What is Cross-Origin Resource Sharing (CORS) – How to add it to your Java Jersey Web Server?

Crunchify CORSFilter Jersey Server Example What is Cross Origin Resource Sharing (CORS)   How to add it to your Java Jersey Web Server?

How to fix this error during client-server communication? Server sends data in JSON or XML format and client throws below exception.

Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they’re limited by the same origin policy. Extensions aren’t so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

Also, if you have below questions then you are at correct location:

  1. Understanding Cross-Origin Resource Sharing (CORS Filters)
  2. Can I use Cross-Origin Resource Sharing
  3. How to Enable Cross-Origin Resource Sharing
  4. What is Cross-domain Ajax with Cross-Origin Resource Sharing
  5. What is HTTP access control (CORS)

CORS (Cross Origin Resource Sharing) is a mechanism supported by W3C to enable cross origin requests in web-browsers. CORS requires support from both browser and server to work. This is a Java Jersey Web Server filter implementation of server-side CORS for web containers such as Apache Tomcat and other Embedded Web Servers.

Step1: A response can include an Access-Control-Allow-Origin header, with the origin of where the request originated from as the value, to allow access to the resource’s contents. The user agent validates that the value and origin of where the request originated match.

Step 2: User agents can discover via a preflight request whether a cross-origin resource is prepared to accept requests, using a non-simple method, from a given origin. This is again validated by the user agent.

Step 3: Server-side applications are enabled to discover that an HTTP request was deemed a cross-origin request by the user agent, through the Origin header. This extension enables server-side applications to enforce limitations (e.g. returning nothing) on the cross-origin requests that they are willing to service.

Now let’s get started with Examples.

Example1: Java Jersey Web Server

Couple of weeks back I wrote an article on How to Start Embedded HTTP Jersey server during Java Application Startup. This post will cover steps on how to add CORS Filter to the same Jersey Server.

We need to extend ContainerResponseFilter. Interface implemented by container response filters. By default, i.e. if no name binding is applied to the filter implementation class, the filter instance is applied globally to any outgoing response.

In order for this to fix let’s try adding below 4 headers to server response:

  1. Access-Control-Allow-Origin
  2. Access-Control-Allow-Methods
  3. Access-Control-Max-Age
  4. Access-Control-Allow-Headers

CORS Filter Code:

Modification in JerseyEmbeddedHTTPServerCrunchify.java from previous tutorial.

Just add below line in createHttpServer() and restart server.

Result: http://localhost:8085/api

Crunchify Response Header With CORS Filter What is Cross Origin Resource Sharing (CORS)   How to add it to your Java Jersey Web Server? Crunchify Response Header Without CORS Filter What is Cross Origin Resource Sharing (CORS)   How to add it to your Java Jersey Web Server?

Example 2: Apache HTTP Server

To expose the header, you can add the following line inside <Directory>, <Location>, and <Files> sections, or within an .htaccess file.

Example 3:  .NET server can configure this in web.config as below

Example 4: For Jetty (7 and above)

Include the jetty-servlets JAR into you WEB-INF/lib and merge this into your WEB-INF/web.xml

Example 5: Apache Tomcat Server (v 7.0.41 +)

Example 6: In PHP

Please do let me know if you have any more questions on this. List of all Java Tutorials will be found here.

If you enjoyed this post, make sure to subscribe to Crunchify's RSS feed.