[keycloak-user] No 'Access-Control-Allow-Origin' header is present on the requested resource

Grant Marrow grantmarrow at gmail.com
Wed Nov 16 15:51:44 EST 2016


Hi James

Yes I have used the chrome and firefox  postmaster addon to process the
same HTTP GET request to my rest service.

During this request I added the authorisation bearer header with a valid
token and it still returned the same error.

The only time it worked was when I  stripped out keycloak completely and
just added the standard cors configuration in my web.xml of my service
worked successfully. That's why I'm leaning to the fact that it might be a
keycloak error.

Regards
Grant
On 16 Nov 2016 21:39, "James Falkner" <jfalkner at redhat.com> wrote:

> In the developer console in your browser, can you verify that the proper
> Authorization header is being passed in the REST call? Something like
> 'Authorization: bearer <token>'.
>
> -James
>
> Grant Marrow <grantmarrow at gmail.com>
> November 16, 2016 at 2:22 PM
> I'm familiar with cors. I have used the exact same setup with versions 1.3,
> 1.4 and 1.9 version of keycloak. This problem has started since I upgraded
> to version 2.3 if keycloak.
>
> I have also tried adding the cors-enabled-headers and cors-enabled-methods
> properties to the keycloak.json file on my rest service application and
> that did not work as well.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> Chris Savory <chris.savory at edlogics.com>
> November 16, 2016 at 2:11 PM
> This doesn’t appear to be Keycloak related at all. This is just CORS
> errors on your API.
>
> Try reading up here for some more background.
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
>
> But in short, what you need to do is have your API respond with a couple
> of headers; primarily the 'Access-Control-Allow-Origin' header so the
> browser knows that XHR calls to the domain http://localhost:8081 are
> allowed be called from pages that are served off of the domain
> http://localhost:9000
>
> --
> Christopher Savory
> Software Engineer | EdLogics
> www.edlogics.com
>
>
>
>
> From: Grant Marrow <grantmarrow at gmail.com> <grantmarrow at gmail.com>
> Date: Wednesday, November 16, 2016 at 2:07 PM
> To: Chris Savory <chris.savory at edlogics.com> <chris.savory at edlogics.com>,
> "keycloak-user at lists.jboss.org" <keycloak-user at lists.jboss.org>
> <keycloak-user at lists.jboss.org> <keycloak-user at lists.jboss.org>
> Subject: Re: [keycloak-user] No 'Access-Control-Allow-Origin' header is
> present on the requested resource
>
> Ok below is a step by step of events:
> 1. User navigates to web application at http://localhost:9000
> 2. Use clicks the sign in button at http://localhost:9000/login
> 3. User is redirected to keycloak at http://localhost:8080 to login
> 4. Once signed in the user ia redirected to http://localhost:9000
> 5. Authenticated User navigates to registrations page at
> http://localhost:9000/registrations. During this step a http GET request
> is done to http://localhost:8081/leap-service/resouces/private/
> registrations.
> At the above step the error occurs. Please let me know if you need more
> information. Thanks
> Regards
> Grant
> On 16 Nov 2016 20:26, "Grant Marrow" <grantmarrow at gmail.com>
> <grantmarrow at gmail.com> wrote:
> Hi Chris
> Thanks for getting back to me.  I have done that and it didnt work.  I
> have also tired adding *. That did not work as well. What else can I try?
> Please let me know. Thanks
> Regards
> Grant
> On 16 Nov 2016 20:15, "Chris Savory" <chris.savory at edlogics.com>
> <chris.savory at edlogics.com> wrote:
> In the admin, click on Clients, then select your client.  Do you have any
> values for “Web Origins” there?  If not, you need to add ‘
> http://localhost:9000’
>
> --
> Christopher Savory
> Software Engineer | EdLogics
> www.edlogics.com <http://www.edlogics.com/> <http://www.edlogics.com/>
>
>  <http://www.edlogics.com/> <http://www.edlogics.com/>
>  <https://www.linkedin.com/company/edlogics>
> <https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics>
> <https://twitter.com/EdLogics>
>
> On 11/16/16, 1:08 PM, "keycloak-user-bounces at lists.jboss.org on behalf of
> Grant Marrow" <keycloak-user-bounces at lists.jboss.orgonbehalfofGrantMarrow>
> <keycloak-user-bounces at lists.jboss.org on behalf of grantmarrow at gmail.com>
