Forum Stats

  • 3,828,121 Users
  • 2,260,865 Discussions
  • 7,897,483 Comments

Discussions

ADF REST API- Issue with CORS when security is implemented

Prakash Chavan
Prakash Chavan Member Posts: 25 Blue Ribbon

Hi,

I am trying to create a test project to run Oracle JET Application with ADF-REST API.

I am using JDeveloper 12.2.1.3. I have implemented the steps mentioned Shay Shmeltzer at

https://blogs.oracle.com/shay/post/enabling-cors-for-adf-business-component-rest-services.

If I run the ADF-REST-API without security then every thing works as expected. However, once I implement the security, I again start seeing the CORS errors.

Unsure if the Filter mapping sequence in my web, xml is incorrect.


Thank you in advance,

Regards,

Prakash



Here is the web.xml in my RESTWebService project after implementing security.



<?xml version = '1.0' encoding = 'windows-1252'?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">

 <servlet>

  <servlet-name>RESTServlet</servlet-name>

  <servlet-class>oracle.adf.model.servlet.rest.ResourceServlet</servlet-class>

  <load-on-startup>1</load-on-startup>

 </servlet>

 <servlet>

  <servlet-name>adfAuthentication</servlet-name>

  <servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>

  <load-on-startup>1</load-on-startup>

 </servlet>

 <servlet-mapping>

  <servlet-name>RESTServlet</servlet-name>

  <url-pattern>/rest/*</url-pattern>

 </servlet-mapping>

 <servlet-mapping>

  <servlet-name>adfAuthentication</servlet-name>

  <url-pattern>/adfAuthentication</url-pattern>

 </servlet-mapping>

 <filter>

  <filter-name>JpsFilter</filter-name>

  <filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>

  <init-param>

   <param-name>enable.anonymous</param-name>

   <param-value>true</param-value>

  </init-param>

  <init-param>

   <param-name>remove.anonymous.role</param-name>

   <param-value>false</param-value>

  </init-param>

 </filter>

 <filter>

  <filter-name>OWSMSecurityFilter</filter-name>

  <filter-class>oracle.wsm.agent.handler.servlet.SecurityFilter</filter-class>

  <init-param>

   <param-name>servlet-name</param-name>

   <param-value>RESTServlet</param-value>

  </init-param>

 </filter>

 <filter>

   <filter-name>CORS</filter-name>

   <filter-class> com.thetransactioncompany.cors.CORSFilter </filter-class>

   <init-param>

    <param-name>cors.supportedMethods</param-name>

    <param-value>GET, POST, HEAD, PUT, DELETE, PATCH</param-value>

   </init-param>

  </filter> 

 <filter>

  <filter-name>adfBindings</filter-name>

  <filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>

 </filter>

 <filter-mapping>

  <filter-name>JpsFilter</filter-name>

  <url-pattern>/*</url-pattern>

  <dispatcher>FORWARD</dispatcher>

  <dispatcher>REQUEST</dispatcher>

  <dispatcher>INCLUDE</dispatcher>

 </filter-mapping>

 <filter-mapping>

  <filter-name>OWSMSecurityFilter</filter-name>

  <servlet-name>RESTServlet</servlet-name>

 </filter-mapping>

 <filter-mapping>

  <filter-name>adfBindings</filter-name>

  <servlet-name>RESTServlet</servlet-name>

 </filter-mapping>

 <filter-mapping>

    <filter-name>CORS</filter-name>

    <url-pattern>/*</url-pattern>

 </filter-mapping> 

 <filter-mapping>

  <filter-name>adfBindings</filter-name>

  <servlet-name>adfAuthentication</servlet-name>

  <dispatcher>FORWARD</dispatcher>

  <dispatcher>REQUEST</dispatcher>

 </filter-mapping>

 <listener>

  <listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>

 </listener>

 <listener>

  <listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>

 </listener>

 <listener>

  <listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>

 </listener>

 <login-config>

  <auth-method>FORM</auth-method>

  <form-login-config>

   <form-login-page>/login.html</form-login-page>

   <form-error-page>/error.html</form-error-page>

  </form-login-config>

 </login-config>

 <security-role>

  <role-name>valid-users</role-name>

 </security-role>

 <security-constraint>

  <web-resource-collection>

   <web-resource-name>RESTServlet</web-resource-name>

   <url-pattern>/*</url-pattern>

  </web-resource-collection>

  <auth-constraint>

   <role-name>valid-users</role-name>

  </auth-constraint>

 </security-constraint>

</web-app>

Tagged:

Answers