I'm trying to secure part of my Resteasy rest services by adding Keycloak bearer-only token verification to my webapp.
In my web.xml I added:
<security-constraint>
<web-resource-collection>
<web-resource-name>RestService</web-resource-name>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>RestService</realm-name>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
<servlet>
<servlet-name>RestApplication</servlet-name>
<servlet-class>
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
</servlet-class>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.web.rest.ResteasyApplication</param-value>
</init-param>
<init-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/rest</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>RestApplication</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
I'm calling the url: http://localhost:8090/rest/app
This does work as far as authentication goes. Only requests with a valid token will get 'accepted' (others will result in a 401 error)
However, when I use this configuration, I always get a 404 error.
When I disable the security-constraint, the Resteasy controller hits the breakpoint and everything is fine.
Do the mappings conflict with each other? How do I pass the request from the authentication phase to the Resteasy processing?
In your <login-config> use <auth-method>KEYCLOAK</auth-method> instead of BASIC
Related
I'm testing the pickup dispatch sample web app for WSO2 Identity Server 5.10
https://is.docs.wso2.com/en/5.9.0/learn/configuring-access-delegation-with-oauth2/
Everything is set up as mentioned in the documentation. When clicking 'Add' the request cannot be completed because it is being blocked dues to CORS policy.
Access to XMLHttpRequest at 'http://localhost:39090/bookings' from origin 'http://localhost.com:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have added the following
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
To the files
CARBON_HOME\repository\deployment\server\webapps\oauth2\WEB-INF\web.xml
TOMCAT_HOME\webapps\pickup-dispatch\WEB-INF\web.xml
as mentioned in this post http://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html
But still, I'm getting the error. Here is the request header
UPDATE:
Here is the error log that is recorded when the CORS issue arises
G:\wso2>java -jar backend-service.jar -introspectionEnabled true
2020-06-09 11:43:24 INFO BookingService:47 - Service properties loaded successfully.
2020-06-09 11:43:24 INFO BookingService:84 - Setting trust store path to : C:\Users\tvenna\AppData\Local\Temp\wso2carbon.jks3555396828881642435
2020-06-09 11:43:24 INFO BookingService:109 - Starting backend service.
2020-06-09 11:43:24 INFO BookingService:110 - Configurations :
2020-06-09 11:43:24 INFO BookingService:113 - port: 39090
2020-06-09 11:43:24 INFO BookingService:113 - introspectionEndpoint: https://localhost:9443/oauth2/introspect
2020-06-09 11:43:24 INFO BookingService:113 - introspectionEnabled: true
2020-06-09 11:43:24 INFO MicroservicesRunner:309 - Microservices server started in 267ms
2020-06-09 11:43:24 INFO ServerConnectorBootstrap$HTTPServerConnector:207 - HTTP(S) Interface starting on host 0.0.0.0 and port 39090
2020-06-09 11:43:46 INFO BookingService:66 - OPTIONS /bookings
2020-06-09 11:43:46 INFO BookingService:80 - GET /bookings
2020-06-09 11:43:46 ERROR IntrospectionHandler:107 - Error while calling token introspection endpoint
java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:95)
at org.wso2.sample.identity.backend.IntrospectionHandler.isAuthorized(IntrospectionHandler.java:65)
at org.wso2.sample.identity.backend.BookingService.bookingsGet(BookingService.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invokeResource(HttpMethodInfo.java:187)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:143)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.dispatchMethod(MSF4JHttpConnectorListener.java:218)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.lambda$onMessage$57(MSF4JHttpConnectorListener.java:129)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2020-06-09 11:43:46 WARN MSF4JHttpConnectorListener:243 - Unmapped exception
java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:108)
at org.wso2.sample.identity.backend.IntrospectionHandler.isAuthorized(IntrospectionHandler.java:65)
at org.wso2.sample.identity.backend.BookingService.bookingsGet(BookingService.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invokeResource(HttpMethodInfo.java:187)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:143)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.dispatchMethod(MSF4JHttpConnectorListener.java:218)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.lambda$onMessage$57(MSF4JHttpConnectorListener.java:129)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:95)
... 13 more
added the following to
CARBON_HOME\repository\resources\conf\templates\repository\conf\tomcat\web.xml.j2
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, DELETE, OPTIONS, PATCH, PUT</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Location</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Restarted IS and tomcat, still the issue persists.
Testing in Chrome and Firefox browser.
From your updated stack trace, I can see that the issue occurs when the backend service trying to make an introspection call to the WSO2 Identity Server. This introspection call uses the token it's introspecting as the authorization for the call it self. For this to work, the token needs to be obtained with the scope internal_application_mgt_view. But at the moment, the pickup-dispatch application requests tokens with only the openid scope.
To fix this, open the dispatch.properties file in /pickup-dispatch/WEB-INF/classes directory in a text editor and edit the scope property as shown below.
scope=openid internal_application_mgt_view
Restart your Tomcat server and try again.
I hope this helps!