> <keycloak-user-bounces at lists.jboss.orgonbehalfofgrantmarrow@gmail.com>
> wrote:
>
>     Hi,
>
>     I really need some help. I keep on getting the following error:
>
>
>     *No 'Access-Control-Allow-Origin' header is present on the requested
>     resource. Origin 'http://localhost:9000 <http://localhost:9000/>
> <http://localhost:9000/>' is
>     therefore not allowed access. The response had HTTP status code 500.*
>
>     This is my setup:
>
>     *Front End:*
>     - angular 1.5 web application running at http://localhost:9000
>     - client configuration on keycloak admin console:
>     - keycloak.json:
>
>     {
>       "realm": "leap",
>       "auth-server-url": "http://localhost:8080/auth"
> <http://localhost:8080/auth>,
>       "ssl-required": "external",
>       "resource": "leap-web",
>       "public-client": true
>     }
>
>
>     *Auth Server*
>     - keycloak version 2.30Final running at http://localhost:8080
>
>     *Web service*
>     - java REST service running on Tomcat version 8.5
>     - client config on keycloak admin console:
>     - web.xml of rest service:
>
>     <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> <http://www.w3.org/2001/XMLSchema-instance> xmlns="
>     http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="
>     http://java.sun.com/xml/ns/javaee
>     http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
>     version="3.0">
>       <display-name>Archetype Created Web Application</display-name>
>       <module-name>leap-service</module-name>
>      <listener>
>         <listener-class>com.hm.leap.service.init.ContextListener</
> listener-class>
>
>       </listener>
>     <context-param>
>     <param-name>persistentUnit</param-name>
>     <param-value>leap</param-value>
>     </context-param>
>
>       <security-constraint>
>       <web-resource-collection>
>       <web-resource-name>Leap-Service</web-resource-name>
>       <url-pattern>/resources/private/*</url-pattern>
>       </web-resource-collection>
>       <auth-constraint>
>       <role-name>user</role-name>
>       </auth-constraint>
>       </security-constraint>
>
>        <login-config>
>             <auth-method>KEYCLOAK</auth-method>
>             <realm-name>leap</realm-name>
>        </login-config>
>
>       <security-role>
>       <role-name>user</role-name>
>       </security-role>
>
>     </web-app>
>
>     - I also have the valve setup on my context.xml that lives in the
> META-INF
>     directory
>     <Context path="/leap-service">
>     <Valve
>     className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
>
>     </Context>
>
>     - keycloak.json:
>
>     {
>       "realm": "leap",
>       "bearer-only": true,
>       "auth-server-url": "http://localhost:8080/auth"
> <http://localhost:8080/auth>,
>       "ssl-required": "external",
>       "resource": "leap-service",
>       "enable-cors": true
>     }
>
>     The error occurs in the following scenario:
>     - The angular web app launches, the user clicks the login button which
>     redirects to Keycloak. The user signs in. The user then tries
> navigates to
>     another page. This page then executes a GET request on my REST service
>     which returns a list which is displayed in a table. But while
> executing the
>     GET request, I receive the error:
>
>     *No 'Access-Control-Allow-Origin' header is present on the requested
>     resource. Origin 'http://localhost:9000 <http://localhost:9000/>
> <http://localhost:9000/>' is
>     therefore not allowed access. The response had HTTP status code 500.*
>
>     In my Tomcat log file. I see the following warning message:
>
>
>     *11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2]
>     org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage
> No
>     login page was defined for FORM authentication in context
> [/leap-service]*
>
>     I really can't seen to pinpoint the error. I find it quite strange
> because
>     I have the same setup but using an older version of keycloak (1.9*),
> which
>     worked fine. I know this might be a silly problem, but if you have some
>     time to help me, I would really appreciate it. Thanks.
>
>     Regards
>     Grant
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> Grant Marrow <grantmarrow at gmail.com>
> November 16, 2016 at 2:07 PM
> Ok below is a step by step of events:
