You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Di Xu <sc...@gmail.com> on 2015/08/04 12:33:17 UTC

OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService with DefaultEHCacheCodeDataProvider

guys,

I am getting started with the DefaultEHCacheCodeDataProvider implementation
but stuck calling the /authorize rest call.
I used cxf release v3.1.1 and here is how I configured the beans:

    <bean id="oauthProvider"
class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"/>

    <bean id="accessTokenService"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    <bean id="accessTokenValidatorService"
class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    <bean id="authorizationService"
class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
        <property name="dataProvider" ref="oauthProvider"/>
    </bean>

   <jaxrs:server id="oauth2_service" address="/">
        <jaxrs:features>
            <cxf:logging />
        </jaxrs:features>

        <jaxrs:serviceBeans>
            <ref bean="accessTokenService"/>
            <!--<ref bean="accessTokenValidatorService"/>-->
            <ref bean="authorizationService"/>
        </jaxrs:serviceBeans>
        <jaxrs:providers>
            <bean
class="com.wordnik.swagger.jaxrs.listing.ResourceListingProvider"/>
            <bean class="com.wordnik.swagger.jaxrs.json.JacksonJsonProvider"/>
            <bean
class="com.wordnik.swagger.jaxrs.listing.ApiDeclarationProvider"/>
        </jaxrs:providers>
    </jaxrs:server>

And here is the rest request (as suggested in
http://cxf.apache.org/docs/jax-rs-oauth2.html)

GET http://localhost:8080/oauth2/rest/authorize?client_id=123456789&scope=updateCalendar-7&response_type=code&redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&state=1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Authorization: Basic YmFycnlAc29jaWFsLmNvbToxMjM0
Cookie: JSESSIONID=suj2wyl54c4g
Referer: http://localhost:8080/services/forms/reservation.jsp

But the result is a 401 error.

I followed the source code and caught the exception source in
org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.getAndValidateSecurityContext

if (securityContext == null || securityContext.getUserPrincipal() == null) {
    throw ExceptionUtils.toNotAuthorizedException(null, null);
}

securityContext is not null but getUserPrincipal returns null. Is that
means the security context is not correctly generated given the
Authorization: Basic header is provided? Or do I need register a
custom request filter to do this?

I am new to CXF and thanks for any suggestion/hints.

Re: OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService with DefaultEHCacheCodeDataProvider

Posted by Sergey Beryozkin <sb...@gmail.com>.

CXF 3.1.2 also ships two demos showing OIDC RP, basic_oidc and big_query.

Cheers, Sergey


On 10/08/15 13:11, Scott Xu_123 wrote:
> Thanks. I found this sample project in github, in case anyone have not see
> it.
>
> https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/OAuth2-Got-401-calling-authorize-of-AuthorizationCodeGrantService-with-DefaultEHCacheCodeDataProvider-tp5759674p5759899.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>

Re: OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService with DefaultEHCacheCodeDataProvider

Posted by Scott Xu_123 <sc...@gmail.com>.

Thanks. I found this sample project in github, in case anyone have not see
it.

https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2



--
View this message in context: http://cxf.547215.n5.nabble.com/OAuth2-Got-401-calling-authorize-of-AuthorizationCodeGrantService-with-DefaultEHCacheCodeDataProvider-tp5759674p5759899.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: OAuth2 Got 401 calling /authorize of AuthorizationCodeGrantService with DefaultEHCacheCodeDataProvider

Posted by Sergey Beryozkin <sb...@gmail.com>.

Hi
AuthorizationCodeGrantService is expected to be called by a human user 
and therefore by the time the call reaches the service the 
authentication should've already taken place. CXF sets up a security 
context which just wraps whatever HttpServletRequest provides.

You can get the user authenticated using CXF JAASLoginInterceptor or any 
other well-known mechanism (serevlet security, Spring, etc) or set up a 
custom JAX-RS 2.0 ContainterRequestFilter, authenticate as needed and 
set a new JAX-RS SecurityContext.

It is also simpler to start with some basic data provider, it os very 
easy to implement... If you type "CXF OAuth2" in Google you'll get a 
link to the demo...

HTH, Sergey


On 04/08/15 11:33, Di Xu wrote:
> guys,
>
> I am getting started with the DefaultEHCacheCodeDataProvider implementation
> but stuck calling the /authorize rest call.
> I used cxf release v3.1.1 and here is how I configured the beans:
>
>      <bean id="oauthProvider"
> class="org.apache.cxf.rs.security.oauth2.grants.code.DefaultEHCacheCodeDataProvider"/>
>
>      <bean id="accessTokenService"
> class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
>          <property name="dataProvider" ref="oauthProvider"/>
>      </bean>
>      <bean id="accessTokenValidatorService"
> class="org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService">
>          <property name="dataProvider" ref="oauthProvider"/>
>      </bean>
>      <bean id="authorizationService"
> class="org.apache.cxf.rs.security.oauth2.services.AuthorizationCodeGrantService">
>          <property name="dataProvider" ref="oauthProvider"/>
>      </bean>
>
>     <jaxrs:server id="oauth2_service" address="/">
>          <jaxrs:features>
>              <cxf:logging />
>          </jaxrs:features>
>
>          <jaxrs:serviceBeans>
>              <ref bean="accessTokenService"/>
>              <!--<ref bean="accessTokenValidatorService"/>-->
>              <ref bean="authorizationService"/>
>          </jaxrs:serviceBeans>
>          <jaxrs:providers>
>              <bean
> class="com.wordnik.swagger.jaxrs.listing.ResourceListingProvider"/>
>              <bean class="com.wordnik.swagger.jaxrs.json.JacksonJsonProvider"/>
>              <bean
> class="com.wordnik.swagger.jaxrs.listing.ApiDeclarationProvider"/>
>          </jaxrs:providers>
>      </jaxrs:server>
>
> And here is the rest request (as suggested in
> http://cxf.apache.org/docs/jax-rs-oauth2.html)
>
> GET http://localhost:8080/oauth2/rest/authorize?client_id=123456789&scope=updateCalendar-7&response_type=code&redirect_uri=http%3A//localhost%3A8080/services/reservations/reserve/complete&state=1
>
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Authorization: Basic YmFycnlAc29jaWFsLmNvbToxMjM0
> Cookie: JSESSIONID=suj2wyl54c4g
> Referer: http://localhost:8080/services/forms/reservation.jsp
>
> But the result is a 401 error.
>
> I followed the source code and caught the exception source in
> org.apache.cxf.rs.security.oauth2.services.RedirectionBasedGrantService.getAndValidateSecurityContext
>
> if (securityContext == null || securityContext.getUserPrincipal() == null) {
>      throw ExceptionUtils.toNotAuthorizedException(null, null);
> }
>
> securityContext is not null but getUserPrincipal returns null. Is that
> means the security context is not correctly generated given the
> Authorization: Basic header is provided? Or do I need register a
> custom request filter to do this?
>
> I am new to CXF and thanks for any suggestion/hints.
>


-- 
Sergey Beryozkin

Talend Community Coders
http://coders.talend.com/