Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Need help with an Authentication problem using OSLC Workshop Query RM example for RRC 3.0.1.3

Hello, I am using the Java example of the OSLC workshop (pdf page 134, LAB 6 Chapter 5.7 Query) and run against an existing RRC deployment.

Java to Query RRC using OSLC-RM REST service. In this example there are three steps:

1. Retrieve the Service Providers catalog (does not need authentication: execution ok)

2. Retrieve the designated Service Provider (Project Area) (needs authentication: execution fails)

3. Find the query capability element

Step 2 seems to run well (no errors) until the original request is re-executed at which point it ends in an exception.

<RRC_Server:Port>, <JTS_Server:Port>, <user>, <password>

Schematic of communication:

1. Request resource information

   https:// <RRC_Server:Port>/rdm/discovery/RMCatalog

   > returns result: 401

Set-Cookie

 jfs-oauth-realm-mapping=https%3A%2F%2F<RRC_Server:Port >%3D0; Path=/rdm; secure; HttpOnly

WWW-Authenticate

OAuth realm="Jazz"

Now we have the AuthURL. Then inside doRRCOAuth():

2. Request AuthURL  {http.protocol.handle-redirects=false}

In the console I get two warnings: 

18-Mar-2013 10:27:53 org.apache.http.impl.client.DefaultRequestDirector handleResponse
WARNING: Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm="Jazz"}

   > returns result: 302

Expires

Thu, 01 Jan 1970 01:00:00 CET

Set-Cookie

JSESSIONID=F0D16EC063ABCB97440343EF75AB644E; Path=/jts; Secure

X-com-ibm-team-repository-web-auth-msg

authrequired

Location

https://<JTS_Server:Port>/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize
%3Foauth_token%3D4dd7405017224da599373b4e3cdeea6c%26oauth_callback
%3Dhttps%253A%252F%252F<RRC_Server:Port>%252Frdm%252Fdiscovery%252FRMCatalog%253
Frequest_token_secret%253D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%25253D

Now we have Location.

3. Request Location  {http.protocol.handle-redirects=false}

   > returns result: 200

Expires

Thu, 01 Jan 1970 01:00:00 CET

Set-Cookie

 JazzFormAuth=Form; Path=/jts

 X-com-ibm-team-repository-web-auth-msg

 authrequired

And now we login:

4. Post https://<JTS_Server:Port>/jts/j_security_check

entity = j_username=<user>&j_password=<password>

   > returns result: 302

Location

 https:// <JTS_Server:Port>/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-
authorize%3Foauth_token%3D4dd7405017224da599373b4e3cdeea6c%26oauth_callback
%3Dhttps%253A%252F%
<RRC_Server:Port>%252Frdm%252Fdiscovery%252FRMCatalog
%253Frequest_token_secret%253D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%25253D

We get another location, which looks the same as we requested in action 3 back

5. Request Location {http.protocol.handle-redirects=false}

   > returns result: 302

Expires

 Thu, 01 Jan 1970 01:00:00 CET

Set-Cookie

JSESSIONID=F21CE0E1BBA9B85221BD7D5557063305; Path=/jts; Secure

Set-Cookie

JSESSIONIDSSO=1514206A67677B8B8E59B6D774B8D1CC; Path=/; Secure

Set-Cookie

X-com-ibm-team-foundation-auth-loop-avoidance=false

Location

https:// <JTS_Server:Port>/jts/oauth-authorize?
oauth_token=4dd7405017224da599373b4e3cdeea6c&oauth_
callback=https%3A%2F%<RRC_Server:Port>%2Frdm%2Fdiscovery%2FRMCatalog%3
Frequest_token_secret%3D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%253D

Extract from Location URL the oauth_token, oauth_callback and enter these as parameters in 6

6. Post https://<JTS_Server:Port>/jts/j_security_check

{authorize=true, oauth_callback=https%3A%2F%2F<RRC_Server:Port>%2Frdm%2Fdiscovery%2FRMCatalog%3Frequest_token_secret
%3D7toHPUiAOXsqEj0pnlZtC4g4l3bVMwPEqd7nH7nOf4c%253D, oauth_token=4dd7405017224da599373b4e3cdeea6c}

   > returns result: 200

No headers…

7. Exact retry action 1.

See results 1.  401 etc…

+ Unauthorized Exception…

What I changed to the code was the query split function; it receives a URL and is designed to handle only the query string. It was not returning all the parameters.

I am really hoping someone can help me resolve this frustrating issue.

Thanks in advance,

0 votes

Comments

Marc
Example05 works for me as-is against a 3.0.1.x server. I want to understand  how you got to your issue.  Was Example05 ever working for you? Did it work before you modified the performQuery() method? If so, can you tell me or post what you changed in the method so I can see how that could cause anything. 
And what version of the workshop are you running? The latest code was refreshed in Feb 2013.

Hello Rosa,

Here are the answers to your questions:
- I am using the zip file named: 2013-02-11-oslc-workshop.zip
- Example 5 was never fully working for me. For two reasons.
1. getQueryMap(String query) is not build to parse a URL, only the query string part. location3.getValue() returns a URL, oauthToken would be null without adding .split("\?")[1] Because oauth_token is the first query parameter. It could be that you have another first parameter returned in your URL (which will not get mapped correctly then).
2. I never get to performQuery() . In example 5 's void run // step 2 getServiceProvider(catalogURI, projectAreaName) requires authentication (which fails).
- I changed some printing functions to get out more information while debug=true, the results with debug=false remain the same.

Thanks for looking into it. I am sorry you had to wait so long for a response, I assume we are in different parts of the world.

Marc.

Marc,
Let me provide my output and see if it shows any helpful hints when contrasted with your output. If you're willing to post your email, I can send it to you. It's too much to post here.



