Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Eclipse Scout » REST authentication(With authentication enabled, REST's end point return Error)
REST authentication [message #1834623] Fri, 13 November 2020 11:47 Go to next message
Eclipse UserFriend
Hello Everybody,

We are making REST api for our scout application, but have problem accessing service with protected method.

When we access simple end point that does not make use of backend (server), everything work.
Query:
curl -X GET -H "Accept:application/json" -H "Content-Type:application/json" http://localhost:8082/api/example/szakou

Response
{"name":"szakou","values":[1,2,3,4,5],"empty":false}

But when we make call to backend, where there is ACCESS check, we got 404 error such as:
Query:
curl -X GET -H "Accept:application/json" -H "Content-Type:application/json" http://localhost:8082/api/user/1eb20214-094e-6019-b212-790cc1808ee7

Response:
{"error":{"message":"An internal server error has occured.","errorCode":null,"httpStatus":500,"correlationId":null,"title":null,"errorCodeAsInt":0,"empty":false},"empty":false}

With the following error in UI Log:
org.eclipse.scout.rt.platform.util.Assertions$AssertionException: Assertion error: Transaction required
	at org.eclipse.scout.rt.platform.util.Assertions.fail(Assertions.java:621)
	at org.eclipse.scout.rt.platform.util.Assertions.assertNotNull(Assertions.java:87)
	at org.eclipse.scout.rt.server.jdbc.AbstractSqlService.getTransaction(AbstractSqlService.java:578)
	at org.eclipse.scout.rt.server.jdbc.AbstractSqlService.select(AbstractSqlService.java:611)
	at org.eclipse.scout.rt.server.jdbc.SQL.select(SQL.java:96)
	at com.groupesepro.bp.core.server.security.UserService.isGroupMember(UserService.java:221)
	at com.groupesepro.bp.core.server.security.ServerAccessControlService.execLoadPermissions(ServerAccessControlService.java:41)
	at com.groupesepro.bp.core.shared.security.AccessControlService.execLoadPermissions(AccessControlService.java:1)
	at org.eclipse.scout.rt.platform.cache.BasicCache.get(BasicCache.java:79)
	at org.eclipse.scout.rt.platform.cache.AbstractCacheWrapper.get(AbstractCacheWrapper.java:44)
	at org.eclipse.scout.rt.platform.cache.AbstractCacheWrapper.get(AbstractCacheWrapper.java:44)
	at org.eclipse.scout.rt.security.AbstractAccessControlService.getPermissions(AbstractAccessControlService.java:177)
	at org.eclipse.scout.rt.security.AccessSupport.check(AccessSupport.java:25)
	at org.eclipse.scout.rt.security.ACCESS.check(ACCESS.java:38)
	at com.groupesepro.bp.core.server.security.UserService.load(UserService.java:69)
	at com.groupesepro.bp.core.client.api.UserResource.getExamlpeEntity(UserResource.java:34)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
	at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
	at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
	at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1411)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1631)
	at org.eclipse.scout.rt.server.commons.servlet.filter.gzip.GzipServletFilter.doFilter(GzipServletFilter.java:84)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
	at org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper.lambda$0(ServletFilterHelper.java:204)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
	at org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper.continueChainAsSubject(ServletFilterHelper.java:200)
	at org.eclipse.scout.rt.server.commons.authentication.AnonymousAccessController.handle(AnonymousAccessController.java:61)
	at org.eclipse.scout.rt.server.commons.authentication.DevelopmentAccessController.handle(DevelopmentAccessController.java:68)
	at com.groupesepro.bp.ui.html.UiServletFilter.doFilter(UiServletFilter.java:58)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:549)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1369)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:489)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1284)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:501)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:272)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
	at java.base/java.lang.Thread.run(Thread.java:834)


I understant that, our query did send authentication information about who is doing the request, but we don't know how to initiate the login process with REST and how to send the authentication infos with subsequent request. We have tried with the -u login:password with CURL , but as we expected it didn't work.

Does anyone has an idea how ?

[Updated on: Fri, 13 November 2020 11:48] by Moderator

Re: REST authentication [message #1834690 is a reply to message #1834623] Mon, 16 November 2020 01:52 Go to previous messageGo to next message
Eclipse UserFriend
Is it really the UI log or is is the log of the backend server? As the log contains stack traces from server packages I would expect it to be the server log (or the exception is actually thrown on the server and just printed on the UI server).

However you seem to be missing a transaction, to quickly add a transaction you could try adding the following code to your UserResource.getExamlpeEntity method (see javadoc of the ServerRunContexts.empty method, it should add a transaction):

ServerRunContexts.empty().call(() -> {
  // you actual method code
});


For a better solution you should add the following block to your web.xml:

  <filter>
    <filter-name>ServerRunContextFilter</filter-name>
    <filter-class>org.eclipse.scout.rt.server.context.ServerRunContextFilter</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>ServerRunContextFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
  </filter-mapping>


This should add a ServerRunContext to every call of the /api/* URL.
Re: REST authentication [message #1834749 is a reply to message #1834690] Tue, 17 November 2020 05:58 Go to previous message
Eclipse UserFriend
Thanks Matthias for your response.

All work as expected now, but I'am using 
RunContexts.empty().call ...
, instead of 
ServerRunContexts
.

Can I use 
RunContexts.empty().withSubject(...).call ...
to provide a user principal to the request and let the backend check access permission ?

Through the documentation Scout provide some way to protect JAX WS using BASIC, WsseUsernameToken and Message Level WS-Security authentication. How can REST endpoint being protected is similar way ?
Previous Topic:Zyklisches Update HTML Tile
Next Topic:Error after deploy on Tomcat
Goto Forum:
  


Current Time: Fri Nov 07 13:52:58 EST 2025

Powered by FUDForum. Page generated in 0.03719 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly