[security-dev] Implementing CORS filter to Picketlink HTTP Security API
Pedro Igor Silva
psilva at redhat.com
Mon Oct 27 07:04:59 EDT 2014
Hey Sharma !
It looks fine. But what about having this options in our config api ?
----- Original Message -----
From: "Giriraj Sharma" <giriraj.sharma27 at gmail.com>
To: security-dev at lists.jboss.org
Cc: "Pedro Igor Craveiro e Silva" <pigor.craveiro at gmail.com>
Sent: Sunday, October 26, 2014 7:50:28 AM
Subject: [security-dev] Implementing CORS filter to Picketlink HTTP Security API
In order to implement the first cut of CORS ( Cross-Origin Resource Sharing ) filter in Picketlink Http Security API, I have wrapped up with following two initial ideas as providing CORS Configuration which can be then loaded and parsed using CORSConfigurationLoader and handled by CORSRequestHandler and CORSResponseWrapper,
#1. We can have a configuration file such as cors-sample.configuration
cors.allowOrigin= https://www.example.org:9000 , http://example.com:8008
cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS
cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization
#2 . We can have a servlet CORS filter in web.xml such as CORS.xml
Either configuration could be used for making(implementing) use of CORS requests in any application.
If this looks fine, I will go forward with its implementation ?
Department of Computer Science
National Institute of Technology Hamirpur
Himachal Pradesh, India
security-dev mailing list
security-dev at lists.jboss.org
More information about the security-dev