Hi Viknes, You still need to set user name as a Authorisation header. I doubt you will be able to do this even, cos browsers doesnt allow any kind of http header manipulations.
Thanks Amila On Wed, Jun 12, 2013 at 10:29 AM, Viknes Balasubramanee <[email protected]>wrote: > I'd like to avoid a backend server of my own or a proxy server. My aim is > to > develop a portable webapp of just HTML and JS pages that can be included by > any client. I am pretty sure I have successfully made cross domain requests > earlier. The only problem here is adding the authorization header and these > 2 browsers don't allow it. > > Amila, > When the security is disabled, should the username be still set in the > authorization header or can it be passed as a parameter or data attribute. > > Thanks > Viknes > > -----Original Message----- > From: Amila Jayasekara [mailto:[email protected]] > Sent: Wednesday, June 12, 2013 9:28 AM > To: [email protected] > Cc: viknesb > Subject: Re: Accessing the REST service from JavaScript > > I am not quite sure, issue is more subtle I guess. Cos browser it self > doesnt allow us to manipulate headers. > But we can try and see. > > Thanks > Amila > > > On Wed, Jun 12, 2013 at 9:21 AM, Supun Kamburugamuva > <[email protected]>wrote: > > > From the description my understand was this is a cross domain > > scripting issue. If that is the case, using a proxy server will make > > all the requests to go through the same server (domain) and avoid the > issue. > > > > Thanks, > > Supun.. > > > > > > On Wed, Jun 12, 2013 at 8:58 AM, Amila Jayasekara > > <[email protected]>wrote: > > > > > Hi Supun, > > > > > > Didn't quite understand how HTTPD going to solve the issue. You > > > meant to (from browser) pass header in different format to HTTPD and > > > set headers > > at > > > HTTPD server level ? If this is possible could you also point to a > > > reference ? > > > > > > Thanks > > > Amila > > > > > > > > > On Wed, Jun 12, 2013 at 8:28 AM, Supun Kamburugamuva > > > <[email protected] > > > >wrote: > > > > > > > You can try proxying all your requests through a HTTPD server. May > > > > be > > it > > > > will help. > > > > > > > > Thanks, > > > > Supun.. > > > > > > > > > > > > On Wed, Jun 12, 2013 at 12:48 AM, Amila Jayasekara > > > > <[email protected]>wrote: > > > > > > > > > Hi Viknes, > > > > > > > > > > As discussed offline the reason for authentication failure is > > > > > not > > > getting > > > > > "Authorization" header to backend. We experienced that Firefox > > > > > and > > > Chrome > > > > > does > > > > > not allow user to set headers while IE allow user to set headers > > > (Correct > > > > > me if I am wrong). Further [1] describes this restriction in > detail. > > > > > > > > > > It seems like due to security reasons some browsers does not > > > > > allow > > user > > > > to > > > > > manipulate headers. Maybe other Javascript experts can give more > > > feedback > > > > > to > > > > > solve this issue. > > > > > > > > > > Further even though you disable security Airavata needs a user > > > > > id to operate on. Therefore we still require a user id in the > > > > > request > > header. > > > > > > > > > > [1] > > > http://news.anarchy46.net/2012/06/refused-to-set-unsafe-header.html > > > > > > > > > > Thanks > > > > > Amila > > > > > > > > > > > > > > > On Tue, Jun 11, 2013 at 11:42 PM, Viknes Balasubramanee < > > > [email protected] > > > > > >wrote: > > > > > > > > > > > Hi All, > > > > > > > > > > > > I am trying to get the list of experiments in Airavata by > > > > > > accessing > > > the > > > > > > Registry API REST service from a webapp. When I make an AJAX > > request > > > > from > > > > > > JavaScript, I get an error in the browser console(FireBug) > > > > > > stating > > > > > "Access > > > > > > denied to restricted URI". This is the URL that I am trying > > > > > > to hit > > > > > > > > > > > > > > > > > > > > > > > > > > http://localhost:8080/airavata-registry/api/experimentregistry/get/exp > > erimen > > > > > > ts/all . The URL works fine from the browser. > > > > > > > > > > > > 1. I have the basic authentication header set with the encoded > > > username > > > > > and > > > > > > password when I make the request. I have CORS enabled in jQuery. > > Yet, > > > > the > > > > > > request seems to fail. > > > > > > 2. In order to skip the authentication and try my request, I > > > > > > set > > the > > > > > > enabled > > > > > > parameter in authentication.xml to false. <authenticators > > > > > enabled="false">. > > > > > > When I do so, I get the below exception if I try to connect to > > > > > > the > > > > > registry > > > > > > from XBaya. > > > > > > > > > > > > > > > > > > org.apache.airavata.client.api.exception.AiravataAPIInvocationException: > > > > > > Error while initializing the Airavata API > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactor > > y.java > > > > > > :64) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactor > > y.java > > > > > > :43) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.xbaya.ui.dialogs.registry.RegistryWindow.getAirava > > taAPI( > > > > > > RegistryWindow.java:260) > > > > > > Caused by: > > > > > > > > > > > > org.apache.airavata.client.api.exception.AiravataAPIInvocationException: > > > > > > Error while initializing the Airavat a API > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataClient.initialize(AiravataClient.java:163 > > > > > > ) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactory.java > > > > > > :61) > > > > > > ... 99 more > > > > > > Caused by: java.lang.RuntimeException: Failed : HTTP error code : > > 500 > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.rest.client.ConfigurationResourceClient.getEventingURI(C > > > > > > onfigurationResourceClient.java:5 > > > > > > 19) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.rest.client.RegistryClient.getEventingServiceURI(Registr > > > > > > yClient.java:164) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataClient.createConfig(AiravataClient.java:1 > > > > > > 15) > > > > > > > > > > > > Please let me know if I am missing something here. For most of > the > > > GSOC > > > > > > projects, we are developing webapp and I believe this would play > an > > > > > > important role. > > > > > > > > > > > > Thanks > > > > > > Viknes > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Supun Kamburugamuva > > > > Member, Apache Software Foundation; http://www.apache.org > > > > E-mail: [email protected]; Mobile: +1 812 369 6762 > > > > Blog: http://supunk.blogspot.com > > > > > > > > > > > > > > > -- > > Supun Kamburugamuva > > Member, Apache Software Foundation; http://www.apache.org > > E-mail: [email protected]; Mobile: +1 812 369 6762 > > Blog: http://supunk.blogspot.com > > >
