Eugene Mironenko Eugene Mironenko - 9 months ago 72
Java Question

Could not enable CORS for JAX-RS Web Service

When I invoke my service via Angular2 using
request, I get

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access.

My JAX-RS service

public Response getWsCallReports(Query query) {
try {"getWsCallReports called for " + query);
return Response.status(200)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Headers", "origin, content-type, accept, authorization")
.header("Access-Control-Allow-Credentials", "true")
.header("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD")
.header("Access-Control-Max-Age", "1209600").entity(wsCallReportDao.getReports(query)).build();
} catch (Exception e) {
return Response.serverError().build();

Also I've tried to add simple HTTP filter that defines all necessary headers for all requests

public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) servletResponse;

// TODO: development only
response.addHeader("Access-Control-Allow-Origin", "*");

response.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
response.addHeader("Access-Control-Allow-Credentials", "true");
response.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
response.addHeader("Access-Control-Max-Age", "1209600");
filterChain.doFilter(servletRequest, servletResponse);

but it didn't help. What am I doing wrong?

Just in case, I'm using Java EE 6 and I'm not able to implement
. I'm sure that it can be done without it.

Answer Source

This is a bug in JAX-RS implementation that is built-in to JBoss EAP 6.2 (RestEasy Upgrade to JBoss EAP 7.0 has solved the problem.