Teiid 11.2.0 / Wildfly 11.2 with SAPUI5 / OPENUI5 communication problem
cjohn001 Nov 12, 2018 3:13 PMHello together,
I am trying to use SAPUI5 in a Single Page App to display data from a TEIID VDB. When SAPUI5 ODATA V4 data model is bound to the odata service I run into several errors. One note on that, I connect via proxy (grunt-connect-proxy2) to the odata service. Basic Auth works. The metadata file above the marked service folder in the attached image is the actual metadata file of the service which, as you can see, gets loaded correctly. So no CORS issue or authorization issue.
1. First one seems to be related to an CSRF Token request as far as I understand. Seems that Wildfly is not answering the CSRF Token fetch request. Is there a way to configure Wildfly to answer the request and how would this config option look like?
The following is a screenshot from the browser log:
In standalone-teiid.xml I already tried the following CORS Headers:
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config />
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/11"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
</filters>
</subsystem>
I also tried the following config with and without adding HEAD in the Access-Control-Allow-Methods. But all configs have the same effect. It does not work.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<filter-ref name="gzipFilter" predicate="exists('%{o,Content-Type}') and regex(pattern='(?:application/javascript|text/css|text/html|text/xml|application/json)(;.*)?', value=%{o,Content-Type}, full-match=true)"/>
<filter-ref name="Access-Control-Allow-Origin"/>
<filter-ref name="Access-Control-Allow-Methods"/>
<filter-ref name="Access-Control-Allow-Headers"/>
<filter-ref name="Access-Control-Allow-Credentials"/>
<filter-ref name="Access-Control-Max-Age"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/11"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<response-header name="Access-Control-Allow-Origin" header-name="Access-Control-Allow-Origin" header-value="*"/>
<response-header name="Access-Control-Allow-Methods" header-name="Access-Control-Allow-Methods" header-value="GET, POST, OPTIONS, PUT"/>
<response-header name="Access-Control-Allow-Headers" header-name="Access-Control-Allow-Headers" header-value="accept, authorization, content-type, x-requested-with"/>
<response-header name="Access-Control-Allow-Credentials" header-name="Access-Control-Allow-Credentials" header-value="true"/>
<response-header name="Access-Control-Max-Age" header-name="Access-Control-Max-Age" header-value="1"/>
</filters>
</subsystem>
Can someone give me a hint how I have to configure TEIID to get it working together with SAPUI5.
I observed a further issue, from which I do not know if it is related to a follow up or the same issue on the just mentioned described one (there is also a X-CSRF-Token: Fetch involved), or if a have something more missing in the configuration. The issue happens when I use an aggregation binding to bind a odata collection to a sapui5 list.
Attached is the full error message:
- Request URL: http://localhost:9001/odata4/svc/my_nutri_diary/$batch
- Request Method: POST
- Status Code: 406 Not Acceptable
- Remote Address: [::1]:9001
- Referrer Policy: no-referrer-when-downgrade
- Response Headersview source
- access-control-allow-credentials: true
- access-control-allow-origin: http://localhost:9001
- cache-control: no-cache, no-store, must-revalidate
- connection: close
- content-encoding: gzip
- content-length: 125
- content-type: application/json;odata.metadata=minimal
- date: Mon, 12 Nov 2018 20:04:30 GMT
- expires: 0
- odata-version: 4.0
- pragma: no-cache
- server: WildFly/11
- x-powered-by: Undertow/1
- Request Headersview source
- Accept: multipart/mixed
- Accept-Encoding: gzip, deflate, br
- Accept-Language: de
- Authorization: Basic SU1TVXNlcjpJTVM0Zm9ydW0l
- Connection: keep-alive
- Content-Length: 329
- Content-Type: multipart/mixed; boundary=batch_id-1542053070786-11
- Cookie: sidebar_collapsed=false; cycle_analytics_help_dismissed=1; __utmz=111872281.1539128843.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=111872281.767670437.1539128843.1541866362.1541870562.42
- DNT: 1
- Host: localhost:9001
- MIME-Version: 1.0
- OData-MaxVersion: 4.0
- OData-Version: 4.0
- Origin: http://localhost:9001
- Referer: http://localhost:9001/
- User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1
- X-CSRF-Token: Fetch
- X-Requested-With: XMLHttpRequest
- Request Payload
- --batch_id-1542053070786-11 Content-Type:application/http Content-Transfer-Encoding:binary GET Profile?$skip=0&$top=100 HTTP/1.1 Accept:application/json;odata.metadata=minimal;IEEE754Compatible=true Accept-Language:de Content-Type:application/json;charset=UTF-8;IEEE754Compatible=true --batch_id-1542053070786-11--