-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Maatari,
On 7/23/15 10:49 AM, Maatari Daniel Okouya wrote: > Hi, > > I am using TOMCAT 7, and I have enable the CORS FILTER as per the > explanation on the official website: > https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filte r > > I use the actual configuration: > > > <filter> <filter-name>CorsFilter</filter-name> > <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> > > <init-param> > <param-name>cors.allowed.origins</param-name> > <param-value>*</param-value> </init-param> <init-param> > <param-name>cors.allowed.methods</param-name> > <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> > <init-param> <param-name>cors.allowed.headers</param-name> > <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Contro l-Request-Method,Access-Control-Request-Headers</param-value> > > </init-param> > <init-param> <param-name>cors.exposed.headers</param-name> > <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credenti als</param-value> > > </init-param> > <init-param> <param-name>cors.support.credentials</param-name> > <param-value>true</param-value> </init-param> <init-param> > <param-name>cors.preflight.maxage</param-name> > <param-value>10</param-value> </init-param> </filter> > <filter-mapping> <filter-name>CorsFilter</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > I do it in my Web.xml that is in the conf folder. > > However the app that i am trying to access have a spring security > filter. I show below the application configuration in question. I > have no control over that application. In fact this is a vendor > application. I can only modify the configuration file to enable the > CORS FILTER. > > <!-- Spring Security START --> <filter> > <filter-name>springSecurityFilterChain</filter-name> > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</fi lter-class> > > </filter> > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/</url-pattern> </filter-mapping> <!-- Spring Security > END --> > > or a larger view > > > <filter> <filter-name>MessageFilter</filter-name> > <filter-class>at.punkt.PoolParty.Management.MessageFilter</filter-clas s> > > </filter> > <filter-mapping> <filter-name>MessageFilter</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > <filter> <filter-name>TransactionFilter</filter-name> > <filter-class>biz.poolparty.thesaurus.web.support.TransactionFilter</f ilter-class> > > </filter> > <filter-mapping> <filter-name>TransactionFilter</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > <filter> <filter-name>SpringLocaleFilter</filter-name> > <filter-class>biz.poolparty.thesaurus.web.support.SpringLocaleFilter</ filter-class> > > </filter> > <filter-mapping> <filter-name>SpringLocaleFilter</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> > > <!-- Spring Security START --> <filter> > <filter-name>springSecurityFilterChain</filter-name> > <filter-class>org.springframework.web.filter.DelegatingFilterProxy</fi lter-class> > > </filter> > <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> > <filter-name>springSecurityFilterChain</filter-name> > <url-pattern>/</url-pattern> </filter-mapping> <!-- Spring Security > END --> > > <listener> <description>ServletContextListener</description> > <listener-class>at.punkt.PoolParty.Management.PoolPartyListener</liste ner-class> > > </listener> > > <!-- Location of the XML file that defines the root application > context --> <context-param> > <param-name>contextConfigLocation</param-name> > <param-value>classpath:/applicationContext.xml</param-value> > </context-param> > > <listener> > <listener-class>org.springframework.web.context.ContextLoaderListener< /listener-class> > > </listener> > > <!-- Include spring dispatcher servlet --> <servlet> > <servlet-name>dispatcher</servlet-name> > <servlet-class>org.springframework.web.servlet.DispatcherServlet</serv let-class> > > <load-on-startup>2</load-on-startup> > <async-supported>true</async-supported> </servlet> > <servlet-mapping> <servlet-name>dispatcher</servlet-name> > <url-pattern>/!/*</url-pattern> </servlet-mapping> > <servlet-mapping> <servlet-name>dispatcher</servlet-name> > <url-pattern>/api/*</url-pattern> </servlet-mapping> > > > I wonder if there is an issue between the Spring Security Filter > and the Native Cors Filter coming with tomcat ? > > What are the work around ? > > If not how can I know what is exactly stop the CORS FILTER FROM > WORKING RIGHT ? What happens when the filter does not work properly? Does the application break, or do you merely not get any CORS protection. What have you been doing to test? You need to provide more information if we can help you. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVt87nAAoJEBzwKT+lPKRY2NYQAMWT+0tvpB3NxIvT7rS4eqDH uMdZ5hKen1zTUwaR75HpMmOYy1fNieoC4MG5GQluRe9V+hd4nW1FjR3FRUFhlBPC kyfhAmKND7Hc+MO//hwOFxCH0pMAEoeECqjIXdwyHqdMLqDxHKxDir2rlBN8qVJ5 YttStdG1PvuZaarWNavoILHN3ENO273KM1Ujq+UfpKSwU7zFKqRFPa/HdJIx1jnj QOYadkTLejXKAFKXNIaJv1lOy/PF5AH7kNkIqaakRhWfTxddufBY508qkfPF1AKQ wZkRejfq7ARG6z+ygbHYAuc2we3ulfIgDvbYOWQBxHhXaKTH9oP6swmyTV04BWWu wReISXWKDRjAeqNc2v9toiuNJxG9E6tuEuoO1hXOme9iKjZ7+5n/pcupYXy8QaLw hulb0r+Rw8XPE2zwZVPmoJLt3gzVJ9/9Rwy4amagLNd8TT25/0jKD9pyCjb6xVak tIx9hpHocr8UGGooM3YErs0ZIxMJyMaK/Amyu/e/xlkWLocY67f4YbkRCr93OOs+ drJJYTyAy5ScKbK3k3k4Fe7j3+A8Va6W77xP2FLmXLFphAGXTNw0JcqzhyEG7R+v xVaPNlR+GKvuKfp3T7KEXWbNaNUswOWGo9OHpY5Ji/r4otuhtN0c7EwA2qVvZJQ9 dOWlEdHul4YVAO1ISQAV =YuF9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
