CORs support in JEE6 JAX-RS

[DK <de...@gmail.com>]

I need to enable CORS support for my REST API?
 
I assume I need to use Apache Wink HandlersFactory and ResponseHandler? Any
examples?



--
View this message in context: http://apache-wink-users.3471013.n2.nabble.com/CORs-support-in-JEE6-JAX-RS-tp7572806.html
Sent from the Apache Wink Users mailing list archive at Nabble.com.

Re: CORs support in JEE6 JAX-RS

[Daniel Krook <kr...@us.ibm.com>]

Hi Desmond,


> Hi Luciano,
>
> Yes I was going to take a look at the Servlet Filter approach but if you
> have some code you can point me at. All the better.
>
> I just need to simple CORs implementation so my JavaScript(AngularJS)
front
> end can interact with my REST Interface. So I just want to accept
requests
> from any domain.


Here's a bit of sample code that sets the CORS header in a servlet (you can
do it in a filter or elsewhere).

<
https://github.com/krook/krook-service-provider/blob/master/src/net/bluemix/krook/provider/CorsProviderServlet.java
>

Instead of specifying a hostname for the "Access-Control-Allow-Origin"
header, use an asterisk "*" to accept from any client.

You can trace the flow of headers from consumer to provider here:

<http://krook-service-consumer.mybluemix.net>

Please note that there's nothing Wink related in this sample code. I just
pushed the consumer and provider WAR files to a PaaS (IBM Bluemix) to
demonstrate that they run on different hosts.



Daniel Krook
http://krook.info/

Re: CORs support in JEE6 JAX-RS

[DK <de...@gmail.com>]

Hi Luciano,

Yes I was going to take a look at the Servlet Filter approach but if you
have some code you can point me at. All the better.

I just need to simple CORs implementation so my JavaScript(AngularJS) front
end can interact with my REST Interface. So I just want to accept requests
from any domain.



--
View this message in context: http://apache-wink-users.3471013.n2.nabble.com/CORs-support-in-JEE6-JAX-RS-tp7572806p7572809.html
Sent from the Apache Wink Users mailing list archive at Nabble.com.

Re: CORs support in JEE6 JAX-RS

[Luciano Resende <lu...@gmail.com>]

In Apache Tuscany, I have implemented CORS in the REST binding that uses
Wink under the covers... If you want to use that it might be quicker for
you...

Otherwise i would have to take a look on best way to inplement in Wink
directly in a flexible way.

Please let me know ...

On Monday, July 7, 2014, Lars-Fredrik Smedberg <it...@gmail.com> wrote:

> Hi!
>
> For a more in-depth explanation of CORS see http://www.w3.org/TR/cors/
>
> For the simple scenario described in 6.1 of the w3c document you could
> either implement it as a Wink or as a Servlet Filter, I would guess a
> Servlet filter would be easier.
>
> The simplest case implemented as a Servlet filter could look like:
>
> 1. In the doFilter check if the request contains the "Origin" header, if
> not => send e.g. http status 403
> 2. Then check if the value of the "Origin" header corresponds to a value
> in a whitelist, if not => send e.g. http status 403
> 3. Add a response header called "Access-Control-Allow-Origin" bouncing the
> value found in the "Origin" header
> 4. Process the next filter/servlet in the filter chain
>
> Regards
> Lars-Fredrik Smedberg
>
>
>
> On Sat, Jul 5, 2014 at 8:42 PM, DK <desmond.kirrane@gmail.com
> <javascript:_e(%7B%7D,'cvml','desmond.kirrane@gmail.com');>> wrote:
>
>> I need to enable CORS support for my REST API?
>>
>> I assume I need to use Apache Wink HandlersFactory and ResponseHandler?
>> Any
>> examples?
>>
>>
>>
>> --
>> View this message in context:
>> http://apache-wink-users.3471013.n2.nabble.com/CORs-support-in-JEE6-JAX-RS-tp7572806.html
>> Sent from the Apache Wink Users mailing list archive at Nabble.com.
>>
>
>
>
> --
> Med vänlig hälsning / Best regards
>
> Lars-Fredrik Smedberg
>
> STATEMENT OF CONFIDENTIALITY:
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> address(es) and may contain confidential or privileged information. If
> you are not the intended recipient, please notify Lars-Fredrik Smedberg
> immediately at itsmeden@gmail.com
> <javascript:_e(%7B%7D,'cvml','itsmeden@gmail.com');>, and destroy all
> copies of this
> message and any attachments.
>


-- 
Sent from my Mobile device

Re: CORs support in JEE6 JAX-RS

[Lars-Fredrik Smedberg <it...@gmail.com>]

Hi!

For a more in-depth explanation of CORS see http://www.w3.org/TR/cors/

For the simple scenario described in 6.1 of the w3c document you could
either implement it as a Wink or as a Servlet Filter, I would guess a
Servlet filter would be easier.

The simplest case implemented as a Servlet filter could look like:

1. In the doFilter check if the request contains the "Origin" header, if
not => send e.g. http status 403
2. Then check if the value of the "Origin" header corresponds to a value in
a whitelist, if not => send e.g. http status 403
3. Add a response header called "Access-Control-Allow-Origin" bouncing the
value found in the "Origin" header
4. Process the next filter/servlet in the filter chain

Regards
Lars-Fredrik Smedberg



On Sat, Jul 5, 2014 at 8:42 PM, DK <de...@gmail.com> wrote:

> I need to enable CORS support for my REST API?
>
> I assume I need to use Apache Wink HandlersFactory and ResponseHandler? Any
> examples?
>
>
>
> --
> View this message in context:
> http://apache-wink-users.3471013.n2.nabble.com/CORs-support-in-JEE6-JAX-RS-tp7572806.html
> Sent from the Apache Wink Users mailing list archive at Nabble.com.
>



-- 
Med vänlig hälsning / Best regards

Lars-Fredrik Smedberg

STATEMENT OF CONFIDENTIALITY:
The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
address(es) and may contain confidential or privileged information. If
you are not the intended recipient, please notify Lars-Fredrik Smedberg
immediately at itsmeden@gmail.com, and destroy all copies of this
message and any attachments.