>
> 1. User navigates to web application at http://localhost:9000
>
> 2. Use clicks the sign in button at http://localhost:9000/login
>
> 3. User is redirected to keycloak at http://localhost:8080 to login
>
> 4. Once signed in the user ia redirected to http://localhost:9000
>
> 5. Authenticated User navigates to registrations page at
> http://localhost:9000/registrations. During this step a http GET request
> is
> done to http://localhost:8081/leap-service/resouces/private/registrations.
>
> At the above step the error occurs. Please let me know if you need more
> information. Thanks
>
> Regards
> Grant
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> Chris Savory <chris.savory at edlogics.com>
> November 16, 2016 at 1:15 PM
> In the admin, click on Clients, then select your client. Do you have any
> values for “Web Origins” there? If not, you need to add ‘
> http://localhost:9000’
>
> --
> Christopher Savory
> Software Engineer | EdLogics
> www.edlogics.com <http://www.edlogics.com/> <http://www.edlogics.com/>
>
> <http://www.edlogics.com/> <http://www.edlogics.com/>
> <https://www.linkedin.com/company/edlogics>
> <https://www.linkedin.com/company/edlogics> <https://twitter.com/EdLogics>
> <https://twitter.com/EdLogics>
>
> On 11/16/16, 1:08 PM, "keycloak-user-bounces at lists.jboss.org on behalf of
> Grant Marrow" <keycloak-user-bounces at lists.jboss.orgonbehalfofGrantMarrow>
> <keycloak-user-bounces at lists.jboss.org on behalf of grantmarrow at gmail.com>
> <keycloak-user-bounces at lists.jboss.orgonbehalfofgrantmarrow@gmail.com>
> wrote:
>
> Hi,
>
> I really need some help. I keep on getting the following error:
>
>
> *No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:9000 <http://localhost:9000/>
> <http://localhost:9000/>' is
> therefore not allowed access. The response had HTTP status code 500.*
>
> This is my setup:
>
> *Front End:*
> - angular 1.5 web application running at http://localhost:9000
> - client configuration on keycloak admin console:
> - keycloak.json:
>
> {
> "realm": "leap",
> "auth-server-url": "http://localhost:8080/auth"
> <http://localhost:8080/auth>,
> "ssl-required": "external",
> "resource": "leap-web",
> "public-client": true
> }
>
>
> *Auth Server*
> - keycloak version 2.30Final running at http://localhost:8080
>
> *Web service*
> - java REST service running on Tomcat version 8.5
> - client config on keycloak admin console:
> - web.xml of rest service:
>
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> <http://www.w3.org/2001/XMLSchema-instance> xmlns="
> http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="
> http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
> version="3.0">
> <display-name>Archetype Created Web Application</display-name>
> <module-name>leap-service</module-name>
> <listener>
> <listener-class>com.hm.leap.service.init.ContextListener</listener-class>
>
> </listener>
> <context-param>
> <param-name>persistentUnit</param-name>
> <param-value>leap</param-value>
> </context-param>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Leap-Service</web-resource-name>
> <url-pattern>/resources/private/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>KEYCLOAK</auth-method>
> <realm-name>leap</realm-name>
> </login-config>
>
> <security-role>
> <role-name>user</role-name>
> </security-role>
>
> </web-app>
>
> - I also have the valve setup on my context.xml that lives in the META-INF
> directory
> <Context path="/leap-service">
> <Valve
> className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
>
> </Context>
>
> - keycloak.json:
>
> {
> "realm": "leap",
> "bearer-only": true,
> "auth-server-url": "http://localhost:8080/auth"
> <http://localhost:8080/auth>,
> "ssl-required": "external",
> "resource": "leap-service",
> "enable-cors": true
> }
>
> The error occurs in the following scenario:
> - The angular web app launches, the user clicks the login button which
> redirects to Keycloak. The user signs in. The user then tries navigates to
> another page. This page then executes a GET request on my REST service
> which returns a list which is displayed in a table. But while executing the
> GET request, I receive the error:
>
> *No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:9000 <http://localhost:9000/>
> <http://localhost:9000/>' is
