servlet or filter for Jersey - rest

I want to know what is the difference between declaring the "jersey servlet" as Servlet Or as Filter in the web.xml ...
Here is how I called the jersey servlet as Filter in the web.xml :
and here is the jersey servlet called as Servlet in the web.xml :
What solution should I use !

If you want to append a path at the end of base url, you can use servlets. However, if you dont want to append a path at the end of base url and just invoke something based on pattern matching, you can use filters.
Suppose we have following two resources:"path1")
public class Path1 {
public class Path2 {
Now if we have servlet mapping as below:
We can access the resources using following URLs:
On the other hand, if we have filter mapping as below:
We can access path1 root resource by visiting the following URL:
And in this case, the filter filter_name will be invoked
However, if we try to access path2 with following URL:
No filter will be invoked in this case.


CSRF Guard:Owasp.CsrfGuard.js compilation error

I am trying to implement Owasp CARF library (3.0.0). When I place the Owasp.CsrfGuard.js file in WEB-INF/ folder and try to deploy the application, I get the below error:
Unexpected token % at Owasp.CsrfGuard.js
I see the %DOMAIN_STRICT% and other variables which are not recognized.
I have configured the Javscriptservlet like:
The server used is Weblogic
Do I need to configure anything. How do I resolve the js error??

Viewable route returns 404

When trying to access /Example/Site a 404 no found page will be shown, but the jsp is in webapp/WEB-INF/jsp/. Why is this not working?
<web-app id="WebApp_ID" version="2.4"
xmlns="" xmlns:xsi=""
<display-name>jmattheis rest app</display-name>
Here the Resource:
public class Example {
public Response getSite() {
return Response.ok(new Viewable("/test")).build();
Have a look at the Jersey2 MVC documentation
Jersey web applications that want to use JSP templating support should be registered as Servlet filters rather than Servlets in the application's web.xml. The web.xml-less deployment style introduced in Servlet 3.0 is not supported at the moment for web applications that require use of Jersey MVC templating support.
So you need to change your servlet to an filter to make it work.
It could be that this was not needed in the early versions of jersey 2, but I cannot find the older documentation for that so we'll never know.
Like this:
<web-app id="WebApp_ID" version="2.4"
xmlns="" xmlns:xsi=""
<display-name>jmattheis rest app</display-name>

How to make common ContainerResponseFilters for swagger and jersey servlet?

I am using Swagger for REST api documentation, but facing issues with Container response filter filter used for jersey servlet and APIOriginFilter used for servlet for swagger. If I disable the Container response filter from jersey servlet swagger UI displays the APIs properly but the actual API call fails.
Please help and suggest how i can make common entry for the container response filter of jersey and api origin filter of swagger.
Below is snapshot from web.xml
<!-- Filter to secure Jersey (JAX-RS) services -->

CORS Filter is not changing my header

I have a maven project (with web and JPA facets) in Eclipse Java EE IDE for Web Developers. I have added the jars to my tomcat library and everything compiles great.
However, my webpage header does NOT reflect what I have enabled in my web.xml through the CORS filter.
My header looks like:
And my web.xml contains:
<?xml version="1.0" encoding="utf-8"?>
<web-app xmlns=""
<!-- Servlet 1: Expose the OData service endpoint -->
<!-- all additional parameters will be passed to your factory create method -->
<!-- Servlet 2: Enable crossdomain access for browser clients -->
<!-- Use CORSFilter for CORS -->
<!-- Note: All parameters are options, if ommitted CORS Filter
will fall back to the respective default values.
<param-value>GET, HEAD, POST, OPTIONS, PUT, DELETE</param-value>
<param-value>Content-Type, X-Requested-With, Accept, Authentication</param-value>
<param-value>X-Test-1, X-Test-2</param-value>
I fixed my headers to support CORS by implementing Padcom's CORS filter for Java application as described here.
I'm still not sure why the method I tried above didn't work...
But if you are stuck trying the method above, it is easy and work trying Padcom's method. :)

JASIG CAS jira+confluence sso

I have three different tomcat instance.
Tomcat with cas server localhost:8050
Tomcat with Jira 4.3 localhost:8080
and, finally tomcat with confluence 3.5 localhost:8070
I need to implement SSO(jira + confluence) via cas server, which connected to LDAP.
Ok, im use cas client for jira and Confluence like this
Now both jira and confluence correctly redirect me to Cas login page and authtorize in ldap server, thats work almost fine(have some bugs with confluence logout), but this is not SSO. If i logged in jira i still need to enter my cretentials for confluence and vice verca. I think its happend because diferent tomcat installation. When im logging in jira Cas give me a ticket for service http://localhost:8080 and another ticket for confluence(http://localhost:8070). Im really stuck with this stupid problem, and im hope somebody can direct me on right way.
My configs:
<param-value>http://localhost:8050/cas-server-webapp-3.4.8/login?service=${originalurl} </param-value>
Web xml:
for confluence:
seraph-config.xml :
I notice above that your service is dynamic: service=${originalurl}
I think that for SSO to work you have to use the each website has to call CAS using the same service so that the TGT on the CAS server knows who is calling. Otherwise, I think you have to investigate Proxy Granting Tickets:
Which I understand are a means of a service saying the equivilent of "it's ok, that other service is my friend".