Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

/v1.0/me returns error code 401 #13

Open
tschaffter opened this issue Nov 12, 2014 · 8 comments
Open

/v1.0/me returns error code 401 #13

tschaffter opened this issue Nov 12, 2014 · 8 comments

Comments

@tschaffter
Copy link

Using curl to get user information returns an error code 401.

  1. Login
curl -v -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/oauth2-provider/oauth/token?grant_type=password&username=xxx&password=password'

returns OK

  1. /v1.0/me using access token returned previously
curl -v -X GET \
 -H "Content-Type: application/json" \
 -H "Authorization: Bearer 9ea7d2dc-eb01-40b2-a29f-bb33ef11c6c9" \
 'http://localhost:8080/oauth2-provider/v1.0/me'

returns

*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /oauth2-provider/v1.0/me HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: */*
> Content-Type: application/json
> Authorization: Bearer 9ea7d2dc-eb01-40b2-a29f-bb33ef11c6c9
> 
< HTTP/1.1 401 Unauthorized
< Date: Wed, 12 Nov 2014 15:20:23 GMT
< Content-Type: application/json
< Content-Length: 168
* Server Jetty(9.2.3.v20140905) is not blacklisted
< Server: Jetty(9.2.3.v20140905)
< 
* Connection #0 to host localhost left intact
{"errorCode":"401","consumerMessage":"You do not have the appropriate privileges to access this resource","applicationMessage":"Access is denied","validationErrors":[]}
@iainporter
Copy link
Owner

does this work for you?:

./gradlew clean build integrationTest

@iainporter
Copy link
Owner

The integration tests work and my manual test was successful.

Check:

  1. That you have set up your roles hierarchy correctly
  2. Have a look at the raw data in MongoDB to see if the user has the correct role assigned

@tschaffter
Copy link
Author

It seems that it's now working fine (curl login and /me).

integrationTest fails with the following error ("could not stop mongodb"). The test then succeeds if I stop manually mongodb (sudo service mongod stop).

I did a big system update this afternoon and I've restarted since. Maybe the issue came from there...

[...]
logbak: 17:00:35.445 org.eclipse.jetty.server.Server - Started @15369ms
logbak: 17:00:35.462 o.a.gretty.JettyServerStartInfo - Jetty 9.2.3.v20140905 started and listening on port 8080
logbak: 17:00:35.500 o.a.gretty.JettyServerStartInfo - oauth2 User REST Application runs at:
logbak: 17:00:35.510 o.a.gretty.JettyServerStartInfo -   http://localhost:8080/oauth2-provider
:startManagedMongoDb
Extract /home/tschaffter/.embedmongo/linux/mongodb-linux-x86_64-2.4.9.tgz START
Extract /home/tschaffter/.embedmongo/linux/mongodb-linux-x86_64-2.4.9.tgz DONE
[mongod output]note: noprealloc may hurt performance in many applications
[mongod output] Wed Nov 12 17:00:39.040 [DataFileSync] warning: --syncdelay 0 is not recommended and can have strange performance
[mongod output] Wed Nov 12 17:00:39.054 [initandlisten] MongoDB starting : pid=9251 port=27017 dbpath=/tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096 64-bit host=thomas-VirtualBox
[mongod output] Wed Nov 12 17:00:39.056 [initandlisten] db version v2.4.9
[mongod output] Wed Nov 12 17:00:39.056 [initandlisten] git version: 52fe0d21959e32a5bdbecdc62057db386e4e029c
[mongod output] Wed Nov 12 17:00:39.057 [initandlisten] build info: Linux ip-10-2-29-40 2.6.21.7-2.ec2.v1.2.fc8xen #1 SMP Fri Nov 20 17:48:28 EST 2009 x86_64 BOOST_LIB_VERSION=1_49
[mongod output] Wed Nov 12 17:00:39.066 [initandlisten] allocator: tcmalloc
[mongod output] Wed Nov 12 17:00:39.070 [initandlisten] options: { dbpath: "/tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096", noauth: true, nohttpinterface: true, nojournal: true, noprealloc: true, port: 27017, smallfiles: true, syncdelay: 0.0 }
[mongod output] Wed Nov 12 17:00:39.163 [FileAllocator] allocating new datafile /tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096/local.ns, filling with zeroes...
[mongod output] Wed Nov 12 17:00:39.164 [FileAllocator] creating directory /tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096/_tmp
[mongod output] Wed Nov 12 17:00:39.168 [FileAllocator] done allocating datafile /tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096/local.ns, size: 16MB,  took 0.001 secs
[mongod output] Wed Nov 12 17:00:39.168 [FileAllocator] allocating new datafile /tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096/local.0, filling with zeroes...
[mongod output] Wed Nov 12 17:00:39.169 [FileAllocator] done allocating datafile /tmp/embedmongo-db-ea5f67e1-17eb-4765-8f79-343c49954096/local.0, size: 16MB,  took 0 secs
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] ERROR: listen(): bind() failed errno:98 Address already in use for socket: 0.0.0.0:27017
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] ERROR:   addr already in use
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] now exiting
[mongod output] Wed Nov 12 17:00:39.170 dbexit: 
[mongod output] Could not start process: failed errno
sendShutdown thomas-VirtualBox/127.0.1.1:27017
Wed Nov 12 17:00:39.170 [initandlisten] shutdown: going to close listening sockets...
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] shutdown: going to flush diaglog...
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] shutdown: going to close sockets...
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] shutdown: waiting for fs preallocator...
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] shutdown: closing all files...
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] closeAllFiles() finished
[mongod output] Wed Nov 12 17:00:39.170 [initandlisten] shutdown: removing fs lock...
[mongod output] Wed Nov 12 17:00:39.170 dbexit: really exiting now
[mongod output] 
could not stop mongod with db command, try next
could not stop mongod, try next
could not stop mongod the second time, try one last thing
:startManagedMongoDb FAILED

