diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java
index b509bf975..cd5542270 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/CorsFilter.java
@@ -7,28 +7,29 @@ import java.io.IOException;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.springframework.stereotype.Component;
-import org.springframework.web.filter.GenericFilterBean;
+import org.springframework.web.filter.OncePerRequestFilter;
 
 /**
+ * 
+ * Implements Cross-Origin Resource Sharing (CORS) headers. This filter adds the CORS
+ * headers to all requests that pass through it, and as such it should be used only
+ * on endpoints that require CORS support.
+ * 
  * @author jricher
  *
  */
 @Component("corsFilter")
-public class CorsFilter extends GenericFilterBean {
+public class CorsFilter extends OncePerRequestFilter {
 
 	/* (non-Javadoc)
 	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain)
 	 */
 	@Override
-	public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filterChain) throws IOException, ServletException {
-		HttpServletRequest request = (HttpServletRequest)req;
-		HttpServletResponse response = (HttpServletResponse)resp;
+	public void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
 		
 		response.addHeader("Access-Control-Allow-Origin", "*");
 		if (request.getHeader("Access-Control-Request-Method") != null && "OPTIONS".equals(request.getMethod())) {