Eugene Mironenko Eugene Mironenko - 3 days ago 4
Java Question

Could not enable CORS for JAX-RS Web Service

When I invoke my service via Angular2 using

http.post
request, I get

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.


My JAX-RS service

@Override
@POST
@Path("/getWsCallReports")
@Produces(MediaType.APPLICATION_JSON)
public Response getWsCallReports(Query query) {
try {
LOG.info("getWsCallReports called for " + query);
return Response.status(200)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Headers", "origin, content-type, accept, authorization")
.header("Access-Control-Allow-Credentials", "true")
.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD")
.header("Access-Control-Max-Age", "1209600").entity(wsCallReportDao.getReports(query)).build();
} catch (Exception e) {
return Response.serverError().build();
}
}


Also I've tried to add simple HTTP filter that defines all necessary headers for all requests

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;

// TODO: development only
response.addHeader("Access-Control-Allow-Origin", "*");

response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
response.addHeader("Access-Control-Max-Age", "1209600");
filterChain.doFilter(servletRequest, servletResponse);
}


but it didn't help. What am I doing wrong?

Just in case, I'm using Java EE 6 and I'm not able to implement
ContainerResponseFilter
. I'm sure that it can be done without it.

Answer

This is a bug in JAX-RS implementation that is built-in to JBoss EAP 6.2 (RestEasy 2.3.7.final). Upgrade to JBoss EAP 7.0 has solved the problem.

Comments