Return-Path: X-Original-To: apmail-airavata-dev-archive@www.apache.org Delivered-To: apmail-airavata-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 759BD1038E for ; Wed, 12 Jun 2013 14:35:48 +0000 (UTC) Received: (qmail 80026 invoked by uid 500); 12 Jun 2013 14:35:48 -0000 Delivered-To: apmail-airavata-dev-archive@airavata.apache.org Received: (qmail 79887 invoked by uid 500); 12 Jun 2013 14:35:48 -0000 Mailing-List: contact dev-help@airavata.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@airavata.apache.org Delivered-To: mailing list dev@airavata.apache.org Received: (qmail 79836 invoked by uid 99); 12 Jun 2013 14:35:47 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 14:35:47 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of thejaka.amila@gmail.com designates 209.85.214.177 as permitted sender) Received: from [209.85.214.177] (HELO mail-ob0-f177.google.com) (209.85.214.177) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 14:35:41 +0000 Received: by mail-ob0-f177.google.com with SMTP id ta17so13137600obb.22 for ; Wed, 12 Jun 2013 07:35:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=SSVpBa9aKIJ92ELDTGbAojtb59oOeEu9KWInegSES4g=; b=zhv4zWoJYhSozOO5XifOFIoM8Vh7OU/TPLItfkETD/LeaquLaPkzaVMqYzUKDS43zO E2BYayP1Y0g1wY2uH6XuiDdB/3DG/eR68/RAwFu5ilMlXv5FqQPcBRXLQp0mzFzTDplK WsgUu8v1hRIH8MAkbgAHMJut5p0n28s3A9hmDaCSBLWp0s30vGMqcks8ED+iEZMNV1in 8krcNfUXn2ZKZW2NImm7kjeGiJWsbJ4/SltZ0vLu6NUWsgR1vKsPvRwR/+775JvgjkFA wgwO4wQIh5Mo4BtvrJyY2PXLbLPAjnLOnvyPJ8P92WiaXiL1lH990hwBPBleIVPlEwm4 BFUw== MIME-Version: 1.0 X-Received: by 10.60.61.11 with SMTP id l11mr15782991oer.95.1371047720082; Wed, 12 Jun 2013 07:35:20 -0700 (PDT) Received: by 10.76.162.167 with HTTP; Wed, 12 Jun 2013 07:35:19 -0700 (PDT) In-Reply-To: References: Date: Wed, 12 Jun 2013 10:35:19 -0400 Message-ID: Subject: Re: Accessing the REST service from JavaScript From: Amila Jayasekara To: dev@airavata.apache.org, viknesb Content-Type: multipart/alternative; boundary=001a113319d05364f304def5ec44 X-Virus-Checked: Checked by ClamAV on apache.org --001a113319d05364f304def5ec44 Content-Type: text/plain; charset=ISO-8859-1 Hi Viknes, You still need to set user name as a Authorisation header. I doubt you will be able to do this even, cos browsers doesnt allow any kind of http header manipulations. Thanks Amila On Wed, Jun 12, 2013 at 10:29 AM, Viknes Balasubramanee wrote: > I'd like to avoid a backend server of my own or a proxy server. My aim is > to > develop a portable webapp of just HTML and JS pages that can be included by > any client. I am pretty sure I have successfully made cross domain requests > earlier. The only problem here is adding the authorization header and these > 2 browsers don't allow it. > > Amila, > When the security is disabled, should the username be still set in the > authorization header or can it be passed as a parameter or data attribute. > > Thanks > Viknes > > -----Original Message----- > From: Amila Jayasekara [mailto:thejaka.amila@gmail.com] > Sent: Wednesday, June 12, 2013 9:28 AM > To: dev@airavata.apache.org > Cc: viknesb > Subject: Re: Accessing the REST service from JavaScript > > I am not quite sure, issue is more subtle I guess. Cos browser it self > doesnt allow us to manipulate headers. > But we can try and see. > > Thanks > Amila > > > On Wed, Jun 12, 2013 at 9:21 AM, Supun Kamburugamuva > wrote: > > > From the description my understand was this is a cross domain > > scripting issue. If that is the case, using a proxy server will make > > all the requests to go through the same server (domain) and avoid the > issue. > > > > Thanks, > > Supun.. > > > > > > On Wed, Jun 12, 2013 at 8:58 AM, Amila Jayasekara > > wrote: > > > > > Hi Supun, > > > > > > Didn't quite understand how HTTPD going to solve the issue. You > > > meant to (from browser) pass header in different format to HTTPD and > > > set headers > > at > > > HTTPD server level ? If this is possible could you also point to a > > > reference ? > > > > > > Thanks > > > Amila > > > > > > > > > On Wed, Jun 12, 2013 at 8:28 AM, Supun Kamburugamuva > > > > > >wrote: > > > > > > > You can try proxying all your requests through a HTTPD server. May > > > > be > > it > > > > will help. > > > > > > > > Thanks, > > > > Supun.. > > > > > > > > > > > > On Wed, Jun 12, 2013 at 12:48 AM, Amila Jayasekara > > > > wrote: > > > > > > > > > Hi Viknes, > > > > > > > > > > As discussed offline the reason for authentication failure