I 'd like invoking the token at APIM 1.10 using ajax.
I tryed this:
$(function() {
$.ajax({
url:'https://localhost:9443/token',
type: 'POST',
dataType: 'json',
contentType: 'application/json',
data:{
'grant_type':'client_credentials'
},
headers:{
'Authorization': 'Basic Q3dLYmJybWhDUnJpMVJlMDIycWp0UGtxWUlrYTpjYzZQMkVFOEVJRDNqSWRSN2ZnRUoyUDU2ajRh',
},
success:function(e){
$('#token').html(e);
}
});
});
But didn't receved nothing.
Just a empty option request.
API Manager show this:
[2016-03-30 14:48:40,340] DEBUG - headers http-incoming-1 >> OPTIONS /token HTTP/1.0
[2016-03-30 14:48:40,340] DEBUG - headers http-incoming-1 >> X-Forwarded-Host: <My host>
[2016-03-30 14:48:40,340] DEBUG - headers http-incoming-1 >> X-Forwarded-Server: <My Host>
[2016-03-30 14:48:40,340] DEBUG - headers http-incoming-1 >> X-Forwarded-For: <My IP>
[2016-03-30 14:48:40,340] DEBUG - headers http-incoming-1 >> Host: <My Host>
[2016-03-30 14:48:40,340] DEBUG - headers http-incoming-1 >> Connection: close
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:41.0) Gecko/20100101 Firefox/41.0
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Accept-Encoding: gzip, deflate
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Origin: null
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Access-Control-Request-Method: POST
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Access-Control-Request-Headers: authorization,content-type
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Pragma: no-cache
[2016-03-30 14:48:40,341] DEBUG - headers http-incoming-1 >> Cache-Control: no-cache
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << HTTP/1.0 200 OK
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << Access-Control-Request-Headers: authorization,content-type
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << Host: <My Host>
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << X-Forwarded-Server: <My Host>
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << Origin: null
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << Access-Control-Request-Method: POST
[2016-03-30 14:48:40,386] DEBUG - headers http-incoming-1 << Cache-Control: no-cache
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Pragma: no-cache
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << X-Forwarded-Host: <My Host>
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Allow: POST
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Accept-Encoding: gzip, deflate
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << X-Forwarded-For: <my ip>
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Date: Wed, 30 Mar 2016 17:48:40 GMT
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Server: WSO2-PassThrough-HTTP
[2016-03-30 14:48:40,387] DEBUG - headers http-incoming-1 << Connection: Close
[2016-03-30 14:48:40,389] DEBUG - wire << "HTTP/1.0 200 OK[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Access-Control-Request-Headers: authorization,content-type[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Host: <my host name>[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "X-Forwarded-Server: <my host>[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Origin: null[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Access-Control-Request-Method: POST[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Cache-Control: no-cache[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Pragma: no-cache[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "X-Forwarded-Host: <My Host NAME>[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Allow: POST[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "Accept-Encoding: gzip, deflate[\r][\n]"
[2016-03-30 14:48:40,390] DEBUG - wire << "X-Forwarded-For: <My computer IP>[\r][\n]"
[2016-03-30 14:48:40,391] DEBUG - wire << "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8[\r][\n]"
[2016-03-30 14:48:40,391] DEBUG - wire << "Date: Wed, 30 Mar 2016 17:48:40 GMT[\r][\n]"
[2016-03-30 14:48:40,391] DEBUG - wire << "Server: WSO2-PassThrough-HTTP[\r][\n]"
[2016-03-30 14:48:40,391] DEBUG - wire << "Connection: Close[\r][\n]"
[2016-03-30 14:48:40,391] DEBUG - wire << "[\r][\n]"
Does somebody know how can I do this?
Thanks,
Eliezer Trajano
Here the problem is content type.The content type should be application/x-www-form-urlencoded according to documentation and you need to remove the json data type as well.With above changes the ajax code should be as follows
$(function() {
$.ajax({
url:'https://localhost:9443/oauth2/token',
type: 'POST',
contentType: 'application/x-www-form-urlencoded',
data:{
'grant_type':'client_credentials'
},
headers:{
'Authorization': 'Basic Q3dLYmJybWhDUnJpMVJlMDIycWp0UGtxWUlrYTpjYzZQMkVFOEVJRDNqSWRSN2ZnRUoyUDU2ajRh',
},
success:function(e){
$('#token').html(e);
}
});
});
Related
I'm using Django Rest Framework and Vue.js to build a basic web app, and am currently working on the auth. Using axios to send a post request while registering a new user returns 401 in Chrome for some reason, but works in other browsers (Edge) and returns a 201 Created.
The error in chrome is "detail: Invalid Token", but this particular endpoint (registration) doesn't even need auth/token to access.
My frontend is at http://192.168.1.33:8080 and my backend is at http://127.0.0.1:8000
I am trying to POST data to http://127.0.0.1:8000/api/v1/users/auths/
The Network tab in chrome dev tools after trying a request:
Request URL: http://127.0.0.1:8000/api/v1/users/auths/
Request Method: POST
Status Code: 401 Unauthorized
Remote Address: 127.0.0.1:8000
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Origin: http://192.168.1.33:8080
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 27
Content-Type: application/json
Date: Mon, 06 Dec 2021 12:19:15 GMT
Referrer-Policy: same-origin
Server: WSGIServer/0.2 CPython/3.8.5
Vary: Accept, Origin
WWW-Authenticate: Token
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization: Token acf8b9099de5eba413dea141ce2c06b6cfb03159
Connection: keep-alive
Content-Length: 53
Content-Type: application/json
Host: 127.0.0.1:8000
Origin: http://192.168.1.33:8080
Referer: http://192.168.1.33:8080/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
The network tab in Edge dev tools after trying the same thing:
Request URL: http://127.0.0.1:8000/api/v1/users/auths/
Request Method: POST
Status Code: 201 Created
Remote Address: 127.0.0.1:8000
Referrer Policy: strict-origin-when-cross-origin
Access-Control-Allow-Origin: http://192.168.1.33:8080
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 89
Content-Type: application/json
Date: Mon, 06 Dec 2021 12:20:25 GMT
Location: http://127.0.0.1:8000/api/v1/users/auths/12/
Referrer-Policy: same-origin
Server: WSGIServer/0.2 CPython/3.8.5
Vary: Accept, Origin, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Accept: application/json, text/plain, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Authorization
Connection: keep-alive
Content-Length: 51
Content-Type: application/json
Host: 127.0.0.1:8000
Origin: http://192.168.1.33:8080
Referer: http://192.168.1.33:8080/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="96", "Microsoft Edge";v="96"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.55 Safari/537.36 Edg/96.0.1054.43
The obvious difference is that there is a "WWW-Authenticate: Token" in the Chrome Network tab, which is odd.
CORS headers and all have been set up properly, plus the issue is only in Chrome. Is this some Chrome quirk, or am I missing something?
Why is it that, after spending some two hours on a problem, you only get the answer after you've posted it on a forum? Probably something to do with putting the problem down categorically and formally...
Anyway. Turns out the issue was with there being a random token sitting in Chrome's local storage, which was causing all the trouble with the "invalid" token. I cleared local storage, and it's working now. No clue why I had to do this specifically — I had made sure to clear the cache earlier...
