来自 Adobe Experience Manager OAuth 2 令牌端点的 403 响应
403 Response From Adobe Experience Manager OAuth 2 Token Endpoint
我正在使用 Postman 从 vanilla AEM 安装测试 OAuth 2。
我授予访问权限后,邮递员可以从/oauth/authorize成功获取授权码:
但是当它尝试使用代码从 /oauth/token 获取令牌时,它会收到以下响应:
HTTP ERROR: 403 Problem accessing /oauth/token. Reason: Forbidden
Powered by Jetty://
在 Fiddler 中查看,它正在执行 POST 到 /oauth/token,正文中包含以下 Name/Values:
client_id: Client ID from /libs/granite/oauth/content/client.html
client_secret:
Client Secret from /libs/granite/oauth/content/client.html
redirect_uri: https://www.getpostman.com/oauth2/callback
grant_type: authorization_code
code: Code returned from previous request to oauth/authorize
我是不是漏掉了什么?
如果您能列出一些关于如何构建 url 和获取令牌的代码片段,将会有所帮助。
这是一个示例,说明我们如何实施与您正在尝试做的非常相似的事情,也许它会有所帮助。
像下面这样定义服务(片段)并在 OSGI 中定义值(主机、url 等)(或者您也可以对它们进行硬编码以进行测试)
@Service(value = OauthAuthentication.class)
@Component(immediate = true, label = "My Oauth Authentication", description = "My Oauth Authentication", policy = ConfigurationPolicy.REQUIRE, metatype = true)
@Properties({
@Property(name = Constants.SERVICE_VENDOR, value = "ABC"),
@Property(name = "service.oauth.host", value = "", label = "Oauth Host", description = "Oauth Athentication Server"),
@Property(name = "service.oauth.url", value = "/service/oauth/token", label = "Oauth URL", description = "Oauth Authentication URL relative to the host"),
@Property(name = "service.oauth.clientid", value = "", label = "Oauth Client ID", description = "Oauth client ID to use in the authentication procedure"),
@Property(name = "service.oauth.clientsecret", value = "", label = "Oauth Client Secret", description = "Oauth client secret to use in the authentication procedure"),
@Property(name = "service.oauth.granttype", value = "", label = "Oauth Grant Type", description = "Oauth grant type") })
public class OauthAuthentication {
...
@Activate
private void activate(ComponentContext context) {
Dictionary<String, Object> properties = context.getProperties();
host = OsgiUtil.toString(properties, PROPERTY_SERVICE_OAUTH_HOST,new String());
// Similarly get all values
url =
clientID =
clientSecret =
grantType =
authType = "Basic" + " "+ Base64.encode(new String(clientID + ":" + clientSecret));
}
public static void getAuthorizationToken(
try {
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
Session session = resourceResolver.adaptTo(Session.class);
// Getting the current user
Authorizable auth = userManager.getAuthorizable(session.getUserID());
user = auth.getID();
password = ...
...
...
String serviceURL = (host.startsWith("http") ? "": protocol + "://") + host + url;
httpclient = HttpClients.custom().build();
HttpPost httppost = new HttpPost(serviceURL);
// set params
ArrayList<BasicNameValuePair> formparams = new ArrayList<BasicNameValuePair>();
formparams.add(new BasicNameValuePair("username", user));
formparams.add(new BasicNameValuePair("password", password));
formparams.add(new BasicNameValuePair("client_id", clientID));
formparams.add(new BasicNameValuePair("client_secret",clientSecret));
formparams.add(new BasicNameValuePair("grant_type",grantType));
UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(postEntity);
// set header
httppost.addHeader("Authorization", authType);
response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
if (response.getStatusLine().getStatusCode() == 200) {
if (entity != null) {
object = new JSONObject(EntityUtils.toString(entity));
}
if (object != null) {
accessToken = object.getString("access_token");
////
}
}
}
我自己找到了答案,我想我会分享我经历的过程和答案,因为它可能会帮助其他 AEM 新手。
如何查找错误原因:
- 转到 CRXDE 精简版。
- Select控制台。
- 然后取消选择停止按钮以允许出现新的控制台日志(这对我来说非常counter-intuitive)。
从这里我可以看出问题的原因:
org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /oauth/token
因为邮递员没有在请求中放置引用 header 我不得不告诉 Apache Sling 允许空请求 headers.
