diff --git a/dmp-backend/src/main/java/rest/entities/DMPs.java b/dmp-backend/src/main/java/rest/entities/DMPs.java
index bad97c52c..c7bb4a4ce 100644
--- a/dmp-backend/src/main/java/rest/entities/DMPs.java
+++ b/dmp-backend/src/main/java/rest/entities/DMPs.java
@@ -8,7 +8,6 @@ import java.util.stream.Collectors;
 import javax.transaction.Transactional;
 
 import org.apache.commons.lang3.SerializationUtils;
-import org.junit.internal.builders.AllDefaultPossibilitiesBuilder;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
diff --git a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java
index dd3c92938..d244df8d7 100644
--- a/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java
+++ b/dmp-backend/src/main/java/security/CustomAuthenticationProvider.java
@@ -32,11 +32,9 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
 	@Override
 	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
 		
-
 		if (authentication != null) {
 			
 			String token = (String)authentication.getCredentials();
-			
 			TokenValidator tokenValidator = null;
 			
 			if(TokenAuthenticationFilter.HEADER_GOOGLE_TOKEN_FIELD.equals(authentication.getPrincipal())) 
@@ -61,6 +59,7 @@ public class CustomAuthenticationProvider implements AuthenticationProvider {
 			
 			// if reached this point, authentication is ok, so return just an instance with whatever.
 			return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), new ArrayList<>());
+			
 		}
 		else
 			throw new AuthenticationServiceException("Authentication failed");
diff --git a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java
index a38204eba..fbb2eda06 100644
--- a/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java
+++ b/dmp-backend/src/main/java/security/TokenAuthenticationFilter.java
@@ -7,6 +7,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -15,19 +16,19 @@ import org.springframework.web.filter.GenericFilterBean;
 
 public class TokenAuthenticationFilter extends GenericFilterBean {
 	
+//	public static final String HEADER_TOKEN_FIELD = "Authorization";
+	
 	public static final String HEADER_NATIVE_TOKEN_FIELD = "native-token";
 	public static final String HEADER_GOOGLE_TOKEN_FIELD = "google-token";
-	
 	public static final char HEADERNAME_USERNAME_DELIMITER = 0x1e;  //specially crafted delimiter
 	
 	@Override
 	public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException	{
 		
-		final HttpServletRequest httpRequest = (HttpServletRequest) request;
-
+        final HttpServletRequest httpRequest = (HttpServletRequest) request;
+		
 		String nativeToken = httpRequest.getHeader(HEADER_NATIVE_TOKEN_FIELD);
 		String googleToken = httpRequest.getHeader(HEADER_GOOGLE_TOKEN_FIELD);
-		
 		//just pass the header, the username and the token into the credentials object of the UsernamePasswordAuthenticationToken class
 		UsernamePasswordAuthenticationToken authentication = null;
 		if(nativeToken != null)
@@ -35,11 +36,30 @@ public class TokenAuthenticationFilter extends GenericFilterBean {
 		if(googleToken != null)
 			authentication = new UsernamePasswordAuthenticationToken(HEADER_GOOGLE_TOKEN_FIELD, googleToken);
 		
-		
 		SecurityContextHolder.getContext().setAuthentication(authentication);
-		chain.doFilter(request, response);
+		
+		
+		
+		final HttpServletResponse httpResponse = (HttpServletResponse) response;
+		
+		httpResponse.setHeader("Access-Control-Allow-Origin", "*");
+		httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS");
+		httpResponse.setHeader("Access-Control-Max-Age", "7200");
+		httpResponse.setHeader("Access-Control-Allow-Headers", "content-type, "+HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
+//		httpResponse.addHeader("Access-Control-Expose-Headers", "xsrf-token , " +HEADER_NATIVE_TOKEN_FIELD+", "+HEADER_GOOGLE_TOKEN_FIELD);
+		
+		
+        if ("OPTIONS".equals(httpRequest.getMethod())) {
+        	httpResponse.setStatus(HttpServletResponse.SC_OK);
+        } 
+        else { 
+        	chain.doFilter(httpRequest, httpResponse);
+        }
 
 		
 	}
+	
+	
+	
 
 }
diff --git a/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml b/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml
index 4b7e18fac..2abfd9bc6 100644
--- a/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml
+++ b/dmp-backend/src/main/webapp/WEB-INF/spring-security.xml
@@ -17,6 +17,10 @@
  
 	
 	<http use-expressions="true" create-session="stateless" auto-config='true'>
+	
+		<!-- Default to Spring MVC's CORS configuration -->
+		<cors />
+	
 		<custom-filter after="BASIC_AUTH_FILTER" ref="tokenAuthenticationFilter" />
 	     <intercept-url pattern="/**" access="isAuthenticated()" />
 	     <http-basic/>
diff --git a/dmp-backend/src/main/webapp/WEB-INF/web.xml b/dmp-backend/src/main/webapp/WEB-INF/web.xml
index 36f94ae55..00096c71c 100644
--- a/dmp-backend/src/main/webapp/WEB-INF/web.xml
+++ b/dmp-backend/src/main/webapp/WEB-INF/web.xml
@@ -54,8 +54,7 @@
 
   <context-param>
     <param-name>contextConfigLocation</param-name>
-    <param-value>/WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml 
-    </param-value>
+    <param-value>/WEB-INF/applicationContext.xml,/WEB-INF/spring-security.xml</param-value>
   </context-param>
   <session-config>
     <session-timeout>30</session-timeout>