I’ve been working through a doc at:
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-devquickstarts-webapp-java
But when I run the project, I’m redirected to the ADFS login page and after authentication im receiving this error:
java.io.IOException: Server returned HTTP response code: 403 for URL: https://graph.windows.net/swisherint.onmicrosoft.com/users?api-version=2013-04-05
I get this error when I run from local host. I also deployed the sample app to Azure and getting the same error.
I've added permissions to Graph API with read directory permissions in active directory > App Registrations > Required permissions. I also added Windows Azure Active Directory permissions (sign in and read user profile)
Is this a common error? Am I using the wrong version of the Graph API? I've tried several solutions from other questions but not working.
It appears that the Azure Graph API requires the URI connection type, instead of the HttpUrlConnection the java tutorial used. This works without the 403 error:
try{
// OAuth2 is required to access this API. For more information visit:
// https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks
// Specify values for path parameters (shown as {...})
URIBuilder builder = new URIBuilder("https://graph.windows.net/swisherint.onmicrosoft.com/users");
// Specify values for the following required parameters
builder.setParameter("api-version", "1.6");
// Specify values for optional parameters, as needed
// builder.setParameter("$filter", "startswith(displayName,'A')");
URI uri = builder.build();
HttpGet request = new HttpGet(uri);
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
users = EntityUtils.toString(entity);
}
catch (Exception e)
{
System.out.println(e.getMessage());
}
Thanks for responding!
KB
According to the new offical document reference for AAD Graph API Get Users, it seems the api-version property in the code should be changed to 1.6. Please try it.
Meanwhile, there is an Error code reference list that you can find the description of the common error code 403 for AAD Graph API calling. And be checking whether your issue is belong to the one of the errors Authentication_Unauthorized, Authorization_RequestDenied & Directory_QuotaExceeded.
Any update, please feel free to let me know.
Related
I'm Benjamin, currently study in IT and doing a simple application for Final Year Project.
The simple application is calling Third Party API (An fashion products company) and returns product description, stock level and etc to users.
First, I don't have any official API documents and everything starts from scratch.
I have been using java - CloseableHttpClient to call an API with the method GET.
Coding works fine BUT I met an error that "no response" or Access Denied if I tried to call the API directly. (without any cookies or with existing cookies from the official website)
Then I tried with a browser(any) to hit the API link, it will return Access Denied
But when I tried with a browser and hit the official website without any login, and hit again the API then able to get responses.
I have been tried to passing the cookies that returned from the official website but still no responses when I call/hit the API link on java code or Postman.
Answer for why calling an API that doesn't have any official documentation as below:
This is an FYP in University, API is selected and provided by University Lecturer.
My code as below :
CloseableHttpClient httpClient = HttpClientBuilder.create()
.setDefaultCookieStore(cookieStoreNew)
.setUserAgent("Mozilla/5.0").build();
HttpGet getRequest = new HttpGet(url);
getRequest.addHeader("accept", "application/json");
getRequest.addHeader(HttpHeaders.USER_AGENT, "Mozilla/5.0");
getRequest.setConfig(requestConfig);
System.out.println("this is get request config : \n"+getRequest);
System.out.println("\n start execute");
HttpResponse response = httpClient.execute(getRequest);//it will stucked here and no reponses
System.out.println("\n end execute");
if (response.getStatusLine().getStatusCode() != 200) {
throw new RuntimeException("Failed : HTTP error code : "
+ response.getStatusLine().getStatusCode());
}
Please comment below if you have any idea or any advice and Appreciate your help.
This is not spoon feed, I have been researched for over 2 weeks.
Thanks
I have worked in such scenarios like yours when the written code needs to make any HTTP request to an API (third party).
As far as my experience says, there should be some issue of Authentication for your code.
As you said hitting the same API on browser also says "Access denied", some login credentials must be required by API with the GET request you are sending, so when creds are not found, API responds with "Access Denied"..
Could you check the http status code your getting in postman while you are hitting the API, it must be 401/403(Unauthorized).
if in postman http status code is 401/403 indeed, then Kindly ask your University Lecturer for any logins that might be required to hit the API.
I am not able to do a POST request to the Composer rest server that is authenticated.
I have been trying out Hyperledger composer rest server with
authentication and multiuser enabled.
I have enabled Github based authentication by exporting
COMPOSER_PROVIDERS variable and multiuser mode with Wallet and
identities .
I authenticate the rest server in github and i am able to do rest
operations in the Composer Swagger explorer .
