Enabling CORS in FlexPLM-11 for Rest API's("Access-Control-Allow-Origin" problem)

Hi,

I am trying to invoke web services within FlexPLM-11 from an external application which is deployed in external tomcat(Version-7).

While accessing REST API, I am getting the below error

"Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."

I tried to resolve this issue as below

1) By including directives in apache config file (conf\httpd.conf).

Though flexplm allows CORS request, but still I keep getting other errors.

Problem is that browser sends preflight request 'OPTIONS', Which causes 401 response status. Below is the error I see in browser

"Response for preflight has invalid HTTP status code 401"

2) By implementing "org.apache.catalina.filters.CorsFilter" .

Note : referred some posts in PTC Community to follow below instructions.

I added below entries in codebase\WEB-INF\web.xml. But this did not resolve my issue. I keep getting -- No 'Access-Control-Allow-Origin' header is present on the requested resource."

<filter>

  <filter-name>CorsFilter</filter-name>

  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>

  <init-param>

    <param-name>cors.allowed.origins</param-name>

    <param-value>*</param-value>

  </init-param>

  <init-param>

    <param-name>cors.allowed.methods</param-name>

    <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>

  </init-param>

  <init-param>

    <param-name>cors.allowed.headers</param-name>

    <param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>

  </init-param>

  <init-param>

    <param-name>cors.exposed.headers</param-name>

    <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>

  </init-param>

  <init-param>

    <param-name>cors.support.credentials</param-name>

    <param-value>true</param-value>

  </init-param>

  <init-param>

    <param-name>cors.preflight.maxage</param-name>

    <param-value>10</param-value>

  </init-param>

</filter>

<filter-mapping>

  <filter-name>CorsFilter</filter-name>

  <url-pattern>/*</url-pattern>

</filter-mapping>

3) I tried implementing custom filters in FlexPLM.

@WebFilter(filterName = "CustomRestFilter", urlPatterns = {"/servlet/rest/*"})

public class CustomRestFilter implements javax.servlet.Filter

{

  @Override

  public void doFilter(ServletRequest request, ServletResponse response,

  FilterChain filterChain) throws IOException, ServletException {

  HttpServletResponse res = (HttpServletResponse) response;

  res.addHeader("Access-Control-Allow-Origin", "*");

  res.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, OPTIONS");

  res.addHeader("Access-Control-Allow-Headers", "Content-Type");

  filterChain.doFilter(request, response);

  }

  @Override

  public void init(FilterConfig arg0) throws ServletException {

  }

  @Override

  public void destroy() {

  }

}

This filter is not even invoked even after I get a CORS request to application and still keep getting -- No 'Access-Control-Allow-Origin' header is present on the requested resource."

If any body has reference document or any idea to resolve this issue, please share with me and help me in resolving this issue.

Thanks in advance.