You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@olingo.apache.org by "Riley Rainey (JIRA)" <ji...@apache.org> on 2014/05/16 18:13:14 UTC

[jira] [Created] (OLINGO-292) Tomcat server configuration documentation incomplete

Riley Rainey created OLINGO-292:
-----------------------------------

             Summary: Tomcat server configuration documentation incomplete
                 Key: OLINGO-292
                 URL: https://issues.apache.org/jira/browse/OLINGO-292
             Project: Olingo
          Issue Type: Bug
          Components: odata2-documentation
    Affects Versions: V2 1.2.0
            Reporter: Riley Rainey


OData PUT and DELETE operations will return a '403 Forbidden' error unless extra configuration settings are added to the application's web.xml file.

See the example web.xml file below (tested with Tomcat 7.0.42).  A security-constraint section must be added to the web.xml file.  Within that section, all HTTP methods required by the application must be enumerated:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	version="3.0">
	<display-name>WHERE</display-name>
	<welcome-file-list>
		<welcome-file>index.html</welcome-file>
	</welcome-file-list>
	<servlet>
		<servlet-name>ODataServlet</servlet-name>
		<servlet-class>org.apache.cxf.jaxrs.servlet.CXFNonSpringJaxrsServlet</servlet-class>
		<init-param>
			<param-name>javax.ws.rs.Application</param-name>
			<param-value>org.apache.olingo.odata2.core.rest.app.ODataApplication</param-value>
		</init-param>
		<init-param>
			<param-name>org.apache.olingo.odata2.service.factory</param-name>
			<param-value>com.sap.mic.where.services.Where1ServiceFactory</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<!-- <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class> 
		</filter> <filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern> 
		</filter-mapping> -->
	<servlet-mapping>
		<servlet-name>ODataServlet</servlet-name>
		<url-pattern>/V1/*</url-pattern>
	</servlet-mapping>
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>ODataServlet</web-resource-name>
			<url-pattern>/V1/*</url-pattern>
			<http-method>DELETE</http-method>
			<http-method>PUT</http-method>
			<http-method>GET</http-method>
			<http-method>POST</http-method>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>NONE</transport-guarantee>
		</user-data-constraint>
	</security-constraint>
</web-app>



--
This message was sent by Atlassian JIRA
(v6.2#6252)