I am using WSO2 EI 6.4.0
I have created an API which will call external URL to get the information. Below is my code for an API in WSO2 EI
<?xml version="1.0" encoding="UTF-8"?>
<api context="/api/seqadd" name="seq_mediator" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="POST GET">
<inSequence>
<property name="basicAuth" scope="default" type="STRING" value="xxxxx"/>
<property name="grant_type" scope="default" type="STRING" value="client_credentials"/>
<property name="scope" scope="default" type="STRING" value="vvv/.drer"/>
<payloadFactory media-type="xml">
<format>
<root>
<grant_type>$1</grant_type>
<scope>$2</scope>
</root>
</format>
<args>
<arg1 evaluator="xml" expression="$ctx:grant_type"/>
<arg2 evaluator="xml" expression="$ctx:scope"/>
</args>
</payloadFactory>
<property expression="fn:concat('Basic ', get-property('basicAuth'))" name="Authorization" scope="transport" type="STRING"/>
<property name="messageType" scope="axis2" type="STRING" value="application/x-www-form-urlencoded"/>
<property expression="$body/*" name="payload created"/>
<property expression="get-property('axis2','REST_URL_POSTFIX')" name="resource" scope="default" type="STRING"/>
<property action="remove" name="REST_URL_POSTFIX" scope="default"/>
<call blocking="true">
<endpoint name="URL">
<http method="post" uri-template="https://example.com/login/v1.0/token"/>
</endpoint>
</call>
<property name="messageType" scope="axis2" type="STRING" value="application/json"/>
<property expression="json-eval($.access_token)" name="Authorization" scope="default" type="STRING"/>
<property expression="fn:concat('Bearer ', get-property('Authorization'))" name="Authorization" scope="transport" type="STRING"/>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>
When calling this API, I am getting below error
[2020-03-02 14:36:52,829] [EI-Core] DEBUG - headers http-incoming-2 >> GET /api/seqadd HTTP/1.0
[2020-03-02 14:36:52,829] [EI-Core] DEBUG - headers http-incoming-2 >> X-Forwarded-Host: example.com
[2020-03-02 14:36:52,829] [EI-Core] DEBUG - headers http-incoming-2 >> X-Forwarded-Server: example.com
[2020-03-02 14:36:52,829] [EI-Core] DEBUG - headers http-incoming-2 >> Connection: close
[2020-03-02 14:36:52,829] [EI-Core] DEBUG - headers http-incoming-2 >> Content-Type: application/x-www-form-urlencoded
[2020-03-02 14:36:52,829] [EI-Core] DEBUG - headers http-incoming-2 >> User-Agent: PostmanRuntime/7.22.0
[2020-03-02 14:36:52,830] [EI-Core] DEBUG - headers http-incoming-2 >> Accept: */*
[2020-03-02 14:36:52,830] [EI-Core] DEBUG - headers http-incoming-2 >> Cache-Control: no-cache
[2020-03-02 14:36:52,830] [EI-Core] DEBUG - headers http-incoming-2 >> Accept-Encoding: gzip, deflate, br
[2020-03-02 14:36:52,983] [EI-Core] DEBUG - header >> "POST /login/v1.0/token HTTP/1.1[\r][\n]"
[2020-03-02 14:36:52,989] [EI-Core] DEBUG - header >> "Content-Type: application/x-www-form-urlencoded; charset=UTF-8[\r][\n]"
[2020-03-02 14:36:52,989] [EI-Core] DEBUG - header >> "Accept: */*[\r][\n]"
[2020-03-02 14:36:52,989] [EI-Core] DEBUG - header >> "Accept-Encoding: gzip, deflate, br[\r][\n]"
[2020-03-02 14:36:52,989] [EI-Core] DEBUG - header >> "Authorization: Basic xxxxx[\r][\n]"
[2020-03-02 14:36:52,989] [EI-Core] DEBUG - header >> "Cache-Control: no-cache[\r][\n]"
[2020-03-02 14:36:52,990] [EI-Core] DEBUG - header >> "X-Forwarded-Host: example.com[\r][\n]"
[2020-03-02 14:36:52,990] [EI-Core] DEBUG - header >> "X-Forwarded-Server: example.com[\r][\n]"
[2020-03-02 14:36:52,990] [EI-Core] DEBUG - header >> "User-Agent: Axis2[\r][\n]"
[2020-03-02 14:36:52,990] [EI-Core] DEBUG - header >> "Host: example.com[\r][\n]"
[2020-03-02 14:36:52,990] [EI-Core] DEBUG - header >> "Transfer-Encoding: chunked[\r][\n]"
[2020-03-02 14:36:52,990] [EI-Core] DEBUG - header >> "[\r][\n]"
[2020-03-02 14:36:52,991] [EI-Core] DEBUG - content >> "53[\r][\n]"
[2020-03-02 14:36:52,992] [EI-Core] DEBUG - content >> "grant_type=client_credentials&scope=vvv%2F.drer"
[2020-03-02 14:36:52,992] [EI-Core] DEBUG - content >> "[\r][\n]"
[2020-03-02 14:36:52,992] [EI-Core] DEBUG - content >> "0"
[2020-03-02 14:36:52,992] [EI-Core] DEBUG - content >> "[\r][\n]"
[2020-03-02 14:36:52,992] [EI-Core] DEBUG - content >> "[\r][\n]"
