| Re: [jersey-dev] [External] : Basic Authentication creates CORS issue from ajax query? |
Thank you for your suggestions.
I defined it in web.xml (from yours http://blog.supol.cz/?p=150 ) as following:
<servlet>
....
....
<init-param>
<param-name>jersey.config.server.wadl.disableWadl</param-name>
<param-value>true</param-value>
</init-param>
.....
</servlet>
I saw now only the [http-nio-8080-exec-8] org.glassfish.jersey.internal.Errors.logErrors,
but I still receive the well-known CORS issue as I mentioned previously in both Safari and Chrome browsers.
Then, I also implemented both the ContainerResponseFilter and ContainerRequestFilter or only the ContainerResponseFilter, following these links:
· https://stackoverflow.com/questions/28065963/how-to-handle-cors-using-jax-rs-with-jersey
· https://www.baeldung.com/cors-in-jax-rs
· https://stackoverflow.com/questions/25860490/enable-cors-post-request-from-angularjs-to-jersey
· https://stackoverflow.com/questions/36030745/using-crossorigin-annotation-with-jax-rs-jersey
I declared the filter class in my web.xml as it shown below:
<init-param>
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>my.package.CORSFilter</param-value>
</init-param>
and I also registered this class in my Application in such a way:
@ApplicationPath("/")
public class MyApplication extends ResourceConfig
{
public MyApplication()
{
packages(“my.package");
register(CORSFilter.class);
.......
......
}
}
but unfortunately, without any success.
I really appreciate any other ideas.
Rearads,
Kostas Kalogirou
_______________________________________________Hi,The "WARNING [http-nio-8080-exec-1] org.glassfish.jersey.server.wadl.WadlFeature.configure JAXBContext implementation could not be found. WADL feature is disabled" tells you that you are on JDK 15 which no longer contains JAX-B implementation (JDK 8 was the last one with JAX-B) and you did not turn of WADL feature, so Jersey expects you would like the WADL be using. But WADL support depends on JAX-B, so Jersey turns WADL support off.
Unless you would like to use WADL, the WARNING is the only bad thing happening regarding the missing JAX-B. If you would like to get rid of this warning, you either can add JAX-B impl on a classpath, or turn WADL off by setting the https://eclipse-ee4j.github.io/jersey.github.io/apidocs/latest/jersey/org/glassfish/jersey/server/ServerProperties.html#WADL_FEATURE_DISABLE property to true.
The connection to CORS might be that the HTTP OPTIONS is by default served by the WADL subroutine, but if I am not mistaken the HTTP OPTIONS response should be answered with the WADL turned off. too, except not in an XML form. Is it possible that you hit this issue?: https://stackoverflow.com/questions/20035101/why-does-my-_javascript_-code-receive-a-no-access-control-allow-origin-header-i
Thanks,Jan
From: jersey-dev <jersey-dev-bounces@xxxxxxxxxxx> on behalf of Kostas Kalogirou <kalgik@xxxxxxxxx>
Sent: Friday, February 19, 2021 9:40 PM
To: jersey-dev@xxxxxxxxxxx <jersey-dev@xxxxxxxxxxx>
Subject: [External] : [jersey-dev] Basic Authentication creates CORS issue from ajax query?Dear all,
I have developed a REST web service using Jersey 2.33. Some methods of my web services have to be basic authenticated (Basic Auth) and some not. For that reason I developed an AuthenticationFilter class implementing the javax.servlet.Filter(). This class is declared in web.xml of my Web REST application as following:
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>my.package.AuthenticationFilter</filter-class>
</filter>
And then I declared the desired path of my REST methods:
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/package/test</url-pattern>
<url-pattern>/package/method1</url-pattern>
<url-pattern>/package/methods/*</url-pattern>
</filter-mapping>
Apache Tomcat 9 hosts this web service. I created an Android and a Java Jersey client to test my REST methods. The interaction took place properly, even for methods that require Basic authentication. Additionally, tests are done successfully with Postman too.
Trying to test them furtherly, I created a web client using ajax jquery(3.5.1). The methods that do not require Basic Authentication return data properly back to the web client. However, when the ajax jquery calls method that require Basic Authentication, I received the well-known CORS issue. More specific, “Preflight response is not successful” on Safari and “Access to XMLHttpRequest at ‘http://localhost:8080/……..’ from origin 'http://localhost:8888' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource” on Chrome.
I have declared the CORS filters in Apache Tomcat as it is shown at https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter. I tested separately the minimal and the advanced configurations.
My web client, an Eclipse Static Web Project, runs at http:localhost:8888 and the Jersey Web Service as a Web application (Eclipse Dynamic Web Project) runs at http:localhost:8080.
I tested my web client in both Eclipse’s integrated HTTP Preview Server and Apache Web Server version 2.4.46-win64-VS16 (Windows OS).
I noticed that the first time after the Tomcat is started and a web service call is taken place, I receive the following:
WARNING [http-nio-8080-exec-1] org.glassfish.jersey.server.wadl.WadlFeature.configure JAXBContext implementation could not be found. WADL feature is disabled.
WARNING [http-nio-8080-exec-1] org.glassfish.jersey.internal.Errors.logErrors
During my search I found that https://www.eclipse.org/lists/jersey-dev/msg00091.html which seems to be close enough to that issue.
I am using Java 15 and tests are taken place in Windows 10 and Mac OS.
Just to mention that if I disable CORS from both Safari and Chrome browsers(an extension found), the ajax jquery calls successfully the methods are required Basic Authentication.
I really appreciate any ideas.
Regards,
Kostas
jersey-dev mailing list
jersey-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jersey-dev