1

I have a very big problem with WSO2 ESB .

I implemented a very simple web service, by WSO2 ESB ver. 4.8.1, called TestProxy with a security on (and with the default configuration about security). If I call the web service with the address https://10.20.105.145:8244/services/TestProxy/test_query/test_oper_query by chrome web browser is all ok: - first chrome ask me username and password; - then the web service returns me, in the web page, the output (in my case is an output in json format) .

But, I have big problem when I call the web service from javascript (for example deployed in a tomcat app. server).

I use the following code (username and password (right) is admin admin):

<html>
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script>


function callDSS() {


    $.ajax({


      ,
        url: "https://10.20.105.145:8244/services/TestProxy/test_query/test_oper_query",

        dataType:"json",

        type: "GET", 

        headers: {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Credentials": "true",
        "Access-Control-Allow-Methods": "GET, PUT, POST, DELETE, OPTIONS",
        "Access-Control-Allow-Headers": "Content-Type, Content-Range, Content-Disposition, Content-Description",

        "Authorization": "Basic " + btoa("admin:admin")
        },
        //async: false,
        error: function (jq, status, message) {
            console.info('A jQuery error has occurred. Status: ' + status + ' - Message: ' + message+JSON.stringify(jq));

        },

        success: function() { 
        alert('Success!'); 
    }
});

};

</script>

</head>
<body onload="callDSS()">
</body>
</html>

It gives me the error: Failed to load resource: the server responded with a status of 401 (Unauthorized) test_invoke.html:1 XMLHttpRequest cannot load https://10.20.105.145:8244/services/TestProxy/test_query/test_oper_query. Invalid HTTP status code 401

Could you help me to solve this problem?

If you can give me a correct javascript code in order to solve the problem.

Thank you.

Regards

Fabrizio67
  • 11
  • 3

1 Answers1

0

If you want to access your service from JavaScript, you should use an API or service endpoint, not the tryit proxy, which requires an authenticated user.

Also, those headers you´re adding (Access-Control-*) are supposed to be sent by the server, not the ajax client.

If you face CORS-related issues, please take a look at the following question: Disable same origin policy in Chrome

Community
  • 1
  • 1
Philippe Sevestre
  • 889
  • 10
  • 16
  • Hello Philippe, thank you for your answer. The problem is that we are forced to have, from web service, the json format. Only with the WSO2 DSS we have (from web service) only xml format. Moreover: the authentication, for us, is mandatory in order to respect our security. – Fabrizio67 May 20 '15 at 08:18
  • Fabrizio, can you give additional details about your setup ? Do you have a DSS server and a ESB ? Where is the security constraint being applied, at DSS or ESB ? – Philippe Sevestre May 24 '15 at 22:37