Enabling a CORS Response Filter in Tomcat 8.0

Question

I am attempting to call a web service on one server from another (cross origin) using a fairly basic jQuery.ajax POST request.

        return $.ajax({
            type: "POST",
            url: "http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456",
            dataType:"json"
        });

I am always getting the following error response ...

XMLHttpRequest cannot load http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456 . No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin http://localhost:63342 is therefore not allowed access.

The web service is a Java-built Jersey based web service hosted on Apache Tomcat/8.0.8 . I have tried sending the request as JSONP but that ran me into issues when attempting to handle the callbacks from the promise object. That's another post however ... As an alternative I decided to look into implementing a CORS Response solution. Now I am VERY new to Java programming and am not that comfortable with it so please bear with me.

I have looked at two primary solutions for implementing CORS. One is to build a custom response filter. I could not get that to work but then discovered that since Tomcat 7.0 a filter is supposedly already provided. I have seen several posts on this second solution but had absolutely no luck with it. Using the guidelines provided in the Apache Tomcat Documentation I added the following FILTER information to the web.xml file of the application (I have also tried adding it to the web.xml of the root and it didn't work there either).

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Since I am using Tomcat 8.0.8 . I would have expected this to work, yet I continue to get the same error. Am I missing something?

Thanks for your help.

UPDATED

I am adding the headers from Firebug when calling the service in Firefox. This is the Request header ...

Accept  application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control   no-cache
Connection  keep-alive
Content-Length  0
Host    dev.hostname.com
Origin  http://localhost:63342
Pragma  no-cache
Referer http://localhost:63342/keurig/default.html
User-Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

This is the Response header

Content-Length  0
Content-Type    text/plain
Date    Thu, 21 Aug 2014 17:50:58 GMT
Server  Apache-Coyote/1.1

I definitely do not see any of the "Access-Control-*" headers that would expect to be see in the response.

Answer 1

The CORS configuration provided here worked for me, but not until I had removed the space in 'Allowed Headers' after the comma in the last header.

<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>

Once I took out that space before "Last-Modified" I was in business.

Answer 2

在运行Apache Tomcat / 8.0.43的传统Struts 2应用程序中修复此问题的解决方案是在web.xml配置文件中的Struts 2过滤器之前添加CORS过滤器。