Skip to main content

Allowing Cross domain POST request with JSON or XML content type in Java

Cross domain POST Request

Cross domain POST requests supports only below content types and other content type are not allowed by default.

  • application/x-www-form-urlencoded
  • multipart/form-data
  • text/plain

So, if we try to make an ajax request to such POST URLs with XML or JSON content type, it will not be able to make request and give CORS error.

Allowing Cross domain POST request with JSON or XML Content-Type

We have our service implemented in Java and we will use Servlet Filter & request wrapper to build our solution.
Please see my below POST to see how to implement CORS using java servlets which works well with GET methods or allowed content types with POST method.
https://www.thetechnojournals.com/2020/03/cors-implementation-using-java-filter.html

In this POST I will explain only additional things required for our problem with POST request, so I request you to go through the above link first.

Request wrapper to change/ override the content-type to JSON or XML

Since, POST request is not allowing XML or JSON content-type and other types will fail when it need to match with our REST service's content type. We need to change the content-type at back-end before request reaching to REST service. Below is the code for Request wrapper class. Here we are doing a trick basis on request parameter "json". If this parameter is having value as "true" then we are changing the content type to "application/json" at backend before reaching to our service implementation which only accepts json content.
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;

public class MyCorsServletRequestWrapper extends HttpServletRequestWrapper{
    private String contentType;
    public MyCorsServletRequestWrapper(HttpServletRequest req){
        super(req);
        setContentType("true".equals(req.getParameter("json"))
            ?"application/json" : req.getContentType());
    }
    @Override
    public String getContentType(){
        return contentType;
    }
    
    @Override
    public String getHeader(String name){
        if("Content-Type".equalsIgnoreCase(name))
            return contentType;
        else
            return super.getHeader(name);
    }

    @Override
    public Enumeration<String> getHeaders(String name){
        if("Content-Type".equalsIgnoreCase(name))
            return Collections.enumeration(Arrays.asList(contentType));
        else
            return super.getHeaders(name);
    }

    public void setContentType(String contentType){
        this.contentType = contentType;
    }
}

Changes required to Servlet Filter

Now we need to make below changes in our existing servlet filter which we have created in another post (link mentioned in above section). These changes are made to support preflight requests which made by the client to confirm with server whether server is accepting this CORS request and process properly.
public class CorsFilter extends Filter{
    ...
    ....
    public void doFilter(ServletRequest req, ServletResponse res,
        FilterChain chain) throws ServletException, IOException{

        MyCorsServletRequestWrapper request = new MyCorsServletRequestWrapper((HttpServletRequest) req);

        HttpServletResponse response = (HttpServletResponse) res;
        ....
        .....
        
        if("OPTIONS".equalsIgnoreCase(request.getMethod())){
            response.setStatus(HttpServletResponse.SC_ACCEPTED);
            return;
        }
        chain.doFilter(request, response);
    }
}

Labels:

Comments

  1. benstoke27 January 2022 at 17:24

    There are many apps that let the apk website Android users stream movies and TV shows on their devices for free. Here, I am listing some of the topmost apps, which will put hundreds of movies and countless TV shows at your fingertips.

    ReplyDelete
  2. benstoke26 March 2022 at 19:48

    Download Apk Latest Version of getcontact pro MOD, The Social Apps of Android, This Pro Apk Includes Unlocked All Premium, No Ads. Get Your Apk Now!

    ReplyDelete
  3. Pet Cummins26 April 2022 at 03:00

    I explore many web pages in such form and I definitely always learn more about these important programming languages. Last night I found perfect point to study lot more.

    ReplyDelete
  4. Anonymous23 March 2023 at 20:32

    I read the article you linked to above, and I learned a little something from it. For us, the information is genuinely quite good and helpful. We appreciate you sharing it.hire programmers in india

    ReplyDelete

Post a Comment

Popular Posts

Setting up kerberos in Mac OS X

Kerberos in MAC OS X Kerberos authentication allows the computers in same domain network to authenticate certain services with prompting the user for credentials. MAC OS X comes with Heimdal Kerberos which is an alternate implementation of the kerberos and uses LDAP as identity management database. Here we are going to learn how to setup a kerberos on MAC OS X which we will configure latter in our application. Installing Kerberos In MAC we can use Homebrew for installing any software package. Homebrew makes it very easy to install the kerberos by just executing a simple command as given below. brew install krb5 Once installation is complete, we need to set the below export commands in user's profile which will make the kerberos utility commands and compiler available to execute from anywhere. Open user's bash profile: vi ~/.bash_profile Add below lines: export PATH=/usr/local/opt/krb5/bin:$PATH export PATH=/usr/local/opt/krb5/sbin:$PATH export LDFLAGS=&
37 comments
Read more

SpringBoot - @ConditionalOnProperty example for conditional bean initialization

@ConditionalOnProperty annotation is used to check if specified property available in the environment or it matches some specific value so it can control the execution of some part of code like bean creation. It may be useful in many cases for example enable/disable service if specific property is available. Below are the attributes which can be used for property check. havingValue - Provide the value which need to check against specified property otherwise it will check that value should not be false. matchIfMissing - If true it will match the condition and execute the annotated code when property itself is not available in environment. name - Name of the property to be tested. If you want to test single property then you can directly put the property name as string like "property.name" and if you have multiple properties to test then you can put the names like {"prop.name1","prop.name2"} prefix - It can be use when you want to apply some prefix to
10 comments
Read more

Multiple data source with Spring boot, batch and cloud task

Here we will see how we can configure different datasource for application and batch. By default, Spring batch stores the job details and execution details in database. If separate data source is not configured for spring batch then it will use the available data source in your application if configured and create batch related tables there. Which may be the unwanted burden on application database and we would like to configure separate database for spring batch. To overcome this situation we will configure the different datasource for spring batch using in-memory database, since we don't want to store batch job details permanently. Other thing is the configuration of  spring cloud task in case of multiple datasource and it must point to the same data source which is pointed by spring batch. In below sections, we will se how to configure application, batch and cloud task related data sources. Application Data Source Define the data source in application properties or yml con
11 comments
Read more

Integrated/Kerberos authentication using Spring boot and SPNEGO API

In this tutorial we will learn how to use Spring boot and SPNEGO API to implement the kerberos or integrated authentication. Kerberos is developed by Massachusetts Institute of Technology (MIT) which is used to authenticate between trusted services using KDC tickets. For example email client, HR portal or employee portal in a corporate network where employee doesn't need to provide their user id & password to access these application in the same domain. Once they are logged in to their machine, they can access such services/application with kerberos authentication. I am using MAC OS X to demonstrate the kerberos authentication. I have used the same machine to configure and run the application backed with kerberos authentication and my KDC database & application reside on the same machine. Setting up kerberos  First of all we need to setup kerberos where we will configure the database, create user principals, create policies and keytabs. We need to create our applicatio
6 comments
Read more