JAX-RS enabling CORS (Access-Control-Allow-Origin) on Glassfish 4

Question

I am working in JAVA EE7, JAX-RS 2.0 Glassfish 4 is my SERVER. I Want to work on CORS to enable Ajax Requests comming out of my domain. I know that I need to make my server enabling it. And I did it in PHP. like the following code:



but when I tried to do the same thing I always get an error message like that
"this is a screenshot".
So I've tried to modify the sever http response with many ways...

And this is my code , server side , I used a filer/provider:

@Provider
@CORSBinding 
public class Filter implements  ContainerRequestFilter{
@Override
public void filter(ContainerRequestContext request) throws IOException {
    request.getHeaders().add("Access-Control-Allow-Origin", "*");
    request.getHeaders().add("Access-Control-Allow-Headers", "Authorization"); 
    if (request.getMethod().equals("OPTIONS")) {
        System.out.println("OPTIONS is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("GET")) {
        System.out.println("GET is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("POST")) {
        System.out.println("POST is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("DELETE")) {
        System.out.println("DELETE is requested!!!!!!!!!!!!!");
    }
    if (request.getMethod().equals("PUT")) {
        System.out.println("PUT is requested!!!!!!!!!!!!!");
    }       
}
}


But it seems like all blocked by a "firewall security" provided by Glassfish4 server.
here is my simple code javascript:




I even added an other filter using the @Prematching annotation to update the request from OPTIONS TO POST ... but I always lose my headers that I have sent within it (I mean within POST request).  

@Provider
@PreMatching
 public class HttpMethodOverrideEnabler implements ContainerRequestFilter {
 @Override
 public void filter(ContainerRequestContext containerRequestContext) throws IOException {
    containerRequestContext.setMethod("POST");

    containerRequestContext.getHeaders().add("Access-Control-Allow-Origin", "*");
    containerRequestContext.getHeaders().add("Access-Control-Allow-Headers","Authorization");
    containerRequestContext.getHeaders().add("Access-Control-Allow-Headers","Authorization");

    String override = containerRequestContext.getHeaders().getFirst( "X-HTTP-Method-Override");
    if (override != null) {
        containerRequestContext.setMethod(override);
    }
}


I knew that Glassfish3 had not the support for CORS and ("https://java.net/jira/browse/GLASSFISH-16049) they said that they will fix it with JEE7. 
This is the whole story...
so how can I do the CORS with this JEE7 using Glassfish server and JAX-RS2.
Thanks in advance.

Michal Gajdos · Accepted Answer

Use ContainerResponseFilter not ContainerRequestFilter as you want to add those headers into response and not to the request. For example:

@Provider
@Priority(Priorities.HEADER_DECORATOR)
public class AccessControlResponseFilter implements ContainerResponseFilter {

    @Override
    public void filter(ContainerRequestContext requestContext, ContainerResponseContext responseContext) throws IOException {
        final MultivaluedMap headers = responseContext.getHeaders();

        headers.add("Access-Control-Allow-Origin", "*");
        headers.add("Access-Control-Allow-Headers", "Authorization, Origin, X-Requested-With, Content-Type");
        headers.add("Access-Control-Expose-Headers", "Location, Content-Disposition");
        headers.add("Access-Control-Allow-Methods", "POST, PUT, GET, DELETE, HEAD, OPTIONS");
    }
}

JAX-RS enabling CORS (Access-Control-Allow-Origin) on Glassfish 4

Answers (2)

Related Questions