NOTE: This document only applies to older Denodo versions. Starting with Denodo 6.0 CORS support can be easily configured graphically. Detailed information is available in the section “Cross-origin resource sharing” of the Virtual DataPort Administration Guide. |
Goal
This document describes how to configure the embedded Apache Tomcat to enable CORS support (Cross-Origin Resource Sharing).
Content
The same-origin policy is an important security concept implemented by web browsers to prevent Javascript code from making requests against a different origin (e.g., different domain) than the one from which it was served. Although the same-origin policy is effective in preventing requests from different origins, it also prevents legitimate interactions between a server and clients of a known and trusted origin.
CORS is a technique for relaxing the same-origin policy, allowing Javascript on a web page to consume information served from a different origin.
To enable CORS in Apache Tomcat the javax.servlet.Filter interface has to be implemented. This filter is an implementation of W3C's CORS (Cross-Origin Resource Sharing) specification, which is a mechanism that enables cross-origin requests. It intercepts incoming HTTP requests and if they are identified as cross-origin, it applies the proper CORS policy and headers, before passing them on to the actual targets (servlets, JSPs, static XML/HTML documents).
Apache Tomcat provides its own implementation since its 7.0 version . As Denodo’s Embedded Apache Tomcat is an earlier 5.5.3 version it is necessary to provide another implementation to the container if using Denodo Platform 5.5 or earlier.
For the sake of an example we will use CORS-Filter as the implementation of this filter. Other implementations can be used, more information can be found here.
After downloading the cors-filter-<version>.jar and java-property-utils-<version>.jar files from CORS-filter, they have to be placed under: <DENODO_HOME>/resources/apache-tomcat/common/lib.
Then, edit the <DENODO_HOME>/resources/apache-tomcat/conf/web.xml file to include:
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
It is important to note that simply using the above configuration options in the web.xml file will enable public CORS access to the server. You may want to filter who can access to CORS or other advanced configuration options. You can add more parameters to this filter, find more information in: http://software.dzhuvinov.com/cors-filter-configuration.html
To enable CORS for a specific REST web service edit the individual web.xml file associated to the web service adding the same xml configuration:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/views/*</url-pattern>
</filter-mapping>
Remember to add this as the first filter in the filter section. Once this configuration is added the web container needs to be restarted.
Now, we are going to see a more complex scenario where we want to have different filters for different views within a web service:
Picture that we have one REST web service in VDP called testws, with two views test and testcustom.
To enable CORS for the testcustom operation just for the origin http://example.com and to enable CORS for the test operation just for the origin http://denodo.com.
We can configure this behavior just adding this as the first filters in the web.xml file of the testws webapp:
<filter>
<filter-name>CorsFilter1</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>http://example.com</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter1</filter-name>
<url-pattern>/views/testcustom</url-pattern>
</filter-mapping>
<filter>
<filter-name>CorsFilter2</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>http://denodo.com</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter2</filter-name>
<url-pattern>/views/test</url-pattern>
</filter-mapping>
Once this configuration is added the web container needs to be restarted.
A very important thing to notice is that, in older versions of the Denodo Platform, this configuration is going to be overwritten every time the Web service is re-deployed.
References
Apache Tomcat 7.0 CORS filter configuration:
http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html
CORS filter library:
The information provided in the Denodo Knowledge Base is intended to assist our users in advanced uses of Denodo. Please note that the results from the application of processes and configurations detailed in these documents may vary depending on your specific environment. Use them at your own discretion.
For an official guide of supported features, please refer to the User Manuals. For questions on critical systems or complex environments we recommend you to contact your Denodo Customer Success Manager.
Recommended resources Recommendations generated by AI
Questions
