Message Service
» JMS namespace support JMS Java Message Service
» Introduction Exporting your beans to JMX
» Controlling the management interface of your beans
» Controlling the ObjectNames for your beans
» Accessing MBeans via Proxies
» Introduction Configuring CCI JCA CCI
» Using Spring’s CCI access support
» Modeling CCI access as operation objects
» Using the JavaMail MimeMessageHelper
» Introduction The Spring TaskExecutor abstraction
» The Spring TaskScheduler abstraction
» Annotation Support for Scheduling and Asynchronous Execution
» The task namespace Task Execution and Scheduling
» Introduction A first example
» y.DefaultBookingService property Defining beans that are backed by dynamic languages
» y.DefaultBookingService property Dynamic language support
» Scenarios Dynamic language support
» Bits and bobs y.DefaultBookingService property
» Introduction Understanding the cache abstraction
» Declarative annotation-based caching Cache Abstraction
» JCache JSR-107 annotations Cache Abstraction
» Declarative XML-based caching y.service.DefaultBookService
» Configuring the cache storage name =
» Classic ORM usage Classic Spring Usage
» JMS Usage Classic Spring Usage
» Concise proxy definitions Classic Spring AOP Usage
» Using the autoproxy facility
» Using TargetSources Classic Spring AOP Usage
» Introduction XML Schema-based configuration
» Introduction Authoring the schema
» Coding a NamespaceHandler Extensible XML authoring
» BeanDefinitionParser Extensible XML authoring
» Registering the handler and the schema
» Using a custom extension in your Spring XML configuration Meatier examples
» Introduction The argument tag The bind tag
» The escapeBody tag The eval tag The hasBindErrors tag
» The htmlEscape tag The message tag
» The nestedPath tag The param tag The theme tag
» The transform tag The url tag
» Introduction The button tag The checkbox tag
» The checkboxes tag The errors tag
» The option tag The options tag
» The password tag The radiobutton tag
Show more