RESTful webservice : how to set headers in java to accept XMLHttpRequest allowed by Access-Control-Allow-Origin - McMap

About

RESTful webservice : how to set headers in java to accept XMLHttpRequest allowed by Access-Control-Allow-Origin

Asked 14/8, 2013 at 14:22 Answered 14/8, 2013 at 15:38

Solved java rest jax-ws jax-rs cors

F

1

25

I have a RESTful webservice which will return string and it was written in Java (JAX-WS). My problem is when I send request to that webservice with URL like :

http://localhost:8080/project/webservices/getlist/getListCustomers

In the console it's giving me the error message below:

XMLHttpRequest cannot load url Origin localhost is not allowed by Access-Control-Allow-Origin

How can I handle this issue?

Java code:

@GET
@Path("/getsample")
public Response getMsg() { 
    String output = "Jersey say : " ;   
    return Response.status(200).entity(output).build();
}

Fahy answered 14/8, 2013 at 14:22 Comment(1)

You mean JAX-RS. JAX-WS is a SOAP. – Worser 27/5, 2020 at 14:40

A

46

Read here about your issue CORS : http://enable-cors.org/

Check if this one help you in your getMsg() method:
return Response.ok(output).header("Access-Control-Allow-Origin", "*").build();

If above doesn't work try to add Jersey filter to your service. Create filter class:

package your.package;

public class CORSFilter implements ContainerResponseFilter {

    @Override
    public ContainerResponse filter(ContainerRequest creq, ContainerResponse cresp) {

        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Origin", "*");
        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Credentials", "true");
        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS, HEAD");
        cresp.getHttpHeaders().putSingle("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With");

        return cresp;
    }
}

And register later win web.xml with:

<servlet>
<servlet-name>CORS Filter</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
 <init-param>
    <param-name>com.sun.jersey.spi.container.ContainerResponseFilters</param-name>
    <param-value>your.package.CORSFilter</param-value>
 </init-param>
</servlet>
<servlet-mapping>
    <servlet-name>CORS Filter</servlet-name>
    <url-pattern>/webservices/*</url-pattern>
</servlet-mapping>

Another solution is to use this code inside your resource to provide OPTIONS for the browser. Put this in the class where you have @GET.

  @OPTIONS
  @Path("/getsample")
  public Response getOptions() {
    return Response.ok()
      .header("Access-Control-Allow-Origin", "*")
      .header("Access-Control-Allow-Methods", "POST, GET, PUT, UPDATE, OPTIONS")
      .header("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With").build();
  }

If non of this work, try to exchange the "*" provided for "Access-Control-Allow-Origin" header with your custom domain where you access this resource. I.g. If you call this from http://localhost::8080 use something like this ("Access-Control-Allow-Origin", "http://localhost:8080") instead of asterisk "*".

Auraaural answered 14/8, 2013 at 15:38 Comment(8)

this change working on IE, not working on chrome still same issue – Fahy 16/8, 2013 at 5:41

after long research, your solution seems to be better and good, thanks for your reply, keep me updated if you find any permanent solution. – Fahy 20/8, 2013 at 10:52

I go through the same CORS problem last time. I was surprised by many solutions on the internet. Everyone has something which works for him. For me the Jersey filter works pretty good. Permanent solution would be one which works for you. Are you be able to run the rest request? – Auraaural 20/8, 2013 at 14:32

yes, rest request is working fine there is no issues with it, but only problem when i am launching it from ajax request. – Fahy 20/8, 2013 at 15:36

but still no luck with ajax via CORS? If you get the error from your question this is probably not an ajax itself, but you run your page form one url address and ajax'es the other url address (this is CORS). Is it your case? – Auraaural 20/8, 2013 at 15:57

Thank you sir, I was able to solve the issue with return Response.ok(output).header("Access-Control-Allow-Origin", "*").build(); – Alfieri 22/7, 2015 at 14:7

GET works fine but when I try POST then I get 'Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'localhost' is therefore not allowed access.' error. How do I solve that? – Pleuropneumonia 28/10, 2016 at 23:22

Thanks, this solved my issue with an Ionic React app. For me on my server side it was following: javax.servlet.http.HttpServletResponse response.addHeader(...) – Headsman 15/5 at 12:1

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.