Home » Eclipse Projects » Eclipse Scout » OAuth Authentication
|
Re: OAuth Authentication [message #1834597 is a reply to message #1834544] |
Fri, 13 November 2020 10:30 |
Ivan Motsch Messages: 154 Registered: March 2010 |
Senior Member |
|
|
There is a preliminary scout project in development, not yet released in open source. But I can attach here this preliminary code. Certainly without any warranty, support and other legal stuff....
The example is based on pac4j and demonstrates single sign on by AzureAD
In order to run the example, edit the following files to adapt to your local setup, assuming that your local test machine is "mywebapp.mydomain.local"
[config.properties]
1. scout.externalBaseUrl=...
2. scout.jetty.keyStorePath=...
3. scout.jetty.autoCreateSelfSignedCertificate=...
(This automatically generates a HTTPS SSL ceritificate for your webapp test (cool eh :-). Once the cert is generated, comment these 2 lines, copy the generated jks file to your workspace and enable the line scout.jetty.keyStorePath=classpath:/jetty-ssl.jks)
4. scout.pac4j...values according to your client app registration in Azure AD Active Directory
[logback.xml]
edit for detailed logging
[Running]
To run the sample use an eclipse Run config or an intelliJ service config.
Main Class: org.eclipse.scout.dev.jetty.JettyServer
Working Directory: Path to eclipse project/intelliJ module com.bsiag.scout.rt.pac4j.dev
[Feedback]
Please give us and the community feedback if this example worked for you.
[Updated on: Fri, 13 November 2020 10:31] Report message to a moderator
|
|
| | | |
Re: OAuth Authentication [message #1840052 is a reply to message #1840039] |
Tue, 06 April 2021 08:01 |
Mark Ashworth Messages: 40 Registered: January 2012 |
Member |
|
|
Hi,
After a bit more investigation, I found that I could get the refresh token when I set the OidcRedirectionActionBuilder to add the "offline_access"in the scopes in authorization params here.
protected Map<String, String> buildParams(final WebContext webContext) {
final var configContext = new OidcConfigurationContext(webContext, client.getConfiguration());
final var authParams = new HashMap<String, String>();
authParams.put(OidcConfiguration.SCOPE, configContext.getScope());
authParams.put(OidcConfiguration.RESPONSE_TYPE, configContext.getResponseType());
authParams.put(OidcConfiguration.RESPONSE_MODE, configContext.getResponseMode());
authParams.putAll(configContext.getCustomParams());
authParams.put(OidcConfiguration.CLIENT_ID, configContext.getConfiguration().getClientId());
return new HashMap<>(authParams);
}
However, this causes the header to be too large.
The server.app.dev application reports the following error:-
To shut the server down, type "shutdown" in the console.
- MDC[]
2021-04-06 09:47:49,759 WARN [qtp177140066-27] org.eclipse.jetty.http.HttpParser.parseFields(HttpParser.java:1126) - Header is too large 8193>8192 - MDC[]
The ui.html.app.dev application reports the following error:-
2021-04-06 09:47:49,765 INFO [qtp2104973502-72] org.eclipse.scout.rt.ui.html.UiSession.dispose(UiSession.java:599) - Disposing UI session with ID 1:19knavrqigitg21k3qi15t08d58qtspp3ok3qtg051efpnhtn9ui... - MDC[principal=u@three60development.onmicrosoft.com, cid=FW8yU6fX6kg/1]
2021-04-06 09:47:49,767 ERROR [qtp2104973502-72] org.eclipse.scout.rt.ui.html.json.JsonMessageRequestHandler.handlePost(JsonMessageRequestHandler.java:133) - Error while initializing UI session - MDC[principal=u@three60development.onmicrosoft.com, cid=FW8yU6fX6kg/1]
org.eclipse.scout.rt.shared.servicetunnel.http.HttpServiceTunnelException: Service tunnel request failed with status code 431 [user=u@three60development.onmicrosoft.com, remote-service.name=org.eclipse.scout.rt.shared.cache.IRemoteCacheService, remote-service.operation=getAll, user=notification-authenticator, calling-thread=qtp2104973502-72, job=Starting ClientSession [sessionId=b3lvjbpmff4s0fatps5p3p7rlhk347ulpnt8voee8d2glna93rk]]
at org.eclipse.scout.rt.shared.servicetunnel.http.RemoteServiceInvocationCallable.call(RemoteServiceInvocationCallable.java:83)
at org.eclipse.scout.rt.shared.servicetunnel.http.RemoteServiceInvocationCallable.call(RemoteServiceInvocationCallable.java:1)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:227)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:227)
at org.eclipse.scout.rt.platform.transaction.TransactionProcessor.runTxMandatory(TransactionProcessor.java:156)
at org.eclipse.scout.rt.platform.transaction.TransactionProcessor.runTxRequired(TransactionProcessor.java:139)
at org.eclipse.scout.rt.platform.transaction.TransactionProcessor.intercept(TransactionProcessor.java:78)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
at org.eclipse.scout.rt.platform.security.SubjectProcessor.intercept(SubjectProcessor.java:43)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain.call(CallableChain.java:170)
at org.eclipse.scout.rt.platform.context.RunContext.call(RunContext.java:158)
