I am successfully logged with my app using Spring Social Facebook. But i am unable to post on user Facebook wall. I got below error
POST request for "https://graph.facebook.com/197550980606288/feed" resulted in 403 (Forbidden); invoking error handler
{"error":{"message":"(#200) The user hasn't authorized the application to perform this action","type":"OAuthException","code":200,"fbtrace_id":"DQHUBlkYCOo"}}
2016-03-07 11:03:17,040 - ERROR [qtp696479026-23] - coach - Exception Occurred while posting a link on facebook for user Id : {}, exception is : {}
org.springframework.social.InsufficientPermissionException: Insufficient permission for this operation.
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleFacebookError(FacebookErrorHandler.java:120)
at org.springframework.social.facebook.api.impl.FacebookErrorHandler.handleError(FacebookErrorHandler.java:65)
at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:566)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:524)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:495)
at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:343)
at org.springframework.social.facebook.api.impl.FacebookTemplate.publish(FacebookTemplate.java:266)
at com.viprasi.web.controller.FacebookController.postOnWall(FacebookController.java:115)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
Related
We are currently trying to access the Google Spreadsheet REST API through InvokeHTTP.
However, we are struggling to get the StandardOauth2AccessTokenProvider configured properly.
We upgraded our Nifi instance to version 1.16.3 in order to provide the scope, however, we are not sure which data needs to be put into the Client ID and Client Secret.
We tried the following options:
Create Oauth2 credentials in the Google Cloud console and provide these
Combine the above approach with a google username and password (in User Password mode)
Create a service account and provide its credentials
Whenever we try to send any request to the Google Spreadsheets API, we always get the same stack trace:
2022-09-29 11:47:18,193 ERROR [Timer-Driven Process Thread-2] o.a.nifi.processors.standard.InvokeHTTP InvokeHTTP[id=86d7424e-0183-1000-cd72-d2071e1add8b] Failed to properly initialize Processor. If still scheduled to run, NiFi will attempt to initialize and run the Processor again after the 'Administrative Yield Duration' has elapsed. Failure is due to java.io.UncheckedIOException: OAuth2 access token request failed
java.io.UncheckedIOException: OAuth2 access token request failed
at org.apache.nifi.oauth2.StandardOauth2AccessTokenProvider.getAccessDetails(StandardOauth2AccessTokenProvider.java:330)
at org.apache.nifi.oauth2.StandardOauth2AccessTokenProvider.acquireAccessDetails(StandardOauth2AccessTokenProvider.java:289)
at org.apache.nifi.oauth2.StandardOauth2AccessTokenProvider.getAccessDetails(StandardOauth2AccessTokenProvider.java:243)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.nifi.controller.service.StandardControllerServiceInvocationHandler.invoke(StandardControllerServiceInvocationHandler.java:254)
at org.apache.nifi.controller.service.StandardControllerServiceInvocationHandler.invoke(StandardControllerServiceInvocationHandler.java:105)
at com.sun.proxy.$Proxy108.getAccessDetails(Unknown Source)
at org.apache.nifi.processors.standard.InvokeHTTP.initOauth2AccessTokenProvider(InvokeHTTP.java:864)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:145)
at org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:133)
at org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotations(ReflectionUtils.java:78)
at org.apache.nifi.util.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:55)
at org.apache.nifi.controller.StandardProcessorNode.lambda$initiateStart$6(StandardProcessorNode.java:1662)
at org.apache.nifi.engine.FlowEngine$3.call(FlowEngine.java:123)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:750)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('<' (code 60)): expected a valid value (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (StringReader); line: 1, column: 2]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:2391)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:735)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportUnexpectedChar(ParserMinimalBase.java:659)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:2005)
at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:802)
at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4761)
at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4667)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3629)
at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3597)
at org.apache.nifi.oauth2.StandardOauth2AccessTokenProvider.getAccessDetails(StandardOauth2AccessTokenProvider.java:324)
... 26 common frames omitted
Is this due to a possible Consent Screen? Any pointers on what we are doing wrong?
I am trying to connect and login to testShib IDP using this Sp Mock the problem is that when i try to login without the option to sign the authnRequest then i am able to login but i get an error upon redirect.
