How to handle HTTP OPTIONS with Spring MVC?

Solution 1:

I added some more detail to the Bozho answer for beginners. Sometimes it is useful to let the Spring Controller manage the OPTIONS request (for example to set the correct "Access-Control-Allow-*" header to serve an AJAX call). However, if you try the common practice

@Controller
public class MyController {

    @RequestMapping(method = RequestMethod.OPTIONS, value="/**")
    public void manageOptions(HttpServletResponse response)
    {
        //do things
    }
}

It won't work since the DispatcherServlet will intercept the client's OPTIONS request.

The workaround is very simple:

You have to... configure the DispatcherServlet from your web.xml file as follows:

...
  <servlet>
    <servlet-name>yourServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>dispatchOptionsRequest</param-name>
      <param-value>true</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
...

Adding the "dispatchOptionsRequest" parameter and setting it to true.

Now the DispatcherServlet will delegate the OPTIONS handling to your controller and the manageOption() method will execute.

Hope this helps.

PS. to be honest, I see that the DispatcherServlet append the list of allowed method to the response. In my case this wasn't important and I let the thing go. Maybe further examinations are needed.

Solution 2:

@RequestMapping(value="/youroptions", method=RequestMethod.OPTIONS)
public View getOptions() {

}

You should configure the dispatcherServlet by setting its dispatchOptionsRequest to true

Solution 3:

As a quick supplement to the above 2 answers, here's how to enable dispatchOptionsRequest in a servlet 3 (no web.xml) environment as it took me a while to work out how to apply the answers above in a non-xml setup.

In a spring 3.2 / servlet 3 environment, you will have some variety of DispatcherServlet initializer class which is the java equivalent of web.xml; in my case it's the AbstractAnnotationConfigDispatcherServletInitializer. Adding the following code will enable dispatchOptionsRequest:

    @Override
    protected void customizeRegistration(Dynamic registration) {
        registration.setInitParameter("dispatchOptionsRequest", "true");
    }

Solution 4:

I took the following approach:

Using Maven (or manually) pull in this dependancy:

<dependency>
    <groupId>com.thetransactioncompany</groupId>
    <artifactId>cors-filter</artifactId>
    <version>1.3.2</version>
</dependency>

This has an implementation to capture all the inbound OPTIONS requests. Into the web.xml file add the following config:

<filter>
   <filter-name>CORS</filter-name>
   <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>       
   <init-param>
      <param-name>cors.supportedHeaders</param-name>
      <param-value>Content-Type,Accept,Origin</param-value>
   </init-param>
</filter>

<filter-mapping>
   <filter-name>CORS</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

The problem I've seen with the /** approach is a more specific Controller implementation will override this.