I am trying to write a very simple REST client using RestTemplate and Jackson JSON.
Tried such sample from spring.io Getting error 401 Authorization Required even on localhost or even if I include it into the same Tomcat6 Eclipse project where that REST WebService is running.
We don't require any authorization on that Web Service while in Dev or local environment,
and anyway I am an authorized user.
Is that something enforced by Spring RestTemplate?
Running client as Java application on Java 1.6.
I am new to REST and JSON.
No there is no enforced Authorization required by Spring's RestTemplate. You should be able to build or launch an example simple REST webservice and send requests to it with RestTemplate without receiving this response, so either the server you are sending the requests to or something inbetween is returning this response code. Can you share any more details of the service you are communicating with? Is it something internal or a public API which may require Authorization?
Related
Can anybody provide me with a code sample to access rest service url secured with https using spring rest template.
I have the certificate(.pfx format) password and send cient side certificate to server. server side is used on the client side certificate and established the connection
I want to create a springboot application that work as 2 way SSL between client and server.
Thanks.
I created a sample Spring Boot application that demonstrates how to create a RestTemplate that is configured for SSL client authentication. The sample application acts as the server as well which requires SSL mutual authentication (to demonstrate usage via the test case). In practice, the RestTemplate bean would interact with an external service. Hope this helps.
https://github.com/steve-oakey/spring-boot-sample-clientauth
I should note that the most important part of the example is creating the SSLContext. There are plenty of ways to create the SSLContext, I chose a method that uses the SSLContextBuilder from the org.apache.httpcomponents:httpclient library. Other methods such as using the Java API directly, or setting the javax.net.ssl.* JVM properties would also work.
Hi everyone i am not able to proceed with following settings. your small pointers are appreciated.
problem statement
i am trying to use custom authorization server provided by spring cloud security and OAuth2 with my web application so that it can propagate access token to micro services in back end.
i can able to see my authorization server can able to provide access token and when try to ingest access token for invoking endpoints for for back end micro service it work as per expectation
problem faced
when i provide following configuration in spring boot web client(which will call my back end micro service)
in application.properties
security.oauth2.client.clientId=myclient
security.oauth2.client.clientSecret=abcsecret
security.oauth2.client.access-token-uri=http://localhost:9000/services/oauth/token
security.oauth2.client.user-authorization-uri=http://localhost:9000/services/oauth/authorize
security.oauth2.client.clientAuthenticationScheme=form
security.oauth2.resource.user-info-uri=http://localhost:9000/services/user
security.oauth2.resource.prefer-token-info=true
and i provide
http://localhost:8080
in my browser. it asks for credentials. i provide credentials as present with authorization server.
once valid credentials provided authorization server asks for valid scopes.
but one important thing i observe when my web client routed to authorization server it has redirect_uri
http://localhost:8080/login
(not ok since initially i entered http://localhost:8080)
i am also getting HTTP 401 error
I'm using Spring Boot with web and security starter dependencies, and spring-security-oauth2. I'm trying to secure a REST API with a remote (Openstack Keystone) OAuth2 provider.
So far I've managed to correctly fetch an access_token but when it comes to getting the user information I get a 404 not found, as it seems that the OS provider expects the access_token to be provided in the request parameters.
I can't figure out how to persuade the OAuth2RestTemplate class to append the access_token to the security.oauth2.client.resource.user-info-uri endpoint.
Figured out that setting security.oauth2.client.client-authentication-scheme to query will make the RestTemplate append the access_token to the subsequent requests for user information.
How do i call an api from an app secured by spring security.
I have a api provider completely secured with spring security.
Now i want to allow other clients/service to consume my rest from their apps. eg using jquery, php, etc. But my app is secured.
Your assistance will be highly appreciated.
A REST API is a set of URLs. You access these URLs secured by Spring in the same way you'd access any secured Web app.
That is, use a Web client, establish a session by using the authentication method configured, and send the HTTP method request you want.
I am new to the spring and restful framework. My server hosts 3 restful web services. I have used spring support for the restful web services to implement the server. The client sends JSON request to the server and gets JSON response. Client is based on spring support for the restful. The server returns 200/OK for successful processing, which is default.
What I want is the server to send custom HTTP status code 550 to the client in case there is an issue while processing the request. It should not throw any exception to the client. It should only send 550/an_error_object(as json) back to the client.
How is it possible with the spring support of restful ? I am doing the following on the server side.
HttpServletResponse.setStatus(550)
but, the client side is failing to recognize the status code 550; it throws an exception since org.springframework.http.HttpStatus doesn't have any enum constant '550' defined.
Any suggestions will be great!
Thanks in advance.
Rohit
1) Don't use unregistered status codes. See the registered status codes.
2) That being said, that's a bug in the Spring framework. It should deal properly with extension status codes.
It'll probably going to be fixed in version 4.3 of Spring.
https://jira.spring.io/browse/SPR-14205