12-03-2009 02:30 AM
I have problems getting HTTP Digest Authentication working in a BlackBerry Widget. The basic idea with this authentication:
- the client sends a request to server
- server responds with a 401 Unauthorized including a nonce
- the client uses the password+nonce to create a checksum and sends a new request holding this checksum
- server sends 2xx response on successful authentication
My code is using AJAX requests to authenticate the user. My first approach was to provide the username/password in the call to XMLHttpRequest.open():
xmlhttp.open('POST', 'http://www.domain1.com:8088/wce/register', true, 'user1', 'password1');
This way most browsers handle the 401 response and checksum calculation themselves. Running this code in the BlackBerry browser works fine, user gets authenticated and the xmlhttp returns 202 Accepted.
But it seems the Widget environment does not handle the authentication even though username/password provided in xmlhttp.open(). Instead, the xmlhttp.onreadystate() method gets the 401 Unauthorized response.
So the workaround would be to handle the checksum calculation myself, create a new xmlhttprequest, set the HTTP Authorization header, and send the request to the server. Then I ran into a showstopper:
- It is not possible to set the Authorization header using the xmlhttp.setRequestHeader(). I can set other headers, but the Authorization header is blocked in the API!!!
Any ideas? Anyone with the same problem? Or BlackBerry - is it possible for a Widget to use HTTP Authentication?
- Simulator 126.96.36.199
- MDS 4.1.2
12-07-2009 09:36 AM
Greetings and thanks for your post.
This is a known issue. You can track the progress of this through our Developer Issue Tracker here: https://www.blackberry.com/jira/browse/WEBAPI-21
To answer your question about Widgets, you will experience similar behaviour through a BlackBerry Widget application as it shares the same browser rendering engine as the Browser application.