Auth token and embedded component

I have an embedded component (html-file) on an entity edit form and want to send GET/POST-requests from the htmls’ javascript to the REST v1 application portal interface (/app-portal/api). But since the anonymous requests have restricted functionality in the application, I tried to pass the user session id to the embedded component in URL string and to use it in requests’ parameter, but got an error 401 “Session not found”. How can I do it right?
My CUBA platform version is 6.3.4.

1 Like


It can be done using the following HTML:

    <script src=""></script>
    var sessionId = "%sessionId%";

        url: "http://localhost:8080/app-portal/api/query.json?" +
        "e=sec$User" +
        "&q=select+c+from+sec$User+c" +
        "&s=" + sessionId +
        dataType: "json",
        success: function (data) {

            window.alert("OK " + data.length);

And replace sessionId parameter with actual session id:

public class ExtAppMainWindow extends AppMainWindow {
    private Embedded restHtml;
    private UserSession userSession;

    public void init(Map<String, Object> params) {

        byte[] html;
        try {
            html = IOUtils.toString(getClass().getResource("rest-js.html"))
                .replace("%sessionId%", userSession.getId().toString())
        } catch (IOException e) {
            throw new RuntimeException("Unable to read resource");

        restHtml.setSource(UUID.randomUUID() + ".html", new ByteArrayInputStream(html));

Here, we should also replace http://localhost:8080/app-portal with URL of app-portal.

Please note, that this trick will work only if app and app-portal are modules of the same CUBA application, it will not work between two different apps, because they do not share user sessions.

Thanks, Yuriy
Your code works and I used similar method in my project.
The problem I described links to a project-specific REST API where the separate sessions registry is used.