JAX-RS enabling CORS (Access-Control-Allow-Origin) on Glassfish 4

glassfish http-headers jax-rs cors

12,147

Solution 1

Use ContainerResponseFilter not ContainerRequestFilter as you want to add those headers into response and not to the request. For example:

@Provider
@Priority(Priorities.HEADER_DECORATOR)
public class AccessControlResponseFilter implements ContainerResponseFilter {

    @Override
    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
        final MultivaluedMap<String,Object> headers = responseContext.getHeaders();

        headers.add("Access-Control-Allow-Origin", "*");
        headers.add("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, Content-Type");
        headers.add("Access-Control-Expose-Headers", "Location, Content-Disposition");
        headers.add("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, HEAD, OPTIONS");
    }
}

Solution 2

You have to use the 2 *filters* the First because Chrome and other Browsers modify the headers for security purpose, and the second is to add the headers to response. So use ContainerResponseFilter and ContainerRequestFilter. it works fine with me Good luck!

12,147

Author by

AndroidLover

About Houssem: Houssem is a team player and believes that great software are built by great teams. Since 2011 Houssem is building and distributing performante Android Apps, using Scrum and XP frameworks for an Agile environment. Houssem creates adaptive code using the best practices for OO design patterns, functional and reactive programming. He is familiar with TDD, and a big fun of clean architecture, SOLID design principles and design Patterns. He’ve got a good experience with complex and highly multi-Threaded, synchronous and asynchronous apps. Houssem is considering himself as a solution solver specialist in Android Java and Kotlin but also a generalist in other technologies like: single and fullstack web apps, relational databases, Internet of things indoor positioning system (IPS) based on WIFI or BLE and iBeacons technologies. He holds a MCS (Masters in Computer Science) and he is also a certified as PSM (Professional Scrum Master), PSPO (Professional Scrum Product Owner). He always using the best software engineering practices to deliver the highest quality apps responding to the highest business needs. When not working Houssem enjoys spending his time cooking and playing video games with his wife. Email: [email protected] LinkedIn: linkedin.com/in/houssemzaier

Updated on June 18, 2022

Comments

AndroidLover almost 2 years

I am working in JAVA EE7, JAX-RS 2.0 Glassfish 4 is my SERVER. I Want to work on CORS to enable Ajax Requests comming out of my domain. I know that I need to make my server enabling it. And I did it in PHP. like the following code:

 <?php header("Access-Control-Allow-Origin: *");
 header("Access-Control-Allow-Headers: Authorization");

but when I tried to do the same thing I always get an error message like that "this is a screenshot". So I've tried to modify the sever http response with many ways...

And this is my code , server side , I used a filer/provider:

@Provider
@CORSBinding 
public class Filter implements  ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext request) throws IOException {
    request.getHeaders().add("Access-Control-Allow-Origin", "*");
    request.getHeaders().add("Access-Control-Allow-Headers", "Authorization"); 
    if (request.getMethod().equals("OPTIONS")) {
        System.out.println("OPTIONS is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("GET")) {
        System.out.println("GET is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("POST")) {
        System.out.println("POST is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("DELETE")) {
        System.out.println("DELETE is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("PUT")) {
        System.out.println("PUT is requested!!!!!!!!!!!!!");
    }       
}
}

But it seems like all blocked by a "firewall security" provided by Glassfish4 server. here is my simple code javascript:

<script>
var xhr = new XMLHttpRequest();
xhr.open("POST", "http://127.0.0.1:8080/CV/api/v2/posts");
xhr.setRequestHeader('Authorization', 'a');
xhr.send();
</script>

I even added an other filter using the @Prematching annotation to update the request from OPTIONS TO POST ... but I always lose my headers that I have sent within it (I mean within POST request).

@Provider
@PreMatching
 public class HttpMethodOverrideEnabler implements ContainerRequestFilter {
 @Override
 public void filter(ContainerRequestContext containerRequestContext) throws IOException {
    containerRequestContext.setMethod("POST");

    containerRequestContext.getHeaders().add("Access-Control-Allow-Origin", "*");
    containerRequestContext.getHeaders().add("Access-Control-Allow-Headers","Authorization");
    containerRequestContext.getHeaders().add("Access-Control-Allow-Headers","Authorization");

    String override = containerRequestContext.getHeaders().getFirst( "X-HTTP-Method-Override");
    if (override != null) {
        containerRequestContext.setMethod(override);
    }
}

I knew that Glassfish3 had not the support for CORS and ("https://java.net/jira/browse/GLASSFISH-16049) they said that they will fix it with JEE7. This is the whole story... so how can I do the CORS with this JEE7 using Glassfish server and JAX-RS2. Thanks in advance.