REST: Authenticating

I'm having trouble using the REST web service because I don't know how
to get programmatic authentication working.

Right now, I'm trying to post data to the authentication service but
I'm doing something wrong.

String.Format("https://jazzserver:9443/jazz/secure/web/console/j_security_check?j_username={0}&j_password={1}",
username, password);

That's what I've been trying, but the response is always an
authentication failed error.

How do you authenticate against Jazz?

POSTing j_username and j_password directly to /j_security_check works on
Jetty, but not on e.g. Tomcat. Tomcat doesn't allow "drive-by" logins and
redirects you to a login page along with a temporary session ID cookie.
This cookie needs to be included in the POST to /j_security_check if I
remember correctly.

--
Regards,
Patrick
Jazz Work Item Team

I'm having trouble using the REST web service because I don't know how
to get programmatic authentication working.

Right now, I'm trying to post data to the authentication service but
I'm doing something wrong.

String.Format("https://jazzserver:9443/jazz/secure/web/console/j_security_check?j_username={0}&j_password={1}",
username, password);

That's what I've been trying, but the response is always an
authentication failed error.

How do you authenticate against Jazz?

POSTing j_username and j_password directly to /j_security_check works on
Jetty, but not on e.g. Tomcat. Tomcat doesn't allow "drive-by" logins and
redirects you to a login page along with a temporary session ID cookie.
This cookie needs to be included in the POST to /j_security_check if I
remember correctly.

--
Regards,
Patrick
Jazz Work Item Team


Thanks Patrick.

We're actually using Websphere 6.1 on Windows x64 with the latest fixpacks. We're trying to do this through automation (it's going to be part of our custom test management solution) from VB6.

Can you give me an example post with the ADMIN account?

I'm having trouble using the REST web service because I don't know how
to get programmatic authentication working.

Right now, I'm trying to post data to the authentication service but
I'm doing something wrong.

String.Format("https://jazzserver:9443/jazz/secure/web/console/j_security_check?j_username={0}&j_password={1}",
username, password);

That's what I've been trying, but the response is always an
authentication failed error.

How do you authenticate against Jazz?

POSTing j_username and j_password directly to /j_security_check works on
Jetty, but not on e.g. Tomcat. Tomcat doesn't allow "drive-by" logins and
redirects you to a login page along with a temporary session ID cookie.
This cookie needs to be included in the POST to /j_security_check if I
remember correctly.

--
Regards,
Patrick
Jazz Work Item Team


Thanks Patrick.

We're actually using Websphere 6.1 on Windows x64 with the latest fixpacks. We're trying to do this through automation (it's going to be part of our custom test management solution) from VB6.

Can you give me an example post with the ADMIN account?

This is working C# code to get a workitem from the rest service as a string. It's ugly, but if anyone else wants to do the same thing it'll get you started.

const string SERVICE_BASE = "https://jazzhost:9443/jazz/service/com.ibm.team.workitem.service.internal.roa.IRestService/workitems/{0}";

const string JAZZ_BASE = "https://jazzhost:9443/jazz/";

const string JAZZ_AUTH = "https://jazzhost:9443/jazz/j_security_check?j_username={0}&j_password={1}";

const string JAZZ_HOST = "jazzhost";



private static string GetWorkItem(string username, string password, int workitem_id)

{

	HttpWebRequest request = WebRequest.Create(new Uri(JAZZ_BASE)) as HttpWebRequest;

	HttpWebResponse intialResponse = request.GetResponse() as HttpWebResponse;



	CookieContainer container = new CookieContainer();



	foreach (string cookietext in intialResponse.Headers["Set-Cookie"].Split(';'))

	{

		string trimmedCookie = cookietext.Trim();

		if (trimmedCookie.StartsWith("Path"))

			continue;

		Cookie c = new Cookie(trimmedCookie.Split('=')[0], trimmedCookie.Split('=')[1]);

		c.Domain = JAZZ_HOST;

		container.Add(c);

	}



	request = WebRequest.Create(new Uri(String.Format(JAZZ_AUTH, username, password))) as HttpWebRequest;

	request.Method = "POST";

	request.ContentType = "application/x-www-form-urlencoded";

	request.Referer = JAZZ_BASE;

 

	request.CookieContainer = container;



	HttpWebResponse response = request.GetResponse() as HttpWebResponse;

  

	response.Close();



	request = WebRequest.Create(new Uri(String.Format(SERVICE_BASE, workitem_id))) as HttpWebRequest;



	request.Referer = response.ResponseUri.ToString();



	request.CookieContainer = container;



	response = request.GetResponse() as HttpWebResponse;



