2

I have a web application deployed in weblogic. I'm using angularJS to make rest calls to the weblogic REST API in my web application. When the weblogic REST API session has expired, it responds with status code: 401 and header 'WWW-Authenticate'='Basic realm=x'. This causes the browser to pop-up basic authentication dialog before client side scripting handle the response. I want to prevent this login dialog from appearing. Is there any way to configure this in weblogic or handle it on client side with javascript (angularjs)?

I tried adding X-Requested-With: XMLHttpRequest to request headers with no luck. I already tried the solutions mentioned in the below questions.

1, 2, 3

These are the header content of the response which cause the popup.

Content-Length → 1468
Content-Type → text/html; charset=UTF-8
Date → Tue, 29 Nov 2016 02:54:49 GMT
WWW-Authenticate → Basic realm="weblogic"
X-ORACLE-DMS-ECID → 3431314314
X-ORACLE-DMS-RID → 0

This is the request header 

GET /management/weblogic/latest/domainRuntime/serverLifeCycleRuntimes? HTTP/1.1
Host: pahslk:58090
Connection: keep-alive
Accept: application/json, text/plain, */*
X-Requested-By: xx
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
Referer: http://pahslk0:58090/.........
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8
Cookie: JSESSIONID=......
Community
  • 1
  • 1
pahan
  • 567
  • 1
  • 8
  • 22
  • Are you using httpInterceptor in your angularjs code. It seems like that you found 401 as response in interceptor and redirected to login page or login pop-up? – Manish Singh Nov 30 '16 at 05:44
  • @ManishSingh I'm not using httpInterceptor. If the browser receives a response with `status-code: 401` and `WWW-Authenticate: Basic ....`, the browser's login dialog will popup. Browser will catch the response before any javascript is executed. – pahan Nov 30 '16 at 06:01
  • This is a problem on the server. The best way is to disable basic auth on the server. If you can't do that you can set up a proxy that changes the headers a little bit so they don't registered by the browser – Kliment Nov 30 '16 at 15:21
  • @Kliment How to change the authentication type in weblogic? – pahan Dec 02 '16 at 04:42
  • @pahan i don't know how weblogic functions but with a little research i found out that there is configuration file that you will have to set up. If you dont have access in the server you can always set up simple proxy that will rewrite the headers – Kliment Dec 02 '16 at 15:39

1 Answers1

0

I've quickly created a 401 response at my endpoint: https://edeen.pl/401.php when you try to access, it will open the dialogue, but it doesn't happen with angular $http service http://plnkr.co/edit/rOWLjyjNJX5FO2HR0tJM

angular.module('plunker', [])
  .controller('MainCtrl', function($http) {
    $http.get('https://edeen.pl/401.php').error(function(error) {
      console.log(error)
    })
  });
<!DOCTYPE html>
<html ng-app="plunker">

<head>
  <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.2.23/angular.min.js"></script>
</head>

<body ng-controller="MainCtrl">

</body>

</html>
maurycy
  • 8,455
  • 1
  • 27
  • 44
  • Thanks for the answer. I also use angular `$http` for my requests... In your plnkr, the response has the status-code `401` and the `WWW-Authenticate: Basic .....` header, still authentication popup doesn't appear. Why? – pahan Nov 28 '16 at 11:17
  • Can you post the headers of your call? That might help, or try reaching my endpoint from your code, it's CORS enabled – maurycy Nov 28 '16 at 11:28
  • I edited the question and added response headers. When I reach your endpoint from my code, popup doesn't appear. Anyway, my application is http – pahan Nov 29 '16 at 04:25
  • I've experimented with my plunk and the popup appeared only in a case when I used JSONP, what angular version you use? Did you compare request headers of a call to my endpoint with yours? There has to be a difference (you can use my endpoint with http too – maurycy Nov 29 '16 at 10:37
  • Angular version is 1.2.32. I'm not using JSONP. I added the request header to the question. I see lot of additional headers in your response. But as I mentioned in the question since it's weblogic I'm using, I can't do anything about the response. – pahan Nov 29 '16 at 13:43