Sample Pickup dispatch web app giving CORS issue when making backend api calls in WSO2 IS 5.10

0
votes

I'm testing the pickup dispatch sample web app for WSO2 Identity Server 5.10 https://is.docs.wso2.com/en/5.9.0/learn/configuring-access-delegation-with-oauth2/

Everything is set up as mentioned in the documentation. When clicking 'Add' the request cannot be completed because it is being blocked dues to CORS policy. 

Access to XMLHttpRequest at 'http://localhost:39090/bookings' from origin 'http://localhost.com:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have added the following 

    <filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
   <init-param>
            <param-name>cors.allowOrigin</param-name>
            <param-value>*</param-value>
        </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

To the files

CARBON_HOME\repository\deployment\server\webapps\oauth2\WEB-INF\web.xml

TOMCAT_HOME\webapps\pickup-dispatch\WEB-INF\web.xml

as mentioned in this post http://hasanthipurnima.blogspot.com/2016/05/applying-cors-filter-to-wso2-identity.html

But still, I'm getting the error. Here is the request header

enter image description here

UPDATE: Here is the error log that is recorded when the CORS issue arises

    G:\wso2>java -jar backend-service.jar -introspectionEnabled true
2020-06-09 11:43:24 INFO  BookingService:47 - Service properties loaded successfully.
2020-06-09 11:43:24 INFO  BookingService:84 - Setting trust store path to : C:\Users\tvenna\AppData\Local\Temp\wso2carbon.jks3555396828881642435
2020-06-09 11:43:24 INFO  BookingService:109 - Starting backend service.
2020-06-09 11:43:24 INFO  BookingService:110 - Configurations :
2020-06-09 11:43:24 INFO  BookingService:113 -   port: 39090
2020-06-09 11:43:24 INFO  BookingService:113 -   introspectionEndpoint: https://localhost:9443/oauth2/introspect
2020-06-09 11:43:24 INFO  BookingService:113 -   introspectionEnabled: true
2020-06-09 11:43:24 INFO  MicroservicesRunner:309 - Microservices server started in 267ms
2020-06-09 11:43:24 INFO  ServerConnectorBootstrap$HTTPServerConnector:207 - HTTP(S) Interface starting on host 0.0.0.0 and port 39090
2020-06-09 11:43:46 INFO  BookingService:66 - OPTIONS /bookings
2020-06-09 11:43:46 INFO  BookingService:80 - GET /bookings
2020-06-09 11:43:46 ERROR IntrospectionHandler:107 - Error while calling token introspection endpoint
java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:95)
        at org.wso2.sample.identity.backend.IntrospectionHandler.isAuthorized(IntrospectionHandler.java:65)
        at org.wso2.sample.identity.backend.BookingService.bookingsGet(BookingService.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.wso2.msf4j.internal.router.HttpMethodInfo.invokeResource(HttpMethodInfo.java:187)
        at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:143)
        at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.dispatchMethod(MSF4JHttpConnectorListener.java:218)
        at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.lambda$onMessage$57(MSF4JHttpConnectorListener.java:129)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
2020-06-09 11:43:46 WARN  MSF4JHttpConnectorListener:243 - Unmapped exception
java.lang.RuntimeException: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
        at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:108)
        at org.wso2.sample.identity.backend.IntrospectionHandler.isAuthorized(IntrospectionHandler.java:65)
        at org.wso2.sample.identity.backend.BookingService.bookingsGet(BookingService.java:83)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.wso2.msf4j.internal.router.HttpMethodInfo.invokeResource(HttpMethodInfo.java:187)
        at org.wso2.msf4j.internal.router.HttpMethodInfo.invoke(HttpMethodInfo.java:143)
        at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.dispatchMethod(MSF4JHttpConnectorListener.java:218)
        at org.wso2.msf4j.internal.MSF4JHttpConnectorListener.lambda$onMessage$57(MSF4JHttpConnectorListener.java:129)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: Server returned HTTP response code: 403 for URL: https://localhost:9443/oauth2/introspect
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at org.wso2.sample.identity.backend.IntrospectionHandler.getIntrospectionResponse(IntrospectionHandler.java:95)
        ... 13 more

added the following to CARBON_HOME\repository\resources\conf\templates\repository\conf\tomcat\web.xml.j2

<filter>
    <filter-name>CORS</filter-name>
    <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class>
    <init-param>
        <param-name>cors.allowOrigin</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>cors.supportedMethods</param-name>
        <param-value>GET, HEAD, POST, DELETE, OPTIONS, PATCH, PUT</param-value>
    </init-param>
    <init-param>
               <param-name>cors.exposedHeaders</param-name>
               <param-value>Location</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>CORS</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>REQUEST</dispatcher>
    <dispatcher>FORWARD</dispatcher>
</filter-mapping>

Restarted IS and tomcat, still the issue persists. Testing in Chrome and Firefox browser.

1
wso2wso2is
Hope this question can help you stackoverflow.com/questions/61412974/…Piraveena Paralogarajah
I have tested this use case and couldn't observe the CORS issue. Could you please let me know below? 1. What is the version of the samples you're using? 2. Is the backend service running properly? Do you observe any error or logs there? 3. What is the browser you're using?Vihanga Liyanage
@PiraveenaParalogarajah I tried the solution mentioned in that post. Still no luck. You can see that in the update aboveTrinadh venna
@VihangaLiyanage 1) this is the sample that i'm trying as mentioned in the self paced training github.com/krishnilak/IAM_5.10.Samples/tree/master/… 2) yes, backend service is running properly until a request is made by the app 3) i've tested both chrome and firefox and have the same issue.Trinadh venna

1 Answers

0
votes

From your updated stack trace, I can see that the issue occurs when the backend service trying to make an introspection call to the WSO2 Identity Server. This introspection call uses the token it's introspecting as the authorization for the call it self. For this to work, the token needs to be obtained with the scope internal_application_mgt_view. But at the moment, the pickup-dispatch application requests tokens with only the openid scope.

To fix this, open the dispatch.properties file in /pickup-dispatch/WEB-INF/classes directory in a text editor and edit the scope property as shown below.

scope=openid internal_application_mgt_view

Restart your Tomcat server and try again.

I hope this helps!