Need help with an Authentication problem using OSLC Workshop Query RM example for RRC 3.0.1.3
Java to Query RRC using OSLC-RM REST service. In this example there are three steps:
1. Retrieve the Service Providers catalog (does not need authentication: execution ok)
2. Retrieve the designated Service Provider (Project Area) (needs authentication: execution fails)
3. Find the query capability element
Step 2 seems to run well (no errors) until the original request is re-executed at which point it ends in an exception.
<RRC_Server:Port>, <JTS_Server:Port>, <user>, <password>
Schematic of communication:
1. Request resource information
https:// <RRC_Server:Port>/rdm/discovery/RMCatalog
> returns result: 401
Set-Cookie |
jfs-oauth-realm-mapping=https%3A%2F%2F<RRC_Server:Port >%3D0; Path=/rdm; secure; HttpOnly |
WWW-Authenticate |
OAuth realm="Jazz" |
Now we have the AuthURL. Then inside doRRCOAuth():
2. Request AuthURL {http.protocol.handle-redirects=false}
In the console I get two warnings:
18-Mar-2013 10:27:53 org.apache.http.impl.client.DefaultRequestDirector handleResponse WARNING: Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm="Jazz"}
> returns result: 302
Expires |
Thu, 01 Jan 1970 01:00:00 CET |
Set-Cookie |
JSESSIONID=F0D16EC063ABCB97440343EF75AB644E; Path=/jts; Secure |
X-com-ibm-team-repository-web-auth-msg |
authrequired |
Location |
https://<JTS_Server:Port>/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize
%3Foauth_token%3D4dd7405017224da599373b4e3cdeea6c%26oauth_callback %3Dhttps%253A%252F%252F<RRC_Server:Port>%252Frdm%252Fdiscovery%252FRMCatalog%253 Frequest_token_secret%253D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%25253D |
Now we have Location.
3. Request Location {http.protocol.handle-redirects=false}
> returns result: 200
Expires |
Thu, 01 Jan 1970 01:00:00 CET |
Set-Cookie |
JazzFormAuth=Form; Path=/jts |
X-com-ibm-team-repository-web-auth-msg |
authrequired |
And now we login:
4. Post https://<JTS_Server:Port>/jts/j_security_check
entity = j_username=<user>&j_password=<password>
> returns result: 302
Location |
https:// <JTS_Server:Port>/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-
authorize%3Foauth_token%3D4dd7405017224da599373b4e3cdeea6c%26oauth_callback %3Dhttps%253A%252F%<RRC_Server:Port>%252Frdm%252Fdiscovery%252FRMCatalog %253Frequest_token_secret%253D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%25253D |
We get another location, which looks the same as we requested in action 3 back
5. Request Location {http.protocol.handle-redirects=false}
> returns result: 302
Expires |
Thu, 01 Jan 1970 01:00:00 CET |
Set-Cookie |
JSESSIONID=F21CE0E1BBA9B85221BD7D5557063305; Path=/jts; Secure |
Set-Cookie |
JSESSIONIDSSO=1514206A67677B8B8E59B6D774B8D1CC; Path=/; Secure |
Set-Cookie |
X-com-ibm-team-foundation-auth-loop-avoidance=false |
Location |
https:// <JTS_Server:Port>/jts/oauth-authorize?
|
Extract from Location URL the oauth_token, oauth_callback and enter these as parameters in 6
6. Post https://<JTS_Server:Port>/jts/j_security_check
{authorize=true, oauth_callback=https%3A%2F%2F<RRC_Server:Port>%2Frdm%2Fdiscovery%2FRMCatalog%3Frequest_token_secret
%3D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%253D, oauth_token=4dd7405017224da599373b4e3cdeea6c}
> returns result: 200
No headers…
7. Exact retry action 1.
See results 1. 401 etc…
+ Unauthorized Exception…
What I changed to the code was the query split function; it receives a URL and is designed to handle only the query string. It was not returning all the parameters.
I am really hoping someone can help me resolve this frustrating issue.
Thanks in advance,
2 answers
6. Post https://<jts_server:port>/jts/j_security_check
At that stage, I believe that should be a POST to /jts/oauth-authorize
Was that a misprint, or is a second call to /jts/j_security_check being called here instead?
Tom
Comments
Hi Tom,
Thanks for replying. According to the original code in HttpUtils.java it is a POST /jts/j_security_check
I haven't changed this part of the code. See original code below:
HttpPost formPost2 = new HttpPost(jtsURI+"/j_security_check");formPost2.getParams().setParameter("oauth_token", oauthToken);formPost2.getParams().setParameter("oauth_callback", oauthCallback);formPost2.getParams().setParameter("authorize", "true");formPost2.addHeader("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");What is missing from the output, my mistake, is the POST header "Content-Type" which was there and I had not printed in the output.
What do you think now? Should I change it for /jts/oauth-authorize ?
Marc.
Tom,
The doRRCOAuth() method that is used in the HttpUtils class of the OSLC workshop has 2 calls to Post https://jts_server:port>/jts_j_security_check.
I can send you the code offline.
