0

When I run my AngularJS to login to my back-end, I get an internal problem. I can solve this with Exception handling, but the real problem would still exist. I am trying to use the basic authentication method and therefore I call this in my client code:

function Login(username, password) {

        var authdata = CreateLoginHeader(username, password);
        var config = {
                withCredentials: true,
                headers:  { 'Authorization': authdata, 'Content-Type', 'application/json' }
        };
        $http.post('http://brain-ratmap.rhcloud.com/api/v1/brain/study/login', config).then(SuccessLogin, ErrorLogin);
    }

function CreateLoginHeader(username, password) {
        var authdata = btoa(username + ':' + password);
        return 'Basic uIg' + authdata;
    }

When I fire this, I get this errors in JS:

XMLHttpRequest cannot load http://XXXX/api/v1/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://YYYY' is therefore not allowed access. The response had HTTP status code 500.

And like I said, I know if I would handle my Exception and would still return a response, then this POST method should work. But what I am asking is how come that my basic authentification does not work - the Authenticate value in header does not contain anything else then "Basic", when I get my request on the server side.

Here is also my logging output for all header values[Key;Size of values;Value on 1 index]:

2016-03-05 13:52:50,610 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Accept 2016-03-05 13:52:50,612 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,612 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) application/json, text/plain, / 2016-03-05 13:52:50,612 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Accept-Encoding 2016-03-05 13:52:50,612 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,613 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) gzip, deflate 2016-03-05 13:52:50,615 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Accept-Language 2016-03-05 13:52:50,615 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,616 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) en-US,en;q=0.8

2016-03-05 13:52:50,616 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Authorization

2016-03-05 13:52:50,617 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header value is size 1

2016-03-05 13:52:50,618 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header value contains on first index Basic

2016-03-05 13:52:50,620 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Connection 2016-03-05 13:52:50,621 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,629 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Keep-Alive 2016-03-05 13:52:50,630 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Content-Length 2016-03-05 13:52:50,630 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,630 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 90 2016-03-05 13:52:50,630 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Content-Type 2016-03-05 13:52:50,630 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) application/json;charset=UTF-8 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Host 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) brain-ratmap.rhcloud.com 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Origin 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,631 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) http://rat-investigation.rhcloud.com 2016-03-05 13:52:50,632 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: Referer 2016-03-05 13:52:50,632 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,632 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) http://rat-investigation.rhcloud.com/ 2016-03-05 13:52:50,632 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: User-Agent 2016-03-05 13:52:50,632 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,633 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 2016-03-05 13:52:50,633 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Client-IP 2016-03-05 13:52:50,633 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,633 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 70.75.185.14 2016-03-05 13:52:50,633 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Forwarded-For 2016-03-05 13:52:50,633 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,634 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 70.75.185.14 2016-03-05 13:52:50,634 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Forwarded-Host 2016-03-05 13:52:50,634 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,634 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) brain-ratmap.rhcloud.com 2016-03-05 13:52:50,634 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Forwarded-Port 2016-03-05 13:52:50,636 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,636 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 80 2016-03-05 13:52:50,636 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Forwarded-Proto 2016-03-05 13:52:50,637 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,637 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) http 2016-03-05 13:52:50,637 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Forwarded-Server 2016-03-05 13:52:50,637 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,638 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) brain-ratmap.rhcloud.com 2016-03-05 13:52:50,638 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) Header key is: X-Request-Start 2016-03-05 13:52:50,638 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) 1 2016-03-05 13:52:50,639 INFO [brain.ratmap.rhcloud.com.web.service.StudyManagerService] (default task-2) t=1457203970487695

