I'm trying to make my custom application (an excel addin written with Office JS api and react) connect to our alfresco deployment.
If I try to login using the app, via alfresco js api, i get a 403 response with the following body:
{
"error": {
"errorKey": "Login failed",
"statusCode": 403,
"briefSummary": "02180006 Login failed",
"stackTrace": "Per motivi di sicurezza l'analisi dello stack non viene più visualizzata, ma viene mantenuta la proprietà per le versioni precedenti",
"descriptionURL": "https://api-explorer.alfresco.com"
}
} Here the request header:
Spoiler (Highlight to read) Accept: application/json
Accept-Encoding: gzip, deflate
Accept-Language: en-GB, en; q=0.8, it-IT; q=0.5, it; q=0.3
Authorization: Basic aXM0V2FpMWV4aWUwOmFuZHJlYS5naGVuc2k=
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 52
Content-Type: application/json
Host: dms.sws-digital.com
Origin: https://localhost:3000
Referer: https://localhost:3000/taskpane.html?_host_Info=Excel$Win32$16.01$it-IT$$$$0
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Accept: application/json
Accept-Encoding: gzip, deflate
Accept-Language: en-GB, en; q=0.8, it-IT; q=0.5, it; q=0.3
Authorization: Basic aXM0V2FpMWV4aWUwOmFuZHJlYS5naGVuc2k=
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 52
Content-Type: application/json
Host: dms.sws-digital.com
Origin: https://localhost:3000
Referer: https://localhost:3000/taskpane.html?_host_Info=Excel$Win32$16.01$it-IT$$$$0
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
(localhost:3000 is the domain of the excel addin, I'm running it on my pc and sideloading it in excel desktop app)
And here the response headers:
Spoiler (Highlight to read) Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Date: Wed, 18 Mar 2020 16:19:47 GMT
Server: nginx/1.13.8
Transfer-Encoding: chunked
Vary: Origin Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://localhost:3000
Connection: keep-alive
Content-Type: application/json; charset=UTF-8
Date: Wed, 18 Mar 2020 16:19:47 GMT
Server: nginx/1.13.8
Transfer-Encoding: chunked
Vary: Origin
I got the same result with the API explorer with the POST tickets endpoint.
If I use postman to test the same endpoint, everything is ok.
I already solved (or so I think) the CORS issues by allowing * origin in CORS filters of web.xml
Spoiler (Highlight to read) web.xml CORS portion
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
<!--param-value>http://localhost:8081,https://localhost:3000,https://dms.sws-digital.com</param-value-->
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-valu$ </init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>
web.xml CORS portion <filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<init-param>
<param-name>cors.allowGenericHttpRequests</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
<!--param-value>http://localhost:8081,https://localhost:3000,https://dms.sws-digital.com</param-value-->
</init-param>
<init-param>
<param-name>cors.allowSubdomains</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, PUT, DELETE, OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.supportedHeaders</param-name>
<param-value>origin, authorization, x-file-size, x-file-name, content-type, accept, x-file-type</param-valu$ </init-param>
<init-param>
<param-name>cors.supportsCredentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.maxAge</param-name>
<param-value>3600</param-value>
</init-param>
</filter>[...]<filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/api/*</url-pattern> <url-pattern>/service/*</url-pattern> <url-pattern>/s/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern></filter-mapping>
My alfresco dockers are behind an ngnix https proxy, that is configured like this:
Spoiler (Highlight to read) server { server { listen 80 default_server; listen [::]:80 default_server; server_name _; rewrite ^ https://$host$request_uri? permanent;}[...]server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/ssl/certs/sws-digital.com.crt;
ssl_certificate_key /etc/ssl/private/sws-digital.com.key;
ssl_protocols TLSv1.2;
root /var/www/html;
server_name dms.sws-digital.com;
rewrite ^/$ /share;
location /share {
proxy_pass http://share:8080;
#proxy_redirect off;
proxy_pass_header Set-Cookie;
proxy_set_header Origin "";
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Frowarded-Proto $scheme;
proxy_set_header Referer "";
# Allow large file upload
client_max_body_size 0;
}
location /alfresco {
proxy_pass http://alfresco:8080;
#proxy_redirect off;
proxy_pass_header Set-Cookie;
proxy_set_header Proxy "";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Frowarded-Proto $scheme;
proxy_set_header Referer "";
# large files upload
client_max_body_size 0;
}
}
I tried to add the following to the shared/classes/alfresco-global.properties:
Spoiler (Highlight to read) alfresco.context=alfresco
alfresco.host=dms.sws-digital.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=dms.sws-digital.com
share.port=443
share.protocol=https
opencmis.context.override=false
opencmis.context.value=
opencmis.servletpath.override=false
opencmis.servletpath.value=
opencmis.server.override=true
opencmis.server.value=https://dms.sws-digital.com
aos.baseUrlOverwrite=https://dms.sws-digital.com/alfresco/aos alfresco.context=alfresco
alfresco.host=dms.sws-digital.com
alfresco.port=443
alfresco.protocol=https
share.context=share
share.host=dms.sws-digital.com
share.port=443
share.protocol=https
opencmis.context.override=false
opencmis.context.value=
opencmis.servletpath.override=false
opencmis.servletpath.value=
opencmis.server.override=true
opencmis.server.value=https://dms.sws-digital.com
aos.baseUrlOverwrite=https://dms.sws-digital.com/alfresco/aos
but nothing changed.
I'm banging my head on this for three days now, and I'm officially lost.
Alfresco dockers are based on acs-deployment from January 2019 modified to use ACS community 6.1.2-ga with a custom content model and the configuration shown above.
