No Access-Control-Allow-Origin header is present on the requested resource - Resteasy

Question

I am working on a webapplication comprises UI-Angular , Server-Java , RestEasy 3.0.9.Final for rest api calls

When i tried to access the rest service from another domain am getting below error

CANNOT LOAD Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.

I configured my server side to respond with the cross domain calls and this is working with the GET Call but POST Call is creating ERROR

web.xml

<context-param>
    <param-name>resteasy.providers</param-name>
    <param-value>com.test.sample.app.CorsFeature</param-value>
</context-param>

<listener>
    <listener-class>
        org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap</listener-class>
</listener>


<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>resteasy-servlet</servlet-name>
    <servlet-class>
        org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.test.sample.app.Application</param-value>
    </init-param>
</servlet>

<servlet-mapping>
    <servlet-name>resteasy-servlet</servlet-name>
    <url-pattern>/rest/*</url-pattern>
</servlet-mapping>

<context-param>
    <param-name>resteasy.servlet.mapping.prefix</param-name>
    <param-value>/rest</param-value>
</context-param>
<context-param>
    <param-name>resteasy.scan</param-name>
    <param-value>true</param-value>
</context-param>

Service class

@GET
@Path("/getnameAtt")
@Produces(MediaType.APPLICATION_JSON)
public Response getHostnameAttributes() {
return Response
.status(200)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Headers",
        "origin, content-type, accept, authorization")
.header("Access-Control-Allow-Credentials", "true")
.header("Access-Control-Allow-Methods",
        "GET, POST, PUT, DELETE, OPTIONS, HEAD")
.header("Access-Control-Max-Age", "1209600")
.entity(new TestImpl().getHostNameAttributes())
.build();
}

@POST
@Path("/getSeq")
@Produces(MediaType.APPLICATION_JSON)
public Response getCurrentSequence(String request) {
return Response
.status(200)
.header("Access-Control-Allow-Origin", "*")
.header("Access-Control-Allow-Headers",
        "origin, content-type, accept, authorization")
.header("Access-Control-Allow-Credentials", "true")
.header("Access-Control-Allow-Methods",
        "GET, POST, PUT, DELETE, OPTIONS, HEAD")
.header("Access-Control-Max-Age", "1209600")
.entity(new TestImpl().getCurrentSeq(request))
.build();
}

Since i am new to resteasy not able to figure out why this was not working. Any help would be greatly appreciated . Waiting for your response.

Thanks

User · Answer

After facing a similar issue  below is what I did    Created a class extending javax ws rs core Application and added a Cors Filter to it   To the CORS filter  I added corsFilter getAllowedOrigins   add  quot http   localhost 4200 quot     Basically  you should add the URL which you want to allow Cross-Origin Resource Sharing  Ans you can also use  quot   quot  instead of any specific URL to allow any URL  public class RestApplication     extends Application       private Set lt Object gt  singletons   new HashSet lt Object gt          public MessageApplication                 singletons add new CalculatorService       CalculatorService is your specific service you want to add use          CorsFilter corsFilter   new CorsFilter               To allow all origins for CORS add following  otherwise add only specific urls             corsFilter getAllowedOrigins   add  quot   quot            System out println  quot To only allow restrcited urls  quot            corsFilter getAllowedOrigins   add  quot http   localhost 4200 quot            singletons   new LinkedHashSet lt Object gt             singletons add corsFilter               Override     public Set lt Object gt  getSingletons                 return singletons            And here is my web xml    lt web-app id  quot WebApp ID quot  version  quot 2 4 quot      xmlns  quot http   java sun com xml ns j2ee quot      xmlns xsi  quot http   www w3 org 2001 XMLSchema-instance quot      xsi schemaLocation  quot http   java sun com xml ns j2ee      http   java sun com xml ns j2ee web-app 2 4 xsd quot  gt       lt display-name gt Restful Web Application lt  display-name gt        lt  -- Auto scan rest service -- gt       lt context-param gt           lt param-name gt resteasy scan lt  param-name gt           lt param-value gt true lt  param-value gt       lt  context-param gt        lt context-param gt           lt param-name gt resteasy servlet mapping prefix lt  param-name gt           lt param-value gt  rest lt  param-value gt       lt  context-param gt        lt listener gt           lt listener-class gt              org jboss resteasy plugins server servlet ResteasyBootstrap          lt  listener-class gt       lt  listener gt        lt servlet gt           lt servlet-name gt resteasy-servlet lt  servlet-name gt           lt servlet-class gt              org jboss resteasy plugins server servlet HttpServletDispatcher          lt  servlet-class gt           lt init-param gt               lt param-name gt javax ws rs Application lt  param-name gt               lt param-value gt com app RestApplication lt  param-value gt           lt  init-param gt       lt  servlet gt        lt servlet-mapping gt           lt servlet-name gt resteasy-servlet lt  servlet-name gt           lt url-pattern gt  rest   lt  url-pattern gt       lt  servlet-mapping gt    lt  web-app gt   The most important code which I was missing when I was getting this issue was  I was not adding my class extending javax ws rs Application i e RestApplication to the init-param of          lt servlet-name gt resteasy-servlet lt  servlet-name gt      lt init-param gt           lt param-name gt javax ws rs Application lt  param-name gt           lt param-value gt com app RestApplication lt  param-value gt       lt  init-param gt   And therefore my Filter was not able to execute and thus the application was not allowing CORS from the URL specified

User · Answer

Seems your resource POSTmethod won t get hit as  peeskillet mention  Most probably your  POST  request won t work  because it may not be a simple request  The only simple requests are GET  HEAD or POST and request headers are simple The only simple headers are Accept  Accept-Language  Content-Language  Content-Type  application x-www-form-urlencoded  multipart form-data  text plain    Since in you already  add Access-Control-Allow-Origin headers to your Response  you can add new OPTIONS method to your resource class        OPTIONS  Path   path         public Response options         return Response ok                  header  Access-Control-Allow-Origin                     header  Access-Control-Allow-Headers    origin  content-type  accept  authorization                header  Access-Control-Allow-Methods    GET  POST  PUT  DELETE  OPTIONS  HEAD                header  Access-Control-Max-Age    2000                build

User · Answer

Your resource methods won t get hit  so their headers will never get set  The reason is that there is what s called a preflight request before the actual request  which is an OPTIONS request  So the error comes from the fact that the preflight request doesn t produce the necessary headers   For RESTeasy  you should use CorsFilter  You can see here for some example how to configure it  This filter will handle the preflight request  So you can remove all those headers you have in your resource methods    See Also    HTTP access control  CORS

[rest] No 'Access-Control-Allow-Origin' header is present on the requested resource - Resteasy

The answer is

Examples related to rest

Examples related to cors

Examples related to resteasy

Tags