Calling a function exposed by HTTP route results in a 403 error

nico-hpe · May 17, 2022, 12:58pm

Hi,

I want to expose groovy methods to the javascript part of the plugin using HTTP routes.
when calling the exposed method from javascript with the following code I get a 403 error:

(function () {
    $(document).on('shown.bs.tab', '[href="#morpheus-tab-plugin-lb"]', function (e) {
        console.log("TEST");
        $.ajax({
            type: "GET",
            url: "${createLink(controller: 'reverseTextController', action: '/reverseTask/json')}"
          }).done(function(data) {
              console.log("DONE")
          });
    });
}());

Any idea?

Thanks,
Nico

Andy_Warner · May 20, 2022, 1:44pm

nico-hpe:

(function () {
    $(document).on('shown.bs.tab', '[href="#morpheus-tab-plugin-lb"]', function (e) {
        console.log("TEST");
        $.ajax({
            type: "GET",
            url: "${createLink(controller: 'reverseTextController', action: '/reverseTask/json')}"
          }).done(function(data) {
              console.log("DONE")
          });
    });
}());

groovy code is not interpreted in JavaScript, you are going to need to use the path you specified in your plugin in directly in the JavaScript rather than expecting it to be interpreted.

if you have

List<Route> getRoutes() {
[
Route.build('reverseText/json', 'myFuncThatReturnsJSON', Permission.build("admin", "full"))
]
}

so instead of:

url: "${createLink(controller: 'reverseTextController', action: 'myFuncThatReturnsJSON')}"

you should just do

url: "/reverseText/json"

nico-hpe · May 20, 2022, 2:02pm

Thanks, still gives me a HTTP 403 but now with a json output: “{
“error”: “access denied”
}”

Andy_Warner · May 20, 2022, 2:15pm

do you have the required permissions you set in the route? (admin, full)

nico-hpe · May 20, 2022, 3:05pm

yes,

/**
* Defines two Routes with the builder method
* @return
*/
List getRoutes() {
[
Route.build("/reverseTask/example", “example”, Permission.build(“admin”, “full”)),
Route.build("/reverseTask/json", “json”, Permission.build(“admin”, “full”))
]
}

Andy_Warner · May 20, 2022, 6:36pm

ok the docs arent clear here you have to append /plugin/ to the route so in your case you will do

/plugin/reverseTask/example

nico-hpe · May 23, 2022, 8:53am

That gets me further to this error:
[http-nio-127.0.0.1-8080-exec-4] MissingMethodException occurred when processing request: [GET] /plugin/reverseTask/json No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@459e7a6c, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List). Stacktrace follows: groovy.lang.MissingMethodException: No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@459e7a6c, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List) at com.morpheus.plugin.PluginManagerService.handleRoute(PluginManagerService.groovy:212) at com.morpheus.PluginManagerController.route(PluginManagerController.groovy:25) at com.morpheus.remote.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:20) [9 skipped] [36 skipped]

My Method to handle the route:

def json(ViewModel<Map> model){}

Andy_Warner · May 23, 2022, 4:01pm

which version of the plugin api are you using, this is a bug that was fixed last February.

nico-hpe · May 23, 2022, 9:03pm

@Andy_Warner

I used com.morpheusdata:morpheus-plugin-api:0.12.0 previously.
Updated now to Version 0.13.1.
Similar error:

[http-nio-127.0.0.1-8080-exec-10] MissingMethodException occurred when processing request: [GET] /plugin/reverseTask/json No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@1c628645, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List). Stacktrace follows: groovy.lang.MissingMethodException: No signature of method: com.morpheusdata.core.PluginManager.handleRoute() is applicable for argument types: (org.codehaus.groovy.runtime.GStringImpl, com.morpheusdata.views.ViewModel...) values: [/reverseTask/json, com.morpheusdata.views.ViewModel@1c628645, ...] Possible solutions: handleRoute(java.lang.String, com.morpheusdata.views.ViewModel, java.util.List) at com.morpheus.plugin.PluginManagerService.handleRoute(PluginManagerService.groovy:212) at com.morpheus.PluginManagerController.route(PluginManagerController.groovy:25) at com.morpheus.remote.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:20) [9 skipped] [36 skipped]

Bob_Whiton · June 2, 2022, 3:02pm

Morpheus v5.5.0 will need to be used as this is the first version that uses morpheus-plugin-api v0.13.1 (the version where the bug was fixed)

nico-hpe · June 3, 2022, 7:59am

with Morpheus v5.4.6 and plugin api version v.0.13.1 the recent error is gone but I am now back to the 403 error I started the thread with.
What am I missing?

Bob_Whiton · June 3, 2022, 1:59pm

You need to use Morpheus v5.5.0 if you are using plugin api version v0.13.1

nico-hpe · June 3, 2022, 3:01pm

Ok, is there a solution for the LTS branch? As I need to use LTS releases.

nico-hpe · June 8, 2022, 9:45am

So, tried now with 5.5.0 release and plugin api version v0.13.1 and I get the same error.

Any idea?

Bob_Whiton · June 28, 2022, 6:08pm

Any chance you could share your plugin code and we can take a look?

nico-hpe · June 28, 2022, 8:36pm

I shared the code via teams with Chris Bunge last week.

Bob_Whiton · June 29, 2022, 8:13pm

I was able to take a look at your plugin code and run it locally. Give the following a try:

In LBCustomTabPlugin.groovy you should define your own permissions… for example

@Override
public List<Permission> getPermissions() {
	Permission permission = new Permission('LB Custom Tab Plugin', 'lbCustomTabPlugin', [Permission.AccessType.full])
	return [permission];
}

Change CustomTabController.groovy getRoutes() to:

List<Route> getRoutes() {
  [
    Route.build("/reverseTask/example", "example", Permission.build("lbCustomTabPlugin", "full")), 
    Route.build("/reverseTask/json", "json", Permission.build("lbCustomTabPlugin", "full"))
  ]
}

Notice the change on Permissions.build to use the new Permission defined as lbCustomTabPlugin

Before you were using Permissions.build("admin","full"). There is no admin permission in the system so it would never route.

Also, after you upload the plugin, make sure you logout and login again to make sure your user’s permissions are recalculated.

nico-hpe · June 30, 2022, 8:28am

Still the same result unfortunately

nico-hpe · July 5, 2022, 2:34pm

Issue is resolved.

Thanks everyone

Topic		Replies	Views
Invalid plugin error when adding a PluginController is added to tab plugin Plugins automation , groovy	7	301	May 17, 2022
Access AplianceURl and apiAccessToken in Report Plugin Plugins api	4	281	October 24, 2023
Datadog Plugin is calling api with %3F instead of ? before query parameter Plugins api	16	172	April 8, 2024
JavaScript Snippets Plugin Plugins ui , javascript	0	260	June 5, 2023
How to use Morpheus API through Plugin Plugins api , workflows	6	248	March 7, 2024

Calling a function exposed by HTTP route results in a 403 error

Related Topics