5 Replies Latest reply on Apr 27, 2015 12:55 AM by Dan Cimpoesu

    How to authenticate in the REST API calls?

    Travis Zimmerman Newbie

      I am using the REST API to try to start a process.  (Chapter 17. Remote API)  In particular, I am executing this POST:

      /runtime/{deploymentId}/process/{processDefId}/start

       

      I always get an error message that says I must authenticate:

       

      HTTP/1.1 401 Unauthorized

       

      <html><head><title>JBoss Web/7.0.13.Final - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Validation fails.</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Validation fails.</u></p><p><b>description</b> <u>This request requires HTTP authentication (Validation fails.).</u></p><HR size="1" noshade="noshade"><h3>JBoss Web/7.0.13.Final</h3></body></html>

       

      I tried adding authentication to the header, using the HttpRequester plugin to Firefox.  I tried using several different credentials (krisv/krisv, admin/admin).  I tried adding users to the application realm of JBoss and authenticating with those users.  I tried Base64 encoding the authentication in the header.  I tried writing a Java client that used the same credentials, and I got the same error.

       

      I added DEBUG logging to JBoss and I found the exception in server.log:

       

      16:21:32,313 INFO  [org.jboss.resteasy.cdi.CdiInjectorFactory] (http--0.0.0.0-8080-1) Found BeanManager at java:comp/BeanManager

      16:21:33,355 DEBUG [org.uberfire.security.server.UberFireSecurityFilter] (http--0.0.0.0-8080-1) Authentication failure. Sending HTTP 401 response.: org.uberfire.security.auth.AuthenticationException: Validation fails.

              at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:220) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

              at org.uberfire.security.server.UberFireSecurityFilter.authenticate(UberFireSecurityFilter.java:337) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

              at org.uberfire.security.server.UberFireSecurityFilter.doFilter(UberFireSecurityFilter.java:278) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397) [jbossweb-7.0.13.Final.jar:]

              at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]

              at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]

              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:416) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]

              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]

              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]

              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]

              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]

              at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_60]

      Caused by: java.lang.NullPointerException

              at org.uberfire.security.server.auth.JACCAuthenticationScheme.buildCredential(JACCAuthenticationScheme.java:23) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

              at org.uberfire.security.server.auth.HttpAuthenticationManager.authenticate(HttpAuthenticationManager.java:149) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

              at org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityManagerImpl.java:216) [uberfire-security-server-0.4.0.CR1.jar:0.4.0.CR1]

              ... 18 more

       

      I noticed that there was a NullPointerException in uberfire, so I wondered if there was a problem in there.

       

      Has anyone else had this problem?  Is there a guide in the documentation about how to include authentication in the REST calls?

       

      Thanks!