It seems I am missing something very basic here.
I made a REST Api that takes POST requests for generating tokens using the Apache Oltu OAuth2 service, that looks something like this :
#POST
#Consumes("application/x-www-form-urlencoded")
#Produces("application/json")
public Response authorize(#Context HttpServletRequest request) throws OAuthSystemException, IOException {
try {
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
OAuthIssuer oauthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
When I use HttpRequester or Postman to test the service, it works perfectly fine on condition that I input all authentication and OAuth2 parameters as input parameters, as an example :
https://localhost:8443/rest/OAuthService/token?grant_type=password&username=userfortest&password=Johhny1é&client_id=1234
However I read, that for any POST requests, all parameters should be
in the Body of the HTTP request and never sent through with the url as a simple parameter. When I try to pass it in the body of the HTTP request, so as to make the request secure (so the url is the same without parameters and all params are specified in the body), it seems like it doesn't receive anything from the body as it throws an exception, after
OAuthTokenRequest oauthRequest = new OAuthTokenRequest(request);
with the following message :
{"error_description":"Missing grant_type parameter value","error":"invalid_request"}
Is it the intended behaviour of Oltu/OAuth2 for the parameters to be passed through with the url? Or what am I doing wrong?
Thanks in advance.
Your answer is here: Unable to retrive post data using ,#Context HttpServletRequest when passed to OAuthTokenRequest using Oltu
I did exactly what he said and it worked perfectly.
You need modify Response authorize() parameters.
Related
I am new to Zuul and I want to redirect to external url using zuul pre filter in spring boot application. I want to send request data to call external url (post method api in python).
When i try to send request data using below code, when i hit the url from postman,i get 405 The method is not allowed for the requested URL.
my code:
RequestContext ctx = RequestContext.getCurrentContext();
HttpServletRequest request = ctx.getRequest();
InputStream in = request.getInputStream();
String body = StreamUtils.copyToString(in, Charset.forName("UTF-8"));
ctx.set(body);
when i hit the url like http://localhost:8080/customers/ passing request body in postman,it should redirect to external url (api method) by sending post data but i am getting getting 405 The method is not allowed for the requested URL.
Could any one please help me in solving this issue? I want to send request data in zuul and call external api. Thank you
I am trying to implement sample spring boot project and to ensure my endpoints are working properly, i'm using POSTMAN. When using POSTMAN , I am not able to see the response(i.e in Pretty) for a POST request. But the Status is 200 OK and I am able to see the result using GET request.
No Pretty response for POST request
GET Response ensuring that the previous POST request works fine
And my controller code is the following
#PostMapping("/message")
public Message createMessage(#RequestBody Message message)
{
return service.createMessage(message);
}
Can anyone help me to find out why I am not able to see the result while using POST method please?
Like Rafael says it is good to return a Response with the object entity. I haven't been working with Spring myself but with JavaEE and in JavaEE it is perfectly possible to return the object directly without using a Response. I use Responses anyways though, because it is much nicer to work with, and you can create your own custom responses and status codes.
Maybe check if your createUser service actually returns a message.
I don't know much about Spring, but usually what works for me is using a ResponseEntity as the object returned by the function. Also, maybe you should use #RestController as the annotation to your class controller
#PostMapping("/message")
public ResponseEntity<Message> createMessage(#RequestBody Message message)
{
Message msg = service.createMessage(message);
return ResponseEntity.ok(msg);
}
I want to make a Post to write some data into the database, but all needed information is stored on the server, so my Post service requires no body:
#PostMapping("foo")
public #ResponseBody
RestResponse writeFoo() {
// WRITE AND RETURN
}
If I try to make a post request to this service I receive 401 even if I pass a valid token. If I change my exposed service to a GetMapping all works as expected. It seems that I can't manage a Post request with an empty body.
I've tried adding some fake parameters as
RestResponse writeFoo(#RequestBody(required = false) String fake)
but without success.
Any idea?
The issue you explain is most commonly the cause of bad (or missing?) configuration.
Pay attention that i.e. GET method is allowed by default by your REST API, while you need to specify other method types (i.e. PUT and POST), otherwise it won't work out of the box due to CORS.
The part where GET method works while POST method doesn't is a strong hint towards missing/incorrect CORS configuration. You can fix it quickly by adding some CORS filter and setup your response headers.
The official documentation should give you a good start, if you don't know where to look for: Spring docs - enabling CORS
UPDATE:
The issue is successfully resolved, check comments section for more info.
Short story - back-end configuration for CORS/CSRF token was set up correctly in this particular case, the issue occurred due to missing header (CSRF token) on the angular/front-end part of the webapp.
I'm using Django Rest Framework's Generics (generics.ListCreateAPIView), when I make a POST request I get a response of Http code (200/400/..etc.) and a JSON showing the posted data, I need to know how can I override the response to get a custom response.
Note that I use
def perform_create(self,serializer):
return Response(<my response>)
to override the POST request handling but I still get the same response
The response from perform_create is ignored.
You'll likely want to override the create method using the mixins as example
I’m using Spring version 4.1.5.RELEASE and Spring Security 3.2.5.RELEASE. How do I forward a POST request to a third party server when all I have available to me are the HttpServletRequest request and HttpServletResponse response objects?
Note I don’t want to do a redirect because that causes the POST parameters to get lost and I don’t want to append the POST params to the query string, thus changing my request from a POST to a GET.
One of my past projects involved something like a proxy server/middleware, and we had this requirement too.
This straightforward communication involved basically a copy and paste of the original request parameters and headers, and a subsequent POST Request to the final target.