Re: Call /self API with invalid credentials

Fri, 15 Sep 2017 06:29:04 -0700 

On 15/09/2017 15:17, Adrian Gonzalez wrote:

Hello,

I'm using Syncope 2.0.5.
I'm calling /self REST API with invalid credentials (withcontent-type: application/json .) 
/self returns HTML code and not a JSON message body.

i.e.
```
curl -X GET \
  http://localhost:9080/syncope/rest/users/self \
  -H 'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'postman-token: 477ebc5a-6350-4ba5-a8a2-4d6ecea31712'
```

Returns an HTML error page i.e;
<!doctype html><html lang="en"><head><title>HTTP Status 401 – Unauthorized</title>...<b>Message</b> User bellini not authenticated</p><p><b>Description</b> The request has not been applied because it lacks valid authentication credentials for the target resource.</p><hr class="line" /><h3>Apache Tomcat/8.5.20</h3></body></html> 

Shouldn't it be valid json (since I requested json ?)

The pb is that when I use the syncope client REST API, I get:
2017-09-15 11:17:13.625 -ERROR [http-apr-9080-exec-6] org.apache.cxf.jaxrs.utils.JAXRSUtils    : No message body reader has been found for class java.util.List, ContentType: text/html;charset=utf-8 2017-09-15 11:17:13.626 -DEBUG [http-apr-9080-exec-6] o.a.s.c.lib.RestClientExceptionMapper    : Could not read org.apache.syncope.common.lib.to.ErrorTO list, attempting to read headers... javax.ws.rs.client.ResponseProcessingException: No message body reader has been found for class java.util.List, ContentType: text/html;charset=utf-8 at org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439) at org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390) at org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326) at org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314) at org.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98) at org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53) at org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42) at org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313) at org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876) at org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789) at org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235) 
at com.sun.proxy.$Proxy641.read(Unknown Source)
at org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132)
Should we modify the org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint ? (not super because we'd need to handle manually XML and JSON formatting) 

Hi Adrian,
your proposal makes sense but I remember (not well enough, unfortunately) that there were some related issues when attempting to change the AuthenticationEntryPoint due to some Spring Security internals. 

Anyway, your contribution is more than welcome, as usual!

Regards.

--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/

Reply via email to