2 answers

Permanent link
In step 6, you show a POST again to /jts/j_security_check:
6. Post https://<jts_server:port>/jts/j_security_check

At that stage, I believe that should be a POST to /jts/oauth-authorize
Was that a misprint, or is a second call to /jts/j_security_check being called here instead?

Tom

0 votes

Comments

Hi Tom,

Thanks for replying. According to the original code in HttpUtils.java it is a POST /jts/j_security_check

I haven't changed this part of the code. See original code below:

HttpPost formPost2 = new HttpPost(jtsURI+"/j_security_check");formPost2.getParams().setParameter("oauth_token", oauthToken);formPost2.getParams().setParameter("oauth_callback", oauthCallback);formPost2.getParams().setParameter("authorize", "true");formPost2.addHeader("Content-Type","application/x-www-form-urlencoded;charset=UTF-8");
What is missing from the output, my mistake, is the POST header "Content-Type" which was there and I had not printed in the output.

What do you think now? Should I change it for /jts/oauth-authorize ?

Marc.


Tom,
The doRRCOAuth() method that is used in the HttpUtils class of the OSLC workshop has 2 calls to Post https://jts_server:port>/jts_j_security_check.

I can send you the code offline.


Permanent link
Marc, here is my output before submitting the query
>> GET(1) https://<servername>:9443/rm/rootservices
>> Response Headers:
- Server: Apache-Coyote/1.1
- OSLC-Core-Version: 2.0
- Expires: Thu, 21 Mar 2013 17:06:07 EDT
- Cache-Control: public
- Content-Type: application/rdf+xml
- Transfer-Encoding: chunked
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Service Providers Catalog: https://<servername>:9443/rm/discovery/RMCatalog
>> GET(1) https://<servername>:9443/rm/discovery/RMCatalog
Mar 21, 2013 5:00:59 PM org.apache.http.impl.client.DefaultRequestDirector handleResponse
WARNING: Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm="Jazz"}
>> Response Headers:
- Server: Apache-Coyote/1.1
- Set-Cookie: jfs-oauth-realm-mapping=https%3A%2F%2Fpwblocal%3A9443%3D0; Path=/rm; secure; HttpOnly
- X-jazz-web-oauth-url: https://<servername>:9443/jts/oauth-authorize?oauth_callback=https%3A%2F%2Fpwblocal%3A9443%2Frm%2Fdiscovery%2FRMCatalog%3Frequest_token_secret%3DRydKIZpnqlRHOOG%252B1OgC2g0LVJf66Xbd%252BayoTgtDVNY%253D&oauth_token=67136565920e4ce4aee6d3d218e76ce0
- WWW-Authenticate: OAuth realm="Jazz"
- Content-Type: text/html
- Content-Length: 634
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Response Headers:
- Server: Apache-Coyote/1.1
- Cache-Control: private
- Expires: Wed, 31 Dec 1969 19:00:00 EST
- Set-Cookie: JSESSIONID=9BD03508ACEA84E3236FC3C5A2B08737; Path=/jts/; Secure; HttpOnly
- X-com-ibm-team-repository-web-auth-msg: authrequired
- Location: https://<servername>:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D67136565920e4ce4aee6d3d218e76ce0%26oauth_callback%3Dhttps%253A%252F%252Fpwblocal%253A9443%252Frm%252Fdiscovery%252FRMCatalog%253Frequest_token_secret%253DRydKIZpnqlRHOOG%25252B1OgC2g0LVJf66Xbd%25252BayoTgtDVNY%25253D
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Response Headers:
- Server: Apache-Coyote/1.1
- Cache-Control: private
- Expires: Wed, 31 Dec 1969 19:00:00 EST
- Set-Cookie: JazzFormAuth=Form; Path=/jts
- X-com-ibm-team-repository-web-auth-msg: authrequired
- Content-Type: text/html;charset=UTF-8
- Content-Length: 2493
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> POST https://pwblocal:9443/jts/j_security_check
- Server: Apache-Coyote/1.1
- Location: https://<servername>:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D67136565920e4ce4aee6d3d218e76ce0%26oauth_callback%3Dhttps%253A%252F%252Fpwblocal%253A9443%252Frm%252Fdiscovery%252FRMCatalog%253Frequest_token_secret%253DRydKIZpnqlRHOOG%25252B1OgC2g0LVJf66Xbd%25252BayoTgtDVNY%25253D
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> Response Headers:
- Server: Apache-Coyote/1.1
- Cache-Control: private
- Expires: Wed, 31 Dec 1969 19:00:00 EST
- Set-Cookie: JSESSIONID=1B66DC020DA7E2DE9CBCDA497097159F; Path=/jts/; Secure; HttpOnly
- Set-Cookie: JSESSIONIDSSO=078577EF506EB9BE7B9198799FB43F80; Path=/; Secure; HttpOnly
- Set-Cookie: X-com-ibm-team-foundation-auth-loop-avoidance=false
- Location: https://<servername>:9443/jts/oauth-authorize?oauth_token=67136565920e4ce4aee6d3d218e76ce0&oauth_callback=https%3A%2F%2Fpwblocal%3A9443%2Frm%2Fdiscovery%2FRMCatalog%3Frequest_token_secret%3DRydKIZpnqlRHOOG%252B1OgC2g0LVJf66Xbd%252BayoTgtDVNY%253D
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT
>> POST https://<servername>:9443/jts/j_security_check
- Server: Apache-Coyote/1.1
- Content-Length: 0
- Date: Thu, 21 Mar 2013 21:01:07 GMT

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,926
× 515
× 89

Question asked: Mar 18 '13, 12:54 p.m.

Question was seen: 6,887 times

Last updated: Mar 22 '13, 10:23 a.m.

Confirmation Cancel Confirm