In WSO2 API Manager, I want to use an WSO2 ESB API to publish store management. I have change password in API manager in the API Manager and also changed <password> tag in /repository/conf/user-mgt.xml file.After changing password in API Manager (localhost:9443/carbon/), we are unable to publish API from WSO2 API publisher (localhost:9443/publisher/) to WSO2 Store (localhost:9443/store/).
We are facing issue mentioned below,
API Publisher - Error -
{"PUBLISHED" : "Production and Sandbox:Error while obtaining API
information from gateway. Access Denied. Authentication failed -
Invalid credentials provided." ,"UNPUBLISHED":""}||warning
Here is the api-manager.xml file,
<APIGateway>
<!-- The environments to which an API will be published -->
<Environments>
<!-- Environments can be of different types. Allowed values are 'hybrid', 'production' and 'sandbox'.
An API deployed on a 'production' type gateway will only support production keys
An API deployed on a 'sandbox' type gateway will only support sandbox keys
An API deployed on a 'hybrid' type gateway will support both production and sandbox keys. -->
<!-- api-console element specifies whether the environment should be listed in API Console or not -->
<Environment type="hybrid" api-console="true">
<Name>Production and Sandbox</Name>
<Description>This is a hybrid gateway that handles both production and sandbox token traffic.</Description>
<!-- Server URL of the API gateway -->
<ServerURL>https://localhost:${mgt.transport.https.port}${carbon.context}services/</ServerURL>
<!-- Admin username for the API gateway. -->
<Username>${admin.username}</Username>
<!-- Admin password for the API gateway.-->
<Password>${admin.password}</Password>
<!-- Endpoint URLs for the APIs hosted in this API gateway.-->
<GatewayEndpoint>http://${carbon.local.ip}:${http.nio.port},https://${carbon.local.ip}:${https.nio.port}</GatewayEndpoint>
</Environment>
</Environments>
</APIGateway>
I am newbie to WSO2 API Manager. How to change password for Super admin in WSO2 API Manager? how can I publish API into store after password change occurs?
Here is the wso2carbon.log file
TID: [-1234] [] [2018-05-11 15:38:16,677] ERROR {org.wso2.carbon.apimgt.impl.APIGatewayManager} - Error occurred when publish to gateway Production and Sandbox {org.wso2.carbon.apimgt.impl.APIGatewayManager}
org.apache.axis2.AxisFault: Error while obtaining API information from gateway. Access Denied. Authentication failed - Invalid credentials provided.
at org.wso2.carbon.apimgt.impl.utils.APIGatewayAdminClient.getApi(APIGatewayAdminClient.java:149)
at org.wso2.carbon.apimgt.impl.APIGatewayManager.publishToGateway(APIGatewayManager.java:102)
at org.wso2.carbon.apimgt.impl.APIProviderImpl.publishToGateway(APIProviderImpl.java:1587)
at org.wso2.carbon.apimgt.impl.APIProviderImpl.propergateAPIStatusChangeToGateways(APIProviderImpl.java:1391)
at org.wso2.carbon.apimgt.impl.UserAwareAPIProvider.propergateAPIStatusChangeToGateways(UserAwareAPIProvider.java:164)
at org.wso2.carbon.apimgt.impl.executors.APIExecutor.execute(APIExecutor.java:136)
at org.wso2.carbon.governance.registry.extensions.aspects.DefaultLifeCycle.runCustomExecutorsCode(DefaultLifeCycle.java:712)
at org.wso2.carbon.governance.registry.extensions.aspects.DefaultLifeCycle.invoke(DefaultLifeCycle.java:450)
at org.wso2.carbon.governance.registry.eventing.handlers.GovernanceEventingHandler.invokeAspect(GovernanceEventingHandler.java:344)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.invokeAspect(HandlerManager.java:2792)
at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.invokeAspect(HandlerLifecycleManager.java:518)
at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.invokeAspect(EmbeddedRegistry.java:2607)
at org.wso2.carbon.registry.core.caching.CacheBackedRegistry.invokeAspect(CacheBackedRegistry.java:510)
at org.wso2.carbon.registry.core.session.UserRegistry.invokeAspect(UserRegistry.java:1952)
at org.wso2.carbon.governance.api.common.dataobjects.GovernanceArtifactImpl.invokeAction(GovernanceArtifactImpl.java:829)
at org.wso2.carbon.governance.api.common.dataobjects.GovernanceArtifactImpl.invokeAction(GovernanceArtifactImpl.java:808)
at org.wso2.carbon.apimgt.impl.APIProviderImpl.changeLifeCycleStatus(APIProviderImpl.java:4097)
at org.wso2.carbon.apimgt.impl.UserAwareAPIProvider.changeLifeCycleStatus(UserAwareAPIProvider.java:281)
at sun.reflect.GeneratedMethodAccessor311.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java:225)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.publisher.modules.api.c5._c_anonymous_1(/publisher/modules/api/life-cycles.jag:13)
at org.jaggeryjs.rhino.publisher.modules.api.c5.call(/publisher/modules/api/life-cycles.jag)
at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)
at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)
at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.publisher.modules.api.c0._c_anonymous_13(/publisher/modules/api/module.jag:47)
at org.jaggeryjs.rhino.publisher.modules.api.c0.call(/publisher/modules/api/module.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.publisher.site.blocks.life_cycles.ajax.c0._c_anonymous_1(/publisher/site/blocks/life-cycles/ajax/life-cycles.jag:64)
at org.jaggeryjs.rhino.publisher.site.blocks.life_cycles.ajax.c0.call(/publisher/site/blocks/life-cycles/ajax/life-cycles.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at org.jaggeryjs.rhino.publisher.site.blocks.life_cycles.ajax.c0._c_script_0(/publisher/site/blocks/life-cycles/ajax/life-cycles.jag:5)
at org.jaggeryjs.rhino.publisher.site.blocks.life_cycles.ajax.c0.call(/publisher/site/blocks/life-cycles/ajax/life-cycles.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at org.jaggeryjs.rhino.publisher.site.blocks.life_cycles.ajax.c0.call(/publisher/site/blocks/life-cycles/ajax/life-cycles.jag)
at org.jaggeryjs.rhino.publisher.site.blocks.life_cycles.ajax.c0.exec(/publisher/site/blocks/life-cycles/ajax/life-cycles.jag)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508)
at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:743)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)
at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:124)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.identity.context.rewrite.valve.TenantContextRewriteValve.invoke(TenantContextRewriteValve.java:80)
at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invoke(AuthorizationValve.java:91)
at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invoke(AuthenticationValve.java:60)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1775)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1734)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.axis2.AxisFault: Access Denied. Authentication failed - Invalid credentials provided.
