Hi,
I am having a few issues with Form Authentication and would really appreciate some assistance. I have successfully resolved the CORS / Preflight with infromation off the Spring-IO website and using Peter Judges' details on "application/json" formats. However, I am constantly encountering a 401 Unauthorised error message within the console. I have attached a word document highlighting the above point. The odd part is (as can be seen from the first screen shot within the word document), it gives me a 401 Unauthorised and then proceeds to calling a JSDO data request!!! In this instance, I do not get a Session ID so I cannot generate a Client Principle Token for the back end, until the next subsequent Data Request!!! But it does generate a JSESSIONID Token value. Sometimes (no consistency), I select OK on my login and nothing happens, if I select OK a second time, it then Authenticates!!!
[View:/cfs-file/__key/communityserver-discussions-components-files/17/JSDO-Authentication.docx:320:240]
If necessary, I can provide my Index.html and login.html. I have the project hosted locally and on the Progress Arcade and the results are the same.
Appreciate any feedback as I am at a loss!!!
TIA
Hi,
The 401 returned from the attempted GET of home.html is expected. The JSDO library does the GET of home.html to determine whether the app has already authenticated to the Web application. If it gets back a 401, it then makes the j_spring_security_check request, which does the "real" authentication. The first screen capture in your doc shows the expected sequence:
1. test home.html
2. j_spring_security
3. oeping (just to see whether oeping is supported)
4. GET the catalog (OpenAccountsAPIService.json)
5. GET some data (it looks like that is the NL07 request)
Those all seemed to work.
In your second excerpt, it looks like the app had already authenticated. Is it possible that this happened in the same browser session as a previous login, and that there had been no logout after that previous login?
Your client app code should not need to do anything regarding the Client Principal. In fact, it does not have access to the JSESSIONID returned from the server because that is in an HttpOnly header by default. There is a way to configure the Web application on the server so that it will use a Client Principal as the JSESSIONID, if that is what you want to do.
Regards,
Wayne
Hi Wenshaw,
The second excerpt would have been on the same browser but logging in again after selecting the Empty Cache and Hard reload. Admittedly, that's not always full proof.
Just completely cleared my cache and run the login. Yes the details displayed are as before and the JSDO does perform a successful read of data. On the back end, I have my own version of the SmartHybridRealm Class which uses the Session ID to store user details for subsequent data reads (Authorisation etc). This code is being executed, so no worries there. The main concern was on the repeated 401 Unauthorised!!!
Whilst continuing, I would expect that once a user has been authenticated, I would be able to make Standard AJAX calls to my back end entities. For example, a menu retrieval which is read only and multi tabled. I certainly would not want to use the JSDO especially as it only ever returns the top most table (depending on what is defined in "tableRef" ). So the requirement to use a standard AJAX call is too return the WHOLE Dataset on a Get (READ Only) request. BUT, this does not work because I get the 401 unauthorised issue!!!!. So far I have had to use the JSDO to return the top table and then use an invoke method to return me the whole dataset - this is cumbersome as it means my web code is increased unnecessarily. So, the question is, is there a solution to the above point?
Thanks in advance
Martyn
Hello Martyn,
> So the requirement to use a standard AJAX call is too return the WHOLE Dataset on a Get (READ Only) request.
Just a quick reply.
You should be able to use the JSDO API, both fill()/read() or invoke methods to read your whole dataset.
With the JSDO API, you can set jsdo.useRelationships = false to be able to do a jsdo.tableRef.foreach() or a jsdo.tableRef.getData() on each of the tables in the dataset.
Could you give some more details on why you are not seeing the other tables?
Do you see them in the Network tab?
I hope this helps.
Edsel
---
Note: Internally, the JSDO uses the XMLHttpRequest object. So in theory you should be able to use standard AJAX calls as long as you pass the same information in the request.
The Session ID should be handled automatically since it is generally stored as an HTTP only cookie.
The reason why you are getting 401 is because some parameters that the JSDOSession passes to XMLHttpRequest are not passed in your AJAX call.
Hi Edsel,
After a few twicks on the AngularJS Service (adding the .read() attribute), I do see the full dataset it I look in the Network Tab. As for the other option of using a foreach() or getData on an afterfill event, I already have some of those in place.
By the way, thanks for the "jsdo.useRelationships = false" - this has assisted me in some of my other data requests..
The main query here is still relating to the making of standard AJAX calls. I have set a factory which populates the CORS on the AJAX requests but it's the not knowing the ins and outs of associating the JSDO XMLHttpRequest properties to a standard AJAX request.
regards
Martyn