Hi
The client must provide the valid credentials to AccessTokenService.
If the client wants to exchange a grant for a token then the client
needs to authenticate.
If the resource server needs to validate a token it receives from the
client - then it is is the resource server which needs to authenticate
with AccessTokenValidatorService (and/or in later CXFs -
TokenIntrospectionService). IN CXF 3.1.6 a new property,
'blockUnauthorizedRequests' can be set to false which would allow a
resource server talk to the validation service without the resource
server having to authenticate
Sergey
On 02/08/16 07:24, chandra shekhar wrote:
Hi Sergey,
I always get 401 Unauthorized error, I have tried multiple combinations. All
fails at:
if (getMessageContext().getSecurityContext().getUserPrincipal() == null)
{
AuthorizationUtils.throwAuthorizationFailure(supportedSchemes,
realm);
}
[cpandey@cpandey bin]$ curl -i -H "Authorization: Bearer
9bb34a4d98ad0b762aaadb8c07cbc97" http://0.0.0.0:8080/oauth/validate -H
"Content-Type:application/x-www-form-urlencoded" -X POST
HTTP/1.1 401 Unauthorized
Content-Length: 0
Date: Tue, 02 Aug 2016 04:22:00 GMT
Server: Jetty(8.1.17.v20150415)
Logs:
WebApplicationExceptionMapper | 103 -
org.apache.cxf.cxf-rt-frontend-jaxrs - 3.0.4.redhat-621084 |
javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorizedn | at
org.apache.cxf.jaxrs.utils.SpecExceptions.toNotAuthorizedException(SpecExceptions.java:94)n
| at
org.apache.cxf.jaxrs.utils.ExceptionUtils.toNotAuthorizedException(ExceptionUtils.java:134)n
| at
org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils.throwAuthorizationFailure(AuthorizationUtils.java:111)n
| at
org.apache.cxf.rs.security.oauth2.services.AccessTokenValidatorService.getTokenValidationInfo(AccessTokenValidatorService.java:40)
Please suggest.
--
View this message in context:
http://cxf.547215.n5.nabble.com/OAuth2-Implementation-tp5746401p5770932.html
Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
