It's all about the answers!

Ask a question

Can't access the URL using my credentials now.

sri K (155) | asked Aug 17 '23, 2:02 a.m.

 Hi Team,

I am using DOORs 6 and I have written a python script which creates a session using username and password.
Using the session, I am executing the request,
1. rootservices 
2. Then, executes this url - https://<server>/rm/oslc_config/components. When I execute this URL with username and password, it returns 401, When I execute it with JSESSIONID it returns 403(Permission Denied).

If I calls this url(https://<server>/rm/oslc_config/components) in browser, it is able to download the contents of the URL.  It means I have permission, right? But If I execute it in script/postman, I am getting this error.

FYI, Earlier, it was working fine, now I got this error.

Any reasons why it occured? How to resolve it?
Please share your thoughts.

2 answers

permanent link
Ralph Schoon (63.2k33646) | answered Aug 17 '23, 6:07 a.m.
edited Aug 17 '23, 6:09 a.m.

 For ELM/DOORS Next also see 

For examples.

For DOORS Next, you need to authenticate to JTS. Not sure about DOORS.

sri K commented Aug 17 '23, 6:14 a.m.

Sorry, I was talking about DOORs Next gen. not DOORs

sri K commented Aug 17 '23, 6:14 a.m.

 Thanks for the info.

permanent link
Ian Barnard (1.9k613) | answered Aug 17 '23, 4:36 a.m.
edited Aug 17 '23, 4:48 a.m.

Sounds like you're trying to insert authentication cookies? You do not need to do that: in your python script which I guess uses the Python Requests package you should create and always then use the same requests session during authentication and then forever after; it will propagate cookies it receives into subsequent http actions and you literally have to do nothing other than keep using the same session.

Of course you always have to watch out for the authentication expiry but you can do that by examining every response for an indication that you're not authenticated and then do the authentication and repeat the original request. Having this automatic authentication implementation in place means you do not need to do an initial explicit authentication because this will be automatically handled by your code when you first try to access a protected resource.

I'd guess that your authentication isn't working, i.e. not implemented correctly or you're not using a valid user+password, or perhaps that user doesn't have permission to access whatever you're trying to access. More on authentication here

sri K commented Aug 17 '23, 4:56 a.m.

Thanks for the response.

In my python code, I am creating the session and using it across my entire application. I don't think it is expired, because for every run it is creating a session. 

The code was working fine earlier (so it is implemented correctly and I'm using valid credentials). But I can access the same content from browser (which means I have permission from browser). Do we need any access for accessing it through external tools?

Yesterday I tried the same in POSTMAN, it throws me 401 (when I used Basic auth) and it throws 403 (when I used cookies).

sri K commented Aug 17 '23, 5:11 a.m. | edited Aug 17 '23, 5:12 a.m.

Please note that I used the same code. 

@Ian Barnard, Any other possibilities for this scenario?

Ian Barnard commented Aug 17 '23, 5:21 a.m.

no - your authentication code isn't working so you'll have to debug it.

sri K commented Aug 17 '23, 5:45 a.m. | edited Aug 17 '23, 5:45 a.m.

 Okay, Let's leave the code.

@Ian Barnard, Let's use POSTMAN application, there I execute the url -  https://<server>/rm/oslc_config/components with basic auth. There I get 401 error.

What does it mean?

Ian Barnard commented Aug 17 '23, 5:46 a.m. | edited Aug 17 '23, 5:47 a.m.
It means you're not authenticated. Refer

AFAIK Basic auth isn't enabled in the default Liberty setup, so unless your deployment has consciously enabled it I wouldn't expect basic auth to work.

sri K commented Aug 17 '23, 5:47 a.m. | edited Aug 17 '23, 5:51 a.m.

In this case, which auth method should I use? Please share your suggestion.

One point is, it was working fine earlier with the same server. Not sure if admin has modified any settings.
@Ian Barnard, should I contact the admin to enable it?

Ian Barnard commented Aug 17 '23, 5:50 a.m.

IDK - refer to - probably FORM but your deployment may use JAS which is a rather different ballgame. Good luck!

sri K commented Aug 17 '23, 5:53 a.m. | edited Aug 17 '23, 5:56 a.m.

@Ian Barnard, is there a way to check which type of authentication does my server support?

Ian Barnard commented Aug 17 '23, 5:59 a.m.
showing 5 of 9 show 4 more comments

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.