is > > > > > not > > > getting > > > > > "Authorization" header to backend. We experienced that Firefox > > > > > and > > > Chrome > > > > > does > > > > > not allow user to set headers while IE allow user to set headers > > > (Correct > > > > > me if I am wrong). Further [1] describes this restriction in > detail. > > > > > > > > > > It seems like due to security reasons some browsers does not > > > > > allow > > user > > > > to > > > > > manipulate headers. Maybe other Javascript experts can give more > > > feedback > > > > > to > > > > > solve this issue. > > > > > > > > > > Further even though you disable security Airavata needs a user > > > > > id to operate on. Therefore we still require a user id in the > > > > > request > > header. > > > > > > > > > > [1] > > > http://news.anarchy46.net/2012/06/refused-to-set-unsafe-header.html > > > > > > > > > > Thanks > > > > > Amila > > > > > > > > > > > > > > > On Tue, Jun 11, 2013 at 11:42 PM, Viknes Balasubramanee < > > > viknesb@msn.com > > > > > >wrote: > > > > > > > > > > > Hi All, > > > > > > > > > > > > I am trying to get the list of experiments in Airavata by > > > > > > accessing > > > the > > > > > > Registry API REST service from a webapp. When I make an AJAX > > request > > > > from > > > > > > JavaScript, I get an error in the browser console(FireBug) > > > > > > stating > > > > > "Access > > > > > > denied to restricted URI". This is the URL that I am trying > > > > > > to hit > > > > > > > > > > > > > > > > > > > > > > > > > > http://localhost:8080/airavata-registry/api/experimentregistry/get/exp > > erimen > > > > > > ts/all . The URL works fine from the browser. > > > > > > > > > > > > 1. I have the basic authentication header set with the encoded > > > username > > > > > and > > > > > > password when I make the request. I have CORS enabled in jQuery. > > Yet, > > > > the > > > > > > request seems to fail. > > > > > > 2. In order to skip the authentication and try my request, I > > > > > > set > > the > > > > > > enabled > > > > > > parameter in authentication.xml to false. > > > > enabled="false">. > > > > > > When I do so, I get the below exception if I try to connect to > > > > > > the > > > > > registry > > > > > > from XBaya. > > > > > > > > > > > > > > > > > > org.apache.airavata.client.api.exception.AiravataAPIInvocationException: > > > > > > Error while initializing the Airavata API > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactor > > y.java > > > > > > :64) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactor > > y.java > > > > > > :43) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.xbaya.ui.dialogs.registry.RegistryWindow.getAirava > > taAPI( > > > > > > RegistryWindow.java:260) > > > > > > Caused by: > > > > > > > > > > > > org.apache.airavata.client.api.exception.AiravataAPIInvocationException: > > > > > > Error while initializing the Airavat a API > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataClient.initialize(AiravataClient.java:163 > > > > > > ) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataAPIFactory.getAPI(AiravataAPIFactory.java > > > > > > :61) > > > > > > ... 99 more > > > > > > Caused by: java.lang.RuntimeException: Failed : HTTP error code : > > 500 > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.rest.client.ConfigurationResourceClient.getEventingURI(C > > > > > > onfigurationResourceClient.java:5 > > > > > > 19) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.rest.client.RegistryClient.getEventingServiceURI(Registr > > > > > > yClient.java:164) > > > > > > at > > > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.airavata.client.AiravataClient.createConfig(AiravataClient.java:1 > > > > > > 15) > > > > > > > > > > > > Please let me know if I am missing something here. For most of > the > > > GSOC > > > > > > projects, we are developing webapp and I believe this would play > an > > > > > > important role. > > > > > > > > > > > > Thanks > > > > > > Viknes > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Supun Kamburugamuva > > > > Member, Apache Software Foundation; http://www.apache.org > > > > E-mail: supun06@gmail.com; Mobile: +1 812 369 6762 > > > > Blog: http://supunk.blogspot.com > > > > > > > > > > > > > > > -- > > Supun Kamburugamuva > > Member, Apache Software Foundation; http://www.apache.org > > E-mail: supun06@gmail.com; Mobile: +1 812 369 6762 > > Blog: http://supunk.blogspot.com > > > --001a113319d05364f304def5ec44--