Authentication Problem with JSDOSession

Posted by Matheus R. Mokwa on 18-Jan-2016 12:08

I'm trying to implement authentication, I used as recourse this article

which worked out fine, but when i try use it with JSDO the following problem occours:

XMLHttpRequest cannot load localhost:8810/.../home.html. The request was redirected to 'localhost:8810/.../login.jsp', which is disallowed for cross-origin requests that require preflight.

any suggestions or work around will be appreciated.

<!DOCTYPE html>
	<title>Simple JSDO Usage</title>
    <script src=""></script>
	<script src=""></script>

	<!-- results will be written here by JavaScript -->
		(function () {
            // this function is called after data is returned from the server
            function onAfterFillCustomers(jsdo, success, request) {
                // for each customer record returned
                jsdo.eCustomer.foreach(function (customer) {
                    // write out some of the customer data to the page
                    document.write( + ' ' + + '<br>');
            try {
                var serviceURI = "http://localhost:8810/tds",
                    jsdoSettings = {
                        serviceURI: serviceURI,
                        catalogURIs: serviceURI + "/static/tdsService.json"

                // create a new session object
                jsdosession = new;
                promise = jsdosession.login("", "");
                promise.done(function(jsdosession, result, info){
                        .done(function(jsdosession, result, details){
                            // create a JSDO
                            jsdo = new{ name: 'dsCustomer' });
                            //jsdo.subscribe('AfterFill', onAfterFillCustomers, this);
                            // calling fill reads from the remote OE server
                        .fail(function(jsdosession, result, details){
                            alert("Error while executing addCatalog().");
      , result, info){
                    alert("Error while executing login().");      
            catch (e) {
                alert("Error instantiating objects: " + e);

All Replies

Posted by whenshaw on 18-Jan-2016 12:32


The example in the article that you mentioned uses form-based authentication (by configuring Spring Security to use oeablSecurity-form-oerealm.xml). If you have done that, then you need to set the JSDOSession authenticationModel so it matches. You do this by adding the setting to your jsdosettings variable:

                    jsdoSettings = {
                        serviceURI: serviceURI,
                        catalogURIs: serviceURI + "/static/tdsService.json",


You will also need to pass the user name and password as arguments to the call to login().

-- Wayne

Posted by Matheus R. Mokwa on 18-Jan-2016 12:53

Thank for the answer whenshaw, I tryed to add the authenticationModel:, but the problem persist with same error message.

Also I found in this article the i needed to add cors suport, but it also didn't work for me.

Posted by Matheus R. Mokwa on 18-Jan-2016 13:52

Got it.

As whenshaw said, authenticationModel: was necessary, but i need to update the WEB-INF\oeablSecurity-form-oerealm.xml too.

I added this two properties:

  <b:property name="allowAll" value="true" />

  <b:property name="supportCredentials" value="true" />

Unfortunatelly for this to work, i need to login first at localhost:8810/.../login.jsp

Is there anyway to make the server handle this automatically? I mena, i want to acess my HTML and that the server send me to the login page, and after that returns to the html that I wrote.

Posted by whenshaw on 18-Jan-2016 14:04

The purpose of the JSDOSession is to handle the login.jsp for you -- if you send valid credentials in the login call

      promise = jsdosession.login("wayne", "mypassword");

then the login page will be intercepted and handled automatically, so your code would go on and call addCatalog() and then create a JSDO, without the end user seeing the login.jsp page.

What do you see for network traffic, using the network tab of your browser debugger, or Telerik Fiddler, or a similar monitoring tool? What version of OpenEdge are you using?

Posted by Matheus R. Mokwa on 19-Jan-2016 04:39

Tryed both:

  • jsdosession.login("restuser1", "pass1");
  • jsdosession.login("restuser1", "CapokaejohiajJIi"); //Encoded password

But it didn't work, the message was the same of the first topic.

Also, is this how it's done? I must write down in my html the login/password? I thought that all the authentication was handled by JSDOSession automatically (where you let it blank and the server calls the login page).

This is my network traffic:

I'm using OE 11.6.

Posted by Matheus R. Mokwa on 19-Jan-2016 05:21

After reading this:

Seems that I have to do manually a login interface

window.loginView = kendo.observable( {
    submit: function() {
        var loginParams = {
                 username: this.username,
                 password: this.password) };

But if I do this, I do have to login every single time in the application, am I rigth?

Posted by whenshaw on 19-Jan-2016 13:33

After you have logged in to your data service, you will *not* need to log in for every request you make. If you are running in a browser and close the browser, you will need to log in the next time you run the app. And it's also possible that the session created on the server will time out at some point.

Regarding the login interface, the JSDO library assumes that the app itself has a login screen or some way of getting user credentials, and that the app code will pass those credentials to the JSDOSession.login( username, password ) call. Are you using Telerik Platform? It has a "Progress Data Service" template available that includes a login page and code for doing the login, getting the catalog, and displaying data. You can get the template from the "Create App" screen by clicking on the "Advanced" tab -- it will then show you a list of available templates, including Progress Data Service. The template is also available at GitHub:

Regarding the CORS error that you are getting -- that may be due to a bug in OpenEdge 11.6. Your login call should work if you set the authenticationModel and pass credentials, but there is a bug in 11.6 that interferes when Form authentication is used with CORS. The bug is being fixed in OE 11.6.1. I might be able to help you figure out a temporary workaround, for development purposes, before the release of 11.6.1, if you would like.

Posted by Matheus R. Mokwa on 20-Jan-2016 04:53

I'm using PDSOE - ABL Web App.

About the bug, where did you find this information, couldn't find it anywhere, only found an ETA for 11.6.1 in Q2 2016.

Meanwhile, if you could help me to workaround this problem I'd appreciate it alot, since this is vital for my application.


Does this also happen in 11.5? Could/Should I use it instead?


Would it help change the oeablSecurity-form-oerealm to oeablSecurity-basic-oerealm.xml?

Posted by whenshaw on 20-Jan-2016 09:29

I think that using  oeablSecurity-basic-oerealm.xml would work. Be sure to change the authenticationModel setting in your JavaScript code to


I think that using the FCS of 11.5 would also work, but I am not sure about 11.5.1.

If these don't work (or even if they do work), we can still try to find you a workaround for Form authentication in 11.6. Send me your oeablSecurity....xml file and I will take a look at it. You can send it directly to me at:

This thread is closed