Form authentication in Javascript.
Rohit Sood (1●1●2)
| asked Nov 08 '12, 10:01 a.m.
edited Nov 14 '12, 11:04 a.m. by Seth Packham (1.4k●4●22●13)
After verifying steps described in the OSLC workshop for Java based authentication, i get a authfail when attempting to pass a username+password when calling the login page using Javascript/Jquery.
Question : I read in some of the earlier posts that the session cookies need to be passed in the request header with the login call. If true, how does one retrieve them in Javascript ? The respHeaderString variable below in my code snippet is empty when attempting the same. Is there a Javascript example to refer? //Set session cookies. jQuery.get("https://rtc.fmr.com/jazz/authenticated/identity", function (data) { alert("Data Loaded: " + data); }); // Form Login var username = Base64.encode("test"); var password = Base64.encode("test"); var jqRespObj = $.ajax({ type: "PUT", url: "https://rtc.fmr.com/jazz/jts/authenticated/j_security_check?j_username=" + username + "&j_password=" + password, cache: false, async: false, xhrFields:{ withCredentials: true }, crossDomain: true, dataType: "xml", success: function(result) { alert("Login successful "); } }); var respHeaderString = jqRespObj.getAllResponseHeaders(); jQuery.get("https://rtc.fmr.com/jazz/authenticated/identity", function (data) { alert("Data Loaded: " + data); }); var rootServiceResp = $.ajax({ type: "GET", url: "https://rtc.fmr.com/jazz/rootservices", cache: false, async: false, xhrFields: { withCredentials: true }, crossDomain: true, dataType: "xml", success: function (result) { alert("Root Service xml recieved " + data); } |
One answer
If you're making a request from the browser, the browser will automatically store and send cookies for you when appropriate. I believe the problem is that you're Base64 encoding the URL parameters. They should be URL-encoded instead, e.g.
var username = encodeURIComponent("test"); var password = encodeURIComponent("test"); Here you don't really need to call encodeURIComponent, which is a built-in JavaScript function, because we know there are no special URL characters in "test". However in general, if you're going to accept user input for these, then it's a good idea. Also, I should mention that usually one would use POST rather than PUT to send the credentials, and the params should be included in the POST body, rather than appending them as URL parameters. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.