Marc, here is my output before submitting the query >> GET(1) https://<servername>:9443/rm/rootservices >> Response Headers:
- Server: Apache-Coyote/1.1
- OSLC-Core-Version: 2.0
- Expires: Thu, 21 Mar 2013 17:06:07 EDT
- Cache-Control: public
- Content-Type: application/rdf+xml
- Transfer-Encoding: chunked
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Service Providers Catalog: https://<servername>:9443/rm/discovery/RMCatalog
>> GET(1) https://<servername>:9443/rm/discovery/RMCatalog
Mar 21, 2013 5:00:59 PM org.apache.http.impl.client.DefaultRequestDirector handleResponse
WARNING: Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm="Jazz"}
>> Response Headers:
- Server: Apache-Coyote/1.1
- Set-Cookie: jfs-oauth-realm-mapping=https%3A%2F%2Fpwblocal%3A9443%3D0; Path=/rm; secure; HttpOnly
- X-jazz-web-oauth-url: https://<servername>:9443/jts/oauth-authorize?oauth_callback=https%3A%2F%2Fpwblocal%3A9443%2Frm%2Fdiscovery%2FRMCatalog%3Frequest_token_secret%3DRydKIZpnqlRHOOG%252B1OgC2g0LVJf66Xbd%252BayoTgtDVNY%253D&oauth_token=67136565920e4ce4aee6d3d218e76ce0
- WWW-Authenticate: OAuth realm="Jazz"
- Content-Type: text/html
- Content-Length: 634
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Response Headers:
- Server: Apache-Coyote/1.1
- Cache-Control: private
- Expires: Wed, 31 Dec 1969 19:00:00 EST
- Set-Cookie: JSESSIONID=9BD03508ACEA84E3236FC3C5A2B08737; Path=/jts/; Secure; HttpOnly
- X-com-ibm-team-repository-web-auth-msg: authrequired
- Location: https://<servername>:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D67136565920e4ce4aee6d3d218e76ce0%26oauth_callback%3Dhttps%253A%252F%252Fpwblocal%253A9443%252Frm%252Fdiscovery%252FRMCatalog%253Frequest_token_secret%253DRydKIZpnqlRHOOG%25252B1OgC2g0LVJf66Xbd%25252BayoTgtDVNY%25253D
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Response Headers:
- Server: Apache-Coyote/1.1
- Cache-Control: private
- Expires: Wed, 31 Dec 1969 19:00:00 EST
- Set-Cookie: JazzFormAuth=Form; Path=/jts
- X-com-ibm-team-repository-web-auth-msg: authrequired
- Content-Type: text/html;charset=UTF-8
- Content-Length: 2493
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> POST https://pwblocal:9443/jts/j_security_check
- Server: Apache-Coyote/1.1
- Location: https://<servername>:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D67136565920e4ce4aee6d3d218e76ce0%26oauth_callback%3Dhttps%253A%252F%252Fpwblocal%253A9443%252Frm%252Fdiscovery%252FRMCatalog%253Frequest_token_secret%253DRydKIZpnqlRHOOG%25252B1OgC2g0LVJf66Xbd%25252BayoTgtDVNY%25253D
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Response Headers:
- Server: Apache-Coyote/1.1
- Cache-Control: private
- Expires: Wed, 31 Dec 1969 19:00:00 EST
- Set-Cookie: JSESSIONID=1B66DC020DA7E2DE9CBCDA497097159F; Path=/jts/; Secure; HttpOnly
- Set-Cookie: JSESSIONIDSSO=078577EF506EB9BE7B9198799FB43F80; Path=/; Secure; HttpOnly
- Set-Cookie: X-com-ibm-team-foundation-auth-loop-avoidance=false
- Location: https://<servername>:9443/jts/oauth-authorize?oauth_token=67136565920e4ce4aee6d3d218e76ce0&oauth_callback=https%3A%2F%2Fpwblocal%3A9443%2Frm%2Fdiscovery%2FRMCatalog%3Frequest_token_secret%3DRydKIZpnqlRHOOG%252B1OgC2g0LVJf66Xbd%252BayoTgtDVNY%253D
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> POST https://<servername>:9443/jts/j_security_check
- Server: Apache-Coyote/1.1
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
Comments
Rosa Naranjo
FORUM MODERATOR / JAZZ DEVELOPER Mar 21 '13, 5:20 p.m.Marc
Example05 works for me as-is against a 3.0.1.x server. I want to understand how you got to your issue. Was Example05 ever working for you? Did it work before you modified the performQuery() method? If so, can you tell me or post what you changed in the method so I can see how that could cause anything.
And what version of the workshop are you running? The latest code was refreshed in Feb 2013.
Marc van Leeuwen
Mar 22 '13, 5:33 a.m.Hello Rosa,
Here are the answers to your questions:
- I am using the zip file named: 2013-02-11-oslc-workshop.zip
- Example 5 was never fully working for me. For two reasons.
1. getQueryMap(String query) is not build to parse a URL, only the query string part. location3.getValue() returns a URL, oauthToken would be null without adding .split("\?")[1] Because oauth_token is the first query parameter. It could be that you have another first parameter returned in your URL (which will not get mapped correctly then).
2. I never get to performQuery() . In example 5 's void run // step 2 getServiceProvider(catalogURI, projectAreaName) requires authentication (which fails).
- I changed some printing functions to get out more information while debug=true, the results with debug=false remain the same.
Thanks for looking into it. I am sorry you had to wait so long for a response, I assume we are in different parts of the world.
Marc.
Rosa Naranjo
FORUM MODERATOR / JAZZ DEVELOPER Mar 22 '13, 10:15 a.m.Marc,
Let me provide my output and see if it shows any helpful hints when contrasted with your output. If you're willing to post your email, I can send it to you. It's too much to post here.