Alfresco ECM Core API returns 403

cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Member II

Alfresco ECM Core API returns 403

Hi All,

I'm calling following API using admin credentials from Angular

http://localhost:8080/alfresco/api/-default-/public/alfresco/versions/1/nodes/-root-/children?skipCount=0&maxItems=100&relativePath=Sites/rtc/documentLibrary/attachments&includeSource=true

but it returns 403 when browser sends OPTIONS request. I've already configured CORS in tomcat's web.xml but still it returns 403. I'm able to authenticate using tickets API.

 

Here are the CORS settings

 

<filter>
		<filter-name>CorsFilter</filter-name>
		<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
		<init-param>
			<param-name>cors.allowed.origins</param-name>
			<param-value>http://localhost:4200,http://localhost:4201,http://localhost,http://127.0.0.1:4200,http://127.0.0.1</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.methods</param-name>
			<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
		</init-param>
		<init-param>
			<param-name>cors.allowed.headers</param-name>
			<param-value>Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
		</init-param>
		<init-param>
			<param-name>cors.exposed.headers</param-name>
			<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
		</init-param>
		<init-param>
			<param-name>cors.support.credentials</param-name>
			<param-value>true</param-value>
		</init-param>
		<init-param>
			<param-name>cors.preflight.maxage</param-name>
			<param-value>10</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CorsFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 

acs.png

 

Kindly note that Docker container environment is used for ACS deployment

1 Reply
Highlighted
Master

Re: Alfresco ECM Core API returns 403

Your OPTIONS request is not sending any authentication header with the ticket that I can see. So even though you have authenticated before, this call is again unauthenticated and thus a 403 is expected.