> therefore not allowed access. The response had HTTP status code 500.*
>
> In my Tomcat log file. I see the following warning message:
>
>
> *11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2]
> org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No
> login page was defined for FORM authentication in context [/leap-service]*
>
> I really can't seen to pinpoint the error. I find it quite strange because
> I have the same setup but using an older version of keycloak (1.9*), which
> worked fine. I know this might be a silly problem, but if you have some
> time to help me, I would really appreciate it. Thanks.
>
> Regards
> Grant
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> Grant Marrow <grantmarrow at gmail.com>
> November 16, 2016 at 1:08 PM
> Hi,
>
> I really need some help. I keep on getting the following error:
>
>
> *No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:9000 <http://localhost:9000/>
> <http://localhost:9000/>' is
> therefore not allowed access. The response had HTTP status code 500.*
>
> This is my setup:
>
> *Front End:*
> - angular 1.5 web application running at http://localhost:9000
> - client configuration on keycloak admin console:
> - keycloak.json:
>
> {
> "realm": "leap",
> "auth-server-url": "http://localhost:8080/auth"
> <http://localhost:8080/auth>,
> "ssl-required": "external",
> "resource": "leap-web",
> "public-client": true
> }
>
>
> *Auth Server*
> - keycloak version 2.30Final running at http://localhost:8080
>
> *Web service*
> - java REST service running on Tomcat version 8.5
> - client config on keycloak admin console:
> - web.xml of rest service:
>
> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> <http://www.w3.org/2001/XMLSchema-instance> xmlns="
> http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="
> http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID"
> version="3.0">
> <display-name>Archetype Created Web Application</display-name>
> <module-name>leap-service</module-name>
> <listener>
> <listener-class>com.hm.leap.service.init.ContextListener</listener-class>
>
> </listener>
> <context-param>
> <param-name>persistentUnit</param-name>
> <param-value>leap</param-value>
> </context-param>
>
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Leap-Service</web-resource-name>
> <url-pattern>/resources/private/*</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>user</role-name>
> </auth-constraint>
> </security-constraint>
>
> <login-config>
> <auth-method>KEYCLOAK</auth-method>
> <realm-name>leap</realm-name>
> </login-config>
>
> <security-role>
> <role-name>user</role-name>
> </security-role>
>
> </web-app>
>
> - I also have the valve setup on my context.xml that lives in the META-INF
> directory
> <Context path="/leap-service">
> <Valve
> className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve"/>
>
> </Context>
>
> - keycloak.json:
>
> {
> "realm": "leap",
> "bearer-only": true,
> "auth-server-url": "http://localhost:8080/auth"
> <http://localhost:8080/auth>,
> "ssl-required": "external",
> "resource": "leap-service",
> "enable-cors": true
> }
>
> The error occurs in the following scenario:
> - The angular web app launches, the user clicks the login button which
> redirects to Keycloak. The user signs in. The user then tries navigates to
> another page. This page then executes a GET request on my REST service
> which returns a list which is displayed in a table. But while executing the
> GET request, I receive the error:
>
> *No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'http://localhost:9000 <http://localhost:9000/>
> <http://localhost:9000/>' is
> therefore not allowed access. The response had HTTP status code 500.*
>
> In my Tomcat log file. I see the following warning message:
>
>
> *11-Nov-2016 11:28:19.464 WARNING [http-nio-8081-exec-2]
> org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No
> login page was defined for FORM authentication in context [/leap-service]*
>
> I really can't seen to pinpoint the error. I find it quite strange because
> I have the same setup but using an older version of keycloak (1.9*), which
> worked fine. I know this might be a silly problem, but if you have some
> time to help me, I would really appreciate it. Thanks.
>
> Regards
> Grant
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>


More information about the keycloak-user mailing list