[Resolved] - LTS2021 - Nuxeo api automation login does not support OAUTH2 authentication

Hi Kevin, Florent Guillaume
When I try to connect to login on automation through OATUH2 token I always get http 401 statut.

curl -H "Authorization:Bearer 012453xxgqzl45" -X POST https://localhost:8080/nuxeo/api/v1/automation/login

Response :

<!doctype html><html lang="en"><head><title>HTTP Status 401 ? Unauthorized</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 401 ? Unauthorized</h1></body></html>%

When I try Basic AUTH, there is no problem and I don't understand why. On my server side I have my custom auth.xml sets like :

...
<specificAuthenticationChain name="RestAPI">
                        <urlPatterns>
                                <url>(.*)/api/v.*</url>
                        </urlPatterns>
                        <replacementChain>
                                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>PORTAL_AUTH</plugin>
                                <plugin>TOKEN_AUTH</plugin>
                                <plugin>OAUTH2_AUTH</plugin>
                                <plugin>JWT_AUTH</plugin>
                                <!-- <plugin>ANONYMOUS_AUTH</plugin> -->
                        </replacementChain>
                </specificAuthenticationChain>

                <specificAuthenticationChain name="ATOM_CMIS">
                        <urlPatterns>
                                <url>(.*)/atom/cmis(/.*)?</url>
                                <url>(.*)/atom/cmis10(/.*)?</url>
                        </urlPatterns>
                        <replacementChain>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>PORTAL_AUTH</plugin>
                                <plugin>TOKEN_AUTH</plugin>
                        </replacementChain>
                </specificAuthenticationChain>

                <specificAuthenticationChain name="JSON_CMIS">
                        <urlPatterns>
                          <url>(.*)/json/cmis(/.*)?</url>
                        </urlPatterns>
                        <replacementChain>
                                <plugin>BASIC_AUTH</plugin>
                                <plugin>PORTAL_AUTH</plugin>
                                <plugin>TOKEN_AUTH</plugin>
                        </replacementChain>
                  </specificAuthenticationChain>

                <specificAuthenticationChain name="TokenAuth">
                        <headers>
                          <header name="X-Authentication-Token">.*</header>
                        </headers>
                        <replacementChain>
                                <plugin>TOKEN_AUTH</plugin>
                                <plugin>AUTOMATION_BASIC_AUTH</plugin>
                        </replacementChain>
                  </specificAuthenticationChain>
...

Thanks for your help

1 votes

3 answers

2373 views

ANSWER



Hello Ghazi HAKIM ,
Thanks for your reply.
Indeed, I had to add OAUTH2_AUTH in each part of replacementChain of each section of specificAuthenticationChain to make it works.
I go to do some tests and come back for confirm that's it works.

Thanks a lot

1 votes



Hello,

Have you tried to place OAUTH2_AUTH in first position in replacementChain list ? Regards.

0 votes



Hi,

I have the same problem with cmis authentication. When I try :

curl -H "Authorization:Bearer 012453xxgqzl45" http://localhost:8080/nuxeo/json/cmis | json_pp

I have an exception server side and this response :

{
   "exception" : "runtime",
   "message" : "Cannot create a CoreSession outside a security context,  login() missing."
}

Exception :

2023-02-02T11:32:51,303 WARN  [https-jsse-nio-0.0.0.0-8443-exec-4] [org.nuxeo.ecm.platform.ui.web.auth.NuxeoAuthenticationFilter] No auth plugin can be found to do the Login Prompt
2023-02-02T11:32:51,341 WARN  [https-jsse-nio-0.0.0.0-8443-exec-4] [org.nuxeo.ecm.core.opencmis.bindings.NuxeoCmisServiceWrapper] org.nuxeo.ecm.core.api.NuxeoException: Cannot create a CoreSession outside a security context,  login() missing.
org.nuxeo.ecm.core.api.NuxeoException: Cannot create a CoreSession outside a security context,  login() missing.
    at org.nuxeo.ecm.core.api.CoreInstance.getPrincipal(CoreInstance.java:199) ~[nuxeo-core-api-2021.32.8.jar:?]
    at org.nuxeo.ecm.core.api.CoreInstance.getCoreSession(CoreInstance.java:49) ~[nuxeo-core-api-2021.32.8.jar:?]
    at org.nuxeo.ecm.core.opencmis.impl.server.NuxeoRepositories.initRepositories(NuxeoRepositories.java:68) ~[nuxeo-opencmis-impl-2021.1.19.jar:?]

Thanks for help

0 votes



For me it's a big regression because in LTS2019n it worked fine, but since LTS2021 OAUTH2 on CMIS et api Automation is breaked.
02/03/2023