Camunda Rest API with Authentication on

Hi,
I am able to call Rest API without any issue when user Authentication is off. I got the error when I removed comments related to authentication on in Rest-engine web.xml.

The error message as below

OPTIONS http://localhost:8080/engine-rest/engine/default/task/count 403 (Forbidden)
XMLHttpRequest cannot load http://localhost:8080/engine-rest/engine/default/task/count. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:3000’ is therefore not allowed access. The response had HTTP status code 403.
Uncaught DOMException: Failed to execute ‘send’ on ‘XMLHttpRequest’: Failed to load ‘http://localhost:8080/engine-rest/engine/default/task/count’.

Here is my JavaScript code

<!doctype html>

Angular 2 App | ng2-webpack var userName = "demo"; var passWord = "demo"; var url = 'http://localhost:8080/engine-rest/engine/default/task/count'
    function authenticateUser(user, password) {
        var token = user + ":" + password;
        var hash = btoa(token); 
        return "Basic " + hash;
    }

    function getTaskCount() {
         // New XMLHTTPRequest
        var request = new XMLHttpRequest();
        request.open("GET", url, false);
        request.setRequestHeader("Authorization", authenticateUser(userName, passWord));
        request.send();
        // view request status
        alert(request.status);
        alert(request.responseText);
    }    
</script>

Get Task Count

Please provide me solution for this.
Thanks

Steven

1 Like

Hi @steventao,

you are trying to execute a request towards your rest api from your webapp. I think from the browsers perspective you are sending your request to different domain, so you are getting a CORS exception. You can read here about different approaches available to solve problem.

Cheers,
Askar

1 Like

Hi Askar

Thank you for your comment. I already handled CORS issue. If I do not turn on the Authentication, it work fine. After I turn on the Authentication, I have to add one line code

request.setRequestHeader(“Authorization”, authenticateUser(userName, passWord));

It will cause HTTP call from “GET” to “OPTIONS”. The “OPTIONS” do not attached the Authorization header. It cause the problem.

Attached is my web.xml & index.html file. Since I cannot attach two files, I put these two file into one file.

Web abd Index.xml (3.2 KB)

Could you take a look at them to find what is wrong?

Thank you very much.

Steven

Hi @steventao,

request switches to OPTIONS not because of header, but because of the way you handle CORS. See http://stackoverflow.com/questions/1256593/why-am-i-getting-an-options-request-instead-of-a-get-request.

I would still recommend you handling cors issue by adding HTTP server with proxy pass in front of your application instead of filter in web.xml, this will be much cleaner.

Cheers,
Askar

Hi Askar

Thank you for your comment. Could you please provide me some sample code which can handle the CORS and HTTP basic Authentication?

Thanks again

Steven

Hi @steventao,

there is no example existing yet, but this is really not related to camunda in any case, just a normal proxy pass configuration. You can read more here or here.

Cheers,
Askar

Thanks. I will try it.

Steven

1 Like

Hi @steventao were you able to make the basic authentication work with CORS ?