Hi Julien I see that with curl you're setting the accept header to rdf/xml but not with the jquery client. Is this intentional?
Cheers, Reto On Thu, Nov 7, 2013 at 1:32 PM, Julien Villepoux < jvillepoux.oof...@gmail.com> wrote: > Hello, I use Stanbol for a project and I add this 3 bundles : > > org.apache.stanbol.commons.security.fexilwebconsole : 0.12.0-Snapshot > org.apache.stanbol.commons.security.core : 0.12.0-snapshot > org.apache.stanbol.commons.security.usermanagement : 0.12.0-snapshot > > The problem is that I can't access to access restricted resources with Ajax > request. > > > When I used Curl I get attended answer : > > *Curl --user "admin:admin" –H "Accept :application/rdf+xml" > "http://localhost:8080/ <http://localhost:8080/>* > *user-management/users/bob/rolesCheckboxes"* > > > When I try to do the same thing with Ajax/Jquery*.* > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > *function getPwd(admin,passwd){ var l = > admin; var p = passwd; var > bytes = CryptoJS.enc.Utf8.parse(l + ":" + p); return > "Basic "+ CryptoJS.enc.Base64.stringify(bytes); } > var pw = getPwd("admin","admin"); > console.log(pw); var rdfdata $.ajax({ > url : "http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes > <http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes>", > type : "GET", beforeSend: function (xhr) > { > xhr.setRequestHeader("Authorization", > pw); xhr.withCredentials = true; > }, dataType : "xml", > cache:false, async:false, success: > function(data){ console.warn("success"); > }, error: function(xhr,ajaxOptions,thrownError){ > console.error("Error !!!!"); } });* > > We have this answer in Chrome : > Failed to load resource: Origin http://127.0.0.1 is not allowed by > Access-Control-Allow-Origin > > http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes?_=1383818544080 > XMLHttpRequest cannot load > > http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes?_=1383818544080 > . > Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin. > > And in FF: > > Reload the page to get source for: > > http://127.0.0.1:8080/user-management/users/bob/rolesCheckboxes?_=1383818621511 > > We try to add this in UserResource.java in UserManagement bundle without > sucess : > > > > > > > > > > > > * @OPTIONS @Path("users/*") public Response handleCorsPreflight(){ > ResponseBuilder res = Response.ok(); //enableCORS(servletContext,res, > headers); res.header("Access-Control-Allow-Origin", "*"); > res.header("Access-Control-Allow-Headers", "Authorization"); > res.header("Access-Control-Allow-Methods", "GET, POST, OPTIONS"); > return res.build(); }* > > I think, we need to add "Authorization" header in OPTIONS. But With the new > architecture We don't find how to do it. We seen the configuration point > for jersey [1] and try to add "authorization" header, but i think it's not > enough. > > Thanks you for you help ! > Julien VILLEPOUX >
