Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Alfresco ECM Core API returns 403

zain
Champ in-the-making
Champ in-the-making

‎04-24-2020 08:25 AM

Hi All,

I'm calling following API using admin credentials from Angular

http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children?skipCount=0&maxItems=100&relativePath=Sites/rtc/documentLibrary/attachments&includeSource=true

but it returns 403 when browser sends OPTIONS request. I've already configured CORS in tomcat's web.xml but still it returns 403. I'm able to authenticate using tickets API.

Here are the CORS settings

<filter>
		<filter-name>CorsFilter</filter-name>
		<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
		<init-param>
			<param-name>cors.allowed.origins</param-name>
			<param-value>http://localhost:4200,http://localhost:4201,http://localhost,http://127.0.0.1:4200,http://127.0.0.1</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.methods</param-name>
			<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.headers</param-name>
			<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
		</init-param>
		<init-param>
			<param-name>cors.exposed.headers</param-name>
			<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
		</init-param>
		<init-param>
			<param-name>cors.support.credentials</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>cors.preflight.maxage</param-name>
			<param-value>10</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CorsFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

image

Kindly note that Docker container environment is used for ACS deployment

Labels:
0 Kudos
3 REPLIES 3

afaust
Legendary Innovator
Legendary Innovator

‎04-24-2020 10:01 AM

Your OPTIONS request is not sending any authentication header with the ticket that I can see. So even though you have authenticated before, this call is again unauthenticated and thus a 403 is expected.

0 Kudos

jigir_shah
Champ on-the-rise
Champ on-the-rise
In response to afaust

‎09-23-2020 01:33 AM

Hi @afaust ,

How to resolve this error? Anything needs to be changed in ADF side? I have similar configuration in my ACS. I have allowed CORS with given filters. Still I'm getting 403 error. When I put cors.allowed.origin=*, I'm able to login. But, with specific IP/host, I'm getting 403.

Can you please let me know how to resolve this?

0 Kudos

kaynezhang
World-Class Innovator
World-Class Innovator
In response to jigir_shah

‎09-24-2020 04:21 AM

How did you config IP/Host,you should configure it like following,please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

cors.allowed.origins

A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg: https://www.w3.org, https://www.apache.org. Defaults: The empty String. (No origin is allowed to access the resource).

Getting started

Explore our Alfresco products with the links below. Use labels to filter content by product module.

Copyright © 2024 Khoros, LLC