java - GET requests are being forbidden while POST requests go through fine -

-

in web application, need make calls to different web service (developed/managed me) start/manage resources through rest apis. web service runs on tomcat6. can see browser logs post requests getting through requests being forbidden. if make same calls web service itself, not seeing issues. have defined cross origin filter tomcat6 , mentioned in supported methods still problem persists..

i have defined cross origin filters way in web.xml @ application server level itself. using cors filter libraries http://software.dzhuvinov.com/cors-filter.html. tomcat6 server , filter has been defined @ ($tomcat6_home/conf/web.xml) follows

<filter>     <filter-name>cors</filter-name>     <filter-class>com.thetransactioncompany.cors.corsfilter</filter-class>     <init-param>      <param-name>cors.alloworigin</param-name>         <param-value>*</param-value>     </init-param>     <init-param>      <param-name>cors.supportedmethods</param-name>         <param-value>get, post, head, put, delete, options</param-value>     </init-param>     <init-param>      <param-name>cors.supportedheaders</param-name>      <param-value>*</param-value>     </init-param> </filter>  <filter-mapping>     <filter-name>cors</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping>

strangely, webservice accepting post calls calls, throwing 403 - forbidden error telling "access specified resource has been forbidden".

headers call follows

request url:https://remote.vm.mycompany.com/remote/tunnel?read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0 request method:get status code:403 forbidden request headersview source accept:*/* accept-encoding:gzip,deflate,sdch accept-language:en-us,en;q=0.8 connection:keep-alive host:remote.vm.mycompany.com origin:https://ec2-184-72-200-91.compute-1.amazonaws.com referer:https://ec2-184-72-200-91.compute-1.amazonaws.com/ user-agent:mozilla/5.0 (macintosh; intel mac os x 10_8_4) applewebkit/537.36 (khtml, gecko) chrome/28.0.1500.71 safari/537.36 query string parametersview sourceview url encoded read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0: response headersview source access-control-allow-credentials:true access-control-allow-origin:https://ec2-184-72-200-91.compute-1.amazonaws.com content-length:961 content-type:text/html;charset=utf-8 date:sun, 21 jul 2013 17:17:37 gmt server:apache-coyote/1.1

tomcat access logs reveal request has been forbidden does't give clue in of logs 

- - - [21/jul/2013:17:17:37 +0000] post /remote/tunnel?connect http/1.1 200   - - - - [21/jul/2013:17:17:37 +0000] /remote/tunnel?read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0 http/1.1 403   -

here servlet code. trying integrate guacamole (html5 vnc client webservice )

package com.mycompany.html5remote;  import java.util.arrays;  import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpsession;  import org.slf4j.logger; import org.slf4j.loggerfactory;  import net.sourceforge.guacamole.guacamoleexception; import net.sourceforge.guacamole.net.guacamolesocket; import net.sourceforge.guacamole.net.guacamoletunnel; import net.sourceforge.guacamole.net.inetguacamolesocket; import net.sourceforge.guacamole.protocol.configuredguacamolesocket; import net.sourceforge.guacamole.protocol.guacamoleclientinformation; import net.sourceforge.guacamole.protocol.guacamoleconfiguration; import net.sourceforge.guacamole.servlet.guacamolehttptunnelservlet; import net.sourceforge.guacamole.servlet.guacamolesession;  public class httptunnel extends guacamolehttptunnelservlet {      private logger logger = loggerfactory.getlogger(httptunnel.class);      @override     protected guacamoletunnel doconnect(httpservletrequest request) throws guacamoleexception {          httpsession httpsession = request.getsession(true);         logger.info("inside doconnect method.");           guacamoleclientinformation info = new guacamoleclientinformation();          string hostname = request.getparameter("hostname");         string protocol = request.getparameter("protocol");          // create socket         guacamoleconfiguration config = new guacamoleconfiguration();         config.setprotocol(protocol);         config.setparameter("hostname", hostname);         //config.setparameter("hostname", "ec2-184-73-104-108.compute-1.amazonaws.com");         if("vnc".equals(protocol)){             config.setparameter("port", "5901");         }else if ("rdp".equals(protocol)){             config.setparameter("port", "3389");         }else{             config.setparameter("port", "22");         }          logger.info("set configuration. creating socket connection now..");          // return connected socket         guacamolesocket socket =  new configuredguacamolesocket(                 new inetguacamolesocket("localhost", 4822),                 config, info         );          logger.info("successfully created socket connection.");           // create tunnel now-configured socket         guacamoletunnel tunnel = new guacamoletunnel(socket);          // attach tunnel         guacamolesession session = new guacamolesession(httpsession);         session.attachtunnel(tunnel);         logger.info("done");         return tunnel;      }  }

documentation guacamolehttptunnelservlet (gpl licenced) here

what possibly missing? there other places can clues? please help

do have security constraints related http methods configured in web.xml? not sure why go seperate api filtering request?


Comments

Post a Comment

Popular posts from this blog

html5 - What is breaking my page when printing? -

-
Image
i have questioner , don't know why when printing it's creating break before first question. live demo (link) i able resolve issue removing fieldset container had wrapped in.. having fieldset element causing of fields grouped together, , since not fit on first page, being pushed second page. removing fieldset element, able firefox print first 2 questions on page 1 identically chrome. it seems not new problem firefox , fieldset not playing nice found old bugzilla ticket 2008 has persisted , still being commented on in 2014 (link) if retaining fieldset important, found solution else came here (link) <script type='text/javascript'> $(window).bind('beforeprint', function(){ $('fieldset').each( function(item) { $(this).replacewith($('<div class="fieldset">' + this.innerhtml + '</div>')); } ) }); $(window).bind(
Read more

html - Unable to style the color of bullets in a list -

-
i'm trying change colour of list points it's not working? <div class="mobile-menu" id="mobile-menu"> <div id="mobile-menu-links"> <h4>general:</h4> <ul class="mobile-menu-links"> <li><a href="">news</a></li> <li><a href="">the boring rules!</a></li> <li><a href="">the rankings</a></li> </ul> .mobile-menu #mobile-menu-links ul{ list-style-type: none; margin:0; padding-left:3%; } .mobile-menu #mobile-menu-links ul li{ padding-bottom:2px; border-bottom:1px solid #bababa; } if add color:red in either of 2 css declarations, doesn't change colour. please note html closed in document, copi
Read more

c# - must be a non-abstract type with a public parameterless constructor in redis -

-
when save object, got below error must non-abstract type public parameterless constructor in order use parameter 't' in generic type or method 'servicestack.redis.redisclient.store<t>(t) redisclass.getinstnace().store(msg); // error here redisclass.getinstnace().save(); as third party's class, can not edit how save object? could create wrapper around third party object call constructor, store wrapper? e.g. public class mywrapper { public thirdpartyobject thirdpartyinstance { get; set; } public mywrapper() { thirdpartyinstance = new thirdpartyobject("constructors"); } }
Read more