You can build a server-side response filter by implementing the javax.ws.rs.container.ContainerResponseFilter interface. This filter gets executed after the response is generated by the REST API. The response filters, in general, can be used to manipulate the response header parameters present in the response messages. The following example shows how you can use them to modify the response header.

When a REST web client is no longer on the same domain as the server that hosts the REST APIs, the REST response message header should have the Cross Origin Resource Sharing (CORS) header values set to the appropriate domain names, which are allowed to access the APIs. This example uses ContainerResponseFilter to modify the REST response headers to include the CORS header, thus making the REST APIs accessible from a different domain:

//Other imports are omitted for brevity 
import javax.ws.rs.container.ContainerRequestContext; 
import javax.ws.rs.container.ContainerResponseContext; 
import javax.ws.rs.container.ContainerResponseFilter; 
import javax.ws.rs.ext.Provider; 
import java.io.IOException;  
 
@Provider 
public class CORSFilter implements ContainerResponseFilter { 
 
    @Override 
    public void filter(ContainerRequestContext requestContext, 
        ContainerResponseContext cres) throws IOException { 
       //Specify CORS headers: * represents allow all values 
        cres.getHeaders().add("Access-Control-Allow-Origin", "*"); 
        cres.getHeaders().add("Access-Control-Allow-Headers",  
            "*"); 
        cres.getHeaders().add("Access-Control-Allow-Credentials",  
            "true"); 
        cres.getHeaders().add("Access-Control-Allow-Methods",  
            "GET, POST, PUT, DELETE, OPTIONS, HEAD"); 
        cres.getHeaders().add("Access-Control-Max-Age",  
            "1209600"); 
    } 
}