Getting 401 "This request requires HTTP authentication" Error with Perl LWP:UserAgent and JBoss

[mp4...@att.com]

I can't figure out what's wrong with authentication from a Perl LWP::UserAgent client when attempting to start a process in Camunda 7.4.0 running in JBoss 7.2. I'm using the standard Camunda Enterprise JBoss Distro.

I can start the process using an external REST client (HttpRequestor) with the same credentials I'm using in the Perl code. However, the REST client doesn't seem to need a "security realm" parameter. My suspicion is that either I've not identified what that security realm value is or it's not configured in JBoss.

Leaving this parameter blank and just providing the credentials in the LWP::UserAgent object doesn't work either.

The only only theory I have is that some REST clients throw the same error if I'm not actually logged into the Camunda GUI via a web browser. This could be an artifact of the REST client itself (i.e. it's using browser cookies). However, logging into Camunda via a web browser and then executing the Perl code does not solve the problem.

Here's the code, which was derived from other code I wrote to talk to ActiveVOS via SOAP. I'm not an experienced Perl programmer and I pretty sure that I've done something ignorant here and just can't see it. I've examined the contents of the userAgent object prior to sending the request and they seem correct.

# - Instantiate a user agent
my $userAgent = LWP::UserAgent->new(agent => 'perl get');

# - Set the user agent credentials for Camunda
$userAgent->credentials("$restHost:$restPort", "$restSecurityRealm", "$restUser", "$restPassword") ;

# - Don't require hostname verification for SSL because we don't have
# a real certificate
$userAgent->ssl_opts(verify_hostname => 0 ) ;

# - Execute the REST call
my $requestType = lc $restVerb ;
my $restResponse = $userAgent->$requestType($restUrl,Content_Type => $restContentType, Content => $restPayload) ;

[Sebastian Menski]

Hi Michael,

before we start to talk about Perl can we clarify some parameters. Which REST API are you trying to access. In the default Camunda Distro are basically two included. One is the normal

REST API accessible under http://localhost:8080/engine-rest. The second is an embedded REST API in the Camunda Webapps under http://localhost:8080/camunda/api/.

The first should normally used by remote REST calls and is per default not secured. How to enable HTTP Basic Auth for this REST API is described in the docs [1].

The second should normally only used by the Camunda Webapps and Plugins. It has an authorization enabled which is not HTTP Basic Auth but token based. Which means you

have to call a login point to get a token which you than have to send with every request.

So which REST API are you using? :)

Cheers,

Sebastian

[1] https://docs.camunda.org/manual/7.4/reference/rest/overview/authentication/

[PEOPLES, MICHAEL P]

I’m trying it with both as well as trying the Perl REST::Client module instead of the LWP::UserAgent module.

 

Using a URL of ‘engine-rest/engine/default/process-definition/count’ in the REST::Client code produces the same result.  Here’s that code:

 

my $restClient = REST::Client->new(host => $restProtocol . "://" . $restHost . ":" . $restPort);

my $encoded_auth = encode_base64("$restUser:$restPassword", '');

 

$restClient->GET('/engine-rest/engine/default/process-definition/count',

                 '',

                 {'Authorization' => "Basic $encoded_auth",

                  'Content-Type' => 'application/json',

                  'Accept' => 'application/json'}) ;

 

print 'Response: ' . $restClient->responseContent() . "\n" ;

 

I took this code from some examples I found on the web.  Where the raw request seems to differ with that sent by a standalone REST client (which works with either REST API end point), is that the standalone REST client seems to be sending a “Username” value in the request.  In the code above, this user name and the password are base64 encoded and sent that way, though I’m not 100% sure what is being received on the JBoss server itself.

 

What is so frustrating here is, I know I can access the REST API with the standalone REST client, I just can’t determine what is different between it’s message and that sent by the Perl code such that JBoss rejects it.

 

Michael Peoples (mp4783)

Global Customer Service Dev Ops

Office: +1 614-886-0923

Mobile: +1 614-886-0923

 

Principal Applications Developer

mp4...@att.com

--
You received this message because you are subscribed to a topic in the Google Groups "camunda BPM users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/camunda-bpm-users/JskerWPzQ78/unsubscribe.
To unsubscribe from this group and all its topics, send an email to camunda-bpm-us...@googlegroups.com.
To post to this group, send email to camunda-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/camunda-bpm-users/2fd9ea0e-23cd-4703-9763-95c7300ed539%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Sebastian Menski]

Hi Michael,

lets assume you use the REST API under http://locahost:8080/engine-rest and enabled HTTP Basci Auth [1].

With the example Invoice process deployed you can get the process instance count and start a new process instance with

the following Perl code:

LWP::UserAgent

#!/usr/bin/env perl

use LWP::UserAgent;

my $ua = LWP::UserAgent->new;

$ua->credentials("localhost:8080", "default", "demo", "demo");

# get process instance count

my $response = $ua->get('http://localhost:8080/engine-rest/engine/default/process-instance/count');

print $response->decoded_content . "\n";

# start process instance

my $uri = 'http://localhost:8080/engine-rest/engine/default/process-definition/key/invoice/start';

my $json = '{"variables": { "amount": { "value": "100", "type": "Integer"}, "invoiceCategory": {"value": "Misc", "type": "String"}}}';

my $req = HTTP::Request->new('POST', $uri);

$req->header( 'Content-Type' => 'application/json' );

$req->content( $json );

$response = $ua->request($req);

print $response->decoded_content . "\n";

# get process instance count

$response = $ua->get('http://localhost:8080/engine-rest/engine/default/process-instance/count');

print $response->decoded_content . "\n";

REST::Client

#!/usr/bin/env perl

use REST::Client;

use MIME::Base64;

my $client = REST::Client->new({

        host => 'http://localhost:8080'

    });

my $encoded_auth = encode_base64('demo:demo');

$client->addHeader('Authorization', "Basic $encoded_auth");

# get process instance count

$client->GET('/engine-rest/engine/default/process-instance/count');

print $client->responseContent(). "\n";

# start process instance

my $uri = '/engine-rest/engine/default/process-definition/key/invoice/start';

my $json = '{"variables": { "amount": { "value": "100", "type": "Integer"}, "invoiceCategory": {"value": "Misc", "type": "String"}}}';

$client->POST($uri, $json, { "Content-Type" => "application/json" });

print $client->responseContent(). "\n";

# get process instance count

$client->GET('/engine-rest/engine/default/process-instance/count');

print $client->responseContent(). "\n";

If you didn't enabled authorization you can remove the credentials or authorization header call from the examples. 

[PEOPLES, MICHAEL P]

Thank you, thank you, thank you, a million times, thank you!!

 

This worked.  I was able to modify it to suit my needs and it starts the workflow.

 

Michael Peoples (mp4783)

Global Customer Service Dev Ops

Office: +1 614-886-0923

Mobile: +1 614-886-0923

 

Principal Applications Developer

mp4...@att.com

 

From: camunda-...@googlegroups.com [mailto:camunda-...@googlegroups.com] On Behalf Of Sebastian Menski

Sent: Monday, February 29, 2016 2:51 PM
To: camunda BPM users
Cc: PEOPLES, MICHAEL P

--

You received this message because you are subscribed to a topic in the Google Groups "camunda BPM users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/camunda-bpm-users/JskerWPzQ78/unsubscribe.
To unsubscribe from this group and all its topics, send an email to camunda-bpm-us...@googlegroups.com.
To post to this group, send email to camunda-...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/camunda-bpm-users/854ae5e1-db98-4ba3-97c3-a24d4a7a7244%40googlegroups.com.