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':startManagedMongoDb'.
> Could not start process: failed errno

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

@tschaffter
Copy link
Author

I'm currently redirecting HTTP to HTTPS. When login using curl, I don't get an access token as expected. I'm not 100% sure but I think this was working before the recent commits of oauth2-provider.

$ curl -v -X POST \
 -H "Content-Type: application/json" \
 -H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" 'http://localhost:8080/rest-oauth2/oauth/token?grant_type=password&username=xxx&password=password'
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 8080 (#0)
> POST /rest-oauth2/oauth/token?grant_type=password&username=xxx&password=password HTTP/1.1
> User-Agent: curl/7.35.0
> Host: localhost:8080
> Accept: */*
> Content-Type: application/json
> Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=
> 
< HTTP/1.1 302 Found
< Date: Wed, 12 Nov 2014 17:07:01 GMT
< Location: https://localhost:8443/rest-oauth2/oauth/token?grant_type=password&username=xxx&password=password
< Content-Length: 0
* Server Jetty(9.2.3.v20140905) is not blacklisted
< Server: Jetty(9.2.3.v20140905)
< 
* Connection #0 to host localhost left intact

@iainporter
Copy link
Owner

It looks like your webapp is redirecting to another port when using https, hence the 302 response.
I would need to see your config to comment further.

@tschaffter
Copy link
Author

I'm using Gretty's redirection filter, which has been released a few days ago (version 1.1.7+).

http://akhikhl.github.io/gretty-doc/Redirect-filter.html

The default port used by Gretty for HTTPS is 8443.

@tschaffter
Copy link
Author

I suggested the HTTP to HTTPS redirection to Gretty author one week ago and he came up once again with a feature very easy to use (see above doc link).

Add this code to web.xml

    <filter>
        <filter-name>RedirectFilter</filter-name>
        <filter-class>org.akhikhl.gretty.RedirectFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>RedirectFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>

Add WEB-INF/filter.groovy

filter scheme: 'http', {
  redirect new URIBuilder(requestURI).setScheme('https').setPort(httpsPort)
}

Enable HTTPS in Gretty configuration (build.gradle). Default HTTPS port is 8443.

gretty {
  httpsEnabled = true
  sslKeyStorePath = 'a_directory/keystore'
  sslKeyStorePassword = 'pass1'
  sslKeyManagerPassword = 'pass2'
}

@iainporter
Copy link
Owner

OK, thanks. I might get some time next week to try it out.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iainporter @tschaffter