at org.eclipse.scout.rt.platform.context.RunContextRunner.intercept(RunContextRunner.java:38)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at org.eclipse.scout.rt.platform.job.internal.CallableChainExceptionHandler.intercept(CallableChainExceptionHandler.java:33)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain.call(CallableChain.java:170)
at org.eclipse.scout.rt.platform.job.internal.JobFutureTask.lambda$0(JobFutureTask.java:106)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.eclipse.scout.rt.platform.job.internal.JobFutureTask.run(JobFutureTask.java:175)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
at org.eclipse.scout.rt.platform.job.internal.NamedThreadFactory$1.run(NamedThreadFactory.java:63)
at org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.invokeService(AbstractServiceTunnel.java:64)
at org.eclipse.scout.rt.shared.servicetunnel.AbstractServiceTunnel.invokeService(AbstractServiceTunnel.java:40)
at org.eclipse.scout.rt.shared.servicetunnel.http.HttpServiceTunnel.invokeService(HttpServiceTunnel.java:192)
at org.eclipse.scout.rt.shared.servicetunnel.ServiceTunnelProxyProducer.invoke(ServiceTunnelProxyProducer.java:51)
at org.eclipse.scout.rt.platform.interceptor.DecoratingProxy.invokeImpl(DecoratingProxy.java:137)
at org.eclipse.scout.rt.platform.interceptor.DecoratingProxy$P_InvocationHandler.invoke(DecoratingProxy.java:170)
at com.sun.proxy.$Proxy20.getAll(Unknown Source)
at org.eclipse.scout.rt.client.cache.RemoteCacheValueResolver.resolveAll(RemoteCacheValueResolver.java:45)
at org.eclipse.scout.rt.platform.cache.BasicCache.getAll(BasicCache.java:112)
at org.eclipse.scout.rt.platform.cache.AbstractCacheWrapper.getAll(AbstractCacheWrapper.java:49)
at org.eclipse.scout.rt.shared.services.common.code.CodeService.getCodeTypeMap(CodeService.java:164)
at org.eclipse.scout.rt.shared.services.common.code.CodeService.getCodeTypes(CodeService.java:142)
at org.eclipse.scout.rt.shared.services.common.code.CODES.getCodeTypes(CODES.java:45)
at org.eclipse.scout.rt.shared.services.common.code.CODES.getAllCodeTypes(CODES.java:98)
at com.github.markash.micro.client.ClientSession.execLoadSession(ClientSession.java:28)
at org.eclipse.scout.rt.client.AbstractClientSession$LocalClientSessionExtension.execLoadSession(AbstractClientSession.java:510)
at org.eclipse.scout.rt.client.extension.ClientSessionChains$ClientSessionLoadSessionChain$1.callMethod(ClientSessionChains.java:57)
at org.eclipse.scout.rt.client.extension.ClientSessionChains$ClientSessionLoadSessionChain$1.callMethod(ClientSessionChains.java:1)
at org.eclipse.scout.rt.shared.extension.AbstractExtensionChain.callChain(AbstractExtensionChain.java:113)
at org.eclipse.scout.rt.client.extension.ClientSessionChains$ClientSessionLoadSessionChain.execLoadSession(ClientSessionChains.java:60)
at org.eclipse.scout.rt.client.AbstractClientSession.interceptLoadSession(AbstractClientSession.java:524)
at org.eclipse.scout.rt.client.AbstractClientSession.start(AbstractClientSession.java:290)
at org.eclipse.scout.rt.client.session.ClientSessionProvider.lambda$1(ClientSessionProvider.java:74)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:227)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:227)
at org.eclipse.scout.rt.platform.transaction.TransactionProcessor.runTxMandatory(TransactionProcessor.java:156)
at org.eclipse.scout.rt.platform.transaction.TransactionProcessor.runTxRequired(TransactionProcessor.java:139)
at org.eclipse.scout.rt.platform.transaction.TransactionProcessor.intercept(TransactionProcessor.java:78)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
at org.eclipse.scout.rt.platform.security.SubjectProcessor.intercept(SubjectProcessor.java:43)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain.call(CallableChain.java:170)
at org.eclipse.scout.rt.platform.context.RunContext.call(RunContext.java:158)
at org.eclipse.scout.rt.platform.context.RunContextRunner.intercept(RunContextRunner.java:38)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at org.eclipse.scout.rt.platform.job.internal.CallableChainExceptionHandler.intercept(CallableChainExceptionHandler.java:33)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain$Chain.continueChain(CallableChain.java:222)
at org.eclipse.scout.rt.platform.chain.callable.CallableChain.call(CallableChain.java:170)
at org.eclipse.scout.rt.platform.job.internal.JobFutureTask.lambda$0(JobFutureTask.java:106)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at org.eclipse.scout.rt.platform.job.internal.JobFutureTask.run(JobFutureTask.java:175)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
at org.eclipse.scout.rt.platform.job.internal.NamedThreadFactory$1.run(NamedThreadFactory.java:63)
Kind regards,
Mark Ashworth
|
|
|
Re: OAuth Authentication [message #1840303 is a reply to message #1840052] |
Mon, 12 April 2021 07:49 |
Mark Ashworth Messages: 40 Registered: January 2012 |
Member |
|
|
Good morning,
I have extended the Pac4J OidcConfigurationContext to read the scope from the configuration instead of just defaulting it to 'openid profile email' when it is not found in the request scope.
