How to configure CORS with a Spring Java Mongo REST application?

Question

I am trying to combine these two sample Java Spring apps together in order to be able to run my Mongo database on one server and serve JSON to a front end app on another server.

CORS tutorial: http://spring.io/guides/gs/rest-service-cors/

MongoDB with REST http://spring.io/guides/gs/accessing-mongodb-data-rest/

My current "MongoDB with REST" Spring.io sample application runs, but it currently still isn't supporting CORS even after adding the SimpleCORSFilter class as shown in the CORS sample (above).

I am thinking that I may simply need to configure this new SimpleCORSFilter class somewhere - in the annotation equivalent of the web.xml - so I am trying to use @WebFilter("/*") in the SimpleCORSFilter class.

According to the "MongoDB with REST" tutorial page, the "@Import(RepositoryRestMvcConfiguration.class) annotation imports a collection of Spring MVC controllers, JSON converters, and other beans needed to provide a RESTful front end. These components link up to the Spring Data MongoDB backend." This might indicate that I should also want to override something in RepositoryRestMvcConfiguration to configure the SimpleCORSFilter filter.

I tried adding @WebFilter("/") on the SimpleCORSFilter class itself, but I don't see Access-Control- headers in the response using curl --verbose. As a result, I don't think the filter is properly configured.

Has anyone had any luck with combining these two tutorial projects (or something similar?)?

For reference, the SimpleCORSFilter class I am trying to configure is here:

package foo.bar;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@WebFilter("/*")
@Component
public class SimpleCORSFilter extends OncePerRequestFilter implements Filter {
/* Attempt #1 - based on original demo code from spring.io - could not get to work
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse response = (HttpServletResponse) res;
        response.setHeader("Access-Control-Allow-Origin", "*");
        response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
        response.setHeader("Access-Control-Max-Age", "3600");
        response.setHeader("Access-Control-Allow-Headers", "x-requested-with");
        chain.doFilter(req, res);
    }
*/

// Attempt #2 - based on https://stackoverflow.com/questions/20583814/angular-and-cors which advised use of addHeader() instead of setHeader() - still no luck
    @Override
    protected void doFilterInternal(HttpServletRequest request,
            HttpServletResponse response, FilterChain filterChain)
            throws ServletException, IOException {
        response.addHeader("Access-Control-Allow-Origin", "*");
        response.addHeader("Access-Control-Allow-Methods",
                "GET, POST, PUT, DELETE, OPTIONS");
        response.addHeader("Access-Control-Allow-Headers",
                "origin, content-type, accept, x-requested-with, sid, mycustom, smuser");
            filterChain.doFilter(request, response);
    }

    // unable to override this final method
    //public void init(FilterConfig filterConfig) {}

    public void destroy() {}
}

...and the main Application class which currently seems to be performing the configuration is here:

package foo.bar;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.data.mongodb.repository.config.EnableMongoRepositories;
import org.springframework.data.rest.webmvc.config.RepositoryRestMvcConfiguration;

@Configuration
@EnableMongoRepositories
@Import(RepositoryRestMvcConfiguration.class)
@EnableAutoConfiguration
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

Note: I did find a somewhat similar post here: CORS with Spring not working, but that solution involves the use of JSONP, which I also read was sort of a hack, and in any case, that issue does not seem to be resolved either.

Having the very same issue. I'm using spring-data and a MongoRepository with no controllers. Implemented a filter to add the headers and still nothing. I don't understand what the issue is. The filter is being loaded for sure it's just not doing what is expected. — Nestor Ledon, Oct 14 '14 at 17:00

score 0 · Answer 1 · answered Oct 14 '14 at 18:19

0

I was running into what I believe is a similar issue. Turning basic authentication off seems to have resolved it.

answered Oct 14 '14 at 18:19

Nestor Ledon

1,925
2
23
36

Interesting. So I assume you are using Oauth or some other form of authentication instead then - correct? If so, please elaborate. Thanks – Dave McLure Oct 17 '14 at 16:13
I intend on using OAuth2, but at the moment I have no configured security. – Nestor Ledon Oct 17 '14 at 16:19

How to configure CORS with a Spring Java Mongo REST application?

1 Answers1