I am developing centralized admin module for multiple product. Trying to maintain same session across multiple product.
For Product1 : Authenticate successfully and send token in response header
Request URL:http://localhost:8080/admin-web/rest/authenticate/
Request Headers
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Host:localhost:8080
Origin:http://product1.com:9090
Pragma:no-cache
Referer:http://product1.com:9090/p1/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36
Response Headers
Set-Cookie:token=asdf123sfs1f23sfsf321sfsf21; Version=1; Comment=""; Domain=localhost; Path=/ <------------------------------------???
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://product1.com:9090
Content-Encoding:gzip
Content-Type:application/json
Date:Mon, 13 Nov 2017 12:38:27 GMT
Server:Apache-Coyote/1.1
Transfer-Encoding:chunked
Vary:Origin
Vary:Accept-Encoding
For Product2 :
Request URL:http://localhost:8080/admin-web/rest/authenticate/
Request Headers
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8
Cache-Control:no-cache
Connection:keep-alive
Content-Length:156
Content-Type:application/json;charset=UTF-8
Host:localhost:8080
Origin:http://product2.com:9090
Pragma:no-cache
Referer:http://product2.com:9090/p2/
token:null <------------------------------------???
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36
While doing product2
authentication after product1
authentication, token found null
. If I deploy product1
on same domain, it works fine.
So, I want to use token header for same service url in another product request. How can I do it? Please find my CORS
configuration below :
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, OPTIONS, PUT, DELETE</param-value>
</init-param>
</filter>