[2020-03-02 14:36:53,001] [EI-Core] DEBUG - header << "HTTP/1.1 404 Not Found[\r][\n]"
[2020-03-02 14:36:53,001] [EI-Core] DEBUG - header << "HTTP/1.1 404 Not Found[\r][\n]"
[2020-03-02 14:36:53,002] [EI-Core] DEBUG - header << "Cache-Control: private[\r][\n]"
[2020-03-02 14:36:53,002] [EI-Core] DEBUG - header << "Strict-Transport-Security: max-age=31536000; includeSubDomains[\r][\n]"
[2020-03-02 14:36:53,002] [EI-Core] DEBUG - header << "X-Content-Type-Options: nosniff[\r][\n]"
[2020-03-02 14:36:53,003] [EI-Core] DEBUG - header << "Set-Cookie: x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly[\r][\n]"
[2020-03-02 14:36:53,003] [EI-Core] DEBUG - header << "Date: Mon, 02 Mar 2020 14:36:52 GMT[\r][\n]"
[2020-03-02 14:36:53,003] [EI-Core] DEBUG - header << "Content-Length: 0[\r][\n]"
[2020-03-02 14:36:53,003] [EI-Core] DEBUG - header << "[\r][\n]"
[2020-03-02 14:36:53,006] [EI-Core] INFO - HTTPSender Unable to sendViaPost to url[https://example.com/login/v1.0/token]
org.apache.axis2.AxisFault: Transport error: 404 Error: Not Found
at org.apache.axis2.transport.http.HTTPSender.handleResponse(HTTPSender.java:371)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:200)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.sendReceive(BlockingMsgSender.java:490)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.send(BlockingMsgSender.java:382)
at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:88)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:85)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:547)
at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:384)
at org.apache.synapse.endpoints.HTTPEndpoint.send(HTTPEndpoint.java:85)
at org.apache.synapse.mediators.builtin.CallMediator.handleBlockingCall(CallMediator.java:164)
at org.apache.synapse.mediators.builtin.CallMediator.mediate(CallMediator.java:119)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.rest.Resource.process(Resource.java:351)
at org.apache.synapse.rest.API.process(API.java:399)
at org.apache.synapse.rest.RESTRequestHandler.apiProcess(RESTRequestHandler.java:135)
at org.apache.synapse.rest.RESTRequestHandler.dispatchToAPI(RESTRequestHandler.java:113)
at org.apache.synapse.rest.RESTRequestHandler.process(RESTRequestHandler.java:71)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.injectMessage(Axis2SynapseEnvironment.java:303)
at org.apache.synapse.core.axis2.SynapseMessageReceiver.receive(SynapseMessageReceiver.java:92)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processNonEntityEnclosingRESTHandler(ServerWorker.java:337)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:158)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
I have added the SSL certificate for the token URL as well. Can some one please guide.
I am able to get the token URL working from Postman. I am not getting what could go wrong here, as this is common API and I have used earlier as well for other URls.
Thanks
I'm trying to configure an HAProxy backend to work with Google-CDN
I see that I always get to the HAProxy backend and the cache is always MISS
This is google-cdn requests regarding headers:
https://cloud.google.com/cdn/docs/caching#cacheability
and this is my HAProxy backend configurations (I've tried multiple sets of headers configuration, but never got an HIT):
http-response set-header Cache-Control public;max-age=31536000
http-response set-header Content-Length 260113322
# http-request add-header Cache-Control public;max-age=31533000
# http-request add-header Content-Length 26012101001
when I'm requesting the object in the browser these are the req\res headers:
Response Headers
alt-svc: clear
cache-control: public;max-age=31536000
content-length: 260113322
content-type: application/javascript; charset=utf-8
date: Thu, 05 Sep 2019 07:56:59 GMT
etag: W/"47e80-NwQR7oXLIZF+J1AAVu9L0mv54I4"
status: 200
vary: Accept-Encoding
via: 1.1 google
Request Headers
:authority: sapix-stg.example.net
:method: GET
:path: /bb/client/SX1234/main.js
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: no-cache
pragma: no-cache
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
Thanks
Your Cache-Control reaponse header is malformed. The values are separared with a comma (and optional whitespace included by convention) -- not a semicolon.
