403来自Adobe Experience Manager的响应OAuth 2令牌端点

时间:2016-01-29 02:45:59

标签: oauth adobe aem postman experience-manager

我正在使用Postman从vanilla AEM安装中测试OAuth 2。

enter image description here

在我授予访问权限后,邮递员可以从/ oauth / authorize成功获取授权码:

enter image description here

但是当它尝试使用代码从/ oauth / token获取令牌时,它会收到以下响应:

  

HTTP错误:403访问/ oauth / token时出现问题。理由:禁止   由Jetty提供://

在Fiddler中查看正在对/ oauth / token执行POST,并在正文中使用以下名称/值:

  

client_id:来自/libs/granite/oauth/content/client.html的客户端ID

     

client_secret:   /libs/granite/oauth/content/client.html

中的客户端密钥      

redirect_uri:https://www.getpostman.com/oauth2/callback

     

grant_type:authorization_code

     

代码:从先前的oauth / authorize请求返回的代码

我错过了什么吗?

3 个答案:

答案 0 :(得分:2)

如果您可以列出有关构建网址和获取令牌的一些代码段,将会有所帮助。

以下是我们如何实施与您尝试的非常相似的示例,也许它会有所帮助。

定义类似下面的服务(片段)并在OSGI中定义值(主机,网址等)(或者您也可以为测试目的对其进行硬编码)

     @Service(value = OauthAuthentication.class)
     @Component(immediate = true, label = "My Oauth Authentication", description = "My Oauth Authentication", policy = ConfigurationPolicy.REQUIRE, metatype = true)
     @Properties({
       @Property(name = Constants.SERVICE_VENDOR, value = "ABC"),
       @Property(name = "service.oauth.host", value = "", label = "Oauth Host", description = "Oauth Athentication Server"),
       @Property(name = "service.oauth.url", value = "/service/oauth/token", label = "Oauth URL", description = "Oauth Authentication URL relative to the host"),
       @Property(name = "service.oauth.clientid", value = "", label = "Oauth Client ID", description = "Oauth client ID to use in the authentication procedure"),
       @Property(name = "service.oauth.clientsecret", value = "", label = "Oauth Client Secret", description = "Oauth client secret to use in the authentication procedure"),
       @Property(name = "service.oauth.granttype", value = "", label = "Oauth Grant Type", description = "Oauth grant type") })
      public class OauthAuthentication {   
      ...
      @Activate
      private void activate(ComponentContext context) {
         Dictionary<String, Object> properties = context.getProperties();
         host = OsgiUtil.toString(properties, PROPERTY_SERVICE_OAUTH_HOST,new String());

         // Similarly get all values
         url = 
         clientID = 
         clientSecret = 
         grantType = 
         authType = "Basic" + " "+ Base64.encode(new String(clientID + ":" + clientSecret));
      }

      public static void getAuthorizationToken(
         try {
            UserManager userManager = resourceResolver.adaptTo(UserManager.class);
            Session session = resourceResolver.adaptTo(Session.class);

            // Getting the current user                        
            Authorizable auth = userManager.getAuthorizable(session.getUserID());

         user = auth.getID();
         password = ...
         ... 
         ...
         String serviceURL = (host.startsWith("http") ? "": protocol + "://") + host + url;
         httpclient = HttpClients.custom().build();
         HttpPost httppost = new HttpPost(serviceURL);

         // set params
         ArrayList<BasicNameValuePair> formparams = new ArrayList<BasicNameValuePair>();
         formparams.add(new BasicNameValuePair("username", user));
         formparams.add(new BasicNameValuePair("password", password));
         formparams.add(new BasicNameValuePair("client_id", clientID));
         formparams.add(new BasicNameValuePair("client_secret",clientSecret));
         formparams.add(new BasicNameValuePair("grant_type",grantType));

          UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formparams, "UTF-8");
          httppost.setEntity(postEntity);

          // set header
          httppost.addHeader("Authorization", authType);
          response = httpclient.execute(httppost);
          HttpEntity entity = response.getEntity();

          if (response.getStatusLine().getStatusCode() == 200) {
            if (entity != null) {
               object = new JSONObject(EntityUtils.toString(entity));
            }
            if (object != null) {
              accessToken = object.getString("access_token");
              ////
            }
          }
      }

答案 1 :(得分:2)

我自己找到了答案,并认为我分享了我所经历的过程以及答案,因为它可能会帮助其他新手AEM。

如何找到错误原因:

  1. 转到CRXDE Lite。
  2. 选择控制台。
  3. 然后取消选择停止按钮以允许显示新的控制台日志(这对我来说非常违反直觉)。

    4. CRXDE Lite Console

    从这里我能够看到问题的原因:

      

    org.apache.sling.security.impl.ReferrerFilter针对/ oauth / token的POST请求拒绝空引用标头

    因为邮递员没有在请求标头中放置引用者,所以我必须告诉Apache Sling允许空请求标头。

    要做到这一点:

    1. 转至/ system / console / configMgr
    2. 打开Apache Sling Referrer过滤器配置
    3. 选中允许空复选框

      4. Apache Sling Referrer Filter Config

答案 2 :(得分:0)

允许此列出允许的主机的好方法,否则这违反了AEM安全检查表的最佳做法。

对于开发环境而言,它不适合生产。

相关问题
最新问题