After some trouble I have a restservice working with all the stuff like PASOE, oerealm form security, SPA and so on. And it is actually working fine, at least when accessed from a webbrowser. I get the login page and I can login.
However, when I try to access this restservice from a mobile app in Telerik Appbuilder (using the simulator), I can not login, no matter what I do or try. I can see that a .....j_spring_security_check is posted with the right data, but I always get the 401 returned.
Anyone any idea what I can do?
You definitely need to remove "rest" from the serviceURI. I'm sorry I didn't notice that earlier. You should not change the progress.all.js file.
When you removed "rest" from the serviceURI, and got a 200 back on the request for home.html, were you testing from a browser session that you had previously used to make a successful test (where you had entered the
URI directly into the browser)? I am wondering whether the session ID from the successful access was cached, and that allowed you to access home.html. What happens if you do this:
1. remove the change that you made from progress.all.js
2. define the serviceURI without "rest" at the end
3. clear browsing data from the browser you're using with Telerik AppBuilder and restart it (just to be sure)
4. now run the test
When removing the "rest" from the service URI i was testing from the Telerik Appbuilder, running in the simulator. Looking at the progress.all.js file you can see why it does not force a call to j_spring_security_check:
Because the content-type of the response is "text-html" and the response status is 200 it tries to figure out if the response is a login page or a failure page. It does this by searching for the text "j_spring_security_check" in the response. However, the response is just the "home-page" as you can see in the attached screen.
So, I think the response to the home.html is the wrong one, but why?
Below two screen shots, both taken using the simulator/Telerik Appbuilder, with ServiceURI without "rest" part (just "localhost:8810/MoneyVault"). First screenshot shows the headers of the request and response, second one shows the response. Hope this helps.
Seems to be fixed now, do some more testing and will let you know