5 Replies Latest reply on Apr 27, 2015 12:55 AM by danutc

How to authenticate in the REST API calls?

badtea Aug 7, 2014 4:34 PM

I am using the REST API to try to start a process. (Chapter 17. Remote API) In particular, I am executing this POST:

/runtime/{deploymentId}/process/{processDefId}/start

I always get an error message that says I must authenticate:

HTTP/1.1 401 Unauthorized

<html><head><title>JBoss Web/7.0.13.Final - Error report</title><style></style> </head><body><h1>HTTP Status 401 - Validation fails.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Validation fails.</u></p><p><b>description</b> <u>This request requires HTTP authentication (Validation fails.).</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.0.13.Final</h3></body></html>

I tried adding authentication to the header, using the HttpRequester plugin to Firefox. I tried using several different credentials (krisv/krisv, admin/admin). I tried adding users to the application realm of JBoss and authenticating with those users. I tried Base64 encoding the authentication in the header. I tried writing a Java client that used the same credentials, and I got the same error.

I added DEBUG logging to JBoss and I found the exception in server.log:

16:21:32,313 INFO [org.jboss.resteasy.cdi.CdiInjectorFactory] (http--0.0.0.0-8080-1) Found BeanManager at java:comp/BeanManager

16:21:33,355 DEBUG [org.uberfire.security.server.UberFireSecurityFilter] (http--0.0.0.0-8080-1) Authentication failure. Sending HTTP 401 response.: org.uberfire.security.auth.AuthenticationException: Validation fails.

        at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:220) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

        at org.uberfire.security.server.UberFireSecurityFilter.authenticate(UberFireSecurityFilter.java:337) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

        at org.uberfire.security.server.UberFireSecurityFilter.doFilter(UberFireSecurityFilter.java:278) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397) [jbossweb-7.0.13.Final.jar:]

        at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]

        at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:416) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

        at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]

Caused by: java.lang.NullPointerException

        at org.uberfire.security.server.auth.JACCAuthenticationScheme.buildCredential(JACCAuthenticationScheme.java:23) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

        at org.uberfire.security.server.auth.HttpAuthenticationManager.authenticate(HttpAuthenticationManager.java:149) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

        at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:216) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

        ... 18 more

I noticed that there was a NullPointerException in uberfire, so I wondered if there was a problem in there.

Has anyone else had this problem? Is there a guide in the documentation about how to include authentication in the REST calls?

Thanks!

1. Re: How to authenticate in the REST API calls?

badtea Aug 8, 2014 1:22 PM (in response to badtea)

I was able to get the REST calls to work by disabling the authentication for them. However, I do not want to leave that disabled for production, so this is just a temporary workaround. I need to get authentication working eventually. Does anyone have advice?

In case anyone wants to know, I disabled the authentication on the REST calls by editing the WEB-INF/web.xml file inside the jbpm-console.war file. There is a list of "URL patterns" that require authentication to access. I commented out the "rest" URL pattern:

<filter-mapping>

    <filter-name>UberFire Security Filter</filter-name>

    

    <url-pattern>/maven2/*</url-pattern>

    ...

    ...

    ...

    <url-pattern>/stencilset/*</url-pattern>

</filter-mapping>
Actions
2. Re: Re: How to authenticate in the REST API calls?

badtea Aug 11, 2014 2:19 PM (in response to badtea)

I feel foolish now because the answer was so simple, but I got the authentication working for the REST API calls. When I had put the Authorization in the HTTP header, I was not including the "Basic" keyword. For example, my original header was:

Authorization: a3Jpc3Y6a3Jpc3Y=

When I added the Basic keyword, the authentication started working:

Authorization: Basic a3Jpc3Y6a3Jpc3Y=

I hope this helps someone else.
Actions
3. Re: How to authenticate in the REST API calls?

kvijai Nov 10, 2014 7:21 AM (in response to badtea)

My KIE-WB (JBPM 6.1.0.Final) is running on WildFly 8.1.0.Final. I am trying to embed the Task Form using REST (jbpm-forms-rest-integration.js) to remote server (TomEE/Tomcat 7).
But whatever authentication especially jQuery, I follows it always gives me Validation Fails (401) error Cross-origin resource sharing (CORS).

Could you please help me what sorts of changes I need to make on KIE-WB and remote server webapps?

Thanks
Actions
4. Re: How to authenticate in the REST API calls?

badtea Nov 10, 2014 7:55 AM (in response to kvijai)

I think the problem is because you are trying to share data between two different web servers. I'm not very familiar with it, but there is a vulnerability called Cross-site scripting related to sharing data between web servers. I think your application is trying to prevent the vulnerability, and that's why you are getting the error. I don't know how to fix it. See wikipedia for more information:

http://en.wikipedia.org/wiki/Cross-site_scripting
http://en.wikipedia.org/wiki/Cross-origin_resource_sharing
Actions
5. Re: How to authenticate in the REST API calls?

danutc Apr 27, 2015 12:55 AM (in response to kvijai)

Hi Vijai

Did you find a solution for loading jBPM forms across domains?

Regards
Dan
Actions

Go to original post