/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2014 Red Hat, Inc., and individual contributors
 * as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
package io.undertow.server.handlers;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import io.undertow.server.HandlerWrapper;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.builder.HandlerBuilder;
import io.undertow.util.HttpString;
import io.undertow.util.StatusCodes;
import java.util.stream.Collectors;

Handler that whitelists certain HTTP methods. Only requests with a method in the allowed methods set will be allowed to continue.
Author:Stuart Douglas
/** * Handler that whitelists certain HTTP methods. Only requests with a method in * the allowed methods set will be allowed to continue. * * @author Stuart Douglas */
public class AllowedMethodsHandler implements HttpHandler { private final Set<HttpString> allowedMethods; private final HttpHandler next; public AllowedMethodsHandler(final HttpHandler next, final Set<HttpString> allowedMethods) { this.allowedMethods = new HashSet<>(allowedMethods); this.next = next; } public AllowedMethodsHandler(final HttpHandler next, final HttpString... allowedMethods) { this.allowedMethods = new HashSet<>(Arrays.asList(allowedMethods)); this.next = next; } @Override public void handleRequest(final HttpServerExchange exchange) throws Exception { if (allowedMethods.contains(exchange.getRequestMethod())) { next.handleRequest(exchange); } else { exchange.setStatusCode(StatusCodes.METHOD_NOT_ALLOWED); exchange.endExchange(); } } public Set<HttpString> getAllowedMethods() { return Collections.unmodifiableSet(allowedMethods); } @Override public String toString() { if (allowedMethods.size() == 1) { return "allowed-methods( " + allowedMethods.toArray()[0] + " )"; } else { return "allowed-methods( {" + allowedMethods.stream().map(s -> s.toString()).collect(Collectors.joining(", ")) + "} )"; } } public static class Builder implements HandlerBuilder { @Override public String name() { return "allowed-methods"; } @Override public Map<String, Class<?>> parameters() { return Collections.<String, Class<?>>singletonMap("methods", String[].class); } @Override public Set<String> requiredParameters() { return Collections.singleton("methods"); } @Override public String defaultParameter() { return "methods"; } @Override public HandlerWrapper build(Map<String, Object> config) { return new Wrapper((String[]) config.get("methods")); } } private static class Wrapper implements HandlerWrapper { private final String[] methods; private Wrapper(String[] methods) { this.methods = methods; } @Override public HttpHandler wrap(HttpHandler handler) { HttpString[] strings = new HttpString[methods.length]; for (int i = 0; i < methods.length; ++i) { strings[i] = new HttpString(methods[i]); } return new AllowedMethodsHandler(handler, strings); } } }