weixin_33694620 2017-01-24 11:41 采纳率: 0%
浏览 47

Moqui AJAX通话问题

There is an issue with the Rest call to Moqui running locally... Below is the sample html code and the error is "REST Access Forbidden (no authz): User null is not authorized for View on REST Path /moqui/users". And on the web console the error is 403 (Forbidden).

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>AJAX Test</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
</head>

<body>

<script>

$(document).ready(function() {
$.ajax({
type: "GET",
url: "http://localhost:8080/rest/s1/moqui/users",
headers: {  

            Accept: "application/json",
            Authorization : "Basic am9obi5kb2U6bW9xdWk="
        },

    contentType: "application/json"
    }).then(function(data) {
    console.log(data);
});
});

</script>
</body>
</html>

Api call works fine when tried with a Chrome Rest Client, but not with AJAX call

  • 写回答

1条回答

  • weixin_33734785 2017-01-24 20:14
    关注

    All artifact operations (for entities, services, screens, REST API, etc) require authorization in Moqui. There are ways to configure this in bulk (ie inherited authz) but authorization is always checked for every operation.

    Here is some example XML for authorization to the entire mantle REST API for all users in the ADMIN group. This can also be done in the System application which has screens for users, user groups, authz, etc.

    <!-- Artifact group for all of the Mantle REST API via the mantle resource (the root resource) -->
<artifactGroups artifactGroupId="MANTLE_API" description="Mantle REST API (via root resource)">
    <artifacts artifactTypeEnumId="AT_REST_PATH" artifactName="/mantle" inheritAuthz="Y"/>
    <authz artifactAuthzId="MANTLE_API_ADMIN" userGroupId="ADMIN" authzTypeEnumId="AUTHZT_ALWAYS" authzActionEnumId="AUTHZA_ALL"/>
</artifactGroups>

    There is more general documentation on the Artifact Authorization functionality in the Making Apps with Moqui book (you can download the PDF on moqui.org). Even though the REST API functionality is more recent than the book and so not yet covered in it, the same pattern as for screen authorization applies to the REST API.

    评论

报告相同问题?

悬赏问题

  • ¥15 Fluent齿轮搅油
  • ¥15 八爪鱼爬数据为什么自己停了
  • ¥15 交替优化波束形成和ris反射角使保密速率最大化
  • ¥15 树莓派与pix飞控通信
  • ¥15 自动转发微信群信息到另外一个微信群
  • ¥15 outlook无法配置成功
  • ¥30 这是哪个作者做的宝宝起名网站
  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素