Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Eclipse Scout » REST authentication(With authentication enabled, REST's end point return Error)
REST authentication [message #1834623] Fri, 13 November 2020 16:47 Go to next message
Seydou Zakou is currently offline Seydou ZakouFriend
Messages: 44
Registered: May 2020
Member
Hello Everybody,

We are making REST api for our scout application, but have problem accessing service with protected method.

When we access simple end point that does not make use of backend (server), everything work.
Query:
curl -X GET -H "Accept:application/json" -H "Content-Type:application/json" http://localhost:8082/api/example/szakou

Response
{"name":"szakou","values":[1,2,3,4,5],"empty":false}

But when we make call to backend, where there is ACCESS check, we got 404 error such as:
Query:
curl -X GET -H "Accept:application/json" -H "Content-Type:application/json" http://localhost:8082/api/user/1eb20214-094e-6019-b212-790cc1808ee7

Response:
{"error":{"message":"An internal server error has occured.","errorCode":null,"httpStatus":500,"correlationId":null,"title":null,"errorCodeAsInt":0,"empty":false},"empty":false}

With the following error in UI Log:
org.eclipse.scout.rt.platform.util.Assertions$AssertionException: Assertion error: Transaction required
	at org.eclipse.scout.rt.platform.util.Assertions.fail(Assertions.java:621)
	at org.eclipse.scout.rt.platform.util.Assertions.assertNotNull(Assertions.java:87)
	at org.eclipse.scout.rt.server.jdbc.AbstractSqlService.getTransaction(AbstractSqlService.java:578)
	at org.eclipse.scout.rt.server.jdbc.AbstractSqlService.select(AbstractSqlService.java:611)
	at org.eclipse.scout.rt.server.jdbc.SQL.select(SQL.java:96)
	at com.groupesepro.bp.core.server.security.UserService.isGroupMember(UserService.java:221)
	at com.groupesepro.bp.core.server.security.ServerAccessControlService.execLoadPermissions(ServerAccessControlService.java:41)
	at com.groupesepro.bp.core.shared.security.AccessControlService.execLoadPermissions(AccessControlService.java:1)
	at org.eclipse.scout.rt.platform.cache.BasicCache.get(BasicCache.java:79)
	at org.eclipse.scout.rt.platform.cache.AbstractCacheWrapper.get(AbstractCacheWrapper.java:44)
	at org.eclipse.scout.rt.platform.cache.AbstractCacheWrapper.get(AbstractCacheWrapper.java:44)
	at org.eclipse.scout.rt.security.AbstractAccessControlService.getPermissions(AbstractAccessControlService.java:177)
	at org.eclipse.scout.rt.security.AccessSupport.check(AccessSupport.java:25)
	at org.eclipse.scout.rt.security.ACCESS.check(ACCESS.java:38)
	at com.groupesepro.bp.core.server.security.UserService.load(UserService.java:69)
	at com.groupesepro.bp.core.client.api.UserResource.getExamlpeEntity(UserResource.java:34)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167)
	at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$TypeOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:219)
	at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:469)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:391)
	at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:80)
	at org.glassfish.jersey.server.ServerRuntime$1.run(ServerRuntime.java:253)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
	at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:265)
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:232)
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:680)
	at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:394)
	at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:346)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:366)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:319)
	at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:205)
	at org.eclipse.jetty.servlet.ServletHolder$NotAsyncServlet.service(ServletHolder.java:1411)
	at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:763)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1631)
	at org.eclipse.scout.rt.server.commons.servlet.filter.gzip.GzipServletFilter.doFilter(GzipServletFilter.java:84)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1618)
	at org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper.lambda$0(ServletFilterHelper.java:204)
	at java.base/java.security.AccessController.doPrivileged(Native Method)
	at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
	at org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper.continueChainAsSubject(ServletFilterHelper.java:200)
	at org.eclipse.scout.rt.server.commons.authentication.AnonymousAccessController.handle(AnonymousAccessController.java:61)
	at org.eclipse.scout.rt.server.commons.authentication.DevelopmentAccessController.handle(DevelopmentAccessController.java:68)
	at com.groupesepro.bp.ui.html.UiServletFilter.doFilter(UiServletFilter.java:58)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1610)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:549)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:602)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:235)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1610)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:233)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1369)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:188)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:489)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1580)
	at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1284)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:127)
	at org.eclipse.jetty.server.Server.handle(Server.java:501)
	at org.eclipse.jetty.server.HttpChannel.lambda$handle$1(HttpChannel.java:383)
	at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:556)
	at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:375)
	at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:272)
	at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:311)
	at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103)
	at org.eclipse.jetty.io.ChannelEndPoint$1.run(ChannelEndPoint.java:104)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:336)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:313)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:171)
	at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:129)
	at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:375)
	at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:806)
	at org.eclipse.jetty.util.thread.QueuedThreadPool$Runner.run(QueuedThreadPool.java:938)
	at java.base/java.lang.Thread.run(Thread.java:834)


I understant that, our query did send authentication information about who is doing the request, but we don't know how to initiate the login process with REST and how to send the authentication infos with subsequent request. We have tried with the -u login:password with CURL , but as we expected it didn't work.

Does anyone has an idea how ?

[Updated on: Fri, 13 November 2020 16:48]

Report message to a moderator

Re: REST authentication [message #1834690 is a reply to message #1834623] Mon, 16 November 2020 06:52 Go to previous messageGo to next message
Matthias OtterbachFriend
Messages: 58
Registered: August 2015
Location: Munich
Member
Is it really the UI log or is is the log of the backend server? As the log contains stack traces from server packages I would expect it to be the server log (or the exception is actually thrown on the server and just printed on the UI server).

However you seem to be missing a transaction, to quickly add a transaction you could try adding the following code to your UserResource.getExamlpeEntity method (see javadoc of the ServerRunContexts.empty method, it should add a transaction):

ServerRunContexts.empty().call(() -> {
  // you actual method code
});


For a better solution you should add the following block to your web.xml:

  <filter>
    <filter-name>ServerRunContextFilter</filter-name>
    <filter-class>org.eclipse.scout.rt.server.context.ServerRunContextFilter</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>ServerRunContextFilter</filter-name>
    <url-pattern>/api/*</url-pattern>
  </filter-mapping>


This should add a ServerRunContext to every call of the /api/* URL.
Re: REST authentication [message #1834749 is a reply to message #1834690] Tue, 17 November 2020 10:58 Go to previous message
Seydou Zakou is currently offline Seydou ZakouFriend
Messages: 44
Registered: May 2020
Member
Thanks Matthias for your response.

All work as expected now, but I'am using
RunContexts.empty().call ...
, instead of
ServerRunContexts
.

Can I use
RunContexts.empty().withSubject(...).call ...
to provide a user principal to the request and let the backend check access permission ?

Through the documentation Scout provide some way to protect JAX WS using BASIC, WsseUsernameToken and Message Level WS-Security authentication. How can REST endpoint being protected is similar way ?
Previous Topic:Zyklisches Update HTML Tile
Next Topic:Error after deploy on Tomcat
Goto Forum:
  


Current Time: Tue Dec 03 10:58:35 GMT 2024

Powered by FUDForum. Page generated in 0.03923 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top