It's all about the answers!

Ask a question

How to fetch the user roles in a project area in RRC programmatically?

Achla Sharma (31216) | asked Apr 08 '15, 8:51 a.m.

We are working on RRC extension where I am trying to fetch the roles assigned to a user in the RRC Project area. Following is the code :

HttpGet query = new HttpGet("");
    query.addHeader("Referer", "" + "/admin");
   query.addHeader("DoorsRP-Request-Type", "private");

   query.addHeader("Accept", "application/xml");

  DefaultHttpClient hc = new DefaultHttpClient();

    HttpResponse response = hc.execute(query);

I am getting a 401 Unauthorized Response. I am able to access the response xml from a normal browser. Am I missing out on anything?

Bas Bekker commented Apr 08 '15, 11:14 a.m.

What does the response content say, any details in the error message?
And do you have a user session with the RM server, i.e. are you authenticated?

And note that what you are trying to do is not part of the public REST API that RM and the Jazz platform provides.

Achla Sharma commented Apr 09 '15, 2:52 a.m.

The error message simply states Unauthorized with an error code 401. I tried authenticating using the login credentials. But the issue persists.

query.addHeader(BasicScheme.authenticate(new UsernamePasswordCredentials(login, password), "UTF-8",false));

Is there some other way to fetch the user roles in a project area?

One answer

permanent link
Donald Nong (14.4k314) | answered Apr 09 '15, 6:22 a.m.
The URL should be the right one. I have tried it in different browsers and cURL but not been able to get an HTTP 401 error. With a logged in session, the response is HTTP 200 with the user information including <jp06:role-assignments>. Without a logged in session, the response is HTTP 302 and the response contains the log in page. If the logged-in user has no repository permission, the response is HTTP 403.

Note that normally we POST the user name and password to the "j_security_check" URL to log in (where CLM is by default configured to use FORM authentication). The way you put user name/password in HTTP headers is for BASIC authentication.

Bas Bekker commented Apr 09 '15, 8:55 p.m. | edited Apr 09 '15, 8:59 p.m.

Thanks Donald, and right, you should use the form based POST to get through the OAuth dance to get authenticated.

Achla, on the 401 response you should see 'a x-com-ibm-team-repository-webauth-msg : authrequired' header indicating that you are not authenticated.
For a code sample how to do that, you can look at the the OSLC Workshop pdf document, section 6.3; Jazz form-based authentication.
Also see wiki document Jazz Foundation Core Security - User Authentication

Your answer

Register or to post your answer.