Enable CORS Cross Origin Requests RESTful Web Service
CORS (Cross-origin resource sharing) is a technique which allows resources to access service on web page that is coming from different domain. Client side code makes an AJAX calls where they use XMLHttpRequest object to make an request to the service and this kind of Cross-domain request will be forbidden by web browsers as per their same-origin security policy.
CORS is a technique which defines way through which browser and server could interact to decide whether to allow the cross origin request or not.
While developing RESTFul web service it is required to enable Cross origin resource sharing (CORS) so that consumer which consumes the service from different domain can access it without any issue. Please follow steps below to enable CORS to RESTFul web service:
To enable CORS in Spring MVC RESTFul service you will have do below:
- Create class: RESTFulCORSFilter.java
package com.javahonk.controller; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; @Component public class RESTFulCORSFilter implements Filter { @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletResponse response = (HttpServletResponse) res; response.setHeader("Access-Control-Allow-Origin", "*"); response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE"); response.setHeader("Access-Control-Max-Age", "3600"); response.setHeader("Access-Control-Allow-Headers", "x-requested-with"); chain.doFilter(req, res); } @Override public void init(FilterConfig arg0) throws ServletException { // TODO Auto-generated method stub } @Override public void destroy() { // TODO Auto-generated method stub } }
- Add this class as filter in web.xml as below:
<filter> <filter-name>RESTFulCORSFilter</filter-name> <filter-class>com.javahonk.controller.RESTFulCORSFilter</filter-class> </filter> <filter-mapping> <filter-name>RESTFulCORSFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
- Sample project structure:
- web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>Archetype Created Web Application</display-name> <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/dispatcher-servlet.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>RESTFulCORSFilter</filter-name> <filter-class>com.javahonk.controller.RESTFulCORSFilter</filter-class> </filter> <filter-mapping> <filter-name>RESTFulCORSFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
- For more inforation about CORS please refer this tutorial from spring
Download Project: SpringMVCRESTFulService