|[jersey-dev] Basic Authentication creates CORS issue from ajax query?|
I have developed a REST web service using Jersey 2.33. Some methods of my web services have to be basic authenticated (Basic Auth) and some not. For that reason I developed an AuthenticationFilter class implementing the javax.servlet.Filter(). This class is declared in web.xml of my Web REST application as following:
And then I declared the desired path of my REST methods:
Apache Tomcat 9 hosts this web service. I created an Android and a Java Jersey client to test my REST methods. The interaction took place properly, even for methods that require Basic authentication. Additionally, tests are done successfully with Postman too.
Trying to test them furtherly, I created a web client using ajax jquery(3.5.1). The methods that do not require Basic Authentication return data properly back to the web client. However, when the ajax jquery calls method that require Basic Authentication, I received the well-known CORS issue. More specific, “Preflight response is not successful” on Safari and “Access to XMLHttpRequest at ‘http://localhost:8080/……..’ from origin 'http://localhost:8888' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource” on Chrome.
I have declared the CORS filters in Apache Tomcat as it is shown at https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter. I tested separately the minimal and the advanced configurations.
My web client, an Eclipse Static Web Project, runs at http:localhost:8888 and the Jersey Web Service as a Web application (Eclipse Dynamic Web Project) runs at http:localhost:8080.
I tested my web client in both Eclipse’s integrated HTTP Preview Server and Apache Web Server version 2.4.46-win64-VS16 (Windows OS).
I noticed that the first time after the Tomcat is started and a web service call is taken place, I receive the following:
WARNING [http-nio-8080-exec-1] org.glassfish.jersey.server.wadl.WadlFeature.configure JAXBContext implementation could not be found. WADL feature is disabled.
WARNING [http-nio-8080-exec-1] org.glassfish.jersey.internal.Errors.logErrors
During my search I found that https://www.eclipse.org/lists/jersey-dev/msg00091.html which seems to be close enough to that issue.
I am using Java 15 and tests are taken place in Windows 10 and Mac OS.
Just to mention that if I disable CORS from both Safari and Chrome browsers(an extension found), the ajax jquery calls successfully the methods are required Basic Authentication.
I really appreciate any ideas.
Back to the top