This Mozilla.org page provides a very good explanation of CORS.
Please see the package.html for a good introduction to CORS and the way it is supported in CXF JAX-RS.
Note that the CORS filter uses the JAX-RS selection algorithm to ensure that the JAX-RS resource method capable of handling the request does exist.
Here is the test code showing how CrossOriginResourceSharing annotations can be applied at the resource and individual method levels.
Note that an origin is restricted to "http://area51.mil:31415" by the 'allowOrigins' property, which may contain multiple URI values. A boolean 'allowAllOrigins' property can be used instead (to simplify the testing or when it is deemed it is secure enough within a given environment to allow for all the origins).
The server configuration fragment: