It's all about the answers!

Ask a question

400 Bad Request when try to login RTC via perl

ye chen (111) | asked Aug 18 '14, 12:37 p.m.
edited Aug 19 '14, 12:32 p.m. by Ralph Earle (25739)
 I tried to get work items from RTC via WorkItemAPI, but I failed at login steps with 400 bad request. My code and log are here. the script worked for me last week, but now it doesn't work.  Can you help me resolve the issue? Thanks.

my $COOKIES="./cookies.txt";
my $IDENTIFY_URL = "/authenticated/identity";
my $AUTH_URL = "/auth/j_security_check";
my $url = '';
my $username = '';
my $password) = 'XXXXXX';
my $cookiejar = HTTP::Cookies->new(file=>$COOKIES, autosave=>1, ignorediscard => 1,);
my $header = HTTP::Headers->new();
my $ua = LWP::UserAgent->new();
my $accountdata = { 'j_username'=> $username, 'j_password'=> $password };
my $response = $ua->get($url.$IDENTIFY_URL);
DebugPrint($ua, "Response from $url$IDENTIFY_URL", $response );
$response = $ua->post($url.$AUTH_URL, Content=>$accountdata);
DebugPrint($ua, "Respone from $url$AUTH_URL", $response);

$response = $ua->get($url.$IDENTIFY_URL);
DebugPrint($ua, "Response from $url$IDENTIFY_URL", $response );
$ua->default_header('Content-Type' => "application/json");
$ua->default_header('Accept' => "application/json");
$ua->default_header('OSLC-Core-Version' => "2.0");
#$ua->default_header('X-Jazz-CSRF-Prevent', getCookieValue($cookiejar, 'JSESSIONID') );
sub DebugPrint{
my ( $ua, $msg, $response) = @_;

Ralph Earle commented Aug 19 '14, 12:40 p.m. | edited Aug 19 '14, 12:46 p.m.

Ye Chen, I have removed and archived the log from the original post, as it exceeded the maximum length, and blocked all answers and comments. Are there relevant details that you can excerpt from the log? 

Kevin Ramer commented Aug 19 '14, 12:52 p.m.

I am one of the admins for the server in question.   We just upgraded from 4.0.5 to 4.0.7 on Saturday and migrated from a mix of Tomcat / WebSphere to 100% WebSphere ( base).   As such, a Single Sign-on domain is in effect ( which is quite nice, I must say ). 

I have scripting with Perl that leverages the X-Jazz-CSRF-Prevent header in similar fashion and it continues to function as I would expect.  However, I might mention that the ID used for authentication there is a JazzAdmin.   We have another member of our user community reporting similar issue, apparently JSESSIONID not coming across.

One answer

permanent link
Dan Mazzella (1) | answered Aug 19 '14, 1:29 p.m.
 Our app is reviewboard, written in python.  The general flow of the process is as follows:

1. A review request is requested by a user, who supplies the repo url, username and password
2. Python makes an initial http-get request to: https://<SERVER.FQDN>:9443/jazz/authenticated/identity
3. This used to return a cookie with JSESSIONID, but now the cookie just contains: Set-Cookie: JazzFormAuth=Form; Path=/jazz; Secure
4. That JSESSIONID is then used downstream to authenticate and keep the user signed in.

I'm looking into the python code to see if there is another way to get the JSESSIONID.

ye chen commented Aug 19 '14, 6:26 p.m. | edited Aug 20 '14, 9:40 a.m.

 Thanks.  It works for me when I replace "$ua->agent('Mozilla/5.0');" with "$ua->agent();", but I don't why.

Dan Mazzella commented Aug 20 '14, 10:59 a.m.

It turns out now the JSESSIONID isn't set until after you sign in.  At that point you can use it  to set the  X-Jazz-CSRF-Prevent.  

I altered the review board python code to be more robust around the getting/setting of cookies. 

Your answer

Register or to post your answer.