W
whenshaw
Guest
Hi, The 401 returned from the attempted GET of home.html is expected. The JSDO library does the GET of home.html to determine whether the app has already authenticated to the Web application. If it gets back a 401, it then makes the j_spring_security_check request, which does the "real" authentication. The first screen capture in your doc shows the expected sequence: 1. test home.html 2. j_spring_security 3. oeping (just to see whether oeping is supported) 4. GET the catalog (OpenAccountsAPIService.json) 5. GET some data (it looks like that is the NL07 request) Those all seemed to work. In your second excerpt, it looks like the app had already authenticated. Is it possible that this happened in the same browser session as a previous login, and that there had been no logout after that previous login? Your client app code should not need to do anything regarding the Client Principal. In fact, it does not have access to the JSESSIONID returned from the server because that is in an HttpOnly header by default. There is a way to configure the Web application on the server so that it will use a Client Principal as the JSESSIONID, if that is what you want to do. Regards, Wayne
Continue reading...
Continue reading...