I
Irfan
Guest
Everything other than getting JSESSIONID is working as expected. For OERealm, OERealmAuthProvider bean in Spring Security makes calls to OERealm ABL Class to verify the user details which include validating user,password and other attributes(ROLES,ENABLED,LOCKED & EXPIRED). As we make individual call for each operation, you see those many calls to activate procedure. As your configuration does not involve using a sealed CP while invoking the OERealm ABL class, your activate procedure does not get a Client-Principal object. For basic-OERealm, the Session-id in the Client-Principal object will always be 0. It will be a non-zero value and equal to JSESSION-ID value when you perform a form authentication(any model). If you do a form-authentication you will see that the JSESSIONID is returned back for your first request while returning the login page and is set for the life of your client session, but it not returned back by your WebHandler. Will get back to you later on why we are not returning the JSESSIONID for the WebHandler. Basically, it is returning back whatever is mentioned in the WebHandler ABL Class response object and JSESSIONID is not part of it. In-case you really need it then you can add a header in your response object as below. oHeader = NEW OpenEdge.Net.HTTP.HttpHeader('JSESSIONID', SESSION:CURRENT-REQUEST-INFO:SessionId). ASSIGN oResponse:Entity = oBody oResponse:ContentType = 'text/plain':u. oResponse:SetHeader(oHeader).
Continue reading...
Continue reading...