Enabling Cross Origin Requests for a RESTful Web Service :: Learn how to create a RESTful web service with Spring that support Cross-Origin Resource Sharing (CORS).
Home Page: https://spring.io/guides/gs/rest-service-cors/
License: Apache License 2.0
Hi I enabled one of my APIS with @crossorigin annotation.
When I run using spring boot tomcat embedded container it works fine but while deploying the war to an external tomcat container ,it fails.
Any reason why? Morever I am using spring security in my project too
Sorry, guys, checked it out, started to instances
mvn spring-boot:run
mvn spring-boot:run -Dserver.port=9000
followed the tutorial, no Access-Control-Allow-Origin present as a response head, so the demo doesn't work.
Are we missing something in configuration or is @crossorigin annotation broken?
Update the guide to use the most recent Spring Boot version.
Files that require changes are:
initial/build.gradle
initial/pom.xml
complete/build.gradle
complete/pom.xml
See document https://spring.io/guides/gs/rest-service-cors/#_enabling_cors
Code below tries to use deprecated WebMvcConfigurerAdapter, instead of inline interface implementation:
@Bean
public WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurerAdapter() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/greeting-javaconfig").allowedOrigins("http://localhost:9000");
}
};
}
The fact that http://localhost:8080 origin is used is confusing because there is a confusion between same-origin and cross-origin requests, with a lack of successful cross-origin request use case.
The guide mentions @ResponseBody (README.adoc, line 219) but the annotation is both missing in the GreetingController listing and the accompanying example code.
I'd be happy to make a PR :).
Thank you.
There appear to be dependencies on things like swagger in the gradle build, which aren't used in the guide.
On the docs, the final 2 screen shots should have the browser pointing to localhost:9000. It is confusing this way.
Cors filter annotated with @component gets ignored.
Example works if I de-anotate Filter class and put something like this in web.xml:
<filter>
<filter-name>Cors Filter</filter-name>
<filter-class>....SimpleCORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Cors Filter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
any reason this repo is still private? the corresponding spring.io page [1] has a broken link to this repo and a broken image for this repos build status [2].
[1] https://spring.io/guides/gs/rest-service-cors/
[2] https://drone.io/github.com/spring-guides/gs-rest-service-cors/status.png
The line about adding apache http client into gradle.build is not correct. Should be changed by the whole gradle.build file shown below it.
I'm having trouble after adding authentication, where my OPTIONS preflight is being denied as unauthorized. I'm unsure about where to add this into a Spring Boot app. There seem to be a lot of solutions, but most of them focus on web.xml configurations.
Is the command to run the minimal Spring Boot application correct in PowerShell environment? Am I missing something? I'm following the guide and it seems it cannot run. Using:
PS C:\Users\mbresciani\Desktop\Spring\Guides\Enabling Cross Origin Requests for a RESTful Web Service> & 'C:\Program Files (x86)\spring-1.1.5.RELEASE\bin\spring.bat' run app.groovy -- --server.port=9000
The immediate answer I see is
'server.port' is not a recognized option
It runs properly in normal command prompt. The gradle bootRun command works even in PowerShell.
I am using kotlin with spring boot.
I'm about 10 billion kinds of frustrated with the documentation right now. Official and especially this guide. So let's start with this guide. It doesn't include how to make it work with spring security. I know spring security isn't required for CORS, but I think it's probably at least an 80% of the time use case. This still doesn't give me proper CORS headers.
I honestly think this is beyond a problem with just documentation though... but that's a good place to start.
// © Copyright 2024 Caleb Cushing
// SPDX-License-Identifier: AGPL-3.0-or-later
package com.xenoterracide.controller.authn;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.actuate.web.exchanges.HttpExchangeRepository;
import org.springframework.boot.actuate.web.exchanges.InMemoryHttpExchangeRepository;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@SpringBootApplication
public class ResourceServer {
ResourceServer() {}
public static void main(String[] args) {
SpringApplication.run(ResourceServer.class, args);
}
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
.oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
.cors(Customizer.withDefaults())
.httpBasic(c -> c.disable())
.formLogin(f -> f.disable());
return http.build();
}
@Bean
HttpExchangeRepository httpExchangeRepository() {
return new InMemoryHttpExchangeRepository();
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
var cors = new CorsConfiguration();
cors.addAllowedOrigin("http://localhost:3000");
cors.addAllowedMethod("*");
cors.addAllowedHeader("*");
var source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", cors);
return source;
}
@Bean
WebMvcConfigurer corsConfigurer() {
return new WebMvcConfigurer() {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/api/external").allowedOrigins("http://localhost:3000");
}
};
}
@RestController
static class OidcTestController {
private final Logger log = LogManager.getLogger(this.getClass());
@CrossOrigin(originPatterns = "*")
@GetMapping("/api/external")
@NonNull
String index(@Nullable Authentication details) {
this.log.info("{}", details);
var name = details != null ? details.getName() : "world";
return "Hello, " + name;
}
}
}* Host localhost:8080 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:8080...
* Connected to localhost (::1) port 8080
> GET /api/external HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/1.1 200
< Vary: Origin
< Vary: Access-Control-Request-Method
< Vary: Access-Control-Request-Headers
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 0
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< Expires: 0
< X-Frame-Options: DENY
< Content-Type: text/plain;charset=UTF-8
< Content-Length: 12
< Date: Fri, 05 Apr 2024 10:13:21 GMT
<
{ [12 bytes data]
* Connection #0 to host localhost left intact
Hello, world
The Test the service section of Enabling Cross Origin Requests for a RESTful Web Service has an incorrect link reference to Consuming a RESTful Web Service with jQuery:
This is essentially the REST client created in Consuming a RESTful Web Service with jQuery, modified slightly to consume the service when it runs on localhost at port 8080. See that guide for more details on how this client was developed
rest-service/gs/ in https://spring.io/guides/gs/rest-service/gs/consuming-rest-jquery/ The README file describes how to change the port for Maven but not for Gradle. That oversight should be corrected.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.