I am trying to hit the alfresco rest api using my standalone rest code. i get the login ticket when i use the below url -
"http://host:port/alfresco/service/api/login?u=admin&pw=admin"
and i got the ticket but how do i use this ticket for further communication with alfresco without facing this authentication problem.
below is the code i am using for communicating with the alfresco rest client.
HttpGet getReq = new HttpGet(url);
getReq.addHeader("accept", "application/json");
StringEntity input = new StringEntity(args);
HttpResponse response = client.execute(getReq);
Kind Regards
Garvit Jain
Append the alf_ticket argument to your URL and pass in the ticket you retrieved from the /api/login call. See http://wiki.alfresco.com/wiki/Web_Scripts#Authenticating
Related
Lets say we have SPA written in Angular 2 and have REST API using Spring Boot.
Both of them deployed in different servers. And now I have to protect this API via Facebook's OAuth2, but I don't know which grant type suits to my problem.
I don't want to be an auth server, I don't want facebook to be my resource server, instead my own REST API is supposed to be a resource server.
From FB I just want username or email or some identifier.
If I understood correctly I have to use implicit grant flow, because it's not a web application, correct me please, if I'm wrong.
Does "authorization code" grant also could be a choice ?
I really read almost all the threads related to oauth, spring security..
But I didn't find any info related to exactly SPA and REST API for separate servers.
Any link/resource related to above problem is appreciated.
Thanks in advance and sorry if I did something wrong, it's my very first post here.
You need to implement Implicit Grant flow https://oauth2.thephpleague.com/authorization-server/implicit-grant/
you need HTTPS for safety.
example:
OAuth Server: https://myoauthserver.com
restapi: https://myrestapi.com
client: https://myclient.com
send a get request to oauthserver "authorize" url with params
response_type = token (sometimes 'code')
redirect_uri = myclient.com or myclient.com/something (the one u assign while making an oauth client )
client id = dfuvhiurehvher (whatever id)
some providers require additional parameters like "scope".
when you send a request if everything works. you will be redirected to your client with the token in the url.
your request:
GET: https://myoauthserver.com/oauth/authorize?response_type=token&redirect_uri=https://myclient.com&client_id=yourClientIdHere
if successful you'll be redirected to
https://myclient.com?token=yourTokenValueIsHere
you can now use javascript to retrieve and store token value maybe to localStorage and attach it when sending requests to restapi (https://myrestapi.com)
heres an example request from auth0.com
$.ajax({
cache: false,
url: "http://localhost:7001/api/appointments",
headers: { "Authorization": "Bearer " + ATTACH_YOUR_TOKEN_VALUE_HERE }
});
for more details check this
https://auth0.com/docs/api-auth/tutorials/implicit-grant
I tried to send a HttpRest Call using NTLM Autentication in Java. I tried using the org.apache.http library. it was not a big problem to use the HttpClient to send a Post Request with anonymos authentication.
But i have some troubles with WindowsAuthentication. I even tried to use CredentialProvider with my own Windows credentials (as a compromise, i dont like that either) but i didn’t succeed.
Is there an easy way using NTLM Authentication sending post requests from Java code?
Is there another lib which fits better form my needs?
I still have no idea why the doku from https://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html about NTLM Authentication didn’t have worked for me.
I finally solved my problem doing it similar to the documentation for basic authentication as described on http://www.baeldung.com/httpclient-post-http-request
it now looks like this:
...
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(AuthScope.ANY,
new NTCredentials("username", "passwd", hostname, "domain.at"));
HttpClient client = HttpClientBuilder.create().setDefaultCredentialsProvider(credsProvider).build();
HttpPost post = new HttpPost("http://www.example.com"));
StringEntity input = new StringEntity(bodyAsString, HTTP.UTF_8);
input.setContentType("application/json");
input.setContentEncoding("UTF-8");
post.setEntity(input);
post.setHeader("Accept", "application/json");
post.setHeader("Content-type", "application/json");
HttpResponse response = client.execute(post);
...
I am trying to access a REST web service using HTTP GET request.
For a example following URI provides Rest web service that return all the available parts for the given category.
http://localhost:8080/mycompany/parts/category
I want to authenticate/authorize users who are accessing above REST request in each time and I want to pass User authentication details (User Name and Token) with the HTTP Get Request.
Is there a possibility to cater to the above requirement in REST HTTP GET request (using HTTP header or query parameters)?
or
Is it better to use HTTP POST instead of HTTP GET?
Since you are getting information, you should use "Get". Here's the code that I use (it is Restlet based) for adding the oauth_token to the request...
import org.restlet.data.Reference;
import org.restlet.ext.oauth.OAuthUser;
import org.restlet.representation.Representation;
import org.restlet.resource.ClientResource;
Reference commitsRef = new Reference(Consts.RESOURCE_BASE + "commitments/");
OAuthUser u = (OAuthUser) request.getClientInfo().getUser();
String token = u.getAccessToken();
ref.addQueryParameter("oauth_token", token);
ClientResource commitsResource = new ClientResource(getContext(), commitsRef);
Representation commitsRep = commitsResource.get();
As mentioned, this is Restlet based, but there is probably something similar in the framework you are using. (And if you are not using a framework, Restlet can make this easier).
if you are using restlet than good because restlet have rich api for rest framework
but without this if you want to authenticate than
you can do same thing with GET or POST
but send your credential data trough cookie
and read same cookie using #CookieParam from server side
in this way you can easily authenticate user.
How can I had soap AUTH BASIC auth to a WSDL, so who ever reads the WSDL knows I require that operation for a specific method ?
Using the example bellow I have managed to pass the SOAP basic autentication to the php webservice on the other end.
The PHP.net/Soapclient has a simple working example, but in csharp I found this link to be a solution to my problem.
link
Michaelis.MockService is the Webservice library extracted you may see an example on how to do this in:
link Mono project website.
Michaelis.MockService service = new Michaelis.MockService();
// Create the network credentials and assign
// them to the service credentials
NetworkCredential netCredential = new NetworkCredential(“Inigo.Montoya”, “Ykmfptd”);
Uri uri = new Uri(service.Url);
ICredentials credentials = netCredential.GetCredential(uri, “Basic”);
service.Credentials = credentials;
// Be sure to set PreAuthenticate to true or else
// authentication will not be sent.
service.PreAuthenticate = true;
// Make the web service call.
service.Method();
There is no way to specify this, as far as I know.
I am using restlet 1.0, and i am trying to post a new entry into my Mysql database. I am not using any HTML form, i want to do all operation on MY rest client. The problem i am facing is,
I want to post a new customer entry into mysql database,
I am not using any HTML form,
I am trying to achieve and create XML in Rest Client, and trying to send XML.
My REST url for post method is
http://localhost:8182/api/service/customers/
How to append the new customer information and how to get XML.
Please help.
Thanks
Karunjay Anand
If you rest client is a java based client, you can use the URLConnection (HTTPUrlConnection) to post data to the server.
URL url = new URL("http://localhost:8182/api/service/customers/");
URLConnection conn = url.openConnection();
conn.setDoOutput(true);
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(xml); // write your xml
wr.flush();
wr.close();
Alternatively you can also use the HTTPClient library to do posts.