I am also able to do the rest operations in Postman by passing the
url with the access_token .
http://localhost:4200/api/Trader?access_token=xxxxxxxxxxx .This works
in Postman as well.
Problem is i am not able to do a post request to the composer-rest URL from java code even after passing the access token as param. I have tried with OKHttpClient,Apache HTTPClient, java.net client , CloseableHTTPClient .
All it gives me is
Server returned HTTP response code: 401
In all methods i get an "AUTHORIZATION FAILURE" error .
I dont know if i am missing anything , because i am able to do a rest operation from Postman . I take the code format from Postman itself and paste it in the Java code and it still doesnt work . I dont know what i am doing wrong ,
Suggestions , code snippets ?
THANKS !
since you managed to get this running from Postman then you're obviously missing something in your java code.
You probably have the URL correct, but might be missing a header, or a json type or something of the sorts.
Inspect your Postman request and replicate it exactly in your java code, everything, not just the URL.
Keep a log of your request and compare it against the Postman one, to see exactly what the difference is.
Try this code to retrieve cookies:
public void getCookieUsingCookieHandler() {
try {
// Instantiate CookieManager;
// make sure to set CookiePolicy
CookieManager manager = new CookieManager();
manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(manager);
// get content from URLConnection;
// cookies are set by web site
URL url = new URL("http://host.example.com");
URLConnection connection = url.openConnection();
connection.getContent();
// get cookies from underlying
// CookieStore
CookieStore cookieJar = manager.getCookieStore();
List <HttpCookie> cookies =
cookieJar.getCookies();
for (HttpCookie cookie : cookies) {
if (cookie.getName().equalsIgnoreCase("access_token")) {
System.out.println("CookieHandler retrieved cookie: " + cookie.getValue());
break;
}
}
} catch(Exception e) {
System.out.println("Unable to get cookie using CookieHandler");
e.printStackTrace();
}
}
You can refer it from here: https://docs.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/accessingCookies.html
I am trying to develop a Java web application with SSO by following this azure tutorial. I created an account in Azure and created an AD. Developed and deployed the code in Tomcat. When I try to access the page, I am getting the following error
Exception - java.io.IOException: Server returned HTTP response code: 403 for URL: https://graph.windows.net/ppceses.onmicrosoft.com/users?api-version=2013-04-05
I do not find enough answers for this error. I changed the api-version to 1.6. Even then it did not work.
MORE ANALYSIS:
After troubleshooting, I found out that the logged-in user info is fetched and is available in Sessions object. It errors out when its trying to read the response and convert into the String object. Following is the calling method where it errors out.
HttpClientHelper.getResponseStringFromConn(conn, true);
Actual method to write the response into String:
public static String getResponseStringFromConn(HttpURLConnection conn, boolean isSuccess) throws IOException {
BufferedReader reader = null;
if (isSuccess) {
reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
} else {
reader = new BufferedReader(new InputStreamReader(conn.getErrorStream()));
}
StringBuffer stringBuffer = new StringBuffer();
String line = "";
while ((line = reader.readLine()) != null) {
stringBuffer.append(line);
}
return stringBuffer.toString();
}
The actual issue is on the Graphic API where we try to read the response in the String format.
#Anand, According to Microsoft Graph error responses and resource types, the response code 403 means Forbidden below.
Access is denied to the requested resource. The user might not have enough permission.
Please move to the CONFIGURE tab of your application registered in your AAD domain on Azure classic portal, then check whether enable enough permission, please see the figure below.
I got the same error, been struggling with it a few days. What I noticed was that even if I checked ALL permissions for Windows Azure Active Directory I still got the 403. So, I deleted the app in App Registrations and created it again from scratch, generated new application key and readded reply urls. In Required Permissions/Windows Azure Active Directory check:
Sign in and read user profile
Access the directory as the signed-in user
I can now call me/memberOf successfully.
Hope it helps.
The below worked for me.
At the active directory app registrations -> app ->settings->permissions-> enable delegate permissions to read directory data. Save and close the blade. Also Click Grant Permissions and close the blade.
