[security-dev] Implementing CORS filter to Picketlink HTTP Security API

Pedro Igor Silva psilva at redhat.com
Mon Oct 27 07:04:59 EDT 2014

Hey Sharma !

It looks fine. But what about having this options in our config api ?

Something like:


----- Original Message -----
From: "Giriraj Sharma" <giriraj.sharma27 at gmail.com>
To: security-dev at lists.jboss.org
Cc: "Pedro Igor Craveiro e Silva" <pigor.craveiro at gmail.com>
Sent: Sunday, October 26, 2014 7:50:28 AM
Subject: [security-dev] Implementing CORS filter to Picketlink HTTP Security	API

In order to implement the first cut of CORS ( Cross-Origin Resource Sharing ) filter in Picketlink Http Security API, I have wrapped up with following two initial ideas as providing CORS Configuration which can be then loaded and parsed using CORSConfigurationLoader and handled by CORSRequestHandler and CORSResponseWrapper, 

#1. We can have a configuration file such as cors-sample.configuration 
cors.allowOrigin= https://www.example.org:9000 , http://example.com:8008 
cors.supportedMethods=GET, PUT, HEAD, POST, DELETE, OPTIONS 
cors.supportedHeaders=Origin, X-Requested-With, Content-Type, Accept, Authorization 

#2 . We can have a servlet CORS filter in web.xml such as CORS.xml 
Either configuration could be used for making(implementing) use of CORS requests in any application. 
If this looks fine, I will go forward with its implementation ? 

Giriraj Sharma, 
Department of Computer Science 
National Institute of Technology Hamirpur 
Himachal Pradesh, India 

security-dev mailing list
security-dev at lists.jboss.org

More information about the security-dev mailing list