Enabling CORS for ADF Business Component REST Services

CORS (which stands for Cross-Origin Resource Sharing) is a setting that will enable your REST services running on one server to be invoked from applications running on another server.

I first encountered this when I was trying to run an Oracle JET project in my NetBeans IDE that will access a set of REST services I exposed using Oracle ADF Business Component in my JDeveloper environment. Since NetBeans runs the HTML on a GlassFish instance, while JDeveloper ran the ADF BC layer on a WebLogic instance I got the dreaded No 'Access-Control-Allow-Origin' header is present error:

 XMLHttpRequest cannot load http://127.0.0.1:7101/Application14-RESTWebService-context-root/rest/1/dept/20. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8383' is therefore not allowed access.

There is no built-in functionality to enable CORS for ADF BC in JDeveloper, but I found it very easy to leverage the CORS Filter libraries to do this. All you need to do is add the two JAR files it provides to your project and configure the web.xml to support the filter and the specific REST operations you want to enable CORS for.

Here is a quick video showing you the complete setup (using the REST ADF BC project created here).

The web.xml addition is:

   <filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
            <init-param>
                <param-name>cors.supportedMethods</param-name>
                <param-value>GET, POST, HEAD, PUT, PATCH, DELETE</param-value>
        </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CORS</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

If you follow my approach in the video and add the JARs as a new user library to JDeveloper and don't forget to check the "Deploy by Default" check box for the library.