CODEWITHSUNDEEP
ibm-mobilefirstworklight-security
Abhishek V
Abhishek V

Reputation: 25

Worklight App submits lots of requests which result into HTTP 401

We have worklight app with app security defined in application-descriptor.xml. We have challenge handler to handle the challenges. In wlCommonInit() function, we call WL.Client.Connect() function which in turns triggers the challenge handler. User can type in user id / password and authenticate successfully. All good till this point.

In challenge handler after successful authenticate we call ChallengeHandler.submitSuccess() method to inform worklight about successfull authentication.

This call should result into WL.client.connect() onSuccess callback function, but instead it makes lot of request to URL ../App/iphone/init and retuns with 401. Eventually after 1-2 minutes it gets HTTP 200 for particular request and then enters into onSuccess().

Any idea why so many requests which result into 401?

Below is code snippet, in main.js...

            WL.Client.connect({
                onSuccess : callbackOnSuccess,
                onFailure : callbackOnFailure
            });

in challengeHandler.js.. 

$('#loginButton').bind('click', function () {
  var reqURL = '/j_security_check';
    var options = {};
    options.parameters = {
            j_username : $('#username').val(),
            j_password : $('#password').val()
    };
    options.headers = {};
    ChallengeHandler.submitLoginForm(reqURL, options, ChallengeHandler.submitLoginFormCallback);
});

ChallengeHandler.submitLoginFormCallback = function(response) {
        WASLTPARealmChallengeHandler.submitSuccess();
};

Upvotes: 0

Views: 177

Answers (1)

Idan Adar
Idan Adar

Reputation: 44516

Theory:

Do you have a single MobileFirst Server or multiple?

  • If you have only one server, it would be helpful to get network traffic log from a tool such as Wireshark

  • If you multiple servers, do you then also happen to have a Load Balancer involved?

    In order for authentication to successfully pass there will be several requests - the first for triggering the challenge handler and the second to carry the user credentials. These need to reach the same server.

    In case the Load Balancer is misconfigured requests may hit different MobileFirst Servers. It does sound like the requests are getting bounced between servers then meaning that a authentication request hits one server but the credentials requests hits another...

    So in the case of multiple servers you need to make sure that Sticky Sessions options is enabled in the used Load Balancer

Upvotes: 1

Related Questions