Jernej K
  • 1,602
  • 2
  • 25
  • 38
  • 1
    You need to enable CORS on server and handle OPTIONS preflight request differently than POST – charlietfl Mar 05 '16 at 19:17
  • I am pretty sure this is not it. I handled the exception now by catching it and I throw a 403 back, because of the empty credentials. If it was the case that you would be right, then I would have to get the same failure back - XMLHttpRequest cannot load http://XXXX/api/v1/login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://YYYY' is therefore not allowed access. The response had HTTP status code 500. – Jernej K Mar 06 '16 at 00:26
  • I used [link 1](http://www.developerscrappad.com/1781/java/java-ee/rest-jax-rs/java-ee-7-jax-rs-2-0-cors-on-rest-how-to-make-rest-apis-accessible-from-a-different-domain/) and [link 2](http://blog.dejavu.sk/2013/11/19/registering-resources-and-providers-in-jersey-2/) to implement my application. That is why I think the problem is on the client side, because it should result in the same outcome, but it does not (POST http://XXXX/login 403 (Forbidden)). – Jernej K Mar 06 '16 at 00:28
  • `No 'Access-Control-Allow-Origin' header is present` is CORS error and your back end is also showing 500 server error – charlietfl Mar 06 '16 at 00:29
  • Open in chrome and open browser dev tools network. Can see requests made there. can see exactly what gets sent/returned , status, cookies etc. Is probably failing the OPTIONS preflight request – charlietfl Mar 06 '16 at 00:33
  • Like I wrote, this was the result of me not handling an exception. Now that I handle that exception and return Response.Status.FORBIDDEN, it should also return the exception 500 if you would be right. How come my handled exception now has the right CORS headers. Or would you suggest that if the response is something else then 2XX, then the AngularJS request does not look for the CORS headers? – Jernej K Mar 06 '16 at 00:36
  • Is the actual POST being made right after the OPTIONS request? The OPTIONS will be 200 but that doesn't mean the POST gets made if headers are wrong in OPTIONS – charlietfl Mar 06 '16 at 00:37
  • General Request URL:http://XXXX/login Request Method:POST Status Code:403 Forbidden Remote Address:52.2.158.39:80 The response headers: Access-Control-Allow-Credentials:true Access-Control-Allow-Headers:origin, content-type, accept, authorization, auth_token Access-Control-Allow-Methods:GET, POST, DELETE, PUT Access-Control-Allow-Origin:* Connection:Keep-Alive Content-Length:65 Content-Type:application/json Date:Sun, 06 Mar 2016 00:38:31 GMT Keep-Alive:timeout=15, max=99 Server:WildFly/9 X-Powered-By:Undertow/1 – Jernej K Mar 06 '16 at 00:42
  • Up you can see my response from the request I make. I copy paste it from the developer tools. – Jernej K Mar 06 '16 at 00:43
  • Can't read that in comment block...put it in question with clean formatting – charlietfl Mar 06 '16 at 00:46
  • Can clearly see that OPTIONS aren't being allowed and those are the most important ones for the access headers. Also shouldn't use `*` for origin – charlietfl Mar 06 '16 at 00:47

2 Answers2

0

Another reason why I think my web service works is, because the login method gets called and executed. With my logs I can say for sure that my code inside of login is being handled.

And here is my whole XHR from the developer tools:

Request URL:http://XXXX/login Request Method:POST Status Code:403 Forbidden Remote Address:XX.XX.XX.XX:80

Response Headers

  1. Access-Control-Allow-Credentials:true
  2. Access-Control-Allow-Headers:origin, content-type, accept, authorization, auth_token
  3. Access-Control-Allow-Methods:GET, POST, DELETE, PUT
  4. Access-Control-Allow-Origin:*
  5. Connection:Keep-Alive
  6. Content-Length:65
  7. Content-Type:application/json
  8. Date:Sun, 06 Mar 2016 00:38:31 GMT
  9. Keep-Alive:timeout=15, max=99
  10. Server:WildFly/9
  11. X-Powered-By:Undertow/1

Request Headers

  1. Accept:application/json, text/plain, /
  2. Accept-Encoding:gzip, deflate
  3. Accept-Language:en-US,en;q=0.8
  4. Authorization:Basic
  5. Connection:keep-alive
  6. Content-Length:130
  7. Content-Type:application/json;charset=UTF-8
  8. Host:XXXX.com
  9. Origin:http://caller-location
  10. Referer:http://caller-location
  11. User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36

I can see that the Authorization header value contains only "Basic". That is the reason I do not get anything more then that in the back-end. And on a side note, I know it is not a good practice to have the Access-Control-Allow-Origin: *, but for testing purpose it is fine. Later I will change it. And from my investigation I saw that allowed methods do not have to contain the OPTIONS, you only have to catch it and return a 2XX response, which I am doing. I implemented my back-end as it is described in this tutorial.

I was having problems with the preflight before, but I solved it by doing this here.

Community
  • 1
  • 1
Jernej K
  • 1,602
  • 2
  • 25
  • 38
0

I found the problem and as I suspected, the problem was the client and not the server. I did not use the $http.post method the right way. I would have to use it like it is shown in the documentation by calling $http.post(url, data, [config]) - the config contains all the headers I need. But since I did not manage to call the function like this and pass in the config (I googled but I did not find a way to have data empty without an error). That is why I just set the 'Authorization' header for all http calls:

var authdata = CreateLoginHeader(username, password);
        $http.defaults.headers.common.Authorization = authdata;
        $http.post('http://brain-ratmap.rhcloud.com/api/v1/brain/study/login').then(SuccessLogin, ErrorLogin);

At least this allowed me to send a post request and I got back my authorization token in the response.

Jernej K
  • 1,602
  • 2
  • 25
  • 38