Enabling CORS Reply Filter in Tomcat 8.0

I'm trying to call a web service on one server from another (cross origin) using a fairly simple jQuery.ajax

POST request .

        return $.ajax({
            type: "POST",
            url: "http://dev.hostname.com/ws/account/example1@example.com?property_id=1&custnum=123456",
            dataType:"json"
        });

      

        
        
        
      

    

I always get the following answer error

...

XMLHttpRequest cannot load http://dev.hostname.com/ws/account/ example1@example.com ? Property_id = 1 & custnum = 123456 . There is no "Access-Control-Allow-Origin" header in the requested resource. The origin is http://localhost:63342

therefore not allowed access.

A web service is a Java based web service hosted in Apache Tomcat/8.0.8

. I tried to send the request as JSONP, but that got me into problems when trying to handle callbacks from the promise object. However, this is a different post ... Alternatively, I decided to look into the CORS Response solution. Now I am VERY new to Java programming and I am not very comfortable with this, so please bear with me.

I have covered two main solutions for CORS implementation. One is to create a custom response filter. I couldn't get this to work, but then I found that as of Tomcat 7.0, the filter is presumably already provided. I have seen several posts on this second solution but with absolutely no luck. Using the guidelines given in the Apache Tomcat Documentation , I added the following FILTER information to the application web.xml file (I also tried adding it to the root web.xml and it didn't work there either).

<filter>
    <filter-name>CorsFilter</filter-name>
    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
    </init-param>
    <init-param>
        <param-name>cors.allowed.headers</param-name>
        <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Last-Modified</param-value>
    </init-param>
    <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
    </init-param>
    <init-param>
        <param-name>cors.support.credentials</param-name>
        <param-value>true</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CorsFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

      

        
        
        
      

    

Since I am using Tomcat 8.0.8

. I would have expected this to work, but I keep getting the same error. Did I miss something?

Thank you for your help.

UPDATED

I am adding headers from Firebug when calling a service in Firefox. This is the request header ...

Accept  application/json, text/javascript, */*; q=0.01
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Cache-Control   no-cache
Connection  keep-alive
Content-Length  0
Host    dev.hostname.com
Origin  http://localhost:63342
Pragma  no-cache
Referer http://localhost:63342/keurig/default.html
User-Agent  Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0

      

        
        
        
      

    

This is the response header

Content-Length  0
Content-Type    text/plain
Date    Thu, 21 Aug 2014 17:50:58 GMT
Server  Apache-Coyote/1.1

      

        
        
        
      

    

I definitely don't see any of the "Access-Control- *" headers I would expect to see in the response.