http-response set-header Cache-Control "public, max-age=31536000"
The quotes are absorbed by the HAProxy parser. Also valid:
(no space)
http-response set-header Cache-Control public,max-age=31536000
(space escaped)
http-response set-header Cache-Control public,\ max-age=31536000
There should normally be no need to add Content-Length in the proxy. If your origin server isn't automatically setting either Content-Length or Transfer-Encoding in the response, then your server should be fixed, upgraded, or replaced.
It might be because your response contains "Vary" header. HAPoxy says that they don't cache that type of responses.
I am looking at a request in SoapUI that is sending header info to a specific endpoint but I am having a hard time recreating it in ColdFusion.
Below is what the RAW request looks like in SoapUI:
>> "GET https://test-01.mywebsite.com/data_api//1.0/service/requests HTTP/1.1[\r][\n]"
>> "Accept-Encoding: gzip,deflate[\r][\n]"
>> "Authorization: Bearer A1BEC30F7E0273059E775A6A2645E273[\r][\n]"
>> "Host: test-01.mywebsite.com[\r][\n]"
>> "Connection: Keep-Alive[\r][\n]"
>> "User-Agent: Apache-HttpClient/4.1.1 (java 1.5)[\r][\n]"
>> "[\r][\n]"
<< "HTTP/1.1 200 OK[\r][\n]"
<< "Pragma: No-cache[\r][\n]"
<< "Cache-Control: no-cache[\r][\n]"
<< "Expires: Wed, 31 Dec 1969 16:00:00 PST[\r][\n]"
<< "Content-Type: application/json;charset=UTF-8[\r][\n]"
<< "Content-Length: 6796[\r][\n]"
<< "Date: Fri, 13 May 2016 15:40:08 GMT[\r][\n]"
<< "Server: hws[\r][\n]"
<< "Set-Cookie: X-HR-ClientSessionId=2_10.85.12.121_1463154008475;Secure; path=/; HttpOnly[\r][\n]"
<< "Content-Encoding: deflate[\r][\n]”
I am not sure if I am not formatting the Authorization header correctly or what but any help would be great.
EDIT I got a RAW HTML output from the client which I have updated above. I am still trying to recreate that header in ColdFusion.
My New question(s): Do the "New Line" characters make a difference in the header values? Should I also add a parameter for the content type?
I did try the following:
<cfset NL="Bearer BD4DF031B24180C9338F0D9F060556A7" & Chr(10) & Chr(13)/>
<cfhttp method="get" url="https://test-01.mywebsite.com/data_api//1.0/service/requests" result="orderList">
<cfhttpparam type="HEADER" name="Authorization" value="#NL#">
<cfhttpparam type="Header" name="Accept-Encoding" value="gzip,deflate">
</cfhttp>
<cfset CurrentOrders = deserializeJSON(orderList.filecontent)>
<cfdump var="#CurrentOrders#">
When I dump everything from the cfhttp call I get:
struct
Charset UTF-8
ErrorDetail [empty string]
Filecontent Connection Failure
Header HTTP/1.1 200 OK Connection: close Expires: Wed, 31 Dec 1969 16:00:00 PST Date: Tue, 17 May 2016 19:23:36 GMT Server: hws Pragma: No-cache Cache-Control: no-cache Set-Cookie: X-HR-ClientSessionId=3_12.161.115.226_1463513016026;Secure; path=/; HttpOnly Content-Type: application/json;charset=UTF-8
Mimetype application/json
Responseheader
struct
Cache-Control no-cache
Connection close
Content-Type application/json;charset=UTF-8
Date Tue, 17 May 2016 19:23:36 GMT
Expires Wed, 31 Dec 1969 16:00:00 PST
Explanation OK
Http_Version HTTP/1.1
Pragma No-cache
Server hws
Set-Cookie X-HR-ClientSessionId=3_12.161.115.226_1463513016026;Secure; path=/; HttpOnly
Status_Code 200
Statuscode 200 OK
Text NO
I am getting a 200 OK status code but still getting a Connection Failure.
