I have REST application with Spring OAuth2 authorization. I test it with FitNesse RestFixture test (I added token from curl response and last GET
operation works successfully):
| Table:smartrics.rest.fitnesse.fixture.RestFixture | http://10.76.243.103:8080 |
| GET | /<root>/version | | | 2.2.1 |
| setBody |grant_type=password&username=test&password=test123&scope=data+compute|
| setHeader |Authorization : Basic dGVzdDo4YmE5MjRjZS0wNThhLTQ3Y2YtOGQ4Mi02ZWY1N2Y4NzdiNmQ=|
| setHeader |Content-Type : application/x-www-form-urlencoded|
| POST | /<oauth-provider>/oauth/token | | | |
| setHeader |Authorization : Bearer fd947659-cf17-4ded-b2e8-698395c201df|
| GET | /<root>/schemas | | | |
And I failed to get access token on POST
operation with issue {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}
:
| POST | /<oauth-provider>/oauth/token | 401 | <responce> | {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} |
Where responce
is:
Server : Apache-Coyote/1.1
X-Content-Type-Options : nosniff
X-XSS-Protection : 1; mode=block
Cache-Control : no-cache, no-store, max-age=0, must-revalidate
Pragma : no-cache
Expires : 0
X-Frame-Options : DENY
Cache-Control : no-store
Pragma : no-cache
WWW-Authenticate : Bearer realm="oauth", error="unauthorized", error_description="Full authentication is required to access this resource"
Content-Type : application/json;charset=UTF-8
Transfer-Encoding : chunked
Date : Thu, 27 Nov 2014 11:17:56 GMT
If I perfrom same action with curl
utility I got access_token
successfully:
curl -X POST -v -u test:8ba924ce-058a-47cf-8d82-6ef57f877b6d --data 'username =test&password=test123&grant_type=password&scope=data+compute' 'http://10.76.24 3.103:8080/parseq/oauth/token' -k
* About to connect() to 10.76.243.103 port 8080 (#0)
* Trying 10.76.243.103...
* Adding handle: conn: 0x4c3388
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x4c3388) send_pipe: 1, recv_pipe: 0
* Connected to 10.76.243.103 (10.76.243.103) port 8080 (#0)
* Server auth using Basic with user 'test'
> POST /parseq/oauth/token HTTP/1.1
> Authorization: Basic dGVzdDo4YmE5MjRjZS0wNThhLTQ3Y2YtOGQ4Mi02ZWY1N2Y4NzdiNmQ=
> User-Agent: curl/7.30.0
> Host: 10.76.243.103:8080
> Accept: */*
> Content-Length: 69
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 69 out of 69 bytes
< HTTP/1.1 200 OK
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache < Expires: 0
< X-Frame-Options: DENY
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 27 Nov 2014 09:20:39 GMT
< {"access_token":"fd947659-cf17-4ded-b2e8-698395c201df","token_type":"bearer","re fresh_token":"564aa6ca-0afa-4519-a907-e7027053bb35","expires_in":40317,"scope":" compute data"}
* Connection #0 to host 10.76.243.103 left intact
Can anyone advice me how to debug or fix it?
Thanks In Advance!
I launched
tcpdump
to check what exactly I send from mycurl
request (as descibed in Use TCPDUMP to Monitor HTTP Traffic):I launched it on server machine.
I found that
curl
automatically addedContent-Type
header:Also I've checked what exactly I send from my FitNesse test:
And I found that
Authorization
header is missed in my request from FitNesse. It looks like sequential using ofsetHeader()
methods leads to overwriting of headers. So, I changed my FitNesse test to usesetHeaders()
method to setup some headers in one table row (as described in How can you set headers with dynamic value in the RestFixtureConfig rest fixture.default.headers):And now it works fine.