You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by Gary <si...@gmail.com> on 2018/03/15 03:18:41 UTC

Config Shiro to allow CORS requests

I have server REST API secured with shiro.ini, which use authc.loginUrl to
re-direct all request that's not logged in .
I have a separate Augular2 based web app that trying to access server's REST
services. From browser console, I can see server re-directed the request to
login URL configured on shiro.ini, but because of Angular2 web server and
backend server URL is different, the login page is not displayed. The CORS
error message was "<login URL> has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested resource".
I heard that if I add the Access-Control-Allow-Origin header to the server
response (not sure if only the login page response or all the responses),
the problem will get resolved. But since I only used web.xml and shiro.ini
for Shiro, not sure how to do that with these two files.
Any sample code will be highly appreciated.




--
Sent from: http://shiro-user.582556.n2.nabble.com/

Re: Config Shiro to allow CORS requests

Posted by Stephen Agyepong <st...@gmail.com>.

on the server, where you are returning a response, you will do something
like this,

static void sendTextResponseInternal(String text, String contentType, String
filename, ExecutionContextImpl eci,
HttpServletRequest request, HttpServletResponse response,
Map<String, Object> requestAttributes) {

response.addHeader("Access-Control-Allow-Origin", "http://localhost:8100")
response.addHeader("Access-Control-Allow-Credentials", "true")
response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT,
OPTIONS")
response.addHeader("Access-Control-Allow-Headers", "Content-Type,
Authorization, api_key, header")
response.writer.write(responseText)

On Wed, Mar 14, 2018 at 11:18 PM, Gary <si...@gmail.com> wrote:

> I have server REST API secured with shiro.ini, which use authc.loginUrl to
> re-direct all request that's not logged in .
> I have a separate Augular2 based web app that trying to access server's
> REST
> services. From browser console, I can see server re-directed the request to
> login URL configured on shiro.ini, but because of Angular2 web server and
> backend server URL is different, the login page is not displayed. The CORS
> error message was "<login URL> has been blocked by CORS policy: No
> 'Access-Control-Allow-Origin' header is present on the requested resource".
> I heard that if I add the Access-Control-Allow-Origin header to the server
> response (not sure if only the login page response or all the responses),
> the problem will get resolved. But since I only used web.xml and shiro.ini
> for Shiro, not sure how to do that with these two files.
> Any sample code will be highly appreciated.
>
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>