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:531)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:381)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:456)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.wso2.carbon.apimgt.gateway.stub.APIGatewayAdminStub.getApi(APIGatewayAdminStub.java:4878)
at org.wso2.carbon.apimgt.impl.utils.APIGatewayAdminClient.getApi(APIGatewayAdminClient.java:145)
... 90 more
we have solved this issue. Here, we have mention step for publish API after change password occurs,
First of all, we need to change password in API Manager Tool. In API Manager portal, go to Users and Roles -> List -> Change Password and create your new password.
And then, we need to add new password <AdminUser> tag in repository->conf->user-mgt.xml file.
Finally, we need to kill/stop the wso2server.sh/wso2server.bat process file and re-start that file for executing API manager.
Regards,
Vivek KT.
I have set up an ec2 instance with a java web application running on a tomcat server and an aws application load balancer which directs port 80 and 443 to port 8080 on the ec2 instance.
I have changed the server.xml configuration on tomcat to the following
<Connector port="8080" protocol="HTTP/1.1"
proxyPort="443"
proxyName="sub.mydomain.com"
scheme="https"
secure="true"
connectionTimeout="20000"
redirectPort="8443" />
Now I am able to connect go to "sub.mydomain.com" and "https ://sub.mydomain.com". But how do I redirect all "http ://sub.mydomain.com" requests to "https ://sub.mydomain.com"?
Just add this in your web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>HTTPSOnly</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
I am not getting data from Rest Get service url in ember(I am getting data when I hit service via browser and Rest client). When I checked the console, I found that it is listed as blocked-uri. How can I remove that from the blocked-uri list.
{
"csp-report": {
"blocked-uri": "http://192.168.1.66:8080/hubx/employees",
"document-uri": "http://localhost:4200/data-grid",
"original-policy": "default-src 'none'; script-src http://localhost:4200 'unsafe-eval' 'unsafe-inline' http://localhost:49152 http://0.0.0.0:49152; font-src http://localhost:4200; connect-src http://localhost:4200 ws://localhost:49152 ws://0.0.0.0:49152 http://localhost:4200; img-src http://localhost:4200; style-src http://localhost:4200; media-src http://localhost:4200; report-uri http://localhost:4200/csp-report",
"referrer": "",
"violated-directive": "connect-src http://localhost:4200 ws://localhost:49152 ws://0.0.0.0:49152 http://localhost:4200"
}
}
I have remove the url from blocked-uri by adding the url to connect-src.
contentSecurityPolicy: {
'connect-src': "'self' http://localhost:4200 http://192.168.1.66:8080 ",
}
But that was not the issue for me. Issue was due to Cross-Origin Resource Sharing and it is fixed by adding the filters in web.xml of tomact server.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,DELETE,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control- Request-Method,Access-Control-Request-Headers,Authorization</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.preflight.maxage</param-name>
<param-value>10</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
i have a web service that i want to enable for use to all users (web service is written as java class). I use realm to configure my website security. How can i enable this resource in web.xml?
thanks
This allows everyone (without login) to access the resource (there is no auth-constraint tag):
<security-constraint>
<web-resource-collection>
<web-resource-name>MyWebService</web-resource-name>
<url-pattern>/public/webservice</url-pattern>
</web-resource-collection>
</security-constraint>
This allows the logged in users (which has at least one role from the security-role list) to access the resource:
<security-constraint>
<web-resource-collection>
<web-resource-name>MyWebService</web-resource-name>
<url-pattern>/public/webservice</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>user</role-name>
<role-name>admin</role-name>
<role-name>manager</role-name>
</security-role>