Tag Archives: Apache Tomcat

Enable CORS to Tomcat

CORS (CORS flowchart) is quite complex to understand but you absolutely need it if you want to write an app in “modern” javascript frameworks like angular.

The simplest way to enable CORS to Apache Tomcat for development is to:

  1. create web.xml (if it does not exist already)
  2. add the included filter. An example is shown below:
<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.methods</param-name>
    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
  </init-param>
  <init-param>
    <param-name>cors.allowed.headers</param-name>
    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
  </init-param>
  <init-param>
    <param-name>cors.exposed.headers</param-name>
    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
  </init-param>
  <init-param>
    <param-name>cors.support.credentials</param-name>
    <param-value>true</param-value>
  </init-param>
  <init-param>
    <param-name>cors.preflight.maxage</param-name>
    <param-value>10</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

 

References:

Simple SSL configuration for Apache-Tomcat

For the official instructions (Tomcat 8), read this page

The following instructions are for development servers only:

Step 1: Create a keystore file to store the server’s private key and self-signed certificate:

For Windows:

"%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA

For Unix/Linux:

$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA

You will be asked for various information. Remember the password you typed at this step.

At the end of the procedure, keytool will create a file named “.keystore” to your home directory. By default it is hidden. This file should be moved to Apache-Tomcat home directory and can be renamed (eg to “keystore”).

Step 2: Disable APR:

Edit server.xml and comment out the following line:

<!--
    Listener
    className="org.apache.catalina.core.AprLifecycleListener"
    SSLEngine="on"
/-->

Step 3: Activate the SSL connector

Edit server.xml and add (or uncomment and modify) the following lines:

<Connector 
    port="8443" 
    SSLEnabled="true" 
    protocol="org.apache.coyote.http11.Http11NioProtocol"
    maxThreads="150" 
    scheme="https" 
    secure="true"      
    keystoreFile="keystore" 
    keyAlias="tomcat"
    keystorePass="12345678"
    clientAuth="false" 
    sslProtocol="TLS" />

You will have you replace “12345678” with your password.

You will also have to replace “keystore” with the full path to the keystore file generated at Step 1.

Step 4: Restart Tomcat

Do not forget to restart Apache-Tomcat