Skip to main content

CORS implementation using Java Filter

What is CORS

CORS is cross origin resource sharing which allows or block the cross domain calls from a web application between different domains. By default you are able to make Ajax calls to other domain. To enable it that provider also need to add certain headers to allow the requester domain.

CORS Headers

Below are the required headers to implement the CORS.
  1. Access-Control-Allow-Origin
    2. In this header we specify the domain from which we want to allow the access, for example: example.com.
  2. Access-Control-Allow-Credentials
    3. This header specifies if it can pass authorization details in cross domain request. for example: true/false.
  3. Access-Control-Max-Age
    4. We can use this header to specify how long we want to cache the preflight request details like allowed methods, allowed headers etc. We can specify value in seconds and we can cache them for a long time as such details are not change frequently.
  4. Access-Control-Allow-Methods
    5. Here we specify the methods we want to allow for request, for example: GET, POST, DELETE, OPTIONS, PATCH.
  5. Access-Control-Allow-Headers
    6. Here we specify the header names which are allowed during the request.

Java Filter Implementation

We will use Java filter to implement these CORS headers. We can implement this filter in java web application along with Spring, Struts or JSF frameworks also. However those frameworks have their own mechanism to implement CORS.
We have used a header "referer" here to get the requester domain, so we can allows cross-domain call by putting it in response header. Below is the complete code for Filter class.
public class CorsFilter implements Filter{
    @Override
    public void init(FilterConfig config){}

    @Override
    public void destroy(){}

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
                          FilterChain chain)throws ServletException, IOException{

        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;

        String referer = request.getHeader("referer");
        
        if(referer!=null && referer.length()>1){

            if(referer.endsWith("/")){
                referer = referer.substring(0, referer.length()-1);
            }
            response.addHeader("Access-Control-Allow-Origin", referer);
            response.addHeader("Access-Control-Allow-Credentials", "true");
            response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
            response.addHeader("Access-Control-Allow-Headers", "x-requested-with,Content-Type,Access-Control-Allow-Methods,Access-Control-Allow-Origin");
            response.addHeader("Access-Control-Max-Age", "86400");//24 hours
        }
        
        chain.doFilter(request, response);
    }
}

Web config changes

We are ready with out filter code and now we need to register it using the web configuration (web.xml). Below is the code for filter registration.
        <filter>
            <filter-name>corsFilter</filter-name>
            <filter-class>com.ttj.web.cors.CorsFilter</filter-class>
        </filter>
        
        <filter-mapping>
            <filter-name>corsFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
Now if you call the configured URLs using java script/Ajax then it will populate the required response headers to allow the cross-domain access. Please note that the code I shown here, is configured to allow any domain. If you want to allow some specific then you can maintain some list of domains to check before setting the headers.
Labels:

Comments

  1. Bhanu Sree7 April 2020 at 11:13

    It is so nice article thank you for sharing this valuable content
    Microservices Online Training
    Microservices Training in Hyderabad

    ReplyDelete
  2. jeya sofia27 April 2020 at 15:44

    Thanks for the informative article. This is one of the best resources I have found in quite some time.
    Software testing training in T Nagar
    Software testing training in OMR
    selenium training in Tambaram
    Java training in tambaram
    SEO Training in Anna Nagar
    RPA Training in chennai
    Web Designing Course in T Nagar
    Spoken English Classes in Velachery
    German Classes in T Nagar
    AWS Training in OMR

    ReplyDelete
  3. Devi9 December 2020 at 14:45

    This is really useful information. I am satisfied with reading your blog.
    how to learn java easily
    cross platform mobile app development
    successful social media campaigns
    what is microsoft azure
    tableau interview questions and answers

    ReplyDelete
  4. Sharnith6 January 2021 at 14:31

    This is really great and I obtain a huge of knowledge in this post. I loved it..!
    Placement Training in Chennai
    Corporate Training in Chennai
    HR Course in Chennai
    Best Training and Placement Institute in Chennai

