Fixed: Ajax request fail on restful page (OFBIZ-13231)

[nmalin]

A problem was detected with some ajax call did by js script that failed with error 405 like : https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowser

Reason :

SetTimeZoneFromBrowser is a request define in common-controller.xml, so available on all component. In js the call is realized by :

        $.ajax({
            url: "SetTimeZoneFromBrowser",
            type: "POST",
            async: false,...

So the navigator use the relative url to execute the call. In general case we have a page like https://demo-next.ofbiz.apache.org/$component/control/$request so js script realized their call with https://demo-next.ofbiz.apache.org/$component/control/$request-js. Like each request-js are present on common-controller.xml all component that include it can response.

With rest url, the uri pattern is more complex and the script js that generate a relative call like we have upper : https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowse. The ControlServlet behind failed to retrieve the correct request and generate a http error 405

To fix :

we remove all relative js call and create a dedicated webapp for that.

    $.ajax({
            url: "/common-js/control/SetTimeZoneFromBrowser",
            type: "POST",
            async: false,...

To pass through the authentification (we implement a new webapp), we store a jwt token with the current userLogin after the authentification that will use by common-ext to confirm authentification. This cookie is available during all the session time

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[JacquesLeRoux]

Hi @nmalin,

I tried to get a 405 using https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowser to no avail, what could I miss?

[JacquesLeRoux]

Hi Nicolas,

Forget it, that was on Win7 with Edge. I see a 405 on Ubuntu 20.04 with last FF.

[nmalin]

Hi Jacques, What is the return code on edge ? Because the url https://demo-next.ofbiz.apache.org/webtools/control/entity/find/SetTimeZoneFromBrowse can't be delivery correctly by ofbiz

[JacquesLeRoux]

It's all 200 but a 404 for messages_en.js that is not a real issue, messages_en.js is the default. Note that it's not only Edge but more probably due to Win7.

Anyway I applied the PR.patch on Ubuntu and the 405 disappeared. I did not review all but I can at least confirm that running
https://localhost:8443/webtools/control/entity/find/SetTimeZoneFromBrowser works.

[nmalin]

and https://localhost:8443/webtools/control/entity/find/SetTimeZoneFromBrowser response as json or it's catch by the rest pattern and return a html page ?

[JacquesLeRoux]

Not sure about being caught by REST, but an HTML page is returned with a 401

More clear maybe:

2025-05-13 11:03:20,979 |jsse-nio-8443-exec-2 |ControlServlet                |T| [[[webtools::entity (Domain:https://localhost)] Request Begun, encoding=[UTF-8]- total:0.0,since last(Begin):0.0]]
2025-05-13 11:03:21,077 |jsse-nio-8443-exec-2 |ConfigXMLReader               |I| controller loaded: 0.001s, 0 requests, 0 views in file:/home/jacques/ofbiz-framework/framework/common/webcommon/WEB-INF/handlers-controller.xml
2025-05-13 11:03:21,085 |jsse-nio-8443-exec-2 |ConfigXMLReader               |I| controller loaded: 0.025s, 52 requests, 22 views in file:/home/jacques/ofbiz-framework/framework/common/webcommon/WEB-INF/common-controller.xml
2025-05-13 11:03:21,093 |jsse-nio-8443-exec-2 |ConfigXMLReader               |I| controller loaded: 0.001s, 26 requests, 10 views in file:/home/jacques/ofbiz-framework/framework/common/webcommon/WEB-INF/portal-controller.xml
2025-05-13 11:03:21,105 |jsse-nio-8443-exec-2 |ConfigXMLReader               |I| controller loaded: 0.001s, 30 requests, 13 views in file:/home/jacques/ofbiz-framework/framework/common/webcommon/WEB-INF/security-controller.xml
2025-05-13 11:03:21,116 |jsse-nio-8443-exec-2 |ConfigXMLReader               |I| controller loaded: 0.001s, 5 requests, 0 views in file:/home/jacques/ofbiz-framework/framework/common/webcommon/WEB-INF/tempexpr-controller.xml
2025-05-13 11:03:21,121 |jsse-nio-8443-exec-2 |ConfigXMLReader               |I| controller loaded: 0.078s, 122 requests, 79 views in file:/home/jacques/ofbiz-framework/framework/webtools/webapp/webtools/WEB-INF/controller.xml
2025-05-13 11:03:21,127 |jsse-nio-8443-exec-2 |RequestHandler                |I| Rendering View [login].  Hidden sessionId by default.
2025-05-13 11:03:21,135 |jsse-nio-8443-exec-2 |ServiceDispatcher             |T| Sync service [webtools/getUserPreferenceGroup] finished in [6] milliseconds
2025-05-13 11:03:21,152 |jsse-nio-8443-exec-2 |ScreenFactory                 |I| Got 30 screens in 0.008s from: file:/home/jacques/ofbiz-framework/framework/common/widget/CommonScreens.xml
2025-05-13 11:03:21,237 |jsse-nio-8443-exec-2 |ScreenFactory                 |I| Got 29 screens in 0.014s from: file:/home/jacques/ofbiz-framework/themes/common-theme/widget/CommonScreens.xml
2025-05-13 11:03:21,244 |jsse-nio-8443-exec-2 |ScreenFactory                 |I| Got 11 screens in 0.005s from: file:/home/jacques/ofbiz-framework/framework/webtools/widget/CommonScreens.xml
2025-05-13 11:03:21,290 |jsse-nio-8443-exec-2 |ControlServlet                |T| [[[webtools::entity (Domain:https://localhost)] Request Done- total:0.311,since last([webtools::entity...):0.311]]
^Cjacques@jacques-VirtualBox:~/ofbiz-framework$ 

[JacquesLeRoux]

Looks like the call to the login view is due to REST, right?

[nmalin]

right :) your call failed to 401 because the url is catch by <request-map uri="entity/find/{entityName}" in webtools controller.
The entityName == 'SetTimeZoneFromBrowser'

This call don't match the controller entry ` on common-controller.xml

[JacquesLeRoux]

Great, sounds OK with me, thanks Nico

[nmalin]

Tks to look on it. I propose to commit this on trunk and also in 24.09, if you have a look to confirm my choice