This has the effect of using the values that are sconfigured in the config.properties in the ui.html.dev project with a scope of 'openid profile email offline_access' so that a refresh token is returned for the the creation of the JWT token.
The issue is that the scoutaccesstoken (which I think is the JWT token) is larger than the allows 8192KB for Jetty and I am not sure how to configure the server with a larger header size. I have Googled an none of the recommendations work with the JettyServer class used in Scout.
Any recommenadtions would be appreciated :-)
public class OidcConfigurationContext2 extends OidcConfigurationContext {
private final WebContext webContext;
public OidcConfigurationContext2(
final WebContext webContext,
final OidcConfiguration oidcConfiguration) {
super(webContext, oidcConfiguration);
this.webContext = webContext;
}
public String getScope() {
final String configuredScope =
Optional.ofNullable(getConfiguration().getScope())
.orElse("openid profile email");
return (String) this.webContext.getRequestAttribute(OidcConfiguration.SCOPE)
.orElse(configuredScope);
}
}
2021-04-12 09:38:28,914 DEBUG [qtp159475521-27] org.eclipse.jetty.http.HttpParser.setState(HttpParser.java:1907) - HEADER:x-scoutaccesstoken --> VALUE - MDC[]
2021-04-12 09:38:28,914 DEBUG [qtp159475521-27] org.eclipse.jetty.http.HttpParser.setState(HttpParser.java:1907) - HEADER:x-scoutaccesstoken --> IN_VALUE - MDC[]
2021-04-12 09:38:28,917 DEBUG [qtp159475521-27] org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1492) - parseNext s=HEADER HeapByteBuffer@4dcecfdf[p=0,l=2642,c=8192,r=2642]={<<<a446a304a4c49366d4e324c6f...\xCd\xB1\xEa\xAc\x83\xBc\x98\x84m\xFb\xDd\xE4\xBeXth\xD1\xFd\x17\xD7\xA7XX>>>4622d4971...614a774} - MDC[]
2021-04-12 09:38:28,918 WARN [qtp159475521-27] org.eclipse.jetty.http.HttpParser.parseFields(HttpParser.java:1126) - Header is too large 8193>8192 - MDC[]
2021-04-12 09:38:28,923 DEBUG [qtp159475521-27] org.eclipse.jetty.http.HttpParser.badMessage(HttpParser.java:1637) - Parse exception: HttpParser{s=HEADER,0 of -1} for HttpChannelOverHttp@58c643d7{s=HttpChannelState@5cf9dc17{s=IDLE rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=0,c=false/false,a=IDLE,uri=null,age=0} - MDC[]
org.eclipse.jetty.http.BadMessageException: 431: null
at org.eclipse.jetty.http.HttpParser.parseFields(HttpParser.java:1129)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:1517)
at org.eclipse.jetty.server.HttpConnection.parseRequestBuffer(HttpConnection.java:364)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:261)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:105)
at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.produce(EatWhatYouKill.java:135)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:773)
at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:905)
at java.base/java.lang.Thread.run(Thread.java:834)
2021-04-12 09:38:28,923 DEBUG [qtp159475521-27] org.eclipse.jetty.http.HttpParser.setState(HttpParser.java:1900) - HEADER --> CLOSE - MDC[]
Kind regards,
Mark Ashworth
|
|
| |
Goto Forum:
Current Time: Sat Dec 07 11:52:20 GMT 2024
Powered by FUDForum. Page generated in 0.03162 seconds
|