REST2 services on web module

lordradi · November 10, 2016, 10:05am

Hi all,
I need your help again, as now I’m stuck with getting REST services to work the web module (I’m developing a little module displayed in a frame with joint.js, and I need some interaction)
I’ve got stuck at the first step, at obtaining the oauth token[Getting an OAuth token] (Getting an OAuth Token - CUBA Platform. Developer’s Manual)
First I thought it was not enabled, as the documentation states, it’s not switched on by default for the web module, but the checkbox is gone from the mentioned screen (Project properties>Edit>Advanced) However I’ve found


    <context:component-scan base-package="com.haulmont.cuba.restapi"/>

in web-dispatcher-spring.xml, so I think it’s enabled. Then I’ve created cuba-rest-services.xml(see attached) file with one service in it for now, put it into the config, and added a username/password as well in web-app.properties:


cuba.restServicesConfig = +cuba-rest-services.xml
cuba.rest.client.id = internal
cuba.rest.client.secret = ListenDoYouWantToKnowASecret
cuba.restApi.enabled = true

Now I’m trying to obtain the OAuth Token by calling http://localhost:8080/app/rest/v2/oauth/token
from Postman with

Headers


Authorization:Basic Y2xpZW50OnNlY3JldA==
Content-Type:application/x-www-form-urlencoded

Body


grant_type=password&username=internal&password=ListenDoYouWantToKnowASecret

All I get back is just


{
  "error": "unauthorized",
  "error_description": "Bad credentials"
}

I don’t really know how could I debug this, on which class the request goes through, etc.
Please help what am I missing?
Thanks:
Gabor

cuba-rest-services.xml (226B)

web-security-spring.xml (675B)

Headers

body

web.xml (4.0K)

lordradi · November 16, 2016, 9:50am

Hi Brian,

I think if you change any of the properties files, changes will have effect only when you restart the app.
The main thing here is that you will need two set of passwords here in order to get the token one is set in cuba.rest.client.id and cuba.rest.client.password in your (web-)app.properties and the second is a live user what you put in the details. You’ll have to Base64 encode the first pair by joining them with a ‘:’ and then put it to the header int the key “Authorization”, prepended with "Basic "

Something like this should do:


String userName = 'someuser'
String password = 'somepassword'

String oauthUsername = AppContext.getProperty("cuba.rest.client.id")
String oauthPassword = AppContext.getProperty("cuba.rest.client.secret")

String basicAuthToken = Base64.getEncoder().encodeToString((oauthUsername + ':' + oauthPassword).getBytes()).toString()

def url = appUrl + "/rest/v2/oauth/token"

URL obj = new URL(url);
HttpURLConnection con = (HttpURLConnection) obj.openConnection()
con.setRequestMethod("POST")

//add request header
con.setRequestProperty("Authorization", "Basic " + basicAuthToken)
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded")

String urlParameters = "grant_type=password&username=" + userName + "&password=" + password

krivopustov · November 16, 2016, 2:27pm

Let me add my 2 cents.

The data-manipulation sample contains a working REST client with login method written in Java, see here.

gorbunkov · November 16, 2016, 6:13am

Hi Brian,
That is what I said in my answer - in the request body there must be credentials of the real user, e.g. admin/admin. cuba.rest.client.id and cuba.rest.client.password is used for basic authentication of the request.

gorbunkov · November 10, 2016, 11:00am

Hi,

In the Authorization header you must pass the the client id and secret, separated by a single colon (":") character, within a base64 encoded string. You changed the value for the cuba.rest.client.id and cuba.rest.client.secret values, but still use the Authorization header value for the default settings.

As for the body, you must pass not the cuba.rest.client.id and cuba.rest.client.secret values there, but login and password of some existing user.

lordradi · November 10, 2016, 11:14am

Hi Max,

that makes sense now, and it works
I think it would worth mentioning this in the documentation, as your key sentence, which resolves everything is REALLY missing from there… (Getting an OAuth Token - CUBA Platform. Developer’s Manual)
“In the Authorization header you must pass the the client id and secret, separated by a single colon (”:“) character, within a base64 encoded string.”

Cheers
Gabor

gorbunkov · November 10, 2016, 11:39am

Thanks for the hint. We’ll do that.

bdueck · November 15, 2016, 9:29pm

In addition to the above, I had to add grant_type, username and password to the x-www-form-urlencoded body as additional parameters. Strange thing was that for the username and password used here I had to use a standard cuba username/pwd (e.g. admin/admin) instead of the cuba.rest.client.id and cuba.rest.client.secret as the docs suggest.

lordradi · November 17, 2016, 9:10am

Nice one Konstantin!
I think what would be really good, to be able to capture the currently logged-in user’s credentials and use them instead of a hardcoded one. I have tried to capture them on the loginwindow, by overriding the login function, but because of the “remember me” feature I get only the hash token as password…