I have a Spring app that I secured with Keycloak. I can access it with a terminal using the following command curl -X GET http://localhost:9089/my-service/mypage -H 'Authorization: Bearer +access_token'. Its is a bearer-only type of security.
I followed this tutorial (I had a hard time with french but still I figured it out) https://blog.ineat-conseil.fr/2017/11/securisez-vos-apis-spring-avec-keycloak-2-parametrage-dun-domaine-keycloak/
As a result, I get the HTML code of the corresponding page, which makes me think that it works.
However, when I try to type the link http://localhost:9089/my-service/mypagein my browser, it displays a 401 Unauthorized error. I'm using a #Controller and not a #RestController, even though I'm not sure that makes any significant difference in this case.
It's nice that it works with the terminal, but I can't really use my app with it.
My question is how can I overcome that 401 error so I can actually access my front interface from my browser ?
Related
I have a simple nativeScript application (ng-groceries ), which I created by following up a tutorial. And Now I have also managed to get Jhipster Microservice and Jhipster Microservice Gateway App is up and running. I am trying to login from nativeScript app to Jhipster app. I have searched many places, tried to understand generated code , but not able to figure out the solution. I know this has to do something with JWT token, Can someone please point me in the correct direction, or give an approach to the solution. It will be great help.
OK.
I have tried following things:
Tried calling http://169.254.86.103:8080/FITHSERVICEMONGO/api/authenticate/" in loginService.ts. but can not see any thing on the console of Jhipster service server.
169.254.86.103 is the external IP given when I start Jhipster service app by mvnw.
FITHSERVICEMONGO is the name of my service app.I had also tried removing this from url.When I login from gateway app from UI,the request that gets is http://169.254.86.103:8080/api/authenticate.I had tried with this too. same ,nothing on service console nor on gateway app console. both are started by mvnw
To check of this IP is really accessible from my emulator . I tried accessing //169.254.86.103:8080/#/ from emulator browser. It works.
The gateway application works in browser. where as //localhost:8080/#/. was not working.
I was expecting that, when I send an authenticate request with params as username and password. I will get a JWT token in return and that token I will pass with every subsequent request.
the syntax of my code is :
http.post(
//BackendService.apiUrl + "oauth/token",
"BackendService.apiUrl" + "/FITHSERVICEMONGO/api/authenticate/",
JSON.stringify({
username: user.email,
password: user.password
}),
{ Content-Type: "application/json"}
)
To authenticate a third party front-end app with JHipster's back-end you can do the same thing as the angular front-end, calling /api/authenticate and using passing the received the jwt token in api headers. Swagger UI is your friend on order to achieve this.
Here is how to retrieve the JWT token using curl:
curl -X POST localhost:8080/api/authenticate -d '{"password":"admin","username":"admin"}' -H 'Content-Type: application/json'
Sample authenticated request:
curl -X POST localhost:8080/api/users -H 'Authorization: Bearer YOURTOKENHERE'
I am developing a website with Java for the backend and Angular for frontend. There is a situation when some external websites may send data to my website using POST form. For instance,
▼ General
Request URL: https://myangularwebsite/
Request Method: POST
...
▼ Request Headers
Content-Type: application/x-www-form-urlencoded
Host: myangularwebsite
Origin: https://externalwebsite
Referer: https://externalwebsite/send.form?id=0
...
▼ Form data
ID: 0000000
TIME: 2017.06.04 11:53:58
SIGNATURE: ...geirgmGKFGJWR...
...
Now, I need to capture the form in Angular somehow, send/redirect it to the backend to validate the signature and return the answer back to Angular to proceed working with this website.
I tried posting to my website to test how it might work using Postman, but get Cannot POST /.
I know how to work with GET and URL query parameters in Angular but I think I need to process a POST request based on headers I see with Chrome DevTools 'Network' section when coming from externalwebsite to myangularwebsite.
Should I dedicate a route in the backend and expose it, for example, .../api/external in my backend and tell these websites to use this link instead of directly posting to my Angular website's homepage?
I have already read another question ( How to read form post data in Angular 2 typescript? ) which is somewhat similar but I do not think using PHP is the right way for me as the website I am developing already has an older version written in PHP.
The answer at the link you provided is correct: you cannot do it in just Javascript, you have to use some server-side code. They mention PHP as an example, but any server-side component will do, and as you have Java at your backend, let it be Java.
So, when an HTTP request comes from an external site, you have to use a server-side component to handle it. But there are some options.
If this request is made using your user browser (so it is something like a redirect, but using a POST method), then you can do the following: catch that request at your backend, output some javascript with some data to the user's browser and process that data in your Angular code. Or this could be a redirection to your main Angular entry point, it is up to you.
If this request is made by some other means (for example, this is a server-to-server request made with with curl like a notification from a Credit Card processing), with no browser involved, then you don't need to have any Javascript (Angular or whatever it could be) as they are needed for browser only. In this case you just handle the request at your server-side.
In both cases, it seems plausible to dedicate some special endpoint for handling (or landing) such externally-originated requests.
I am getting a 403 response from the Power BI rest API and I am not sure why.
Here is the request I am making in cURL format(my actual web app is in Java):
curl -X GET -H "Authorization: Bearer accessToken" -H "Cache-Control: no-cache" 'https://api.powerbi.com/beta/myorg/dashboards'
I have given all Power BI Service permissions on my app in the azure management portal.
Do I need to replace 'myorg' with an actual org name? If so where would I find my org name? What am I doing wrong? This request seems to work for me in Aipary.io so I think it has something to do with my app not the request.
I have tried this request with both an admin account and a regular user and I get 403 responses for both of them.
I have also tried removing the Power BI Service permissions from the app with my admin account and then adding them again. That didn't work.
It seems to be that the 403 response was caused by the request in cURL missing some required parameters. The 403 response should show the error information that might be ignore.
Per my experience, I recommand you can try to use the GUI tool Postman in Chrome for requesting the APIs like cURL.
For checking the issue, you can follow the toturial https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-authenticate-a-web-app/ to make sure the request required parameters correct.
However, according to your description for the issue, I can't locate the problem whether the prepare steps cause. So I suggest you can try to review the complete toturial https://powerbi.microsoft.com/en-us/documentation/powerbi-developer-steps-to-create-a-power-bi-app/ to be sure the every step is correct.
Hope it helps. Any concern, please feel free to let me know.
When sending a request to an OAuth2 Token Endpoint, the RFC says, the response has to be in JSON format. When using Spring Security, strange things happen however. To be sure, the fault isn't in my code, I used the demo app Sparklr2 to test the following. The problem is, that depending on the user agent I use, the result is different.
I access the url http://localhost:8084/sparklr2/oauth/token
If I use curl, Advanced REST Client, telnet or similar, the result is just as expected:
{"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
If I however user Firefox or Chrome I get an answer in XML format:
<oauth><error_description>Full authentication is required to access this resource</error_description><error>unauthorized</error></oauth>
Why does this strange behaviour happen?
Spring probably honors the Accept header. Browsers usually send application/xml as an accepted format. REST clients usually include application/json. CURL does not send anything (unless you define it) and Spring probably prefers the JSON in such case.
As for the format itself I have found this - https://datatracker.ietf.org/doc/html/draft-richer-oauth-xml-01#section-4.1 .
I am trying to get the refresh token from Google in order to access Google drive. So Far I have managed to create a page in google app engine which redirects me to authentication page and I am able to get the code. The url address for getting there is
Window.Location.assign("https://accounts.google.com/o/oauth2/auth?scope=profile&redirect_uri=http://127.0.0.1:8888/oauth2manager/redirect&response_type=code&client_id=1058171155388-hg2akr2idan7c2kvdam9b89vptcjai8i.apps.googleusercontent.com");
I then get redirected to the /oauth2manager/redirect servlet and get the code inside the doPost method
String code = request.getParameter("code");
My problem is that I cannot proceed as I constantly get the above error "Required parameter is missing: grant_type" I have tried restclient wiztools, RestEasy firefox extension even curl.
here is my Curl script
#!/bin/bash
$code= "4/E7i1aKu4C-Pf23-8hY4Y8OBe9IBZ.wtKglnd8-CMdOl05ti8ZT3aNPWw7igI";
curl -v --data "code="+$code+"&client_id=1058171155388-hg2akr2idan7c2kvdam9b89vptcjai8i#developer.gserviceaccount.com&client_secret=JHXTAT4UWwsNaMgm******&redirect_uri= http://127.0.0.1:8888/oauth2manager/redirect&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
How can this be solved? I am a total newbie at this.
I think your mixing Oauth types. The code you are using is for normal Oauth2. But your clientid is for a service account.
Normal Oauth2 will ask a user if they want to allow your access to their data. A service account is for allowing others access to the application's data, there is no permission request with a service account.
Link to the documentation for service accounts. Service account