-- Maatari Daniel Okouya Sent with Airmail On July 23, 2015 at 10:49:19 AM, Maatari Daniel Okouya (okouy...@yahoo.fr) wrote:
Hi, I am using TOMCAT 7, and I have enable the CORS FILTER as per the explanation on the official website: https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter I use the actual configuration: <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.allowed.headers</param-name> <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value> </init-param> <init-param> <param-name>cors.support.credentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>cors.preflight.maxage</param-name> <param-value>10</param-value> </init-param> </filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> I do it in my Web.xml that is in the conf folder. However the app that i am trying to access have a spring security filter. I show below the application configuration in question. I have no control over that application. In fact this is a vendor application. I can only modify the configuration file to enable the CORS FILTER. <!-- Spring Security START --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/</url-pattern> </filter-mapping> <!-- Spring Security END --> or a larger view <filter> <filter-name>MessageFilter</filter-name> <filter-class>at.punkt.PoolParty.Management.MessageFilter</filter-class> </filter> <filter-mapping> <filter-name>MessageFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>TransactionFilter</filter-name> <filter-class>biz.poolparty.thesaurus.web.support.TransactionFilter</filter-class> </filter> <filter-mapping> <filter-name>TransactionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>SpringLocaleFilter</filter-name> <filter-class>biz.poolparty.thesaurus.web.support.SpringLocaleFilter</filter-class> </filter> <filter-mapping> <filter-name>SpringLocaleFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring Security START --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/</url-pattern> </filter-mapping> <!-- Spring Security END --> <listener> <description>ServletContextListener</description> <listener-class>at.punkt.PoolParty.Management.PoolPartyListener</listener-class> </listener> <!-- Location of the XML file that defines the root application context --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:/applicationContext.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Include spring dispatcher servlet --> <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>2</load-on-startup> <async-supported>true</async-supported> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/!/*</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/api/*</url-pattern> </servlet-mapping> I wonder if there is an issue between the Spring Security Filter and the Native Cors Filter coming with tomcat ? What are the work around ? If not how can I know what is exactly stop the CORS FILTER FROM WORKING RIGHT ? -- Maatari Daniel Okouya Sent with Airmail