It looks like you're double encrypting your security token.
I modified your code so I could capture the request with Fiddler as per Leighs Answer. To get ColdFusion to send the traffic through Fiddler I modified Dmitri Pisarenko answer for http and added it to my JVM Arguments.
<cfhttp method="get" url="http://localhost/data_api/1.0/service/requests" result="orderList">
<cfhttpparam type="HEADER" name="Authorization" value="Basic #ToBase64("Bearer 6EDC52118E164AE659EA2C772F3B9804")#">
<cfhttpparam type="Header" name="Accept-Encoding" value="gzip,deflate">
</cfhttp>
The head I get leaving the cfhttp request is:
GET http://localhost/data_api/1.0/service/requests HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip,deflate
Connection: close
Authorization: Basic QmVhcmVyIDZFREM1MjExOEUxNjRBRTY1OUVBMkM3NzJGM0I5ODA0
Host: localhost
Connection: Keep-Alive
As you can see, the Authorization header isn't the same as what SoapUI created.
I modified the value of the Authorization param to : "Bearer 6EDC52118E164AE659EA2C772F3B9804" and I get a header with an authentication header that matches the raw header from SoapUI:
GET http://localhost/data_api/1.0/service/requests HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip,deflate
Connection: close
Authorization: Bearer 6EDC52118E164AE659EA2C772F3B9804
Host: localhost
Connection: Keep-Alive
I have a web service that requires basic authorisation and a user behind an internet proxy that requires NTLM authorisation. I also have a forms application that makes calls to the web service and also asks the user for the web service credentials (which are different from the NTLM credentials).
I got the app configuration working (WCF ServiceModel), it's using the default proxy credentials, the request is authenticating with the proxy, but after it authenticates with the web service it does not send the request body for some reason.
The process works if I test locally without the NTLM proxy. Sorry about the long examples, but I had to include them.
1st request:
Send:
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/MyMethod"
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body>[...]</s:Body></s:Envelope>
Receive:
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NTLM
Proxy-Authenticate: BASIC realm="corporaterealm"
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: close
Set-Cookie: BCSI-CS-36204A5A7BBD24D9=2; Path=/
Connection: close
Content-Length: 1057
Proxy-Support: Session-Based-Authentication
[...]
2nd request:
Send:
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/MyMethod"
Accept-Encoding: gzip, deflate,gzip, deflate
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIoggACAAxAAAACQAJACgAAAAFASgKAAAAD1dTUkswNDg3MENPTUVUTkVU
Host: www.myservice.com
Content-Length: 0
Receive:
HTTP/1.1 407 Proxy Authentication Required
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAAEAAQADgAAAAFgomiysOwieqrhFEAAAAAAAAAALIAsgBIAAAABQLODgAAAA9DAE8ATQBFAFQATgBFAFQAAgAQAEMATwBNAEUAVABOAEUAVAABABoAVgBJAC0AUgBJAEMASwBEAEMALQAwADAAMQAEABwAYwBvAG0AZQB0AG4AZQB0AC4AbABvAGMAYQBsAAMAOABWAEkALQBSAEkAQwBLAEQAQwAtADAAMAAxAC4AYwBvAG0AZQB0AG4AZQB0AC4AbABvAGMAYQBsAAUAHABjAG8AbQBlAHQAbgBlAHQALgBsAG8AYwBhAGwAAAAAAA==
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Proxy-Connection: Keep-Alive
Set-Cookie: BCSI-CS-36204A5A7BBD24D9=2; Path=/
Connection: Keep-Alive
Content-Length: 1074
Proxy-Support: Session-Based-Authentication
[...]
