Hello all i am working on Jhipster on ubuntu os.
my project set up was done sucessfully.
but when trying to test apis it gives me error of authentication.
here is the error occurred while testing API. it will be pleasure if someone help me out.
Error:
rExceptionResolver : Resolved exception caused by Handler execution: org.springframework.security.authentication.InsufficientAuthenticationException: Full authentication is required to access this resource
Web Browser
{
"type" : "https://www.jhipster.tech/problem/problem-with-message",
"title" : "Unauthorized",
"status" : 401,
"detail" : "Full authentication is required to access this resource",
"path" : "/api/account",
"message" : "error.http.401"
}
In my case (in dev profile), i update the JWT token, changing to base64 in all the applications (microservice, gateway and registry), additionally, comment the old property "secret" and use the same key in all. Then test the API from the gateway correctly, without authorization problems.
jh version 5.7.1
The problem with the default configuration of Jhipster user creation.
When we create app and entity using Jhipster then it also create user authentication as their functionality.
But in my case user was not created in database which I selected during creation.
Responsible Tables:
jhi_user
jhi_user_authority
jhi_authority
So, We just need to provide details of default user of Jhipster in these tables.
Username: admin
Password: admin
make sure password is in encrypted form.
Looks like you execute your JHipster registry with authentication and your application without.
In case you didn't change your JHipster jwt secret key you have to execute your application(microservice) with next parameters:
--spring.security.user.password=admin --jhipster.security.authentication.jwt.secret=my-secret-key-which-should-be-changed-in-production-and-be-base64-encoded --spring.cloud.config.server.composite.0.type=native --spring.cloud.config.server.composite.0.search-locations=file:./central-config
You secret JWT key you could find in central-config package in application.yml file
For more details read JHipster documentation :
https://www.jhipster.tech/security/#-json-web-tokens-jwt
https://www.jhipster.tech/jhipster-registry/
I had this error when trying to login after I generated the app. The tests ran fine.
Deleting the target folder and rebuilding the whole project seemed to solve it.
Related
I am using VS Code to develop an Azure function with Java 11. I am able to authenticate using VisualStudioCodeCredential but when I try to use the DefaultAzureCredential class I get the below error. It is my understanding that for this app to run locally and in the Azure hosted environment that I need the DefaultAzureCredential. Why does this happen and how do I fix it? Is there a better/preferred way to do the authentication?
Caused by: com.azure.core.exception.ClientAuthenticationException: DefaultAzureCredential
authentication failed. ---> IntelliJCredential authentication failed. Error Details:
Unrecognized field "tenantId" (class
com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known
properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
Here is my code. The error occurs when I try to get the secret from the vault.
secretClient = new SecretClientBuilder().vaultUrl(System.getenv("KeyVaultURL"))
.credential(new DefaultAzureCredentialBuilder().build()).buildClient();
String secretValue= secretClient.getSecret("secretValue").getValue();
Using VisualStudioCodeCredential works:
secretClient = new SecretClientBuilder().vaultUrl(System.getenv("KeyVaultURL"))
.credential(new VisualStudioCodeCredential().build()).buildClient();
String secretValue= secretClient.getSecret("secretValue").getValue();
Links to some of the docs that I have used for reference.
https://learn.microsoft.com/en-us/java/api/overview/azure/identity-readme?view=azure-java-stable
https://learn.microsoft.com/en-us/azure/developer/java/sdk/identity#key-concepts
https://learn.microsoft.com/en-us/azure/developer/java/sdk/identity-azure-hosted-auth#default-azure-credential
The issue was occurring due to how DefaultAzureCredential chooses the authentication method. During runtime an error occurred because the app was unable to authenticate using IntelliJ authentication even though the app was running from Visual Studio Code.
Default Azure credential
The DefaultAzureCredential is appropriate for most scenarios where the application ultimately runs in the Azure Cloud. DefaultAzureCredential combines credentials that are commonly used to authenticate when deployed, with credentials that are used to authenticate in a development environment. The DefaultAzureCredential will attempt to authenticate via the following mechanisms in order.
Microsoft provides a way to get around this with the ChainedTokenCredential class.
The ChainedTokenCredential class provides the ability to link together multiple credential instances to be tried sequentially when authenticating. The following example demonstrates creating a credential which will attempt to authenticate using managed identity, and fall back to certificate authentication if a managed identity is unavailable in the current environment. This example authenticates an EventHubClient from the azure-eventhubs client library using the ChainedTokenCredential. There's also a compilable sample to create a Key Vault secret client you can copy-paste.
Using the ChainedTokenCredential I was able to change the order to check ManagedIdentityCredential and then VisualStudioCodeCredential.
I am trying to use Azure AD as OAuth server for RabbitMQ authentication. For this i want to use Azure ADB2C tokens.
I have enabled RabbitMq's oauth2 plugin. And i want to use signing key as public private key setup.
Few details regarding setup i have before reaching to this question...
1. I have Azure ADB2C setup to authenticate my users to our REST API in application. This works fine.
2. I tried to authenticate RabbitMQ with open source OAuth 2 server like UAA, this works fine too.
Idea is to use JWT token that Azure ADB2C generates to authenticate & authorize users to the RabbitMQ. server.
I have private key from Azure ADB2C User Flow generated Metadata document JWKS URI. So i used this JWKS URI - JWT token to generate public key.
I have provided the above generated public key to RabbitMQ config as follows
{rabbitmq_auth_backend_oauth2, [
{resource_server_id, <<"rabbitmq">>},
{key_config, [
{default_key, <<"key-1">>},
{signing_keys,
#{<<"key-1">> => {pem, <<"-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVKUtcx/n9rt5afY/2WF
NvU6PlFMggCatsZ3l4RjKxH0jgdLq6CScb0P3ZGXYbPzXvmmLiWZizpb+h0qup5j
znOvOr+Dhw9908584BSgC83YacjWNqEK3urxhyE2jWjwRm2N95WGgb5mzE5XmZIv
kvyXnn7X8dvgFPF5QwIngGsDG8LyHuJWlaDhr/EPLMW4wHvH0zZCuRMARIJmmqiM
y3VD4ftq4nS5s8vJL0pVSrkuNojtokp84AtkADCDU/BUhrc2sIgfnvZ03koCQRoZ
mWiHu86SuJZYkDFstVTVSR0hiXudFlfQ2rOhPlpObmku68lXw+7V+P7jwrQRFfQV
XwIDAQAB
-----END PUBLIC KEY-----">>}
}
}]}]}
I have created an AD user in Azure ADB2C and assigned it to RabbitMQ app registered over Azure. I have provided default scopes to the RabbitMQ app registered with rabbitMQ-permissions like rabbitmq.read... etc. and I have provided default API permission to App registered.
Now in my java application i am trying to make connection to RabbitMQ with following code
CredentialsProvider credentialsProvider =
new OAuth2ClientCredentialsGrantCredentialsProviderBuilder()
.tokenEndpointUri("http://****/B2C_1_RabbitMQ/oauth2/v2.0/token")
.clientId("rabbit_client_from_Azure").clientSecret("rabbit_secret_from_Azure")
.grantType("password")
.parameter("username", "rabbit_admin_from_Azure")
.parameter("password", "rabbit_admin_from_Azure")
.build();
connectionFactory.setCredentialsProvider(credentialsProvider);
Connection connection = connectionFactory.newConnection(); // Line 1
When i run above code, Line 1 it gives me error as below
Exception in thread "main" com.rabbitmq.client.impl.OAuthTokenManagementException: HTTP request for token retrieval did not return 200 response code: 400
I am not sure why i am getting above error. I initially thought it would be a matter of scopes/permission from Azure ADB2C registered RabbitMQ app, but i am not able to figure out what i am missing here.
Any help here is much appreciated.
I have gotten this working by using jwks_url in key_config instead of adding the keys themselves to the config like this:
{key_config, [
{jwks_url, <<"https://login.microsoftonline.com/your tenant id/discovery/v2.0/keys">>}
]}
Just replace "your tenant id" with the id for your tenant.
I have angular7 + java web application.
I have configured SSO login for it on a apache tomcat server. Only authentication is done from SSO , Authorization is done using a users table in the application database.
This setup works fine on my local system, Authorization happens for Valid user & invalid user is redirected to access denied page using a custom interceptor typescript code in angular.