Caused by: java.security.InvalidKeyException: Unwrapping failed
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:445)
at javax.crypto.Cipher.unwrap(Cipher.java:2549)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(XMLCipher.java:1477)
... 70 common frames omitted
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadOAEP(RSAPadding.java:502)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:296)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineUnwrap(RSACipher.java:440)
... 72 common frames omitted
DEBUG o.opensaml.xml.encryption.Decrypter - Attempt to decrypt EncryptedKey using credential from KEK KeyInfo resolver failed:
org.opensaml.xml.encryption.DecryptionException: Error decrypting encrypted key
ERROR o.o.saml2.encryption.Decrypter - SAML Decrypter encountered an error decrypting element content
org.opensaml.xml.encryption.DecryptionException: Failed to decrypt EncryptedData
If i try it with the option to sign the authnRequest i get an error in idp
WARN [edu.internet2.middleware.shibboleth.idp.profile.saml2.SSOProfileHandler:406] - Message did not meet security requirements
org.opensaml.ws.security.SecurityPolicyException: Validation of protocol message signature failed
What am i doing wrong i am new to SAML so i am not very familiar with this
I have used kerberos rest template to access the job history server on kerberized hadoop but this code is throwing me an exception:
KerberosRestTemplate kerberosRestTemplate = new KerberosRestTemplate(properties.getProperty("userKeytabPath"),properties.getProperty("userprincipal")); System.out.println(kerberosRestTemplate.getForObject(jobhistoryurl, String.class));
Exception:
Exception in thread "main" org.springframework.web.client.RestClientException: Error running rest call; nested exception is org.springframework.web.client.HttpClientErrorException: 401 Authentication required
at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:196)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:530)
at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:237)
at com.datametica.hiveconnection.hiveconnectioncheck.HivePortCheck.main(HivePortCheck.java:57)
Caused by: org.springframework.web.client.HttpClientErrorException: 401 Authentication required
at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:91)
at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:614)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:570)
at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecuteSubject(KerberosRestTemplate.java:202)
at org.springframework.security.kerberos.client.KerberosRestTemplate.access$100(KerberosRestTemplate.java:67)
at org.springframework.security.kerberos.client.KerberosRestTemplate$1.run(KerberosRestTemplate.java:191)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:187)
... 3 more
So is there any extra parameters that i have to pass in request headers to access kerberos secured apis?
Also before Accessing this api i have logged in a user via same user principal and keytab provided in kerberosRestTemplate Using UserGroupInformation class of hadoop security.
UserGroupInformation.loginUserFromKeytab(properties.getProperty("userprincipal"),properties.getProperty("userKeytabPath"));
I have check the current user logged in(via ugi of current user) before accessing job history and it is giving me that user is logged in and with kerberos authentication but i am still getting 401 status from job history server.
I'm using multiple microservices with Spring Cloud stack and oauth2 is used to protect resources and provide SSO.
I'm able to authenticate from a user interface with login and password.
But i also need to call a service from another service. My issue is that the service need to be authenticate. This kind of call:
ResponseEntity<String> responseEntity = restTemplate.exchange("http://anoter-service/hello", HttpMethod.GET, null, new ParameterizedTypeReference<String>() {});
Any idea on how to authenticate a service calling another one ?
I have this exception:
Caused by: org.springframework.security.oauth2.client.resource.UserRedirectRequiredException: A redirect is required to get the users approval
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.getRedirectForAuthorization(AuthorizationCodeAccessTokenProvider.java:359)
at org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider.obtainAccessToken(AuthorizationCodeAccessTokenProvider.java:205)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.acquireAccessToken(OAuth2RestTemplate.java:221)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.getAccessToken(OAuth2RestTemplate.java:173)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.createRequest(OAuth2RestTemplate.java:105)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:592)
at org.springframework.security.oauth2.client.OAuth2RestTemplate.doExecute(OAuth2RestTemplate.java:128)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:557)
at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:503)
at org.springframework.web.client.RestTemplate$$FastClassBySpringCGLIB$$aa4e9ed0.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:720)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)
at org.springframework.cloud.netflix.metrics.RestTemplateUrlTemplateCapturingAspect.captureUrlTemplate(RestTemplateUrlTemplateCapturingAspect.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:620)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:609)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:655)
at org.springframework.security.oauth2.client.OAuth2RestTemplate$$EnhancerBySpringCGLIB$$3473d19a.exchange(<generated>)
I would just log in programatically through the same authentication entry point your users do. Create credentials for your services and set their permissions in this area. I don't think you should try to treat your services any differently.
You will likely have to set up your rest template to watch for 403s and when encountered perform a log in, but that should be fairly easy to code.
I have my admin and soa server up and running on Windows platform and I can login in console and em without any hassle. The only problem I am facing with workspace. When I login in workpace with admin user or any other user, it does not redirect to the next page and keeps on loading on the same. I checked in soa logs and there found the below exception:
Caused by: weblogic.transaction.internal.TimedOutException: Transaction has timed out when making request to XAResource 'SOADataSource_obpm_domain'
at weblogic.transaction.internal.XAResourceDescriptor.startResourceUse(XAResourceDescriptor.java:673)
... 20 more
at weblogic.jdbc.jta.DataSource.enlist(DataSource.java:1678)
at weblogic.jdbc.jta.DataSource.refreshXAConnAndEnlist(DataSource.java:1577)
at weblogic.jdbc.wrapper.JTAConnection.getXAConn(JTAConnection.java:215)
at weblogic.jdbc.wrapper.JTAConnection.checkConnection(JTAConnection.java:84)
at weblogic.jdbc.wrapper.JTAConnection.checkConnection(JTAConnection.java:74)
at weblogic.jdbc.wrapper.Connection.preInvocationHandler(Connection.java:100)
at weblogic.jdbc.wrapper.JTAConnection_weblogic_jdbc_wrapper_XAConnection_oracle_jdbc_driver_LogicalConnection.dequeue(Unknown Source)
Can anyone please help on this?