Getting issues when using CORS filter in presence of spring security filter

Solution Unverified - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5.1.2

Issue

  • When the following is used in web.xml, it did not work since the app already have another spring security filter (org.springframework.web.filter.DelegatingFilterProxy).
<web-app ...>
    ...
    <filter>
        <filter-name>cross-origin</filter-name>
        <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>cross-origin</filter-name>
        <url-pattern>/cometd/*</url-pattern>
    </filter-mapping>
    ...
</web-app>

Resolution

  • There should be an issue with in the Spring code "org.springframework.web.filter.DelegatingFilterProxy" or an issue in the CORS filter code "org.eclipse.jetty.servlets.CrossOriginFilter", that is preventing to work them together.
  • The "org.springframework.web.filter.DelegatingFilterProxy" as well as "org.eclipse.jetty.servlets.CrossOriginFilter" are third party libraries and are not shipped by Red Hat. Please check the KB-344163 article for the same and more information on "org.eclipse.jetty.servlets.CrossOriginFilter".
  • It is advisable to contact to the third party vendors for such compatibility issues.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments