I have server REST API secured with shiro.ini, which use authc.loginUrl to
re-direct all request that's not logged in .
I have a separate Augular2 based web app that trying to access server's REST
services. From browser console, I can see server re-directed the request to
login URL configured on shiro.ini, but because of Angular2 web server and
backend server URL is different, the login page is not displayed. The CORS
error message was "<login URL> has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the requested resource".
I heard that if I add the Access-Control-Allow-Origin header to the server
response (not sure if only the login page response or all the responses),
the problem will get resolved. But since I only used web.xml and shiro.ini
for Shiro, not sure how to do that with these two files.
Any sample code will be highly appreciated.