Below is the code I use to test CORS, http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.
<script
src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
<script type="text/javascript">
var $ = jQuery.noConflict();
$.aja(angry) {
cache: false,
crossDomain: true,
dataType: "json",
url: "http://czetsuya/myService/meMethod",
type: "GET",
success: function( jsonObj, textStatus, xhr ) {
var htmlContent = $( "#logMsgDiv" ).html( ) + "<p>" + jsonObj.message + "</p>";
$( "#logMsgDiv" ).html( htmlContent );
},
beforeSend: function (xhr) {
xhr.setRequestHeader ("Authorization", "Basic " + btoa("username:password"));
},
error: function( xhr, textStatus, errorThrown ) {
console.log( "HTTP Status: " + xhr.status );
console.log( "Error textStatus: " + textStatus );
console.log( "Error thrown: " + errorThrown );
}
} );
</script>
And here are the javaEE filters.
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @author Edward P. Legaspi
**/
@Provider
@PreMatching
public class RESTCorsRequestFilter implements ContainerRequestFilter {
private final static Logger log = LoggerFactory
.getLogger(RESTCorsRequestFilter.class.getName());
@Override
public void filter(ContainerRequestContext requestCtx) throws IOException {
// When HttpMethod comes as OPTIONS, just acknowledge that it accepts...
if (requestCtx.getRequest().getMethod().equals("OPTIONS")) {
log.debug("HTTP Method (OPTIONS) - Detected!");
// Just send a OK signal back to the browser
requestCtx.abortWith(Response.status(Response.Status.OK).build());
}
}
}
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @author Edward P. Legaspi
**/
@Provider
@PreMatching
public class RESTCorsResponseFilter implements ContainerResponseFilter {
private final static Logger log = LoggerFactory
.getLogger(RESTCorsResponseFilter.class.getName());
@Override
public void filter(ContainerRequestContext requestCtx,
ContainerResponseContext responseCtx) throws IOException {
log.debug("Adding CORS to the response.");
responseCtx.getHeaders().add("Access-Control-Allow-Origin", "*");
responseCtx.getHeaders()
.add("Access-Control-Allow-Credentials", "true");
responseCtx.getHeaders().add("Access-Control-Allow-Methods",
"GET, POST, DELETE, PUT");
}
}
If you are using RESTEasy just like I'm usually am. You can take advantage of the already available CorsFilter class:
package com.weddinghighway.api.rest.filter;
import javax.ws.rs.core.Feature;
import javax.ws.rs.core.FeatureContext;
import javax.ws.rs.ext.Provider;
import org.jboss.resteasy.plugins.interceptors.CorsFilter;
/**
* @author Edward P. Legaspi
* @created 5 Oct 2017
*/
@Provider
public class RESTCorsResponseFilter implements Feature {
@Override
public boolean configure(FeatureContext context) {
CorsFilter corsFilter = new CorsFilter();
corsFilter.getAllowedOrigins().add("*");
context.register(corsFilter);
return true;
}
}
Note: If one fails, then just try the other :-)
0 nhận xét:
Đăng nhận xét