Home » Java » java – Dynamicallly retrieve Spring Boot CORS Configuration from database for specific method in a Controller-Exceptionshub

java – Dynamicallly retrieve Spring Boot CORS Configuration from database for specific method in a Controller-Exceptionshub

Posted by: admin February 25, 2020 Leave a comment


I am trying to set the CORS configuration at Controller level using

@CrossOrigin on Controller and Handler Method

public class AccountController {

@CrossOrigin("retreive data from DB")
public Account retrieve(@PathVariable Long id) {
    // ...


I have tried using below but its set only when the spring boot starts and takes changes only when the service is restarted next time …

public CorsFilter corsFilter() {
    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
   // CorsConfiguration config = jHipsterProperties.getCors();

       CorsConfiguration config=CorsService.fetchCorsConfigFromDb;
    if (config.getAllowedOrigins() != null && !config.getAllowedOrigins().isEmpty()) {
        log.debug("Registering CORS filter");
        source.registerCorsConfiguration("/api/**", config);
        source.registerCorsConfiguration("/management/**", config);
        source.registerCorsConfiguration("/v2/api-docs", config);
    return new CorsFilter(source);

fetchCorsConfigFromDb will fetch data from DB. Any changes from DB will be reflected only when Spring Boot App is restarted…

How to&Answers:

To implement this functionality you can use a basic filter in which you can write your custom database logic to add CORS header to your request based on some database attribute value.

You can refer to below example to implement this functionality using spring-data-jpa.

Add DB connection attributes to application.properties file




Create a entity with below attribute to save URL in DB


public class Cors {
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private long id;
    private String url;
    private boolean isAllowed;

And in the repository added a findByUrl method to get value from DB based on URL


public interface CorsRepository extends JpaRepository<Cors,Long> {
    Optional<Cors> findByUrl(String url);

Below is my filter to intercept request and make DB call and if isAllowed is true then i add cors headers to make a successful request


public class CorsFilter implements Filter {
    CorsRepository corsRepository;

    public void init(FilterConfig filterConfig) throws ServletException { }

    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) req;
        String url = request.getRequestURI().toString();

        Optional<Cors> cors = corsRepository.findByUrl(url);
        if(cors.isPresent() && cors.get().isAllowed()){
            HttpServletResponse response = (HttpServletResponse) res;

            response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
            response.setHeader("Access-Control-Allow-Credentials", "true");
            response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
            response.setHeader("Access-Control-Max-Age", "3600");
            response.setHeader("Access-Control-Allow-Headers", "Content-Type, Accept, X-Requested-With, remember-me");
        chain.doFilter(req, res);

    public void destroy() { }

You can create a sample controller like this:


public class CorsTesterController {

    String getResponse(){
        return "test response";

and insert values to DB to allow/disallow a url to test this example code.

testdb=# select * from cors;
 id | is_allowed |       url
  1 | f          | /api/v1/block
  2 | t          | /api/v1/allowed


For CorsService.fetchCorsConfigFromDb;
it should load from cache

then you can update your cache at run-time

you should implement CorsService.fetchCorsConfig();

  1. this method should look for any cors configuration in cache first ,if there any configurations found load it directly from cache else you will retrive cors from db and update your cache
  2. create update cors at runtime method CorsService.updateCorsConfig(); , this should update your cors in db and then update cache .