java - GET requests are being forbidden while POST requests go through fine -


in web application, need make calls to different web service (developed/managed me) start/manage resources through rest apis. web service runs on tomcat6. can see browser logs post requests getting through requests being forbidden. if make same calls web service itself, not seeing issues. have defined cross origin filter tomcat6 , mentioned in supported methods still problem persists..

i have defined cross origin filters way in web.xml @ application server level itself. using cors filter libraries http://software.dzhuvinov.com/cors-filter.html. tomcat6 server , filter has been defined @ ($tomcat6_home/conf/web.xml) follows

<filter>     <filter-name>cors</filter-name>     <filter-class>com.thetransactioncompany.cors.corsfilter</filter-class>     <init-param>      <param-name>cors.alloworigin</param-name>         <param-value>*</param-value>     </init-param>     <init-param>      <param-name>cors.supportedmethods</param-name>         <param-value>get, post, head, put, delete, options</param-value>     </init-param>     <init-param>      <param-name>cors.supportedheaders</param-name>      <param-value>*</param-value>     </init-param> </filter>  <filter-mapping>     <filter-name>cors</filter-name>     <url-pattern>/*</url-pattern> </filter-mapping> 

strangely, webservice accepting post calls calls, throwing 403 - forbidden error telling "access specified resource has been forbidden".

headers call follows

request url:https://remote.vm.mycompany.com/remote/tunnel?read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0 request method:get status code:403 forbidden request headersview source accept:*/* accept-encoding:gzip,deflate,sdch accept-language:en-us,en;q=0.8 connection:keep-alive host:remote.vm.mycompany.com origin:https://ec2-184-72-200-91.compute-1.amazonaws.com referer:https://ec2-184-72-200-91.compute-1.amazonaws.com/ user-agent:mozilla/5.0 (macintosh; intel mac os x 10_8_4) applewebkit/537.36 (khtml, gecko) chrome/28.0.1500.71 safari/537.36 query string parametersview sourceview url encoded read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0: response headersview source access-control-allow-credentials:true access-control-allow-origin:https://ec2-184-72-200-91.compute-1.amazonaws.com content-length:961 content-type:text/html;charset=utf-8 date:sun, 21 jul 2013 17:17:37 gmt server:apache-coyote/1.1 

tomcat access logs reveal request has been forbidden does't give clue in of logs

- - - [21/jul/2013:17:17:37 +0000] post /remote/tunnel?connect http/1.1 200   - - - - [21/jul/2013:17:17:37 +0000] /remote/tunnel?read:c2faeb31-4147-49e8-b8d3-53d89496e5ca:0 http/1.1 403   - 

here servlet code. trying integrate guacamole (html5 vnc client webservice )

package com.mycompany.html5remote;  import java.util.arrays;  import javax.servlet.http.httpservletrequest; import javax.servlet.http.httpsession;  import org.slf4j.logger; import org.slf4j.loggerfactory;  import net.sourceforge.guacamole.guacamoleexception; import net.sourceforge.guacamole.net.guacamolesocket; import net.sourceforge.guacamole.net.guacamoletunnel; import net.sourceforge.guacamole.net.inetguacamolesocket; import net.sourceforge.guacamole.protocol.configuredguacamolesocket; import net.sourceforge.guacamole.protocol.guacamoleclientinformation; import net.sourceforge.guacamole.protocol.guacamoleconfiguration; import net.sourceforge.guacamole.servlet.guacamolehttptunnelservlet; import net.sourceforge.guacamole.servlet.guacamolesession;  public class httptunnel extends guacamolehttptunnelservlet {      private logger logger = loggerfactory.getlogger(httptunnel.class);      @override     protected guacamoletunnel doconnect(httpservletrequest request) throws guacamoleexception {          httpsession httpsession = request.getsession(true);         logger.info("inside doconnect method.");           guacamoleclientinformation info = new guacamoleclientinformation();          string hostname = request.getparameter("hostname");         string protocol = request.getparameter("protocol");          // create socket         guacamoleconfiguration config = new guacamoleconfiguration();         config.setprotocol(protocol);         config.setparameter("hostname", hostname);         //config.setparameter("hostname", "ec2-184-73-104-108.compute-1.amazonaws.com");         if("vnc".equals(protocol)){             config.setparameter("port", "5901");         }else if ("rdp".equals(protocol)){             config.setparameter("port", "3389");         }else{             config.setparameter("port", "22");         }          logger.info("set configuration. creating socket connection now..");          // return connected socket         guacamolesocket socket =  new configuredguacamolesocket(                 new inetguacamolesocket("localhost", 4822),                 config, info         );          logger.info("successfully created socket connection.");           // create tunnel now-configured socket         guacamoletunnel tunnel = new guacamoletunnel(socket);          // attach tunnel         guacamolesession session = new guacamolesession(httpsession);         session.attachtunnel(tunnel);         logger.info("done");         return tunnel;      }  } 

documentation guacamolehttptunnelservlet (gpl licenced) here

what possibly missing? there other places can clues? please help

do have security constraints related http methods configured in web.xml? not sure why go seperate api filtering request?


Comments

Popular posts from this blog

html5 - What is breaking my page when printing? -

c# - must be a non-abstract type with a public parameterless constructor in redis -

ajax - PHP/JSON Login script (Twitter style) not setting sessions -