Package org.keycloak.services.cors

Class DefaultCors

java.lang.Object

org.keycloak.services.cors.DefaultCors

All Implemented Interfaces:

Provider, Cors

public class DefaultCors
extends Object
implements Cors

Author:

Stian Thorgersen

Field Summary

Fields inherited from interface org.keycloak.services.cors.Cors

ACCESS_CONTROL_ALLOW_CREDENTIALS, ACCESS_CONTROL_ALLOW_HEADERS, ACCESS_CONTROL_ALLOW_METHODS, ACCESS_CONTROL_ALLOW_ORIGIN, ACCESS_CONTROL_ALLOW_ORIGIN_WILDCARD, ACCESS_CONTROL_EXPOSE_HEADERS, ACCESS_CONTROL_MAX_AGE, AUTHORIZATION_HEADER, DEFAULT_ALLOW_HEADERS, DEFAULT_ALLOW_METHODS, DEFAULT_MAX_AGE, ORIGIN_HEADER

Method Summary

Modifier and Type	Method	Description
void	add()	Add the CORS headers to the current HttpResponse.
Cors	allowAllOrigins()
Cors	allowedMethods(String... allowedMethods)
Cors	auth()
Cors	builder(jakarta.ws.rs.core.Response.ResponseBuilder builder)
Cors	checkAllowedOrigins(List<String> allowedOrigins)
Cors	checkAllowedOrigins(KeycloakSession session, ClientModel client)	Sets the allowed origins from the client's configured web origins and checks the incoming Origin header against them.
Cors	checkAllowedOrigins(AccessToken token)
void	close()
Cors	exposedHeaders(String... exposedHeaders)
Cors	preflight()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.keycloak.services.cors.Cors

add

Method Details

builder

public Cors builder(jakarta.ws.rs.core.Response.ResponseBuilder builder)

Specified by:

builder in interface Cors

preflight

public Cors preflight()

Specified by:

preflight in interface Cors

auth

public Cors auth()

Specified by:

auth in interface Cors

allowAllOrigins

public Cors allowAllOrigins()

Specified by:

allowAllOrigins in interface Cors

checkAllowedOrigins

public Cors checkAllowedOrigins(KeycloakSession session,
 ClientModel client)

Description copied from interface: Cors

Sets the allowed origins from the client's configured web origins and checks the incoming Origin header against them. Throws ForbiddenException (HTTP 403) on a mismatch so the request stops before any side effects. Preflight and same-origin requests pass through without a check.

Specified by:

checkAllowedOrigins in interface Cors

checkAllowedOrigins

public Cors checkAllowedOrigins(AccessToken token)

Specified by:

checkAllowedOrigins in interface Cors

checkAllowedOrigins

public Cors checkAllowedOrigins(List<String> allowedOrigins)

Specified by:

checkAllowedOrigins in interface Cors

allowedMethods

public Cors allowedMethods(String... allowedMethods)

Specified by:

allowedMethods in interface Cors

exposedHeaders

public Cors exposedHeaders(String... exposedHeaders)

Specified by:

exposedHeaders in interface Cors

add

public void add()

Description copied from interface: Cors

Add the CORS headers to the current HttpResponse.

Specified by:

add in interface Cors

close

public void close()

Specified by:

close in interface Provider