Hi, My dropwizard has been setup with Shiro for authentication. I am currently sending requests from a different port to my dropwizard service but I get a *HTTP 401 Unauthorized status error.*
My dropwizard application is hosted on http://localhost:8199/api/konak/orders and my angular application is being launched from http://localhost:4200 Below are some details regarding my setup. Please let me know if you need any further information. *HTTP Request-Response where I get 401 Unauthorized error* *General* Request URL:http://localhost:8199/api/konak/reconciliations Request Method:GET Status Code:401 Unauthorized Remote Address:[::1]:8199 Referrer Policy:no-referrer-when-downgrade *Request Headers* Content-Length:0 Date:Wed, 02 Aug 2017 13:17:49 GMT WWW-Authenticate:BASIC realm="application" *Request Headers* Accept:application/json, text/plain, */* Accept-Encoding:gzip, deflate, br Accept-Language:en-GB,en-US;q=0.8,en;q=0.6 Connection:keep-alive Host:localhost:8199 Origin:http://localhost:4200 Referer:http://localhost:4200/konak-dashboard User-Agent:Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.3 *Below is my shiro.ini file. * l# Use SSO contextFactory = org.apache.shiro.realm.ldap.JndiLdapContextFactory contextFactory.url = ldap://<hidden-ldap-config> contextFactory.systemUsername = svc-gitlab contextFactory.systemPassword = xxxxxxxxxxxx ldapRealm = org.apache.shiro.realm.ldap.JndiLdapRealm ldapRealm.userDnTemplate = {0}<@company.domain> ldapRealm.contextFactory = $contextFactory allowAllCredentialsMatcher=org.apache.shiro.authc.credential.AllowAllCredentialsMatcher authenticationStrategy = org.apache.shiro.authc.pam.AllSuccessfulStrategy securityManager.authenticator.authenticationStrategy = $authenticationStrategy waffleRealmSSO = waffle.shiro.negotiate.NegotiateAuthenticationRealm waffleUserPass = waffle.shiro.GroupMappingWaffleRealm waffleFilter = waffle.shiro.negotiate.NegotiateAuthenticationFilter securityManager.realms= $waffleRealmSSO, $ldapRealm # Use the configured native session manager: sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager # the following call is only necessary in a web-configured ShiroFilter (otherwise # a native session manager is already enabled): securityManager.sessionMode = native # cookie for single sign on cookie = org.apache.shiro.web.servlet.SimpleCookie cookie.name = SSOcookie cookie.path = / securityManager.sessionManager.sessionIdCookie = $cookie authcStrategy = waffle.shiro.negotiate.NegotiateAuthenticationStrategy securityManager.authenticator.authenticationStrategy = $authcStrategy [urls] /** = port[8199], authcBasic, noSessionCreation *CORS Filter* I have setup my CORS filter as follows in my dropwizard application private void enableCorsHeaders(Environment env) { final FilterRegistration.Dynamic corsFilter = env.servlets().addFilter("CrossOriginFilter", CrossOriginFilter.class); corsFilter.setInitParameter("Access-Header", "true"); corsFilter.setInitParameter("Access-Control-Allow-Credentials", "true"); corsFilter.setInitParameter("Access-Control-Allow-Origin", "http://localhost:4200";); corsFilter.setInitParameter("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Access-Control-Request-Headers, Access-Control-Request-Method, Cache-Control, Pragma, Expires"); corsFilter.setInitParameter("Access-Control-Allow-Methods\" ", "OPTIONS,GET,PUT,POST,DELETE,HEAD"); corsFilter.setInitParameter("allowedOrigins", "*"); corsFilter.setInitParameter("allowedHeaders", "X-Requested-With,Content-Type,Accept,Origin"); corsFilter.setInitParameter("allowedMethods", "OPTIONS,GET,PUT,POST,DELETE,HEAD"); corsFilter.setInitParameter(CrossOriginFilter.CHAIN_PREFLIGHT_PARAM, Boolean.FALSE.toString()); // Add URL mapping corsFilter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), true, "/*"); } -- You received this message because you are subscribed to the Google Groups "dropwizard-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
