I'm testing the pickup dispatch sample web app for WSO2 Identity Server 5.10 https://is.docs.wso2.com/en/5.9.0/learn/configuring-access-delegation-with-oauth2/
Everything is set up as mentioned in the documentation. When clicking 'Add' the request cannot be completed because it is being blocked dues to CORS policy.
Access to XMLHttpRequest at 'http://localhost:39090/bookings' from origin 'http://localhost.com:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have added the following
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
To the files
CARBON_HOME\repository\deployment\server\webapps\oauth2\WEB-INF\web.xml
TOMCAT_HOME\webapps\pickup-dispatch\WEB-INF\web.xml
as mentioned in this post http://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html
But still, I'm getting the error. Here is the request header
UPDATE: Here is the error log that is recorded when the CORS issue arises
G:\wso2>java -jar backend-service.jar -introspectionEnabled true
2020-06-09 11:43:24 INFO BookingService:47 - Service properties loaded successfully.
2020-06-09 11:43:24 INFO BookingService:84 - Setting trust store path to : C:\Users\tvenna\AppData\Local\Temp\wso2carbon.jks3555396828881642435
2020-06-09 11:43:24 INFO BookingService:109 - Starting backend service.
2020-06-09 11:43:24 INFO BookingService:110 - Configurations :
2020-06-09 11:43:24 INFO BookingService:113 - port: 39090
2020-06-09 11:43:24 INFO BookingService:113 - introspectionEndpoint: https://localhost:9443/oauth2/introspect
2020-06-09 11:43:24 INFO BookingService:113 - introspectionEnabled: true
2020-06-09 11:43:24 INFO MicroservicesRunner:309 - Microservices server started in 267ms
2020-06-09 11:43:24 INFO ServerConnectorBootstrap$HTTPServerConnector:207 - HTTP(S) Interface starting on host 0.0.0.0 and port 39090
2020-06-09 11:43:46 INFO BookingService:66 - OPTIONS /bookings
2020-06-09 11:43:46 INFO BookingService:80 - GET /bookings
2020-06-09 11:43:46 ERROR IntrospectionHandler:107 - Error while calling token introspection endpoint
java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:95)
at org.wso2.sample.identity.backend.IntrospectionHandler.isAuthorized(IntrospectionHandler.java:65)
at org.wso2.sample.identity.backend.BookingService.bookingsGet(BookingService.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invokeResource(HttpMethodInfo.java:187)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:143)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.dispatchMethod(MSF4JHttpConnectorListener.java:218)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.lambda$onMessage$57(MSF4JHttpConnectorListener.java:129)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
2020-06-09 11:43:46 WARN MSF4JHttpConnectorListener:243 - Unmapped exception
java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:108)
at org.wso2.sample.identity.backend.IntrospectionHandler.isAuthorized(IntrospectionHandler.java:65)
at org.wso2.sample.identity.backend.BookingService.bookingsGet(BookingService.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invokeResource(HttpMethodInfo.java:187)
at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:143)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.dispatchMethod(MSF4JHttpConnectorListener.java:218)
at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.lambda$onMessage$57(MSF4JHttpConnectorListener.java:129)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:95)
... 13 more
added the following to CARBON_HOME\repository\resources\conf\templates\repository\conf\tomcat\web.xml.j2
<filter>
<filter-name>CORS</filter-name>
<filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
<init-param>
<param-name>cors.allowOrigin</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.supportedMethods</param-name>
<param-value>GET, HEAD, POST, DELETE, OPTIONS, PATCH, PUT</param-value>
</init-param>
<init-param>
<param-name>cors.exposedHeaders</param-name>
<param-value>Location</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CORS</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
Restarted IS and tomcat, still the issue persists. Testing in Chrome and Firefox browser.