Hi,
We've played around with OpenEdge 11.6.3 and successfully used some web handlers to return some data into an Angular2 web application and also a Nativescript app. We now want to add some security to the services and have chosen forms_oerealm. This works fine for testing from a browser but I can't seem to get access to the response token/ jsessionid cookie within the javascript (typescript) code when using an http post request to the j_spring_security_check url. Is this because it's just part of the http response or should it come back as json data? The service is currently on a different domain to the Angular 2 app. We have used this method in the past (Angular 1.5) when the webapp was deployed on the same PAS as the services so could it be a CORS issue?
Here's a sample of the login code.
let headers = new Headers();
headers.append("Content-Type", "application/x-www-form-urlencoded");
headers.append("Cache-Control", "max-age=0");
let options = new RequestOptions({ headers: headers, withCredentials: true });
let data = JSON.stringify({
j_username: user.username,
j_password: user.password
});
return this.http.post(
Config.apiUrl + "static/auth/j_spring_security_check", data,
options
)
.map(response => response.json()) ;
Should this work within a Nativescript app or should we just use the jsdo for session management and login purposes?
Any pointers in the right direction would be appreciated.
Thanks
You should be getting back the JSESSIONID and I do not think any specific headers are required to set in the CORS. Can you confirm by looking at the request and response headers information while running your client code. You might want to use fiddler or some proxy to capture this information.
Hi Irfan,
Thanks for the reply. I'll look at setting up a proxy or using fiddler to log the requests. I've made sure all future http requests within the Angular2 app use the withCredentials option. I'm sure it's something within the spring security CORS setup and the fact my test Angular2 app is running on localhost:3000 and the server is on another domain and protnumber. Thanks
Hi Irfan,
Just to let you know. My problem was related to the way the body data was created for the POST request.
This didn't work
let data = JSON.stringify({
j_username: user.username,
j_password: user.password
};
This works
let data = "j_username=" + user.username + "&" + "j_password=" + user.password;
looks like "&" was needed between the two values.
Thanks again for replying
Does the spring login (static/auth/j_spring_security_check) accept JSON as input?
Hi Peter,
Ok, Thanks for the feedback. That explains it. So If I change the content type to "application/json" and prepare the payload with the JSON.stringify method I should get the same successful response.
Cheers
Dale
Hi,
I've no idea but I'll try Peter's idea to find out!
Hi Bronco,
It doesn't seem to work with the POST request to the spring_security_check url. It's was worth knowing how to structure the data though. In our Angular1.5 webapp we had made use of the $.param method to setup the request data which must add have added the & automatically.
Cheers
Dale