Applying CORS Filter to wso2 Identity Server

Hasanthi Purnima Dissanayake
1 min readMar 17, 2019


When we are invoking an endpoint in oauth2 war from a javascript of a web app which is located in a different domain than identity server domain we are getting “No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://XXXXXXX is therefore not allowed access.” The issue is occurring as the script on your page is running from a specifc domain and would try to request the resource via an XmlHttpRequest or XDomainRequst from a different domain as this is a cross -origin request. In order to get rid of this we need to enable this by sending below header using a custom filter. Access-Control-Allow-Origin: http: is the domain name of where page with that script is hosted)

<filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> <init-param> <param-name>cors.allowOrigin</param-name> <param-value>http: </init-param> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/example.html</url-pattern> </filter-mapping>

In oauth2.war as we have already included the dependency we don’t need to separately add it to the pom.xml file. But if you are using another endpoint you need to add the dependency too as below.

1.. Add the following module to the dependencies section of pom.xml

<dependency> <groupId>com.thetransactioncompany.wso2</groupId> <artifactId>cors-filter</artifactId> <version>1.7.0.wso2v1</version> </dependency>

2. Enable to CORS filter for webapp by adding the filter configuration to web.xml in {sample_web_app}/src/main/webapp/WEB-INF directory as above mentioned in the second approach.

Originally published at