CORS issues while accessing https REST end point -
i want consume rest resource available @ http://localhost:9080/studentweb/myrest-rest/services/students/ angularjs app, , rest application deployed in websphere appliation server following deployment descriptor (web.xml). , application working perfect configuration, users in registeredusers role.
<?xml version="1.0" encoding="utf-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <display-name>myrestapplicationservicesweb</display-name> <servlet> <description> jax-rs tools generated - not modify</description> <servlet-name>myrestrest</servlet-name> <servlet-class>com.ibm.websphere.jaxrs.server.ibmrestservlet</servlet-class> <init-param> <param-name>javax.ws.rs.application</param-name> <param-value>com.myrest.student.rest.studentapplication</param-value> </init-param> <load-on-startup>1</load-on-startup> <enabled>true</enabled> <async-supported>false</async-supported> </servlet> <servlet-mapping> <servlet-name>myrestrest</servlet-name> <url-pattern>/myrest-rest/*</url-pattern> </servlet-mapping> <security-role> <description>registeredusers</description> <role-name>registeredusers</role-name> </security-role> <security-constraint> <display-name>area authenticated users</display-name> <web-resource-collection> <web-resource-name>protected resources</web-resource-name> <url-pattern>/myrest-rest/services/*</url-pattern> <http-method>get</http-method> </web-resource-collection> <auth-constraint> <role-name>registeredusers</role-name> </auth-constraint> </security-constraint> <filter> <filter-name>corsfilter</filter-name> <filter-class>com.myrest.student.filter.studentcorsfilter</filter-class> </filter> <filter-mapping> <filter-name>corsfilter</filter-name> <url-pattern>/myrest-rest/*</url-pattern> </filter-mapping> </web-app> i want secure data flow between angularjs app , rest endpoint, adding converting rest api https. added,
<user-data-constraint> <description>redirects http requests https</description> <transport-guarantee>confidential</transport-guarantee> </user-data-constraint> in security-constraint tag.
and please find cors filter added,
public void dofilter(servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception { system.out.println("inside filter"); ((httpservletresponse) response).addheader("access-control-allow-origin", "*"); ((httpservletresponse) response).addheader("access-control-allow-credentials", "true"); ((httpservletresponse) response).addheader("access-control-allow-method", "get, post, put, delete, options"); ((httpservletresponse) response).addheader("content-type", "application/json"); ((httpservletresponse) response).addheader("access-control-allow-headers", "content-type"); string accesscontrolreqheader = ((httpservletrequest) request).getheader("access-control-request-headers"); system.out.println(accesscontrolreqheader); if (((httpservletrequest) request).getmethod().equalsignorecase("options")) { ((httpservletresponse) response).addheader("access-control-allow-headers", accesscontrolreqheader); } else { chain.dofilter(request, response); } } but getting error on angularjs app follows,
xmlhttprequest cannot load http://localhost:9080/studentweb/myrest-rest/services/students/12341234. request redirected 'https://localhost:9443/studentweb/myrest-rest/services/students/12341234', disallowed cross-origin requests require preflight. i can see cors issue https. how can around issue.
here's problem, or @ least 1 of them.
((httpservletresponse) response).addheader("access-control-allow-origin", "*");
you can't use wildcard when sending credentials cors request. instead explicitly list origin. if have many, inspect origin header client , if server decides serve content client return content of request origin header value of access-control-allow-origin response header.
Comments
Post a Comment