Alfresco ECM Core API returns 403

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

Alfresco ECM Core API returns 403

Hi All,

I'm calling following API using admin credentials from Angular

http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children?skipCount=0&maxItems=100&relativePath=Sites/rtc/documentLibrary/attachments&includeSource=true

but it returns 403 when browser sends OPTIONS request. I've already configured CORS in tomcat's web.xml but still it returns 403. I'm able to authenticate using tickets API.

 

Here are the CORS settings

 

<filter>
		<filter-name>CorsFilter</filter-name>
		<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
		<init-param>
			<param-name>cors.allowed.origins</param-name>
			<param-value>http://localhost:4200,http://localhost:4201,http://localhost,http://127.0.0.1:4200,http://127.0.0.1</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.methods</param-name>
			<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.headers</param-name>
			<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
		</init-param>
		<init-param>
			<param-name>cors.exposed.headers</param-name>
			<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
		</init-param>
		<init-param>
			<param-name>cors.support.credentials</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>cors.preflight.maxage</param-name>
			<param-value>10</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CorsFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

acs.png

 

Kindly note that Docker container environment is used for ACS deployment

3 Replies
Highlighted
Master

Re: Alfresco ECM Core API returns 403

Your OPTIONS request is not sending any authentication header with the ticket that I can see. So even though you have authenticated before, this call is again unauthenticated and thus a 403 is expected.

Highlighted
Active Member

Re: Alfresco ECM Core API returns 403

Hi @afaust ,

How to resolve this error? Anything needs to be changed in ADF side? I have similar configuration in my ACS. I have allowed CORS with given filters. Still I'm getting 403 error. When I put cors.allowed.origin=*, I'm able to login. But, with specific IP/host, I'm getting 403.

Can you please let me know how to resolve this?

Highlighted
Advanced

Re: Alfresco ECM Core API returns 403

How did you config IP/Host,you should configure it like following,please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html

 

cors.allowed.origins

A list of origins that are allowed to access the resource. A * can be specified to enable access to resource from any origin. Otherwise, an allow list of comma separated origins can be provided. Eg: https://www.w3.org, https://www.apache.org. Defaults: The empty String. (No origin is allowed to access the resource).