Connecting datapower and worklight client side

StackOverflow https://stackoverflow.com/questions/17999827

Question

Im trying to connect a worklight app with a datapower using $.ajax() from the client side using this code on the main js:

function authDP(username, password) {

$.ajax("http://192.168.44.201:2051/cotizador", {
    success : function() {
        var invocationData = {
            adapter : "B2CAdapter",
            procedure : "setUserIdentity",
            parameters : [ username, password ]
        };
        myChallengeHandler.submitAdapterAuthentication(invocationData, {});
        alert("Login correcto");
    },
    error : function(xhr, status, error) {
        alert("Failed: " + status + " ; " + error);
    },
    headers : {

        "Authorization" : "Basic "
                + Base64.encode(username + ":" + password)


    }
});

}

but the chrome console returns this (on chrome):

OPTIONS http://192.168.44.201:2051/cotizador 401 (Unauthorized) wljq.js:8542
OPTIONS http://192.168.44.201:2051/cotizador Origin http://pc-ayi-0204:10080 is not      allowed by Access-Control-Allow-Origin. wljq.js:8542
XMLHttpRequest cannot load http://192.168.44.201:2051/cotizador. Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin.

and this on firefox:

[11:55:22.272] OPTIONS http://192.168.44.201:2051/cotizador [HTTP/1.1 401 Unauthorized 38ms]

Is there something that im missing on the headers? Because in the firefox console/request/headers/ section i only see this:

User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Origin:http://pc-ayi-0204:10080
Host:192.168.44.201:2051
Connection:keep-alive
Access-Control-Request-Method:GET
Access-Control-Request-Headers:authorization
Accept-Language:es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding:gzip, deflate
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

and i dont see the Basic user:pass values, is this correct?

Was it helpful?

Solution

You cannot make arbitrary requests outside of your domain from the client side using AJAX. See for example:

Origin is not allowed by Access-Control-Allow-Origin

OTHER TIPS

I am trying to look into following piece of error

OPTIONS http://192.168.44.201:2051/cotizador 401 (Unauthorized) wljq.js:8542 OPTIONS http://192.168.44.201:2051/cotizador **Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin.** wljq.js:8542 XMLHttpRequest cannot load http://192.168.44.201:2051/cotizador. Origin http://pc-ayi-0204:10080 is not allowed by Access-Control-Allow-Origin.

I am not sure what construct you are calling on datapower [MPGW or Web service proxy] but whatever it is, it seems to have ACL applied on its Front Side Handler. That ACL defines IP addresses which are allowed to call the construct. I am not sure what is the exact use case in your scenario but to correct the problem you need to remove the ACL from the Datapower Front Side Handler object.

  • Ajitabh
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top