[keycloak-user] Establish session by ajax request
Andrey Saroul
andrey.saroul at gmail.com
Tue Feb 9 13:00:24 EST 2016
No more actual.
I fixed it by using bearer type auth instead of confidential.
I generated token and set its value to front-end ExtJs.
2016-02-09 18:25 GMT+03:00 Andrey Saroul <andrey.saroul at gmail.com>:
> Is there any way to establish session with client (webapp with browser
> enabled authn, not a Bearer type) by XMLHttpRequest?
> I have central webapp which provide access to other services (restful).
> The problem is that when I login into central app I establish session with
> jsessionid connected to it. That works fine until I try to access other
> services. I have front-end as a single page (ExtJS) which issue
> XMLHttpRequest to service (separate web app in the same server). By the
> time I login into central app browser has its jsessionid, but to access
> other service, I need to establish another session and keycloak has to
> generate another jsessionid for me to access this service. And I can't get
> it supposedly because of XMLHttpRequest not a HttpRequest.
>
> For example, for this request (with jsessionid of central webapp):
> GET /rest/test HTTP/1.1
> Host: localhost:8080
> *X-Requested-With: XMLHttpRequest*
> Cookie: JSESSIONID=XAVXi...
> Connection: keep-alive
>
> Response is (I ommited some unimportant headers):
> *HTTP/1.1 401 Unauthorized*
> Expires: 0
> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
> X-Powered-By: Undertow/1
> Server: WildFly/9
> Pragma: no-cache
> Connection: keep-alive
>
>
> *WWW-Authenticate: Bearer realm="Unknown"*
> And when I change request to generic http, I got correct jsessionid and
> can access my rest service.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160209/3eb511a8/attachment.html
More information about the keycloak-user
mailing list