Once the above is done, Log out and Log in back with a fresh token to the application. (Guess the token with prior authorizations will not reflect the latest permission changes and hence the re-login may have worked in my case)
I am getting Unauthorized error when accessing restful web services. My sample program looks like this.
public static void main(String[] args){
// Use apache commons-httpclient to create the request/response
HttpClient client = new HttpClient();
Credentials defaultcreds = new UsernamePasswordCredentials("aaa", "cdefg");
client.getState().setCredentials(AuthScope.ANY, defaultcreds);
GetMethod method = new GetMethod(
"http://localhost:8080/userService/usersByID/1234");
try {
client.executeMethod(method);
InputStream in = method.getResponseBodyAsStream();
// Use dom4j to parse the response and print nicely to the output stream
BufferedReader reader = new BufferedReader(new InputStreamReader(in));
StringBuilder out = new StringBuilder();
String line;
while ((line = reader.readLine()) != null) {
out.append(line);
}
System.out.println(out.toString());
} catch (IOException e) {
e.printStackTrace();
}
}
My credentials are correct. My web services will consume Basic Http Authentication.
I have doubt at scope of authentication.
client.getState().setCredentials(AuthScope.ANY, defaultcreds);
My credentials are correct.
Can any one help to resolve this issue.
Thanks.
First check your url via browser and verify ?? as mentioned here
Fixing 401 errors - general
Each Web Server manages user authentication in its own way. A security officer (e.g. a Web Master) at the site typically decides which users are allowed to access the URL. This person then uses Web server software to set up those users and their passwords. So if you need to access the URL (or you forgot your user ID or password), only the security officer at that site can help you. Refer any security issues direct to them.
If you think that the URL Web page *should* be accessible to all and sundry on the Internet, then a 401 message indicates a deeper problem. The first thing you can do is check your URL via a Web browser. This browser should be running on a computer to which you have never previously identified yourself in any way, and you should avoid authentication (passwords etc.) that you have used previously. Ideally all this should be done over a completely different Internet connection to any you have used before (e.g. a different ISP dial-up connection). In short, you are trying to get the same behaviour a total stranger would get if they surfed the Internet to the Web page.
If this type of browser check indicates no authority problems, then it is possible that the Web server (or surrounding systems) have been configured to disallow certain patterns of HTTP traffic. In other words, HTTP communication from a well-known Web browser is allowed, but automated communication from other systems is rejected with an 401 error code. This is unusual, but may indicate a very defensive security policy around the Web server.
Manual Fix
Hit the url from the browser and record the HTTP traffic (Headers,body)
Run the Java client code and record the HTTP traffic (Headers,body)
Analyze and fix the differences
We are developing an Android Application to download files from Google Doc.We were able to list the files using Google Docs List APIs. Also we were able to download spreadsheet files from google docs. But when we tried to download pdf file from google docs it always returns with 401 error. This is the code snipped we are using to download the file.
CommonsHttpOAuthConsumer consumer = new CommonsHttpOAuthConsumer(C.OAuth.CONSUMER_KEY, C.OAuth.CONSUMER_SECRET);
consumer.setMessageSigner(new HmacSha1MessageSigner());
consumer.setTokenWithSecret(token, secret);
.........
String url1 = consumer.sign(obj.url+"&exportFormat=txt"); // Create complete url
get.setURI(URI.create(url1));
response = client.execute(get);
if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK)
{
Log.v("GDATA MAIN", "not error");
}
else
{
Log.v("GDATA MAIN", "error"+response.getStatusLine().getStatusCode());
}
This is the URL that i generate to download the file.
https://doc-04-0s-docs.googleusercontent.com/docs/securesc/5pv2dhsk6q500b1vl99u2gr2gvpqfifr/d8oihkmccnh39ie9io5bhqaf3jof7t16/1324030500000/01234800628230479895/01234800628230479895/0B4royw-5u0TDNGU3ZjZiZTAtN2ZhNi00YWE3LWEwZGEtMTMwNWJhMGE1YWRk?h=16653014193614665626&e=download&gd=true&exportFormat=txt&oauth_signature=3lfP0reuJhMWstxMKMAlJh%2BZ7Ug%3D&oauth_token=1%2FQnEPtLXrhT8q6yk8oLoI2ZPyZzQptbB4mQrBJf-HJfM&oauth_consumer_key=418002400742-nrh3mt73pfvl6flshi8f7uvki49ofqj8.apps.googleusercontent.com&oauth_version=1.0&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1324031523&oauth_nonce=351034367494689817
Any guess, why we are not able to download PDF, but spreadsheet formats are working ?
I think that you are not requesting the correct scopes when authorizing the token. The scopes for which you should request the token are:
https://docs.google.com/feeds/
https://spreadsheets.google.com/feeds/
https://docs.googleusercontent.com/
You just made me realize that a bug was introduced into the Authorization section of our documentation, removing the docs.googleusercontent.com scope. I will add that back.