发表新帖
发表新帖

CAS authentication and redirects with jQuery AJAX

后端 未结
关注
3 727
悲哀的现实
悲哀的现实 2020-12-15 11:15

I\'ve got an HTML page that needs to make requests to a CAS-protected (Central Authentication Service) web service using the jQuery AJAX functions. I\'ve got the following c

相关标签:
3条回答
  • 梦谈多话
    2020-12-15 11:47

    Cross domain calls are not allowed by the browser. The simplest way would be to use JSONP on the mobile application end and use a CAS gateway to return a ticket.

    0 讨论(0)
  • 醉话见心
    2020-12-15 11:49

    You can make such cross-domain AJAX calls with a PHP proxy. In the following example the proxy is capable of calling REST web services that return a JSON string.

    wsproxy.php

    <?php

if (!isset($_POST["username"]) || !isset($_POST["password"]))
    die("Username or password not set.");

$username = $_POST["username"];
$password = $_POST["password"];

if (!isset($_GET['url'])
    die("URL was not set.");

//Rebuild URL (needed if the url passed as GET parameter
//also contains GET parameters
$url = $_GET['url'];
foreach ($_GET as $key => $value) { 
    if ($key != 'url') {
        $url .= "&" . $key . "=" . $value;
    }
}

//Set username and password for HTTP Basic Authentication
$context = stream_context_create(array(
    'http' => array(
    'header'  => "Authorization: Basic " . base64_encode("$username:$password")
    )
));

//Call WS
$json = file_get_contents($url, false, $context);

// Read HTTP Status
if(isset($http_response_header[0]))
    list($version,$status_code,$msg) =
        explode(' ',$http_response_header[0], 3);

// Check HTTP Status
if($status_code != 200) {
    if($status_code == 404) {
        die("404 - Not Found");
    } else {
        die($status_code . " - Error");
    }
}

//Add content header
header('Content-Type: application/json');
print $json;

?>

    URL usage

    http://yourDomain.com/wsproxy.php?url=https://wsToCall.com/ws/resource?param1=false&param2=true

    jQuery $.ajax or $.post

    Note that if you don't need to pass username and password, then a GET request is sufficient.

    $.ajax({
    type : "POST",
    url : "http://" + document.domain +
        "/wsproxy.php?url=http://wsToCall.com/ws/resource?param1=false&param2=true",
    dataType : "json",
    success : handleRedirects,
    data: { username: "foo", password: "bar" }
});
    0 讨论(0)
  • 悲哀的现实
    2020-12-15 12:10

    There is indeed more going on than meets the eye.

    After some investigation, it appears that jQuery AJAX requests made in this way fail if they're not made to the same subdomain. In this example, requests are being made to cas.mydomain.com from a different server. Even if it is also on mydomain.com, the request will fail because the subdomain doesn't match.

    jQuery AJAX does handle redirects properly. I did some testing with scripts on the same subdomain to verify that. In addition, cookies are also passed as you would expect. See my blog post for this research.

    Also keep in mind that the protocols must be the same. That is, since cas.mydomain.com is using HTTPS, the page from which you are calling it must also be on HTTPS or the request will fail.

    0 讨论(0)
 看不清?
提交回复
热议问题