But when I deploy this on the server in face an issue. Valid users are logged in perfectly using SSO authentication & application Authorization.
But when I hit the application from an invalid user, it shows the login page with no css applied, instead of the access denied page which it is supposed to redirect to.
In the network I see 500 error for the style.css file and a 403 forbidden error.
There is a problem at your server end, debug your code and fix accordingly.
I think I also faced the same problem when I was updating my data in S3 bucket in AWS,
You just need to fill all empty .css file with something like this :
/* Nothing here*/
Getting issue as while calling requests using Sandbox:
{
"message": "This endpoint requires at least one of the following scopes: all_trips_lite, request, all_trips",
"code": "unauthorized"
}
I followed below steps to resolve:
This endpoint requires at least one of the following scopes: all_trips_lite, request, all_trips
I'm Using Auth URL as:
https://login.uber.com/oauth/v2/authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2Flocalhost%2Fuber%2Ftoken&response_type=code&scope=delivery%20history%20history_lite%20places%20profile%20ride_widgets%20request%20request_receipt&state=UX9cbePmD4rjqbPWu2TmL6j2dDFaNnWHlXi1SSgh88s%3D&_csid=UIWy-eu_TgrabNHTffLvVQ
Getting response as invalid scope like below :
https://localhost/uber/token?error=invalid_scope&state=UX9cbePmD4rjqbPWu2TmL6j2dDFaNnWHlXi1SSgh88s%3D#_
I have one more doubt I invited developer in dashboard accepted the invitation but still show pending from two days. if once registered what are the next steps how to login as developer to test sandbox APIS booking and cancel
When you build your "authorize" URL - please dont use spaces when you add scopes to the scope list. Use + instead. So decoded URL should look like:
https://login.uber.com/oauth/v2/authorize?client_id=your_client_id&redirect_uri=https://localhost/uber/token&response_type=code&scope=delivery+history+history_lite+places+profile+ride_widgets+request+request_receipt&state=UX9cbePmD4rjqbPWu2TmL6j2dDFaNnWHlXi1SSgh88s=&_csid=UIWy-eu_TgrabNHTffLvVQ
Try to pass this into an incognito mode of the browser - and when it prompts you to log in - use your Uber account registered at your developer dashboard: https://developer.uber.com/dashboard/. After you get your authorization "code" - use Token Exchange Endpoint to get your access token.
Related to a developer that you invited on your app dashboard - it needs to be a valid Uber account - so register for an Uber rider account with that email address - by providing the valid telephone number (you will need it for OTP that is required to be able to login to your account). Then you can use this account in authentication process - by login as I explained above.
I have a WSO2 Identiy server installed and i have written some java code to get user information with oauth 2. For this I am using OLTU. I have connected correctly and after negotiating the access_code, I ask for the userinfo endpoint like this:
https://<serverIP>:9443/oauth2/userinfo?schema=openid
I get user info correctly in JSON format:
{"email":"xxxx#xxx.aa","name":"xxx","family_name":"xx","preferred_username":"xxx","given_name":"xx"}
What I find is that no role information is returned. I have created some custom roles and asigned the users. They don't have any permisions asigned.
Do I have to configure anything in the server? The request has to be made in any other way? What am I doing wrong?
There are two ways to add this claim mapping. It's depends on your requirement.
To get this done has to add a role claim mapping under "http://wso2.org/oidc/claim" claim dialect. This can be done in following ways
Case 1 : For fresh WSO2IS before first startup
Go to <IS_HOME>/repository/conf/claim-config.xml file<br/>
Add following configuration under <Dialect dialectURI="http://wso2.org/oidc/claim"><br/>
<Claim>
<ClaimURI>Roles</ClaimURI>
<DisplayName>Roles</DisplayName>
<AttributeID>role</AttributeID>
<Description>role of the user</Description>
<DisplayOrder>10</DisplayOrder>
<SupportedByDefault />
</Claim>
Case 2: For already running server.
Login to the Identity server management console as admin user.
Click the Configure button to access the Configure menu
Click on http://wso2.org/oidc/claim Dialect.
Click on "Add New Claim Mapping" and set the above details.
(There you will get an error which is known issues. But that value will store. Then again edit it and set Mapped Attribute again)
Then restart the server. Now you can get user info with roles