Is it possible to use forms_oerealm security with Angular2 and Nativescript - Forum - Mobile - Progress Community

Is it possible to use forms_oerealm security with Angular2 and Nativescript

 Forum

Is it possible to use forms_oerealm security with Angular2 and Nativescript

This question is answered

Hi,

We've played around with OpenEdge 11.6.3 and successfully used some web handlers to return some data into an Angular2 web application and also a Nativescript app.  We now want to add some security to the services and have chosen forms_oerealm.  This works fine for testing from a browser but I can't seem to get access to the response token/ jsessionid cookie within the javascript (typescript)  code when using an http post request to the j_spring_security_check url.  Is this because it's just part of the http response or should it come back as json data?  The service is currently on  a different domain to the Angular 2 app.  We have used this method in the past (Angular 1.5) when the webapp was deployed on the same PAS as the services so could it be a CORS issue?

Here's a sample of the login code.

    let headers = new Headers();
    headers.append("Content-Type", "application/x-www-form-urlencoded");
    headers.append("Cache-Control", "max-age=0");
 

    let options = new RequestOptions({ headers: headers, withCredentials: true });
        let data = JSON.stringify({
            j_username: user.username,
            j_password: user.password
        });
  

      return this.http.post(
            Config.apiUrl + "static/auth/j_spring_security_check", data,
            options
        )
            .map(response => response.json()) ;

Should this work within a Nativescript app or should we just use the jsdo for session management and login purposes?

Any pointers in the right direction would be appreciated. 

Thanks

Verified Answer
  • That’s  because you told the server you were sending form-encoded data
     
    headers.append("Content-Type", "application/x-www-form-urlencoded");
     
     
    Form-encoded data has a structure of key-1=value1&key-2=value-1. en.wikipedia.org/.../POST_(HTTP) has a quick overview.
     
    If you want to try sending JSON, then change the value of the Content-Type header
    headers.append("Content-Type", "application/json ");
     
     
     
All Replies
  • You should be getting back the JSESSIONID and I do not think any specific headers are required to set in the CORS. Can you confirm by looking at the request and response headers information while running your client code. You might want to use fiddler or some proxy to capture this information.

    Regards,

    Irfan

  • Hi Irfan,

    Thanks for the reply.  I'll look at setting up a proxy or using fiddler to log the requests.  I've made sure all future http requests within the Angular2 app use the withCredentials option.  I'm sure it's something within the spring security CORS setup and the fact my test Angular2 app is running on localhost:3000 and the server is on another domain and protnumber.  Thanks

  • Hi Irfan,

    Just to let you know.  My problem was related to the way the body data was created for the POST request.

    This didn't work

      let data = JSON.stringify({

               j_username: user.username,

               j_password: user.password

    };

    This works

     let data = "j_username=" + user.username + "&" + "j_password=" + user.password;

    looks like "&" was needed between the two values.

    Thanks again for replying

  • That’s  because you told the server you were sending form-encoded data
     
    headers.append("Content-Type", "application/x-www-form-urlencoded");
     
     
    Form-encoded data has a structure of key-1=value1&key-2=value-1. en.wikipedia.org/.../POST_(HTTP) has a quick overview.
     
    If you want to try sending JSON, then change the value of the Content-Type header
    headers.append("Content-Type", "application/json ");
     
     
     
  • Does the spring login (static/auth/j_spring_security_check) accept JSON as input?

  • Hi Peter,

    Ok,  Thanks for the feedback.  That explains it.  So If I change the content type to "application/json" and prepare the payload with the JSON.stringify method I should get the same successful response.  

    Cheers

    Dale

  • Hi,

    I've no idea but I'll try Peter's idea to find out!

  • Hi Bronco,

    It doesn't seem to work with the POST request to the spring_security_check url.  It's was worth knowing how to structure the data though.  In our Angular1.5 webapp we had made use of the $.param method to setup the request data which must add have added the & automatically.  

    Cheers

    Dale