    ReplyDelete
  5. fyky2mvsad28 December 2022 at 17:17

    STL information don’t comprise any information on models of measurement. For Baby Lounger Pillows a 1.0mm by 1.0mm by 1.0mm dice, as soon as} the file is exported as an STL, it merely turns into a 1.0mm by 1.0mm by 1.0mm dice. Get this quick reference information to discover your floor end options across our six 3D printing technologies. When first starting out you’ll most likely design one thing that needs to be useful and match tightly with another object, only to find out|to search out} that the scale you set had been utterly off. Since FDM 3D printing is done in layers from the bottom up, in a position to} adjust the position of the model in the slicer earlier than printing it to make it stronger.

    ReplyDelete

Post a Comment

Popular Posts

Setting up kerberos in Mac OS X

Kerberos in MAC OS X Kerberos authentication allows the computers in same domain network to authenticate certain services with prompting the user for credentials. MAC OS X comes with Heimdal Kerberos which is an alternate implementation of the kerberos and uses LDAP as identity management database. Here we are going to learn how to setup a kerberos on MAC OS X which we will configure latter in our application. Installing Kerberos In MAC we can use Homebrew for installing any software package. Homebrew makes it very easy to install the kerberos by just executing a simple command as given below. brew install krb5 Once installation is complete, we need to set the below export commands in user's profile which will make the kerberos utility commands and compiler available to execute from anywhere. Open user's bash profile: vi ~/.bash_profile Add below lines: export PATH=/usr/local/opt/krb5/bin:$PATH export PATH=/usr/local/opt/krb5/sbin:$PATH export LDFLAGS=&
38 comments
Read more

SpringBoot - @ConditionalOnProperty example for conditional bean initialization

@ConditionalOnProperty annotation is used to check if specified property available in the environment or it matches some specific value so it can control the execution of some part of code like bean creation. It may be useful in many cases for example enable/disable service if specific property is available. Below are the attributes which can be used for property check. havingValue - Provide the value which need to check against specified property otherwise it will check that value should not be false. matchIfMissing - If true it will match the condition and execute the annotated code when property itself is not available in environment. name - Name of the property to be tested. If you want to test single property then you can directly put the property name as string like "property.name" and if you have multiple properties to test then you can put the names like {"prop.name1","prop.name2"} prefix - It can be use when you want to apply some prefix to
13 comments
Read more

Why HashMap key should be immutable in java

HashMap is used to store the data in key, value pair where key is unique and value can be store or retrieve using the key. Any class can be a candidate for the map key if it follows below rules. 1. Overrides hashcode() and equals() method.   Map stores the data using hashcode() and equals() method from key. To store a value against a given key, map first calls key's hashcode() and then uses it to calculate the index position in backed array by applying some hashing function. For each index position it has a bucket which is a LinkedList and changed to Node from java 8. Then it will iterate through all the element and will check the equality with key by calling it's equals() method if a match is found, it will update the value with the new value otherwise it will add the new entry with given key and value. In the same way it check for the existing key when get() is called. If it finds a match for given key in the bucket with given hashcode(), it will return the value other
1 comment
Read more

jaxb2-maven-plugin to generate java code from XSD schema

In this tutorial I will show how to generate the Java source code from XSD schema. I will use jaxb2-maven-plugin to generate the code using XSD file which will be declared in pom.xml to make it part of build, so when maven build is executed it will generate the java code using XSD. Class generation can be controlled in plugin configuration. Maven changes (pom.xml) Include below plugin in your pom.xml. Here we have done some configuration under configuration section as given below. schemaDirectory : This is the directory where I keep my schema (XSD file). outputDirectory : This is the java source location where I want to generate the Java files. If it is not given then by default it will be generate inside target folder. clearOutputDir : If this property is true then it will generate the classes on each build otherwise it will generate only if output directory is empty. <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>jaxb2-maven-plugin</art
9 comments
Read more