[aerogear-dev] [security] using protected endpoints (after getting the 'token' on login)
Kris Borchers
kris at redhat.com
Wed Sep 26 08:42:15 EDT 2012
I see the same thing via curl but it works in browser. My guess would be it has something to do with everything being session based and the session isn't properly maintained with curl. That's mostly just a guess though.
On Sep 26, 2012, at 7:35 AM, Matthias Wessendorf <matzew at apache.org> wrote:
> Hi Bruno,
>
> playing with the 'picketbox' branch of the TODO app. I have one
> question about the security API ...
>
> I am able to do a successful login with 'curl' ==> curl -v -H
> "Accept: application/json" -H "Content-type: application/json" -X POST
> -d '{"username":"john","password":"123"}'
> http://localhost:8080/todo-server/auth/login
>
> Great, my RESPONSE looks like:
> {"username":"john","token":"6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad","roles":["admin"],"logged":"true"}
>
>
> Now when I want to fetch the projects (from their endpoint), by using
> the token (as header) (again with) curl:
>
> curl -v -H "Accept: application/json" --header "token:
> 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad" -X GET
> http://localhost:8080/todo-server/projects
>
> As a response I am getting 401 (Unauthorized)
>
> ==>
>
>
> * About to connect() to localhost port 8080 (#0)
> * Trying 127.0.0.1...
> * connected
> * Connected to localhost (127.0.0.1) port 8080 (#0)
>> GET /todo-server/projects HTTP/1.1
>> User-Agent: curl/7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8r zlib/1.2.5
>> Host: localhost:8080
>> Accept: application/json
>> token: 6c9d10c9-c0ec-40bb-8c95-6ca84dbb8fad
>>
> < HTTP/1.1 401 Unauthorized
> < Server: Apache-Coyote/1.1
> < Content-Type: application/json
> < Content-Length: 39
> < Date: Wed, 26 Sep 2012 11:29:56 GMT
> <
> * Connection #0 to host localhost left intact
>
>
> Am I missing something here ?
>
>
> Greetings,
> Matthias
>
> --
> Matthias Wessendorf
>
> blog: http://matthiaswessendorf.wordpress.com/
> sessions: http://www.slideshare.net/mwessendorf
> twitter: http://twitter.com/mwessendorf
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list