
<div dir="ltr">So what it seems like is that we have to use CORS Policy and add it before the Keycloak authentication policy in order for my preflight to pass .. thats the part i was missing completely . i&#39;m not sure if its should be considered a bug or flexibility to do what we want .. But thanks for the explaination Marc. <div><br></div><div>Anyway .. i&#39;m still having a problem with CORS Policy, probably I just dont have the latest code. i added some details to the JIRA ticket </div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Aug 19, 2015 at 5:53 AM, Marc Savy <span dir="ltr">&lt;<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I replicated your set up as far as I could, and I couldn&#39;t replicate your issue (perhaps your CORS setup is wrong?). Please see the JIRA comments and screenshots - <a href="https://issues.jboss.org/browse/APIMAN-516" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/APIMAN-516</a><br>


<br>


Either way, I also fixed a bug unrelated to your problem, so please re-build the plugins before trying again :-).<span class=""><br>


<br>


On 18/08/2015 19:25, Fadi Abdin wrote:<br>


</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">


It did not work .<br>


<br>


I setup everything they way you told me Marc and i&#39;m testing it on my<br>


local.<br>


It seems its sending that preflight OPTIONS and coming back with 401 still<br>


<br>


On Tue, Aug 18, 2015 at 10:48 AM, Fadi Abdin &lt;<a href="mailto:fadiabdeen@gmail.com" target="_blank">fadiabdeen@gmail.com</a><br></span><span class="">


&lt;mailto:<a href="mailto:fadiabdeen@gmail.com" target="_blank">fadiabdeen@gmail.com</a>&gt;&gt; wrote:<br>


<br>


    I&#39;m still working on it :( .. i had to give the network guys few ip<br>


    addresses to whitelist so i can mvn install .. ... almost there.<br>


<br>


    On Tue, Aug 18, 2015 at 9:46 AM, Marc Savy &lt;<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a><br></span><span class="">


    &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;&gt; wrote:<br>


<br>


        My pleasure! Did it work?<br>


<br>


        On 17/08/2015 16:38, Fadi Abdin wrote:<br>


<br>


            cool .. you&#39;re the man ;)<br>


<br>


<br>


            On Mon, Aug 17, 2015 at 11:37 AM, Marc Savy<br>


            &lt;<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a> &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;<br></span><div><div class="h5">


            &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a> &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;&gt;&gt;<br>


            wrote:<br>


<br>


                 I&#39;m actually testing the fix right now. It will land<br>


            both on the 1.2.x<br>


                 branch and the 1.1.x branch shortly. You should be able<br>


            to test it out<br>


                 in a short while: I&#39;ll send you an email when it&#39;s<br>


            available.<br>


<br>


                 On 17/08/2015 16:23, Fadi Abdin wrote:<br>


<br>


                     Thank you Marc,<br>


                     Is there a work around that you can think of ?<br>


                     I&#39;m doing it with angularjs  , very simple<br>


<br>


                     $http({method: &#39;GET&#39;, url:<br>


            &#39;<a href="http://server/apiman-gateway/service" rel="noreferrer" target="_blank">http://server/apiman-gateway/service</a>&#39;,<br>


                     headers: {<br>


                           &#39;Authorization&#39;: &#39;Bearer XXXXXXXXXXXXX&#39;}<br>


                     });<br>


<br>


                     I assume you will fix it in the new version , right?<br>


<br>


<br>


<br>


                     On Mon, Aug 17, 2015 at 10:52 AM, Marc Savy<br>


                     &lt;<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a> &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;<br>


            &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a> &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;&gt;<br>


                     &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a><br>


            &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt; &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a><br>


            &lt;mailto:<a href="mailto:marc.savy@redhat.com" target="_blank">marc.savy@redhat.com</a>&gt;&gt;&gt;&gt; wrote:<br>


<br>


                          Hi,<br>


<br>


                          This is related to the JIRA I linked you to<br>


                          (<a href="https://issues.jboss.org/browse/APIMAN-516" rel="noreferrer" target="_blank">https://issues.jboss.org/browse/APIMAN-516</a>).<br>


            Because of<br>


                     the way the<br>


                          policy chain currently works the behaviour of<br>


            CORS is<br>


                     invalid in a<br>


                          few very specific cases (e.g. when you stack<br>


            it with an auth<br>


                          policy). I&#39;ll let you know when it&#39;s fixed.<br>


<br>


                          Regards,<br>


                          Marc<br>


<br>


                          On 17/08/2015 15:44, Fadi Abdin wrote:<br>


<br>


                              I have a problem in calling a service in<br>


            apiman-gateway<br>


                     with the<br>


                              Authorization: Bearer &lt;token&gt; in the header.<br>


<br>


                              It seems to preflight OPTIONS and return<br>


<br>


                                1.<br>


                                   X-Policy-Failure-Message:<br>


                                   OAuth2 &#39;Authorization&#39; header or<br>


            &#39;access_token&#39; query<br>


                              parameter must<br>


                                   be provided.<br>


<br>


                              I am sending the bearer token with the<br>


            request and i<br>


                     make sure<br>


                              in the<br>


                              preflight its sent in the request.<br>


<br>


                                1.<br>


                                   Access-Control-Request-Headers:<br>


                                   accept, authorization<br>


<br>


                              Does anyone know if there Is something i&#39;m<br>


            missing ?<br>


                     do i need<br>


                              to get<br>


                              authorization enabled or added anywhere ?<br>


            as a side<br>


                     note i have<br>


                              below in<br>


                              my api as well:<br>


<br>


<br>


              response.setHeader(&quot;Access-Control-Allow-Headers&quot;,<br>


                     &quot;Authorization&quot;);<br>


<br>


<br>


<br>


              _______________________________________________<br>


                              Apiman-user mailing list<br>


            <a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>


            &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>&gt;<br>


            &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>


            &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>&gt;&gt;<br>


                     &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br>


            &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>&gt;<br>


                     &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a><br></div></div>


            &lt;mailto:<a href="mailto:Apiman-user@lists.jboss.org" target="_blank">Apiman-user@lists.jboss.org</a>&gt;&gt;&gt;<br>


            <a href="https://lists.jboss.org/mailman/listinfo/apiman-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/apiman-user</a><br>


<br>


<br>


<br>


<br>


<br>


<br>


<br>


<br>


</blockquote>


<br>


</blockquote></div><br></div>