[Resolved] - LTS2021 - Nuxeo api automation login does not support OAUTH2 authentication
Hi Kevin, Florent Guillaume
When I try to connect to login on automation through OATUH2 token I always get http 401 statut.
curl -H "Authorization:Bearer 012453xxgqzl45" -X POST https://localhost:8080/nuxeo/api/v1/automation/login
Response :
<!doctype html><html lang="en"><head><title>HTTP Status 401 ? Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 ? Unauthorized</h1></body></html>%
When I try Basic AUTH, there is no problem and I don't understand why. On my server side I have my custom auth.xml sets like :
...
<specificAuthenticationChain name="RestAPI">
<urlPatterns>
<url>(.*)/api/v.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>BASIC_AUTH</plugin>
<plugin>PORTAL_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
<plugin>OAUTH2_AUTH</plugin>
<plugin>JWT_AUTH</plugin>
<!-- <plugin>ANONYMOUS_AUTH</plugin> -->
</replacementChain>
</specificAuthenticationChain>
<specificAuthenticationChain name="ATOM_CMIS">
<urlPatterns>
<url>(.*)/atom/cmis(/.*)?</url>
<url>(.*)/atom/cmis10(/.*)?</url>
</urlPatterns>
<replacementChain>
<plugin>BASIC_AUTH</plugin>
<plugin>PORTAL_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
<specificAuthenticationChain name="JSON_CMIS">
<urlPatterns>
<url>(.*)/json/cmis(/.*)?</url>
</urlPatterns>
<replacementChain>
<plugin>BASIC_AUTH</plugin>
<plugin>PORTAL_AUTH</plugin>
<plugin>TOKEN_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
<specificAuthenticationChain name="TokenAuth">
<headers>
<header name="X-Authentication-Token">.*</header>
</headers>
<replacementChain>
<plugin>TOKEN_AUTH</plugin>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
...
Thanks for your help
1 votes
3 answers
2195 views
Hello Ghazi HAKIM ,
Thanks for your reply.
Indeed, I had to add OAUTH2_AUTH in each part of replacementChain of each section of specificAuthenticationChain to make it works.
I go to do some tests and come back for confirm that's it works.
Thanks a lot
Hello,
Have you tried to place OAUTH2_AUTH in first position in replacementChain list ? Regards.
 |
Ghazi HAKIM
Java Developer (1.2K) 1 5 8 |
02/06/2023 ( History) |
Hi,
I have the same problem with cmis authentication. When I try :
curl -H "Authorization:Bearer 012453xxgqzl45" http://localhost:8080/nuxeo/json/cmis | json_pp
I have an exception server side and this response :
{
"exception" : "runtime",
"message" : "Cannot create a CoreSession outside a security context, login() missing."
}
Exception :
2023-02-02T11:32:51,303 WARN [https-jsse-nio-0.0.0.0-8443-exec-4] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] No auth plugin can be found to do the Login Prompt
2023-02-02T11:32:51,341 WARN [https-jsse-nio-0.0.0.0-8443-exec-4] [org.nuxeo.ecm.core.opencmis.bindings.NuxeoCmisServiceWrapper] org.nuxeo.ecm.core.api.NuxeoException: Cannot create a CoreSession outside a security context, login() missing.
org.nuxeo.ecm.core.api.NuxeoException: Cannot create a CoreSession outside a security context, login() missing.
at org.nuxeo.ecm.core.api.CoreInstance.getPrincipal(CoreInstance.java:199) ~[nuxeo-core-api-2021.32.8.jar:?]
at org.nuxeo.ecm.core.api.CoreInstance.getCoreSession(CoreInstance.java:49) ~[nuxeo-core-api-2021.32.8.jar:?]
at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoRepositories.initRepositories(NuxeoRepositories.java:68) ~[nuxeo-opencmis-impl-2021.1.19.jar:?]
Thanks for help
For me it's a big regression because in LTS2019n it worked fine, but since LTS2021 OAUTH2 on CMIS et api Automation is breaked.
02/03/2023