Upcoming SlideShare
-
Full NameComment goes here.Delete Reply Spam Block
-
Jared Ottley , Alfresco Integration Engineer, Salesforce Developer (Consultant) at AutoPoint at Alfresco@Susmit Basu can you send me a copy of your modified web.xml file review? (first.last@alfresco.com)Reply -
Susmit BasuJared, I am using Alfresco 4.2 and I followed above steps. But alfresco isn't up and runningReply
-
Susmit BasuHi Jared, I was trying to enable CORS in my Alfresco. The version I am using is 4.2. The jar files I used are latest jars and put those in Alfresco/WEB-INF/lib . The alfresco didn't started. Can you help me here?Reply
No Downloads
Views
Total views
4,305
On SlideShare
From Embeds
Number of Embeds
7
Actions
Shares
0
Downloads
35
Comments
3
Likes
2
Embeds
No notes for slide
CORS - Enable Alfresco for CORS
- 1. CORS 6 Nov 2013 / 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
- 2. CORS 6 Nov 2013 / 14 Nov 2013 Jared Ottley / Alfresco Software #SummitNow
- 3. 3 What is CORS? Cross-Origin Resource Sharing • Cross Domain AJAX Calls • Implemented in Browser and Server #SummitNow #SummitNow
- 4. 4 What Browsers Support CORS? 4.0+ 3.5+ 12.0+ 4.0+ Partial 8&9 10+ #SummitNow #SummitNow
- 5. 5 How Does CORS Work? Nothing to implement in your javascript. The Browser & the Server do the heavy lifting. #SummitNow #SummitNow
- 6. 6 How Does CORS Work? OPTIONS Browser API Request #SummitNow #SummitNow
- 7. 7 Example Code $.ajax ({ type: ”HTTP METHOD”, url: “Place to go to”, dataType: 'json’, async: false, data: '{}', beforeSend: function (xhr){ xhr.setRequestHeader('Authorization', setAuthTokenHere() }, success: function (response){ //do something }, failure: function (response) { //do something } }); #SummitNow #SummitNow
- 8. 8 What About the Server Side? Alfresco does not ship with CORS support. Alfresco uses CORS as part of “Alfresco for Salesforce” to talk to Alfresco Cloud. #SummitNow #SummitNow
- 9. 9 How to Enable CORS in Alfresco Add the following jars to WEB-INF/lib cors-filter java-property-utils Both can be found at http://software.dzhuvinov.com/cors-filter.html #SummitNow #SummitNow
- 10. 10 How to Enable CORS in Alfresco Modify WEB-INF/web.xml <filter> <filter-name>CORS</filter-name> <filter-class>com.thetransactioncompany.cors.CORSFilter</filter-class> </filter> <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/service/*</url-pattern> </filter-mapping> #SummitNow #SummitNow
- 11. 11 How to Enable CORS in Alfresco What services will be called by your app? <filter-mapping> <filter-name>CORS</filter-name> <url-pattern>/service/*</url-pattern> <url-pattern>/cmisatom/*</url-pattern> <url-pattern>/cmisbrowser/*</url-pattern> </filter-mapping> #SummitNow #SummitNow
- 12. 12 How to Enable CORS in Alfresco OPTIONS Browser Authentication API Request #SummitNow #SummitNow
- 13. 13 How to Enable CORS in Alfresco Filter can be placed anywhere in web.xml However… Filter mapping MUST be before authentication filters #SummitNow #SummitNow
- 14. 14 How to Enable CORS in Alfresco Place after Global Localization Filter but before CMIS security context cleaning filter. • This is true for 4.2…but may not be true for other versions of Alfresco. • By rule BEFORE any security/authentication filters #SummitNow #SummitNow
- 15. 15 Filter Configuration By default the CORS Filter will apply a "public access" CORS policy, allowing all cross-site requests through (including credentials/cookies). Leaving the CORS Filter at this setting would actually be fine for most situations as CORS is not about adding server security; its primary intent is to protect the browser the legitimate JavaScript apps running in it and the user's confidential data, such as cookies. #SummitNow #SummitNow
- 16. 16 Filter Configuration (cont.) cors.configurationFile properties file Setting the location using • System Property (-D) • init-param Or Individual init-param #SummitNow #SummitNow
- 17. 17 Filter Configuration (cont.) Do not change the following defaults: • cors.allowGenericHttpRequests {true|false} defaults to true • cors.supportsCredentials {true|false} defaults to true. cors.maxAge {int} defaults to -1 (unspecified) • How long should pre-flight requests be cached. • Recommended value is 3600 (1 hour) #SummitNow #SummitNow
- 18. 18 Filter Configuration (cont.) cors.allowOrigin {"*"|origin-list} defaults to * • Which calling domains are allowed? • ex: http://alfresco.com https://www.alfresco.com • Returns 403 if the domain is not allowed #SummitNow #SummitNow
- 19. 19 Filter Configuration (cont.) cors.allowSubdomains {true|false} defaults to false • Your application may run in a hosted service where the subdomain is dynamically assigned ex. salesforce.com • ex. https://na14.salesforce.com #SummitNow #SummitNow
- 20. 20 Filter Configuration (cont.) cors.supportedMethods {method-list} defaults to "GET, POST, HEAD, OPTIONS” cors.supportedHeaders {"*"|header-list} defaults to * • origin, authorization, accept #SummitNow #SummitNow
- 21. 21 Filter Configuration (cont.) cors.exposedHeaders {header-list} defaults to empty list • Response headers limited to: CacheControl, Content-Language, ContentType, Expires, Last-Modified Pragma • Add additional headers to be exposed #SummitNow #SummitNow
- 22. 22 Demo #SummitNow #SummitNow
- 23. 23 CORS Resources http://software.dzhuvinov.com/cors-filter.html https://bitbucket.org/thetransactioncompany/cors-filter http://www.w3.org/TR/cors/ http://en.wikipedia.org/wiki/Cross-origin_resource_sharing #SummitNow #SummitNow
- 24. 24 CORS Resources http://software.dzhuvinov.com/cors-filter.html https://bitbucket.org/thetransactioncompany/cors-filter http://www.w3.org/TR/cors/ http://en.wikipedia.org/wiki/Cross-origin_resource_sharing #SummitNow #SummitNow