Calling Progress OE web service using Javascript: Web Servic

Posted by gvtsstaggs on 19-Nov-2013 11:39


I'm currently working with another developer on calling one of our OE web services in a mobile app.

This is a SOAP service exposed using the Web Service Adapter using Apache/Tomcat on an Ubuntu server; everything is set up in a standard way (webapps/wsa/wsa1, etc).  This web service adapter is sucessfully handling web service requests from a wide variety of sources (both internal/external to our company) on an hourly basis.

We're using the XMLHttpRequest javascript object to connect to our web service's address, and sending along that object a SOAP request. We realized that we needed to set up CORS for this and modified /etc/apache2/sites-enabled/ to include the

  • Allow-Access-Control-Origin HTTP header
  • Access-Control-Allow-Methods to include the OPTIONS HTTP method.

Both of these were added to the <VirtualHost ></VirtualHost> directive, (not in a <Directory ></Directory> directive).

This should all be correct, because when we try to post to (invalid directory), we get a 200 OK return status, showing that Apache is happy.

However, when we POST to in any form at all, we apparently hit Tomcat and thus the web services adapter.  We continually get some form of 405 message saying that the OPTIONS request is denied, specifically marked as coming from the Progress Web Services Adapter.

We've done endless fiddling around with with wsa/WEB-INF/web.xml, with no results.

Here is the most irritating thing:  If the javascript below is run via HTML alone in a browser using IE: works fine.  If we change the browser settings so that both SSL3 and TLS1 are disabled, it won't work.  Checked both Apache and Tomcat on our side and they are using SSL3/TLS1.  See no way to force XMLHttpRequest to use SSL3.

Any help, suggestions, and/or pointers would be greatly appreciated.


EDIT: We've also tried to use soapclient.js instead of XMLHttpRequest, but we get the same result of 405 that the OPTIONS request was denied. 

This is the Javascript code we're using to send the post request; with appropriate information redacted of course.

function sendRequest()
    var httpSocket = new XMLHttpRequest();"POST", "", true);
    httpSocket.setRequestHeader('Content-Type', 'text/xml;charset=UTF-8');
    httpSocket.setRequestHeader('SOAPAction', "post");

    var request = '<?xml version="1.0" encoding="UTF-8"?>\n\n' +
    '<soapenv:Envelope xmlns:soapenv=""' +
    ' xmlns:api="urn:com:xxxxxxxx:xxxxxxxxxxx">' +
        '<soapenv:Header/>' +
        '<soapenv:Body>' +
            ' <api:getAccounts>' +
                ' <api:webServiceID>xxxxxxxx</api:webServiceID>' +
                ' <api:webServicePassword>xxxxxxxxxxx</api:webServicePassword>' +
                ' <api:databaseCode>xxxxxx</api:databaseCode>' +
                ' <api:systemCode>xxxxxxx</api:systemCode>' +
                ' <api:practiceCode>xxxxxxxxx</api:practiceCode>' +
                ' <api:requestedList>xxxxxxxx</api:requestedList>' +
                ' <api:requestedDate>xxxxxxxxxxxx</api:requestedDate>' +
            ' </api:getAccounts>' +
        '</soapenv:Body>' +

    httpSocket.onreadystatechange = function()
        if(httpSocket.readyState == 4)

            return httpSocket.responseText;


Here is the relevant apache2 file in the sites-enabled directory


    DocumentRoot /usr/xxxxxxx/wwwroot
    # Header set Access-Control-Allow-Origin ""
    Header set Access-Control-Allow-Origin "null"
    # Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Credentials "true"
    Header set Access-Control-Allow-Headers "content-type,SOAPAction"
    Header set Access-Control-Allow-Methods "OPTIONS, GET, POST, HEAD, PUT, DELETE"

All Replies

Posted by Stefan Drissen on 20-Nov-2013 01:09

For a little experiment I used jQuery to perform the ajax call and also ran into CORS - when the javascript performing the call was serverd by the same server as Tomcat and Apache was also configured to reroute requests from :80 to Tomcat on :8080 the result was succesful.

Sorry for the formatting below - but I cannot find simple 'code' tags in this editor (also beware of which browser you are using):

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "">
<html xmlns="">

<!-- DataTables CSS -->
<link rel="stylesheet" type="text/css" href="">

<!-- jQuery -->
<script type="text/javascript" charset="utf8" src=""></script>

<!-- DataTables -->
<script type="text/javascript" charset="utf8" src=""><</script>



strRequest = '<?xml version="1.0" encoding="utf-8"?>';
strRequest = strRequest + '<soapenv:Envelope xmlns:soapenv="" xmlns:urn="urn:com.exact.efe:mcomp:mcomp">';
strRequest = strRequest + "<soapenv:Header/><soapenv:Body>";
strRequest = strRequest + "<urn:search>";
// user object for user JQUERY
strRequest = strRequest + "<urn:pi_csecurity_data>xxx</urn:pi_csecurity_data>";
strRequest = strRequest + '<urn:pi_dscontext6>';
strRequest = strRequest + '<urn:itmpMcomp adm_nr="621">';
strRequest = strRequest + '</urn:itmpMcomp>';
strRequest = strRequest + "</urn:pi_dscontext6>";
strRequest = strRequest + "</urn:search>";
strRequest = strRequest + "</soapenv:Body></soapenv:Envelope>";

type: "POST",
url: "http://xxxwsa/wsa",
headers: {"SOAPAction": '""'},
contentType: "text/xml; charset=utf-8",
dataType: "xml",
data: strRequest,
success: function(xml) {
var Col0 = $(this).attr('main_comp_code');
var Col1 = $(this).find('description').text();
var Col2 = $(this).find('entity_state_text').text();
fail: function(xml) {
<table id="search">
<tr><th>Main classification</th><th>Description</th><th>State</th></tr>

Posted by fredj on 15-Jan-2015 09:44


I'm trying to calling an OE web service using javascript and I encounter the same error .....

My website (http://myserver) is hosted on the same server that my web services (http://myserver:8080/wsa_h01/wsa1).

Is anyone ever encountered this error? and how to solve ??? yet I set CORS in apache ....

Is that the only solution is to reroute ???

Thanks for help !

This thread is closed