[aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)

Matthias Wessendorf
Hi Bruno,

playing with the 'picketbox' branch of the TODO app. I have one
question about the security API ...

I am able to do a successful login with 'curl' ==>  curl -v -H
"Accept: application/json" -H "Content-type: application/json" -X POST
-d '{"username":"john","password":"123"}'
http://localhost:8080/todo-server/auth/login

Great, my RESPONSE looks like:
{"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}


Now when I want to fetch the projects (from their endpoint), by using
the token (as header) (again with) curl:

curl -v -H "Accept: application/json" --header "token:
6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
http://localhost:8080/todo-server/projects

As a response I am getting 401 (Unauthorized)

==>


* About to connect() to localhost port 8080 (#0)
*   Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
> GET /todo-server/projects HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: application/json
> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>
< HTTP/1.1 401 Unauthorized
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 39
< Date: Wed, 26 Sep 2012 11:29:56 GMT
<
* Connection #0 to host localhost left intact


Am I missing something here ?


Greetings,
Matthias

--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)

Kris Borchers
I see the same thing via curl but it works in browser. My guess would be it has something to do with everything being session based and the session isn't properly maintained with curl. That's mostly just a guess though.

On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <[hidden email]> wrote:

> Hi Bruno,
>
> playing with the 'picketbox' branch of the TODO app. I have one
> question about the security API ...
>
> I am able to do a successful login with 'curl' ==>  curl -v -H
> "Accept: application/json" -H "Content-type: application/json" -X POST
> -d '{"username":"john","password":"123"}'
> http://localhost:8080/todo-server/auth/login
>
> Great, my RESPONSE looks like:
> {"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
>
>
> Now when I want to fetch the projects (from their endpoint), by using
> the token (as header) (again with) curl:
>
> curl -v -H "Accept: application/json" --header "token:
> 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
> http://localhost:8080/todo-server/projects
>
> As a response I am getting 401 (Unauthorized)
>
> ==>
>
>
> * About to connect() to localhost port 8080 (#0)
> *   Trying 127.0.0.1...
> * connected
> * Connected to localhost (127.0.0.1) port 8080 (#0)
>> GET /todo-server/projects HTTP/1.1
>> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
>> Host: localhost:8080
>> Accept: application/json
>> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>>
> < HTTP/1.1 401 Unauthorized
> < Server: Apache-Coyote/1.1
> < Content-Type: application/json
> < Content-Length: 39
> < Date: Wed, 26 Sep 2012 11:29:56 GMT
> <
> * Connection #0 to host localhost left intact
>
>
> Am I missing something here ?
>
>
> Greetings,
> Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)

Bruno Oliveira
I'll try to reproduce that error today guys to see what happens between the TODO app and curl.



-- 
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Wednesday, September 26, 2012 at 9:42 AM, Kris Borchers wrote:

I see the same thing via curl but it works in browser. My guess would be it has something to do with everything being session based and the session isn't properly maintained with curl. That's mostly just a guess though.

On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <[hidden email]> wrote:

Hi Bruno,

playing with the 'picketbox' branch of the TODO app. I have one
question about the security API ...

I am able to do a successful login with 'curl' ==> curl -v -H
"Accept: application/json" -H "Content-type: application/json" -X POST
-d '{"username":"john","password":"123"}'

Great, my RESPONSE looks like:
{"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}


Now when I want to fetch the projects (from their endpoint), by using
the token (as header) (again with) curl:

curl -v -H "Accept: application/json" --header "token:
6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET

As a response I am getting 401 (Unauthorized)

==>


* About to connect() to localhost port 8080 (#0)
* Trying 127.0.0.1...
* connected
* Connected to localhost (127.0.0.1) port 8080 (#0)
GET /todo-server/projects HTTP/1.1
User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
Host: localhost:8080
Accept: application/json
token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
< HTTP/1.1 401 Unauthorized
< Server: Apache-Coyote/1.1
< Content-Type: application/json
< Content-Length: 39
< Date: Wed, 26 Sep 2012 11:29:56 GMT
<
* Connection #0 to host localhost left intact


Am I missing something here ?


Greetings,
Matthias

--
Matthias Wessendorf

_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list


_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev
Reply | Threaded
Open this post in threaded view
|

Re: [aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)

Matthias Wessendorf
Cool, thank you!

-M

On Wed, Sep 26, 2012 at 3:00 PM, Bruno Oliveira <[hidden email]> wrote:

> I'll try to reproduce that error today guys to see what happens between the
> TODO app and curl.
>
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
> On Wednesday, September 26, 2012 at 9:42 AM, Kris Borchers wrote:
>
> I see the same thing via curl but it works in browser. My guess would be it
> has something to do with everything being session based and the session
> isn't properly maintained with curl. That's mostly just a guess though.
>
> On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <[hidden email]> wrote:
>
> Hi Bruno,
>
> playing with the 'picketbox' branch of the TODO app. I have one
> question about the security API ...
>
> I am able to do a successful login with 'curl' ==> curl -v -H
> "Accept: application/json" -H "Content-type: application/json" -X POST
> -d '{"username":"john","password":"123"}'
> http://localhost:8080/todo-server/auth/login
>
> Great, my RESPONSE looks like:
> {"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
>
>
> Now when I want to fetch the projects (from their endpoint), by using
> the token (as header) (again with) curl:
>
> curl -v -H "Accept: application/json" --header "token:
> 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
> http://localhost:8080/todo-server/projects
>
> As a response I am getting 401 (Unauthorized)
>
> ==>
>
>
> * About to connect() to localhost port 8080 (#0)
> * Trying 127.0.0.1...
> * connected
> * Connected to localhost (127.0.0.1) port 8080 (#0)
>
> GET /todo-server/projects HTTP/1.1
> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0
> OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: application/json
> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>
> < HTTP/1.1 401 Unauthorized
> < Server: Apache-Coyote/1.1
> < Content-Type: application/json
> < Content-Length: 39
> < Date: Wed, 26 Sep 2012 11:29:56 GMT
> <
> * Connection #0 to host localhost left intact
>
>
> Am I missing something here ?
>
>
> Greetings,
> Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
_______________________________________________
aerogear-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/aerogear-dev