3

I'd like to be able to do HTTP requests on my localhost Camel instance (just for development purpose, I know this is bad practice). For now, I'm stuck with :

 Origin http://localhost:8000 is not allowed by Access-Control-Allow-Origin.

I've search how can I tell Camel to allow such requests, but didn't find an answer. I'm using camel-cxf and the rsServer to create my endpoint.

I've got an endpoint looking like that :

public class LoginEndpoint {
    @GET
    @Path(LOGIN)
    @Produces(MediaType.APPLICATION_JSON)
    public Customer login(@QueryParam("email") String email, @QueryParam("password") String password) {
        return null;
    }
}

Than a standard route is doing the job.

How can I tell Camel (or JAX-RS, or the CXFRS component, I don't know...) to allow Cross Domain Requests ?

Betlista
  • 10,327
  • 13
  • 69
  • 110
Marc Dez
  • 33
  • 1
  • 4
  • 1
    The Java code and the JAX-RS annotations in it have nothing to do with access control. –  Sep 21 '12 at 08:22

2 Answers2

6

You need to add an annotation on your endpoint

@CrossOriginResourceSharing(allowAllOrigins = true, allowAnyHeaders = true)
public class LoginEndpoint {
    @GET
    @Path(LOGIN)
    @Produces(MediaType.APPLICATION_JSON)
    public Customer login(@QueryParam("email") String email, @QueryParam("password") String password) {
        return null;
    }
}

I don't think you need a new dependency, as the annotation is in camel-cxf. But you need to tell Camel to look for this annotation, using the providers tag.

<cxf:rsServer id="login" address="your adress"
        serviceClass="LoginEndpoint">
    <cxf:providers>
        <bean class="org.apache.cxf.jaxrs.cors.CrossOriginResourceSharingFilter" />
    </cxf:providers>
</cxf:rsServer>

Then you should be fine (but remember that is just for local testing).

Betlista
  • 10,327
  • 13
  • 69
  • 110
cexbrayat
  • 17,772
  • 4
  • 27
  • 22
  • It's working great thank you! I'm sure that will hope someone else! – Marc Dez Sep 21 '12 at 08:41
  • 1
    `allowAllOrigins = true` is good for testing, but it's a lack of security. In production you should use `allowOrigins = {"http://your.domain.com"}` – Pith Oct 23 '13 at 14:52
  • In newer Camel versions the annotation is no longer part of camel-cxf. You have to add `org.apache.cxf:cxf-rt-rs-security-cors:3.1.8`. Furthermore the class moved to `org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter`. – Achim Nov 15 '16 at 15:20
0

If you are using CXF 3.1.9, it is found in cxf-rt-rs-security-cors jar.

<jaxrs:server id="apiRS" address="/api">
    <jaxrs:serviceBeans>
            <bean class="com.ak.util.APIRSController"></bean>
    </jaxrs:serviceBeans>
    <jaxrs:providers>
        <bean class="org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter" />
    </jaxrs:providers>
</jaxrs:server>

And REST

@CrossOriginResourceSharing(allowAllOrigins = true)
public class APIController {

    @GET
    @Path("/status")
    public String status() {
        return "{\"Result\":\"OK\"}";
    }
}

For more security see allowOrigins and other parameters at above annotation.

Pujan
  • 3,154
  • 3
  • 38
  • 52