3rd request:
Send:
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/MyMethod"
Accept-Encoding: gzip, deflate,gzip, deflate,gzip, deflate
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHgAAAAYABgAkAAAABAAEABIAAAADgAOAFgAAAASABIAZgAAAAAAAACoAAAABYKIogUBKAoAAAAPQwBPAE0ARQBUAE4ARQBUAFAAYQByAHMAbwBuAEoAVwBTAFIASwAwADQAOAA3ADAAlap7g+mPRMEAAAAAAAAAAAAAAAAAAAAARLAhi5lf3nd+l9xENAcu2W6xf6iJbyM6
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body>[...]</s:Body></s:Envelope>
Receive:
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="myrealm"
X-Powered-By: ASP.NET
Date: Tue, 31 May 2011 13:09:33 GMT
Cache-Control: proxy-revalidate
Content-Length: 1656
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Proxy-support: Session-based-authentication
Age: 0
[...]
4th request:
Send:
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/MyMethod"
Accept-Encoding: gzip, deflate,gzip, deflate,gzip, deflate,gzip, deflate
Authorization: Basic Y29nZW50YVxjb21ldC1kbTM6Kmh0JTg2NCU=
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIoggACAAxAAAACQAJACgAAAAFASgKAAAAD1dTUkswNDg3MENPTUVUTkVU
Host: www.myservice.com
Content-Length: 0
Receive:
HTTP/1.1 400 Bad Request
Date: Tue, 31 May 2011 13:09:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private, proxy-revalidate
Content-Length: 0
Proxy-Connection: Keep-Alive
Connection: Keep-Alive
Age: 0
I don't understand why it doesn't send the envelope in the 4th request. The two handshakes are done, so theoretically everything should be fine.
When I do this locally without the NTLM proxy, the envelope gets sent as expected:
1st request:
Send:
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/MyMethod"
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body>[...]</s:Body></s:Envelope>
Receive:
HTTP/1.1 401 Unauthorized
Content-Length: 1656
Content-Type: text/html
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="myrealm"
X-Powered-By: ASP.NET
Date: Tue, 31 May 2011 13:31:46 GMT
[...]
2nd request:
Send:
POST http://www.myservice.com/service.asmx HTTP/1.1
Content-Type: text/xml; charset=utf-8
SOAPAction: "http://tempuri.org/MyMethod"
Accept-Encoding: gzip, deflate,gzip, deflate
Authorization: Basic Y29nZW50YVxjb21ldC1kbTM6Kmh0JTg2NCU=
Host: www.myservice.com
Content-Length: 329
Expect: 100-continue
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body>[...]</s:Body></s:Envelope>
Receive:
HTTP/1.1 200 OK
Date: Tue, 31 May 2011 13:31:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Set-Cookie: ASP.NET_SessionId=svv4i11awg05v1j5viz1impo; path=/; HttpOnly
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Content-Length: 5127
[...]
I had to change the server security configuration to accept Digest authentication. For some reason that works while Basic doesn't.
I encountered a potentially similar issue and believe in my case this may be related to the establishment of the original NTLM connection to the proxy.
In my experience I had three requests going out in sequence each hour, with a retry configured.
Of these requests two would work, one would fail with a 400, and then when the first retried it worked as well.
There is a similiar issue with IE identified here: http://blogs.msdn.com/b/asiatech/archive/2012/01/30/400-bad-request-when-posting-webservice-or-wcf-request-from-ie.aspx
I ran some network traces and watched the behaviour and noticed that often the TCP Streams seemed to get shared, so that one of the requests would end up sending an NTLM authentication message (the zero content length) to the proxy after the other had already authenticated. In this situation the proxy just passed through the zero content message (as the stream had already authenticated).
What fixed it for me was moving to a WCF-Custom customBinding (using textMessageEncoding with a messageVersion of Soap11 to maintain my basicHttpBinding behaviour) and (not sure if required) setting keepAliveEnabled to false.
Unfortunately I doubt this is much help for your particular situation, but more info never hurts.