DevOps, CI/CD and Automation

Hi Team,

I have a requirement to protect my REST API's using ADF Security(Security Model: ADF Authentication) which is built on ADF framework and expose it for JET UI.

Please find the implementation had done from ADF and JET front.

ADF Implementation:

      As mentioned in the below blog CORS had enabled for REST application and it protected by ADF Security.

The REST application deployed in WebLogic Server where SSL got enabled.

https://blogs.oracle.com/shay/enabling-cors-for-adf-business-component-rest-services

JET Implementation:

    REST API's got consumed through JET application using through AJAX calls. While trying to access the UI page GET call is trying to invoke the API and it got failed for two reasons:

1. No Credentials - Credentials required.
2. CORS Issue

Please find the below error from browser console.

In order to solve Issue#1. I ran the REST API URL in the browser and provide the required credentials. Post authentication, the same API can be able to access it in browser.

Now, am trying to access the same API in the AJAX call where in application(localhost:8000). It returns the same error.   

In order to solve Issue#2 I had configured below options on top of blogger implementations it is not working as expected.

http://www.javadoc.io/doc/com.thetransactioncompany/cors-filter/2.6

Also, I have tried below mentioned way.

https://rssupport.atlassian.net/wiki/spaces/ALFJ/pages/67600479/Setup+Guide+for+CORS+Cross-Origin+Resource+Sharing

Just I want to understand because of Unauthorized access CORS is firing?

Note: Previously, Implementation from ADF and JET was working fine without implementing the ADF security.

After implementing ADF Security ran into two issues.

JET version: 5.0

Studio Edition Version 12.2.1.0.0

Any help on this shall be highly appreciated.

Regards,

Subramanian