Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jersey-dev] [External] : Basic Authentication creates CORS issue from ajax query?
  • From: Jan Supol <jan.supol@xxxxxxxxxx>
  • Date: Sun, 21 Feb 2021 00:26:49 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x/P5y+sE3Q4POKlH+yPP7v49spwFYhpnRJ+SF/tD/AM=; b=ivfgVvlhi9ux+iGaV4thB3oQsgoF0B77k+S+lLlIB5dfknP7eUqoaEDNSlUDU9veNqZgIXVPbPziRXNDkXc6G/MJSBPQmUT2569PmiGtTSv9Ju6CbucxBWZECoopdBnW4KpxzIp3UmZN2sWPiy2h8J8kjF28E5QpXb30EPkdlrpSInYpphnltnBZK7noInSmuGNopmCy6t1xkOpZ9DvMLMH3WMKmajrNaOAO1O7ONYY4gToDsoC+vgSXMu39z2CfOtd5R/Lkt/YopMLMod1WnnGDn/O3KkI6LtIVL06LShWMtg+0HjkG6B3ivjCEQtccWnS1V5NA7NIpJdvtZfh6Kg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=e2WzD5+b1UKORJ/z2t5FYAD9PuS+ABtkAlQ7KzPEoIeyyUvjgOUtaLTR2zFdLvZ7LM43uJsE9b9YZhy3+HHTvXWr4NEMDaD9XbOswUCRslF4H6QqM07fvQO+PBZNZzD/Jb7EUtPEvblxMR64/AFVZc4z6oZFCrn9pcZFg6KIFn6JF6reFfI3730z1IGKG6yvZ96dyPrGdcWuH2Q/Afil3QdQZETbthm9l5mdaUD6q/vOPDIRYEGH+jLZzUhHLcvsLVLY/Iv/LivUsGQwHW3K7KasNH3XDB5oRDFAP+njhTn7fFbtsz54Eq60Guy+v4zkn0El1KqHjj8xvNajdECP+A==
  • Delivered-to: jersey-dev@xxxxxxxxxxx
  • List-archive: <>
  • List-help: <>
  • List-subscribe: <>, <>
  • List-unsubscribe: <>, <>
  • Thread-index: AQHXBv+CRuKaOgTRe0S4imWTGnHjzKphu4mX
  • Thread-topic: [External] : [jersey-dev] Basic Authentication creates CORS issue from ajax query?

The "WARNING [http-nio-8080-exec-1] org.glassfish.jersey.server.wadl.WadlFeature.configure JAXBContext implementation could not be found. WADL feature is disabled" tells you that you are on JDK 15 which no longer contains JAX-B implementation (JDK 8 was the last one with JAX-B) and you did not turn of WADL feature, so Jersey expects you would like the WADL be using. But WADL support depends on JAX-B, so Jersey turns WADL support off. 

Unless you would like to use WADL, the WARNING is the only bad thing happening regarding the missing JAX-B. If you would like to get rid of this warning, you either can add JAX-B impl on a classpath, or turn WADL off by setting the property to true.

The connection to CORS might be that the HTTP OPTIONS is by default served by the WADL subroutine, but if I am not mistaken the HTTP OPTIONS response should be answered with the WADL turned off. too, except not in an XML form.  Is it possible that you hit this issue?:


From: jersey-dev <jersey-dev-bounces@xxxxxxxxxxx> on behalf of Kostas Kalogirou <kalgik@xxxxxxxxx>
Sent: Friday, February 19, 2021 9:40 PM
To: jersey-dev@xxxxxxxxxxx <jersey-dev@xxxxxxxxxxx>
Subject: [External] : [jersey-dev] Basic Authentication creates CORS issue from ajax query?
Dear  all,

I have developed a REST web service using Jersey 2.33. Some methods of my web services have to be basic authenticated (Basic Auth) and some not. For that reason I  developed an AuthenticationFilter class implementing the javax.servlet.Filter(). This class is declared in web.xml of my Web REST application as following:





And then I declared the desired path of my REST methods:







Apache Tomcat 9 hosts this web service. I created an Android and a Java Jersey client to test my REST methods. The interaction took place properly, even for methods that require Basic authentication. Additionally, tests are done successfully with Postman too. 

Trying to test them furtherly, I created a web client using ajax jquery(3.5.1). The methods that do not require Basic Authentication return data properly back to the web client. However, when the ajax jquery calls method that require Basic Authentication, I received the well-known CORS issue. More specific, “Preflight response is not successful” on Safari and “Access to XMLHttpRequest at ‘http://localhost:8080/……..’ from origin 'http://localhost:8888' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource” on Chrome.

I have declared the CORS filters in Apache Tomcat as it is shown at I tested separately the minimal and the advanced configurations.

My web client, an Eclipse Static Web Project, runs at http:localhost:8888 and the Jersey Web Service as a Web application (Eclipse Dynamic Web Project) runs at http:localhost:8080.

I tested my web client in both Eclipse’s integrated HTTP Preview Server and Apache Web Server version 2.4.46-win64-VS16 (Windows OS).

I noticed that the first time after the Tomcat is started and a web service call is taken place, I receive the following:

WARNING [http-nio-8080-exec-1] org.glassfish.jersey.server.wadl.WadlFeature.configure JAXBContext implementation could not be found. WADL feature is disabled.

WARNING [http-nio-8080-exec-1] org.glassfish.jersey.internal.Errors.logErrors 

During my search I found that  which seems to be close enough to that issue.

I am using Java 15 and tests are taken place in Windows 10 and Mac OS.

Just to mention that if I disable CORS from both Safari and Chrome browsers(an extension found), the ajax jquery calls successfully the methods are required Basic Authentication.

I really appreciate any ideas.



Back to the top