Hi everyone,
I am trying to set up a REST service that uses SPA and am struggling to get this working.
I have done the following so far:
When trying to access my REST service a prompt pops up asking for a user name and password, however I always received the error "Unauthorized".
Within my log for my OERealmAuth appserver I receive the following:
[14/10/29@15:20:37.839+0000] P-012052 T-011960 1 AS -- (Procedure: 'HybridRealm OpenEdge.Security.Realm.HybridRealm' Line:79) Loaded property file spaservice.properties
[14/10/29@15:20:37.839+0000] P-012052 T-011960 1 AS -- (Procedure: 'HybridRealm OpenEdge.Security.Realm.HybridRealm' Line:81) Password: oech1::20333c34252a2137
[14/10/29@15:20:37.839+0000] P-012052 T-011960 1 AS -- (Procedure: 'HybridRealm OpenEdge.Security.Realm.HybridRealm' Line:83) Role: SpaClient
[14/10/29@15:20:37.839+0000] P-012052 T-011960 1 AS -- (Procedure: 'HybridRealm OpenEdge.Security.Realm.HybridRealm' Line:85) DebugMsg: True
[14/10/29@15:20:37.839+0000] P-012052 T-011960 1 AS -- Unauthorized client
And within the adapter log file I receive the following:
2014-10-29 15:20:38,086 12040786 [http-bio-8980-exec-7] ERROR com.progress.rest.security.OERealmUserDetailsImpl loadUserByUsername - Username load error for newuser re: Realm o4gl run-time error: com.progress.open4gl.RunTime4GLErrorException: ERROR condition: Unauthorized client (7211)
2014-10-29 15:20:38,086 12040786 [http-bio-8980-exec-7] ERROR com.progress.rest.security.OERealmUserDetailsImpl loadUserByUsername - Username load error for newuser re: Realm o4gl run-time error: com.progress.open4gl.RunTime4GLErrorException: ERROR condition: Unauthorized client (7211)
Within the ValidateClient method it appears that SESSION:CURRENT-REQUEST-INFO:GetClientPrincipal() is returning a ?, which is causing the AppError of "Unauthorized client" to be thrown.
Does anyone have any ideas what it going wrong? or other log files I can check? or settings I can change to get more detailed of what is actually going wrong?
Many Thanks
I just pinged internal resources to assist you... I'm sure someone will get back to you shortly and if not then let me know.
From what is shown in the log fragments, the server's HybridRealm class is throwing an exception after failing to validate the REST adapter as an authenticated & authorized client that is allowed to access the HybridRealm class's methods. You can see this validation of the REST adapter's identity in the HybridRealm's ValidateClient() method.
The REST adapter as an authenticated client of the AppServer's HybridRealm class is enabled when the OERealmUserDetails bean's configuration includes a property="realmTokenFile" value="...".
Is this property defined in your appSecurity-basic-oerealm.xml configuration file?
When the property is defined, it points to the name of a file that contains a 'sealed' Client-Principal that is what the REST adapter uses when it connects to the AppServer and authenticate itself to the HybridRealm class for authentication. A default file named 'spadefault.cp' is provided with the sample. In it contains a sealed Client-Principal with the user-id "
The configuration seems to indicate that no Client-Principal is configured for the REST adapter, but the AppServer's HybridRealm code is probably throwing an error that indicates one was passed and could not be validated.
Can you edit the HypridRealm class's ValidateClient() method and add message statements to find out if:
1) A Client-Principal was passed to the AppServer?
2) If a Client-Principal was passed - was its 'seal' able to be validated?
3) If the Client-Principal's 'seal' was validated - did the Client-Principal's role list contain what was configured in the properties (SPACleint)?
The answers to the above is the first step to solving your problem.
Mike Jacobs
Hi Michael,
My apologies for taking so long to get back. With your help I have now managed to get this up and functioning.
The problem was realmTokenFile which was commented out, so something really simple in the end.
Many thanks for your help
Happy to help.