I have REST application with Spring OAuth2 authorization. I test it with FitNesse RestFixture test (I added token from curl response and last GET operation works successfully):
| Table:smartrics.rest.fitnesse.fixture.RestFixture | http://10.76.243.103:8080 |
| GET | /<root>/version | | | 2.2.1 |
| setBody |grant_type=password&username=test&password=test123&scope=data+compute|
| setHeader |Authorization : Basic dGVzdDo4YmE5MjRjZS0wNThhLTQ3Y2YtOGQ4Mi02ZWY1N2Y4NzdiNmQ=|
| setHeader |Content-Type : application/x-www-form-urlencoded|
| POST | /<oauth-provider>/oauth/token | | | |
| setHeader |Authorization : Bearer fd947659-cf17-4ded-b2e8-698395c201df|
| GET | /<root>/schemas | | | |
And I failed to get access token on POST operation with issue {"error":"unauthorized","error_description":"Full authentication is required to access this resource"}:
| POST | /<oauth-provider>/oauth/token | 401 | <responce> | {"error":"unauthorized","error_description":"Full authentication is required to access this resource"} |
Where responce is:
Server : Apache-Coyote/1.1
X-Content-Type-Options : nosniff
X-XSS-Protection : 1; mode=block
Cache-Control : no-cache, no-store, max-age=0, must-revalidate
Pragma : no-cache
Expires : 0
X-Frame-Options : DENY
Cache-Control : no-store
Pragma : no-cache
WWW-Authenticate : Bearer realm="oauth", error="unauthorized", error_description="Full authentication is required to access this resource"
Content-Type : application/json;charset=UTF-8
Transfer-Encoding : chunked
Date : Thu, 27 Nov 2014 11:17:56 GMT
If I perfrom same action with curl utility I got access_token successfully:
curl -X POST -v -u test:8ba924ce-058a-47cf-8d82-6ef57f877b6d --data 'username =test&password=test123&grant_type=password&scope=data+compute' 'http://10.76.24 3.103:8080/parseq/oauth/token' -k
* About to connect() to 10.76.243.103 port 8080 (#0)
* Trying 10.76.243.103...
* Adding handle: conn: 0x4c3388
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x4c3388) send_pipe: 1, recv_pipe: 0
* Connected to 10.76.243.103 (10.76.243.103) port 8080 (#0)
* Server auth using Basic with user 'test'
> POST /parseq/oauth/token HTTP/1.1
> Authorization: Basic dGVzdDo4YmE5MjRjZS0wNThhLTQ3Y2YtOGQ4Mi02ZWY1N2Y4NzdiNmQ=
> User-Agent: curl/7.30.0
> Host: 10.76.243.103:8080
> Accept: */*
> Content-Length: 69
> Content-Type: application/x-www-form-urlencoded
>
* upload completely sent off: 69 out of 69 bytes
< HTTP/1.1 200 OK
* Server Apache-Coyote/1.1 is not blacklisted
< Server: Apache-Coyote/1.1
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache < Expires: 0
< X-Frame-Options: DENY
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
< Date: Thu, 27 Nov 2014 09:20:39 GMT
< {"access_token":"fd947659-cf17-4ded-b2e8-698395c201df","token_type":"bearer","re fresh_token":"564aa6ca-0afa-4519-a907-e7027053bb35","expires_in":40317,"scope":" compute data"}
* Connection #0 to host 10.76.243.103 left intact
Can anyone advice me how to debug or fix it?
Thanks In Advance!
I launched
tcpdumpto check what exactly I send from mycurlrequest (as descibed in Use TCPDUMP to Monitor HTTP Traffic):I launched it on server machine.
I found that
curlautomatically addedContent-Typeheader:Also I've checked what exactly I send from my FitNesse test:
And I found that
Authorizationheader is missed in my request from FitNesse. It looks like sequential using ofsetHeader()methods leads to overwriting of headers. So, I changed my FitNesse test to usesetHeaders()method to setup some headers in one table row (as described in How can you set headers with dynamic value in the RestFixtureConfig rest fixture.default.headers):And now it works fine.