Skip to main content

CORS implementation using Java Filter

What is CORS

CORS is cross origin resource sharing which allows or block the cross domain calls from a web application between different domains. By default you are able to make Ajax calls to other domain. To enable it that provider also need to add certain headers to allow the requester domain.

CORS Headers

Below are the required headers to implement the CORS.
  1. Access-Control-Allow-Origin
    2. In this header we specify the domain from which we want to allow the access, for example: example.com.
  2. Access-Control-Allow-Credentials
    3. This header specifies if it can pass authorization details in cross domain request. for example: true/false.
  3. Access-Control-Max-Age
    4. We can use this header to specify how long we want to cache the preflight request details like allowed methods, allowed headers etc. We can specify value in seconds and we can cache them for a long time as such details are not change frequently.
  4. Access-Control-Allow-Methods
    5. Here we specify the methods we want to allow for request, for example: GET, POST, DELETE, OPTIONS, PATCH.
  5. Access-Control-Allow-Headers
    6. Here we specify the header names which are allowed during the request.

Java Filter Implementation

We will use Java filter to implement these CORS headers. We can implement this filter in java web application along with Spring, Struts or JSF frameworks also. However those frameworks have their own mechanism to implement CORS.
We have used a header "referer" here to get the requester domain, so we can allows cross-domain call by putting it in response header. Below is the complete code for Filter class.
public class CorsFilter implements Filter{
    @Override
    public void init(FilterConfig config){}

    @Override
    public void destroy(){}

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
                          FilterChain chain)throws ServletException, IOException{

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        String referer = request.getHeader("referer");
        
        if(referer!=null && referer.length()>1){

            if(referer.endsWith("/")){
                referer = referer.substring(0, referer.length()-1);
            }
            response.addHeader("Access-Control-Allow-Origin", referer);
            response.addHeader("Access-Control-Allow-Credentials", "true");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
            response.addHeader("Access-Control-Allow-Headers", "x-requested-with,Content-Type,Access-Control-Allow-Methods,Access-Control-Allow-Origin");
            response.addHeader("Access-Control-Max-Age", "86400");//24 hours
        }
        
        chain.doFilter(request, response);
    }
}

Web config changes

We are ready with out filter code and now we need to register it using the web configuration (web.xml). Below is the code for filter registration.
        <filter>
            <filter-name>corsFilter</filter-name>
            <filter-class>com.ttj.web.cors.CorsFilter</filter-class>
        </filter>
        
        <filter-mapping>
            <filter-name>corsFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
Now if you call the configured URLs using java script/Ajax then it will populate the required response headers to allow the cross-domain access. Please note that the code I shown here, is configured to allow any domain. If you want to allow some specific then you can maintain some list of domains to check before setting the headers.
Labels:

Comments

Post a Comment

Popular Posts

Setting up kerberos in Mac OS X

Kerberos in MAC OS X Kerberos authentication allows the computers in same domain network to authenticate certain services with prompting the user for credentials. MAC OS X comes with Heimdal Kerberos which is an alternate implementation of the kerberos and uses LDAP as identity management database. Here we are going to learn how to setup a kerberos on MAC OS X which we will configure latter in our application. Installing Kerberos In MAC we can use Homebrew for installing any software package. Homebrew makes it very easy to install the kerberos by just executing a simple command as given below. brew install krb5 Once installation is complete, we need to set the below export commands in user's profile which will make the kerberos utility commands and compiler available to execute from anywhere. Open user's bash profile: vi ~/.bash_profile Add below lines: export PATH=/usr/local/opt/krb5/bin:$PATH export PATH=/usr/local/opt/krb5/sbin:$PATH export LDFLAGS=...
104 comments
Read more

Singleton class in java

What is Singleton class Singleton is a design technique which gaurantees that there will be only instance of a class globally. Such classes are required when we need to create some objects which are memory/ resource extensive and we can't afford many such objects. Using singleton We can maintain single object per JVM per classloader. Classloader could be different in different hierarchy and in such case we may have more than one instances of singleton but we can avoid it by loading it at appropriate classloader. For example in an ear application there could be multiple web modules and each one of them will have their own singleton instance. Sometimes it may be a need but sometimes it could be a flaw which can be resolved by loading it either at ear level or web module level as per requirement. Implementing singleton class There are two different ways to implement singleton in java. Using singleton design pattern In this pattern we can create singleton either using lazy...
6 comments
Read more

Microservices with Spring Boot - complete tutorial

In this tutorial we are going to learn how to develop microservices using spring boot with examples. Main focus of this tutorial is on learning by doing hands-on. Before hands-on we will first understand what is microservices and related terminologies like DDD, 12-Factors App, Dev Ops. What is a Microservice In simple terms microservice is a piece of software which has a single responsibility and can be developed, tested & deployed independently. In microservices we focus on developing independent and single fully functioning modules. Opposite to microservice, with monolithic application it focuses on all the functionality or modules in a single application. So when any changes required to monolithic application it has to deploy and test the complete application while with microservice it has to develop and deploy only affected component which is a small service. It saves lot of development and deployment time in a large application. It's basically an architectural style ...
5 comments
Read more

Print English alphabets using for loop in Java

 In this post we will see how we can print the english alphabets [a-z] using for loop. One way is to have a character array of a-z and print it using loop. But there is another way to just print them using ascii code. What is ascii code There are total 256 numbers in ascii and each of which represents a specific character including alphabets. Numbers from 65-90 represents the alphabets in capital case [A-Z] and numbers from 97-122 represents alphabets in small case [a-z]. Printing alphabets using for loop with ascii numbers Below code prints alphabets in both capital and small cases using for loop. Here you can see we are using ascii numbers in for loop which are printed after type casted to character type where it automatically translate the number to equivalent character. public class PrintAlphabetsUsingLoop { public static void main(String[] args) { int alphabetsCount = 26; int capitalLetterStart = 65; int smallLetterStart = 97; System.out.println("Printing lette...
5 comments
Read more