Hello all,
I am currently using the Tomcat 9.0.65 (9.x) and looking at the possibility of
extending the
CorsFilter<https://tomcat.apache.org/tomcat-9.0-doc/config/filter.html#CORS_Filter>,
specially the configuration part.
I am looking at the ability to initialize the parameters of Tomcat's CorsFilter
from a source other than "web.xml" (one under TOMCAT_INSTALL_DIR/conf - so that
settings apply for all applications inside this web server). E.g., the
configuration could a key-value data store (or a simple property file).
Hand-editing the "web.xml" could be calling for trouble if not done carefully.
And AFAICT, there isn't any tooling/interface to allow easily and reliably
editing the "web.xml".
Also, ability to poll the external configuration source allows dynamically
reload the CorsFilter configuration without requiring the Tomcat restart. In
certain product deployments, web server is just a part and having to restart
for some configuration changes to take effect isn't desired, though isn't not a
must-have.
I was looking for something like:
public class CustomCorsFilter extends CorsFilter {
@Override
public void init() {
// load configuration from some other persistence store
// initialize fields from super class (which are then used in the actual CORS
validation)
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws IOException, ServletException {
super.doFilter(request, response, chain);
}
}
// Additionally, the init can be called periodically which could re-initialize
the fields from CorsFilter class.
However, currently, the configuration fields are private and there are no
setters.
Before I explore the option of looking for adding interface to "edit" the
web.xml, wanted to check if it's possible to update the CorsFilter and make
some methods protected (e.g.
https://github.com/apache/tomcat/blob/9.0.65/java/org/apache/catalina/filters/CorsFilter.java#L712)
for extension.
Thanks,
Amit
