What are potential solutions to a redirection problem that occurs when trying to make AJAX calls to a CAS-protected, SSL-encrypted resource located on a server different from the CAS server?
The CAS server is used for authentication and behaves as designed. This issue appears to be ajax-specific.
There is a similar question here, but we cannot use the same domain/server/port for the CAS server and the back开发者_JAVA百科end resource.
The JASIG CAS mailing lists mentions using JSESSIONID.
Another possible approach is to modify the CAS Filter to change the expired-ticket default behavior to something more robust.
What design pattern would you use to overcome this issue?
I have 2 suggestions:
- can you set up a proxy script on the same domain as the one that holds the JS code? That way the proxy script would query the CAS and return desired results
- can you enable JSONP? this type of request is not limited by the security policy (but then anyone could use the service)
I never heard about CAS, but in general: Javascript has some restriction called “same origin policy”. A visible ressource is not automatically visible to Javascript, too. Did you try to access the ressource using a reverse proxy to make it available within the same domain? You could also consider to point your domain onto a separate web server and include both servers as reverse proxies (for Tomacat, JKmounts are to prefer) here.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论