	StreamReader reader = new StreamReader(response.GetResponseStream());

	string response_content = reader.ReadToEnd();

	reader.Close();

	response.Close();



	return response_content;

}

This is working C# code to get a workitem from the rest service as a
string. It's ugly, but if anyone else wants to do the same thing
it'll get you started.
const string SERVICE_BASE =
"https://jazzhost:9443/jazz/service/com.ibm.team.workitem.service.internal.roa.IRestService/workitems/{0}";
const string JAZZ_BASE =
"https://jazzhost:9443/jazz/";
const string JAZZ_AUTH =
"https://jazzhost:9443/jazz/j_security_check?j_username={0}&j_password={1}";
const string JAZZ_HOST = "jazzhost";

Please keep in mind that (as
https://jazz.net/wiki/bin/view/Main/ResourceOrientedWorkItems states) this
API is temporary and will change considerably for the 2.0 release.

--
Regards,
Patrick
Jazz Work Item Team

Hi Derek,

Can you enable the REST authenticating by programmatic way now? I'm also having this problem in my project...

I read your sample code and seems you connect to the jazz server firstly for getting the cookie value, and then store this cookie value for the following HTTP request. Can we pass the REST authenticating just following this way? I tried to follow this way and implement using Java code but it doesn't work for me...

I use Tomcat as the app container. It can be passed in the Embedded Jetty but can not work in Tomcat.

Any responses or help would be very appreciated.

This is working C# code to get a workitem from the rest service as a
string. It's ugly, but if anyone else wants to do the same thing
it'll get you started.
const string SERVICE_BASE =
"https://jazzhost:9443/jazz/service/com.ibm.team.workitem.service.internal.roa.IRestService/workitems/{0}";
const string JAZZ_BASE =
"https://jazzhost:9443/jazz/";
const string JAZZ_AUTH =
"https://jazzhost:9443/jazz/j_security_check?j_username={0}&j_password={1}";
const string JAZZ_HOST = "jazzhost";

Please keep in mind that (as
https://jazz.net/wiki/bin/view/Main/ResourceOrientedWorkItems states) this
API is temporary and will change considerably for the 2.0 release.

--
Regards,
Patrick
Jazz Work Item Team

Are there documentation on how this is changing for the 2.0 release?
Can authentication work consistently across different types of servers ?

Ying

See https://jazz.net/wiki/bin/view/Main/ResourceOrientedWorkItemAPIv2
Appendix A has some examples showing how to authenticate using curl.

I followed this guide I found for a completely unrelated problem and finally managed to make authenticating easy:

http://www.ibm.com/developerworks/rational/library/08/1014_ramamoorthy/?S_TACT=105AGX15&S_CMP=LP

(Changes Login mode from FORM to BASIC). This seems to resolve the problems some users have where they are forced to login twice as well.

Then for each web request in c#:

req.PreAuthenticate = true;

req.Proxy.Credentials =

req.Credentials = new System.Net.NetworkCredential("username@work.com", "password123");

For using Form Authentication add a user/password check to Derek code:
After this code

request = WebRequest.Create(new Uri(String.Format(JAZZ_AUTH, username, password))) as HttpWebRequest; 

   request.Method = "POST"; 

   request.ContentType = "application/x-www-form-urlencoded"; 

   request.Referer = JAZZ_BASE; 

  

   request.CookieContainer = container; 



   HttpWebResponse response = request.GetResponse() as HttpWebResponse; 

Add the check:

if (response.Headers["X-com-ibm-team-repository-web-auth-msg"] != null

     && response.Headers["X-com-ibm-team-repository-web-auth-msg"] == "authfailed")

{

   throw new System.Security.Authentication.AuthenticationException("Authentication Error");

}

Was there anything else you needed to do other than commenting out the form based config and uncommenting:

 <login>

            <auth>BASIC</auth>

            <realm>Jazz</realm>

        </login>

... in the /jazz/server/tomcat/webapps/jazz/WEB-INF/web.xml file? (note that full element names are just not appearing correctly in this forum but they are complete in the web.xml file)

Thanks,

-Rob

I followed this guide I found for a completely unrelated problem and finally managed to make authenticating easy:

http://www.ibm.com/developerworks/rational/library/08/1014_ramamoorthy/?S_TACT=105AGX15&S_CMP=LP

(Changes Login mode from FORM to BASIC). This seems to resolve the problems some users have where they are forced to login twice as well.

Then for each web request in c#:

req.PreAuthenticate = true;

req.Proxy.Credentials =

req.Credentials = new System.Net.NetworkCredential("username@work.com", "password123");