Discussions
Categories
- 196.9K All Categories
- 2.2K Data
- 240 Big Data Appliance
- 1.9K Data Science
- 450.4K Databases
- 221.7K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 550 MySQL Community Space
- 478 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3K ORDS, SODA & JSON in the Database
- 546 SQLcl
- 4K SQL Developer Data Modeler
- 187.1K SQL & PL/SQL
- 21.3K SQL Developer
- 295.9K Development
- 17 Developer Projects
- 138 Programming Languages
- 292.6K Development Tools
- 107 DevOps
- 3.1K QA/Testing
- 646K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 155 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.1K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 18 Java Essentials
- 160 Java 8 Questions
- 86K Java Programming
- 80 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 204 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 443 LiveLabs
- 38 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 171 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 232 Portuguese
ADF REST API- Issue with CORS when security is implemented
Hi,
I am trying to create a test project to run Oracle JET Application with ADF-REST API.
I am using JDeveloper 12.2.1.3. I have implemented the steps mentioned Shay Shmeltzer at
https://blogs.oracle.com/shay/post/enabling-cors-for-adf-business-component-rest-services.
If I run the ADF-REST-API without security then every thing works as expected. However, once I implement the security, I again start seeing the CORS errors.
Unsure if the Filter mapping sequence in my web, xml is incorrect.
Thank you in advance,
Regards,
Prakash
Here is the web.xml in my RESTWebService project after implementing security.
<?xml version = '1.0' encoding = 'windows-1252'?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0">
<servlet>
<servlet-name>RESTServlet</servlet-name>
<servlet-class>oracle.adf.model.servlet.rest.ResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>adfAuthentication</servlet-name>
<servlet-class>oracle.adf.share.security.authentication.AuthenticationServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>RESTServlet</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>adfAuthentication</servlet-name>
<url-pattern>/adfAuthentication</url-pattern>
</servlet-mapping>
<filter>
<filter-name>JpsFilter</filter-name>
<filter-class>oracle.security.jps.ee.http.JpsFilter</filter-class>
<init-param>
<param-name>enable.anonymous</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>remove.anonymous.role</param-name>
<param-value>false</param-value>
</init-param>
</filter>
<filter>
<filter-name>OWSMSecurityFilter</filter-name>
<filter-class>oracle.wsm.agent.handler.servlet.SecurityFilter</filter-class>
<init-param>
<param-name>servlet-name</param-name>
<param-value>RESTServlet</param-value>
</init-param>
</filter>
<filter>
<filter-name>CORS</filter-name>
<filter-class> com.thetransactioncompany.cors.CORSFilter </filter-class>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, POST, HEAD, PUT, DELETE, PATCH</param-value>
</init-param>
</filter>
<filter>
<filter-name>adfBindings</filter-name>
<filter-class>oracle.adf.model.servlet.ADFBindingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>JpsFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>OWSMSecurityFilter</filter-name>
<servlet-name>RESTServlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>RESTServlet</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>adfBindings</filter-name>
<servlet-name>adfAuthentication</servlet-name>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<listener>
<listener-class>oracle.adf.mbean.share.config.ADFConfigLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.adf.mbean.share.connection.ADFConnectionLifeCycleCallBack</listener-class>
</listener>
<listener>
<listener-class>oracle.bc4j.mbean.BC4JConfigLifeCycleCallBack</listener-class>
</listener>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/error.html</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>valid-users</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>RESTServlet</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>valid-users</role-name>
</auth-constraint>
</security-constraint>
</web-app>
Answers
-
Hi,
After re-searching the forum for similar posts, I realize that there were previous discussions on this this same question.
CORS Filter Issue using ADF BC REST services with ADF Security implementation — oracle-tech
However, my issue still remains unresolved. I tried to use the INIT-PARAM suggested at
I still see the CORS error. From the above post I grab that we need request header to be set on the AJAX call, I tried to implement this as per the rssuppor.atlassian.net post. However that did not help either.
My AJAX call looks like this
$.ajax({type: "HTTP METHOD", url: "http://localhost:7101/cmRESTws/rest/1.0/caseSrch", crossDomain: true,
dataType: 'json', async: false, data: '{}',
headers: {"Authorization": 'Basic ' + btoa("uid:pw")},
success: function(res) {
I have updated my ADF security authentication to BASIC. Earlier it was form based.
Is there something that I am still missing.
I also tried to test the secured web-service through SOAP UI. However, I still do not the the "Access-Control-Allow-Origin:" in the header
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Date: Fri, 25 Mar 2022 01:48:32 GMT
Location:
Content-Length: 1564
Content-Type: application/vnd.oracle.adf.resourcecollection+json
X-ORACLE-DMS-RID: 0
Link: <http://ip.ip.ip.ip:7101/cmRESTws/rest/1.0/caseSrch>;rel="self";kind="collection";name="caseSrch"
Set-Cookie: JSESSIONID=ZXG-wtDNYRlVRsGk8tzsGVgCkM1nP84P6LQa6y1ZDxNIKO3zDHyh!-1524801280; path=/; HttpOnly
X-ORACLE-DMS-ECID: d834a0e6-d6c9-4d11-b999-45970eb01b25-000000f2
Content-Encoding: gzip
REST-Framework-Version: 1
....
Regards,
Prakash