Hello, I use Stanbol for a project and I add this 3 bundles : org.apache.stanbol.commons.security.fexilwebconsole : 0.12.0-Snapshot org.apache.stanbol.commons.security.core : 0.12.0-snapshot org.apache.stanbol.commons.security.usermanagement : 0.12.0-snapshot
The problem is that I can't access to access restricted resources with Ajax request. When I used Curl I get attended answer : *Curl --user "admin:admin" –H "Accept :application/rdf+xml" "http://localhost:8080/ <http://localhost:8080/>* *user-management/users/bob/rolesCheckboxes"* When I try to do the same thing with Ajax/Jquery*.* *function getPwd(admin,passwd){ var l = admin; var p = passwd; var bytes = CryptoJS.enc.Utf8.parse(l + ":" + p); return "Basic "+ CryptoJS.enc.Base64.stringify(bytes); } var pw = getPwd("admin","admin"); console.log(pw); var rdfdata $.ajax({ url : "http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes <http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes>", type : "GET", beforeSend: function (xhr) { xhr.setRequestHeader("Authorization", pw); xhr.withCredentials = true; }, dataType : "xml", cache:false, async:false, success: function(data){ console.warn("success"); }, error: function(xhr,ajaxOptions,thrownError){ console.error("Error !!!!"); } });* We have this answer in Chrome : Failed to load resource: Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes?_=1383818544080 XMLHttpRequest cannot load http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes?_=1383818544080. Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin. And in FF: Reload the page to get source for: http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes?_=1383818621511 We try to add this in UserResource.java in UserManagement bundle without sucess : * @OPTIONS @Path("users/*") public Response handleCorsPreflight(){ ResponseBuilder res = Response.ok(); //enableCORS(servletContext,res, headers); res.header("Access-Control-Allow-Origin", "*"); res.header("Access-Control-Allow-Headers", "Authorization"); res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS"); return res.build(); }* I think, we need to add "Authorization" header in OPTIONS. But With the new architecture We don't find how to do it. We seen the configuration point for jersey [1] and try to add "authorization" header, but i think it's not enough. Thanks you for you help ! Julien VILLEPOUX
