Tnx Dan.
The 404 is probalbly also�because the app was sleeping and then the fixtures
are gone.
After loading the fixtures in Chrome I get normal response.
I tried changing shiro.ini: no results.
In Isis.Properties do you mean setting authentication to bypass or
authorization? Current settings:
# default is file in SERVER mode, none in SERVER_EXPLORATION.� Derived
from wicket mode�
#isis.authentication=bypass
isis.authentication=shiro
�
# default is file in SERVER mode, none in SERVER_EXPLORATION.� Derived
from wicket mode�
#isis.authorization=file
�
isis.authorization=shiro
When I hit the URL fro my Chrome session I'm getting a 404:
1. Remote Address:
xxx.xxx.xxx.xxx
2. Request URL:
http://socrates.johandoornenbal.eu.cloudbees.net/restful/services/Parties/actions/allParties/invoke
3. Request Method:
GET
4. Status Code:
404 Not Found
5. Request Headersview source
1. Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
2. Accept-Encoding:
gzip,deflate,sdch
3. Accept-Language:
en-US,en;q=0.8,it;q=0.6
4. Cache-Control:
max-age=0
5. Connection:
keep-alive
6. Cookie:
JSESSIONID=xxxxxxxxxxxxxxx
7. DNT:
1
8. Host:
socrates.johandoornenbal.eu.cloudbees.net
9. User-Agent:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/36.0.1985.143 Safari/537.36
10. X-WELFARE_ORG:
SDCC
6. Response Headersview source
1. Connection:
keep-alive
2. Content-Length:
0
3. Content-Type:
application/json
4. Date:
Tue, 02 Sep 2014 16:11:21 GMT
5. Server:
nginx/1.4.2
6. Warning:
199 RestfulObjects action 'allParties' either does not exist or is
not visible
Perhaps the CORS error is masking a 404?
~~~
As to why you are getting a 404, I think it might be security. In the
web.xml we have:
IsisSessionFilterForRestfulObjects
org.apache.isis.core.webapp.IsisSessionFilter
authenticationSessionStrategy
org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyTrusted
...
In fact, that still sets up a session with a username, the username being
hard coded to "exploration". However, Shiro authorization is still
configured (in the isis.properties) file. In the shiro.ini there is no
permissions for the "exploration" user:
[users] sven = pass, admin_role dick = pass, user_role, self-install_role
bob = pass, user_role, self-install_role joe = pass, user_role,
self-install_role guest = guest, user_role
[roles] # role = perm1, perm2, perm3, ... # perm in format:
packageName:className:memberName:r,w user_role = *:ToDoItemsJdo:*:*,
*:ToDoItem:*:* self-install_role = *:ToDoItemsFixturesService:install:*
admin_role = *
So you could probably get things going by adding "exploration = pass,
admin_role" in the [users] section.
An alternative would be to switch off Shiro by updating isis.properties to
use "bypass" authorization mechanism instead (basically a no-op:
isis.authorization=bypass
Let me know if that helps at all...
Dan
On 2 September 2014 17:05, wrote:
> When connecting to REST Api I get this message:
>
>
>
> XMLHttpRequest cannot load
> http://socrates.johandoornenbal.eu.cloudbees.net/restful/services/Parties/actions/allParties/invoke.
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:8000' is therefore not allowed access.
>
>
>
> While
>
>
>
> http://socrates.johandoornenbal.eu.cloudbees.net/restful/services/Parties
>
> is working.
>
>
>
> Can someone explain me what is going on? Is this a filtersetting
> in web.xml or ...? Or has this to do with identification (I am
> using
> org.apache.isis.viewer.restfulobjects.server.authentication.AuthenticationSessionStrategyTrusted
> in web.xml)
>
>
�
