TRestApi

How to add CORS filters for tomcat apps ?

What is CORS ?

Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources. CORS also relies on a mechanism by which browsers make a “preflight” request to the server hosting the cross-origin resource, in order to check that the server will permit the actual request. In that preflight, the browser sends headers that indicate the HTTP method and headers that will be used in the actual request.

When browser throws CORS error?

CORS is a security mechanism built into modern web browsers. It basically blocks all the HTTP requests from your front end to any API that is not in the same “Origin” (domain, protocol, and port—which is the case most of the time).

 

Resolution :

Inspect the error in the web browser console for which the CORS error has been highlighted. Identify the Access-Control-Request-Headers in the browser network console, add CORS filters in web.xml of the respective tomcat app (Ex: C:\Program Files\Apache Software Foundation\Tomcat 9.0\webapps\tetherfi-generic-webservice-interface\WEB-INF\web.xml).

Make sure the following tags

  1. "cors.allowed.headers" has all the HTTP access control request and custom headers (ex: Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-RequestVerificationToken).
  2. "cors.allowed.origins" has request origin (ex: https://bank.domain.com:8443).
  3. cors.exposed.headers has exposed headers (ex: Access-Control-Allow-Origin).

Below is the sample web.xml for reference,

<display-name>Tetherfi Generic Web Service Interface Application</display-name>
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://nabilbank.tetherfilabs.com:55003</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,X-RequestVerificationToken</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

 

 

Note that, CORS may still exist if any headers are missing in "cors.allowed.headers" list.

 

MQListener Connection to TRestAPI failed

a) Issue Description:

MQListener logs show the following error

INFO [0001187700155438] Sending request to TRestApi, Url: http://<ip>:<port>/TRestAPI/api/v1/GetSMMCustomer, readTimeout: 15000, connectionTimeout: 15000

ERROR [0001187700155438] CheckRegisteredCustomer Exception Trace: Unable to connect to remote server at http://<ip>:<port>/TRestAPI/api/v1/GetSMMCustomer

b) Cause

MQListener is not able to connect to TRestAPI Service when processing a message to social media user

c) Troubleshooting

  1. Ensure TRestAPI service is up and running. If not, start the TRestAPI service and process the message again.
  2. Ensure the TRestAPI endpoint in MQListener config is mentioned correctly.
  3. Are MQListener and TRestAPI running on different servers? if so, ensure port on which TRestAPI is running is opened in its server firewall for inbound connections. Telnet to that server and port from a different machine to verify.

Unable to connect to the remote server http://:/Manage/UserAccess

a) Issue Description:

TRestAPI logs show the following error

DEBUG TSocialMediaAPIConnector.Utils.RemoteUtils - Unable to connect to the remote server http://<IP>:<Port>/Manage/UserAccess:

b) Cause

TRestAPI is not able to connect to SMM ManagementAPI to update user access data

c) Troubleshooting

  1. Ensure Management API service is up and running. If not, start the ManagementAPI service.
  2. Ensure the ManagementAPI Service endpoint details provided in TRestAPI config file ManagementAPIConfiguration.json is accurate. ServerURL should contain the ip address and port on which SMM Management API service is running. Screenshot of config given below.
  3. Are TRestAPI and Management API running on different servers? if so, ensure port on which Management API is running is opened in its server firewall for inbound connections. Telnet to that server and port from different machine to verify.