It's all about the answers!

Ask a question

DNG: OpenSocial-Gadget is not loaded. CRJAZ5037E


Ulrich Simon (91) | asked Jul 26, 3:27 a.m.

I have created an OpenSocial-Gadget, copied it into  .\JazzTeamServer\server\liberty\servers\clm\dropins\war\extensions and added it to a WidgetCatalog.xml file. I referenced this file in the Advanced Properties of DNG and adapted server.xml to enable dropins. I did this on 2 installation of DNG 7.0.2.

In both installations, the new Gadget is shown in the selection view to add a widget to a dashboard and I can add the gadget to my Minidashboard. In one installation, the gadget is loaded and is working.
On the other installation, the gadget is not loaded but error CRJAZ5037E appears. There is no error message in the Browser Console. I am able to retrieve the Gadget-xml-File in a browser directly on the Jazz-Server. I cannot find any message in any log file.

Accepted answer


permanent link
Ian Barnard (885612) | answered Jul 26, 3:58 a.m.
JAZZ DEVELOPER

ELM 7.0.2 iFix004, ELM 7.0.1 iFix009, CLM 6.0.6.1 iFix018, and CLM 6.0.6 iFix022 (and later) have increased level of security on OpenSocial widgets; see https://www.ibm.com/support/pages/node/6466981 for how to change settings on the server to allow the widgets to work.


Ulrich Simon selected this answer as the correct answer

Comments
Bartosz Chrabski commented Jul 26, 4:02 a.m.

 Yes, that is true.

One other answer



permanent link
Bartosz Chrabski (3.1k12139) | answered Jul 26, 3:36 a.m.
edited Jul 26, 3:37 a.m.

 Ulrich,


Please go to rm/admin and selected Advanced Properties.

Search for com.ibm.team.repository.service.opensocial.gadgetprovider.OpenSocialGadgetProviderRestService

Next change value of External resources allowance list to *.

It will solve your problem.

Bartek


Comments
Ian Barnard commented Jul 26, 3:59 a.m.
JAZZ DEVELOPER

The change in behaviour was made to decrease SSRF vulnerability, but using * will bypass this - you should use specific URLs.


Bartosz Chrabski commented Jul 26, 4:02 a.m.

True 

Your answer


Register or to post your answer.