为此:
- 转到/system/console/configMgr
- 打开 Apache Sling 引荐来源过滤器配置
- Select 允许为空复选框
允许此列表允许的主机的好方法,否则这违反 AEM 安全清单的最佳做法。
适合开发环境,不适用于生产环境。
我正在使用 Postman 从 vanilla AEM 安装测试 OAuth 2。
我授予访问权限后,邮递员可以从/oauth/authorize成功获取授权码:
但是当它尝试使用代码从 /oauth/token 获取令牌时,它会收到以下响应:
HTTP ERROR: 403 Problem accessing /oauth/token. Reason: Forbidden Powered by Jetty://
在 Fiddler 中查看,它正在执行 POST 到 /oauth/token,正文中包含以下 Name/Values:
client_id: Client ID from /libs/granite/oauth/content/client.html
client_secret: Client Secret from /libs/granite/oauth/content/client.html
redirect_uri: https://www.getpostman.com/oauth2/callback
grant_type: authorization_code
code: Code returned from previous request to oauth/authorize
我是不是漏掉了什么?
如果您能列出一些关于如何构建 url 和获取令牌的代码片段,将会有所帮助。
这是一个示例,说明我们如何实施与您正在尝试做的非常相似的事情,也许它会有所帮助。
像下面这样定义服务(片段)并在 OSGI 中定义值(主机、url 等)(或者您也可以对它们进行硬编码以进行测试)
@Service(value = OauthAuthentication.class)
@Component(immediate = true, label = "My Oauth Authentication", description = "My Oauth Authentication", policy = ConfigurationPolicy.REQUIRE, metatype = true)
@Properties({
@Property(name = Constants.SERVICE_VENDOR, value = "ABC"),
@Property(name = "service.oauth.host", value = "", label = "Oauth Host", description = "Oauth Athentication Server"),
@Property(name = "service.oauth.url", value = "/service/oauth/token", label = "Oauth URL", description = "Oauth Authentication URL relative to the host"),
@Property(name = "service.oauth.clientid", value = "", label = "Oauth Client ID", description = "Oauth client ID to use in the authentication procedure"),
@Property(name = "service.oauth.clientsecret", value = "", label = "Oauth Client Secret", description = "Oauth client secret to use in the authentication procedure"),
@Property(name = "service.oauth.granttype", value = "", label = "Oauth Grant Type", description = "Oauth grant type") })
public class OauthAuthentication {
...
@Activate
private void activate(ComponentContext context) {
Dictionary<String, Object> properties = context.getProperties();
host = OsgiUtil.toString(properties, PROPERTY_SERVICE_OAUTH_HOST,new String());
// Similarly get all values
url =
clientID =
clientSecret =
grantType =
authType = "Basic" + " "+ Base64.encode(new String(clientID + ":" + clientSecret));
}
public static void getAuthorizationToken(
try {
UserManager userManager = resourceResolver.adaptTo(UserManager.class);
Session session = resourceResolver.adaptTo(Session.class);
// Getting the current user
Authorizable auth = userManager.getAuthorizable(session.getUserID());
user = auth.getID();
password = ...
...
...
String serviceURL = (host.startsWith("http") ? "": protocol + "://") + host + url;
httpclient = HttpClients.custom().build();
HttpPost httppost = new HttpPost(serviceURL);
// set params
ArrayList<BasicNameValuePair> formparams = new ArrayList<BasicNameValuePair>();
formparams.add(new BasicNameValuePair("username", user));
formparams.add(new BasicNameValuePair("password", password));
formparams.add(new BasicNameValuePair("client_id", clientID));
formparams.add(new BasicNameValuePair("client_secret",clientSecret));
formparams.add(new BasicNameValuePair("grant_type",grantType));
UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(postEntity);
// set header
httppost.addHeader("Authorization", authType);
response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
if (response.getStatusLine().getStatusCode() == 200) {
if (entity != null) {
object = new JSONObject(EntityUtils.toString(entity));
}
if (object != null) {
accessToken = object.getString("access_token");
////
}
}
}
我自己找到了答案,我想我会分享我经历的过程和答案,因为它可能会帮助其他 AEM 新手。
如何查找错误原因:
- 转到 CRXDE 精简版。
- Select控制台。
- 然后取消选择停止按钮以允许出现新的控制台日志(这对我来说非常counter-intuitive)。
从这里我可以看出问题的原因:
org.apache.sling.security.impl.ReferrerFilter Rejected empty referrer header for POST request to /oauth/token
因为邮递员没有在请求中放置引用 header 我不得不告诉 Apache Sling 允许空请求 headers.
为此:
- 转到/system/console/configMgr
- 打开 Apache Sling 引荐来源过滤器配置
- Select 允许为空复选框
允许此列表允许的主机的好方法,否则这违反 AEM 安全清单的最佳做法。
适合开发环境,不适用于生产环境。