Re: Call /self API with invalid credentials

Thu, 21 Sep 2017 21:38:21 -0700 

Hi Adrian,
sorry for late response.
Not sure if the (CXF's) RestServiceExceptionMapper takes place here: as fas as I've understood, in case of invalid credentials the request does not even come to CXF, and the error is completely managed by Spring Security. 


It seems also to me to remember that it is not obvious how to alter the 
Spring Security error handling without breaking the authentication chain 
- remember that Basic Authentication is used either as such (for all 
services) and to obtain a JWT instance which can be then used to access 
all services.



Anyway, if you find some time to work on this, I'd recommend a PR rather 
than a Java file attached via e-mail (it looks so 90ties..) :-)


Regards.

On 15/09/2017 17:08, Adrian Gonzalez wrote:

Hi Francesco,

I'll try something - not sure if next week or the one after.
In the meantime I've quickly developed this class (attached).

It really needs more polishing:

 - I'd like to do a bridge to RestServiceExceptionMapper so we have a 
central place for error handlig (but it's JAX-RS and I'm at servlet 
layer here).

 - I'd need to add types and codes in ClientExceptionType
 - I'd need to add the same customisation for syncopeAccessDeniedHandler

Thanks,
Adrian


Le vendredi 15 septembre 2017 à 15:28:56 UTC+2, Francesco Chicchiriccò 
<[email protected]> a écrit :



On 15/09/2017 15:17, Adrian Gonzalez wrote:

Hello,

I'm using Syncope 2.0.5.

I'm calling /self REST API with invalid credentials 
(withcontent-type: application/json .)

/self returns HTML code and not a JSON message body.

i.e.
```
curl -X GET \
http://localhost:9080/syncope/rest/users/self \
  -H 'authorization: Basic YmVsbGluaTpiZWxsaW5pNjY1' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/json' \
  -H 'postman-token: 477ebc5a-6350-4ba5-a8a2-4d6ecea31712'
```

Returns an HTML error page i.e;

<!doctype html><html lang="en"><head><title>HTTP Status 401 – 
Unauthorized</title>...<b>Message</b> User bellini not 
authenticated</p><p><b>Description</b> The request has not been 
applied because it lacks valid authentication credentials for the 
target resource.</p><hr class="line" /><h3>Apache 
Tomcat/8.5.20</h3></body></html>


Shouldn't it be valid json (since I requested json ?)

The pb is that when I use the syncope client REST API, I get:

2017-09-15 11:17:13.625 -ERROR [http-apr-9080-exec-6] 
org.apache.cxf.jaxrs.utils.JAXRSUtils    : No message body reader has 
been found for class java.util.List, ContentType: text/html;charset=utf-8
2017-09-15 11:17:13.626 -DEBUG [http-apr-9080-exec-6] 
o.a.s.c.lib.RestClientExceptionMapper    : Could not read 
org.apache.syncope.common.lib.to.ErrorTO list, attempting to read 
headers...
javax.ws.rs.client.ResponseProcessingException: No message body 
reader has been found for class java.util.List, ContentType: 
text/html;charset=utf-8
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.reportMessageHandlerProblem(ResponseImpl.java:439)
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.doReadEntity(ResponseImpl.java:390)
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:326)
at 
org.apache.cxf.jaxrs.impl.ResponseImpl.readEntity(ResponseImpl.java:314)
at 
org.apache.syncope.client.lib.RestClientExceptionMapper.checkSyncopeClientCompositeException(RestClientExceptionMapper.java:98)
at 
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:53)
at 
org.apache.syncope.client.lib.RestClientExceptionMapper.fromResponse(RestClientExceptionMapper.java:42)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.checkResponse(ClientProxyImpl.java:313)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.handleResponse(ClientProxyImpl.java:876)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.doChainedInvocation(ClientProxyImpl.java:789)
at 
org.apache.cxf.jaxrs.client.ClientProxyImpl.invoke(ClientProxyImpl.java:235)

at com.sun.proxy.$Proxy641.read(Unknown Source)

at 
org.apache.syncope.client.lib.SyncopeClient.self(SyncopeClient.java:132)



Should we modify 
the org.apache.syncope.core.spring.security.SyncopeBasicAuthenticationEntryPoint 
? (not super because we'd need to handle manually XML and JSON 
formatting)


Hi Adrian,

your proposal makes sense but I remember (not well enough, 
unfortunately) that there were some related issues when attempting to 
change the AuthenticationEntryPoint due to some Spring Security internals.


Anyway, your contribution is more than welcome, as usual!

Regards.


--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/























					Reply via email to