You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Di Xu <sc...@gmail.com> on 2015/08/04 12:33:17 UTC
OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService
with DefaultEHCacheCodeDataProvider
guys,
I am getting started with the DefaultEHCacheCodeDataProvider implementation
but stuck calling the /authorize rest call.
I used cxf release v3.1.1 and here is how I configured the beans:
<bean id="oauthProvider"
class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"/>
<bean id="accessTokenService"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
<bean id="accessTokenValidatorService"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
<bean id="authorizationService"
class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
<property name="dataProvider" ref="oauthProvider"/>
</bean>
<jaxrs:server id="oauth2_service" address="/">
<jaxrs:features>
<cxf:logging />
</jaxrs:features>
<jaxrs:serviceBeans>
<ref bean="accessTokenService"/>
<!--<ref bean="accessTokenValidatorService"/>-->
<ref bean="authorizationService"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<bean
class="com.wordnik.swagger.jaxrs.listing.ResourceListingProvider"/>
<bean class="com.wordnik.swagger.jaxrs.json.JacksonJsonProvider"/>
<bean
class="com.wordnik.swagger.jaxrs.listing.ApiDeclarationProvider"/>
</jaxrs:providers>
</jaxrs:server>
And here is the rest request (as suggested in
http://cxf.apache.org/docs/jax-rs-oauth2.html)
GET http://localhost:8080/oauth2/rest/authorize?client_id=123456789&scope=updateCalendar-7&response_type=code&redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&state=1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Authorization: Basic YmFycnlAc29jaWFsLmNvbToxMjM0
Cookie: JSESSIONID=suj2wyl54c4g
Referer: http://localhost:8080/services/forms/reservation.jsp
But the result is a 401 error.
I followed the source code and caught the exception source in
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.getAndValidateSecurityContext
if (securityContext == null || securityContext.getUserPrincipal() == null) {
throw ExceptionUtils.toNotAuthorizedException(null, null);
}
securityContext is not null but getUserPrincipal returns null. Is that
means the security context is not correctly generated given the
Authorization: Basic header is provided? Or do I need register a
custom request filter to do this?
I am new to CXF and thanks for any suggestion/hints.
Re: OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService
with DefaultEHCacheCodeDataProvider
Posted by Sergey Beryozkin <sb...@gmail.com>.
CXF 3.1.2 also ships two demos showing OIDC RP, basic_oidc and big_query.
Cheers, Sergey
On 10/08/15 13:11, Scott Xu_123 wrote:
> Thanks. I found this sample project in github, in case anyone have not see
> it.
>
> https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/OAuth2-Got-401-calling-authorize-of-AuthorizationCodeGrantService-with-DefaultEHCacheCodeDataProvider-tp5759674p5759899.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
Re: OAuth2 Got 401 calling /authorize of
AuthorizationCodeGrantService with DefaultEHCacheCodeDataProvider
Posted by Scott Xu_123 <sc...@gmail.com>.
Thanks. I found this sample project in github, in case anyone have not see
it.
https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2
--
View this message in context: http://cxf.547215.n5.nabble.com/OAuth2-Got-401-calling-authorize-of-AuthorizationCodeGrantService-with-DefaultEHCacheCodeDataProvider-tp5759674p5759899.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService
with DefaultEHCacheCodeDataProvider
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
AuthorizationCodeGrantService is expected to be called by a human user
and therefore by the time the call reaches the service the
authentication should've already taken place. CXF sets up a security
context which just wraps whatever HttpServletRequest provides.
You can get the user authenticated using CXF JAASLoginInterceptor or any
other well-known mechanism (serevlet security, Spring, etc) or set up a
custom JAX-RS 2.0 ContainterRequestFilter, authenticate as needed and
set a new JAX-RS SecurityContext.
It is also simpler to start with some basic data provider, it os very
easy to implement... If you type "CXF OAuth2" in Google you'll get a
link to the demo...
HTH, Sergey
On 04/08/15 11:33, Di Xu wrote:
> guys,
>
> I am getting started with the DefaultEHCacheCodeDataProvider implementation
> but stuck calling the /authorize rest call.
> I used cxf release v3.1.1 and here is how I configured the beans:
>
> <bean id="oauthProvider"
> class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"/>
>
> <bean id="accessTokenService"
> class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
> <property name="dataProvider" ref="oauthProvider"/>
> </bean>
> <bean id="accessTokenValidatorService"
> class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
> <property name="dataProvider" ref="oauthProvider"/>
> </bean>
> <bean id="authorizationService"
> class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
> <property name="dataProvider" ref="oauthProvider"/>
> </bean>
>
> <jaxrs:server id="oauth2_service" address="/">
> <jaxrs:features>
> <cxf:logging />
> </jaxrs:features>
>
> <jaxrs:serviceBeans>
> <ref bean="accessTokenService"/>
> <!--<ref bean="accessTokenValidatorService"/>-->
> <ref bean="authorizationService"/>
> </jaxrs:serviceBeans>
> <jaxrs:providers>
> <bean
> class="com.wordnik.swagger.jaxrs.listing.ResourceListingProvider"/>
> <bean class="com.wordnik.swagger.jaxrs.json.JacksonJsonProvider"/>
> <bean
> class="com.wordnik.swagger.jaxrs.listing.ApiDeclarationProvider"/>
> </jaxrs:providers>
> </jaxrs:server>
>
> And here is the rest request (as suggested in
> http://cxf.apache.org/docs/jax-rs-oauth2.html)
>
> GET http://localhost:8080/oauth2/rest/authorize?client_id=123456789&scope=updateCalendar-7&response_type=code&redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&state=1
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Authorization: Basic YmFycnlAc29jaWFsLmNvbToxMjM0
> Cookie: JSESSIONID=suj2wyl54c4g
> Referer: http://localhost:8080/services/forms/reservation.jsp
>
> But the result is a 401 error.
>
> I followed the source code and caught the exception source in
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.getAndValidateSecurityContext
>
> if (securityContext == null || securityContext.getUserPrincipal() == null) {
> throw ExceptionUtils.toNotAuthorizedException(null, null);
> }
>
> securityContext is not null but getUserPrincipal returns null. Is that
> means the security context is not correctly generated given the
> Authorization: Basic header is provided? Or do I need register a
> custom request filter to do this?
>
> I am new to CXF and thanks for any suggestion/hints.
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/