0

I'm using a java application the provide a REST interface for mongodb database called "RESTHeart"

When I make a normal GET request.

http -a admin:temp http://172.18.18.122:8080/_logic/roles/admin

I get an auth token Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23, how can I use it subsequent requests?

Here is the full response

HTTP/1.1 200 OK
    Access-Control-Allow-Credentials: true
    Access-Control-Allow-Origin: *
    Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
    Auth-Token: 10dc2eeb-9624-47f2-a542-c97e0af82b23
    Auth-Token-Location: /_authtokens/admin
    Auth-Token-Valid-Until: 2016-04-25T14:37:22.290Z
    Connection: keep-alive
    Content-Encoding: gzip
    Content-Length: 109
    Content-Type: application/hal+json
    Date: Mon, 25 Apr 2016 14:22:22 GMT
    X-Powered-By: restheart.org

    {
        "_links": {
            "self": {
                "href": "/_logic/roles/admin"
            }
        },
        "authenticated": true,
        "roles": [
            "ADMIN"
        ]
    }

I have tried the following:

http http://172.18.18.122:8080/_logic/roles/admin Auth-Token:'10dc2eeb-9624-47f2-a542-c97e0af82b23' 

Response:

HTTP/1.1 403 Forbidden
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location, ETag, Auth-Token, Auth-Token-Valid-Until, Auth-Token-Location, X-Powered-By
Connection: keep-alive
Content-Length: 0
Date: Mon, 25 Apr 2016 14:30:27 GMT
X-Powered-By: restheart.org

I'm not sure what I'm doing wrong here, any ideas?

Deano
  • 11,582
  • 18
  • 69
  • 119
  • Your GET server response needs to include an Access-Control-Allow-Headers header. See http://stackoverflow.com/questions/13994507/how-do-you-send-a-custom-header-in-a-cross-domain-cors-xmlhttprequest – RamblinRose Apr 25 '16 at 14:39

3 Answers3

1

I found the solution for this question, all what I needed was to pass authorization header along with 'username:password' encoded in base64 format

  http GET http://172.18.18.122:8080/auth/users authorization:'Basic YWRtaW46dGVtcA=='
Deano
  • 11,582
  • 18
  • 69
  • 119
1

with httpie you can simply do:

http -a <username>:<Auth-Token> GET http://172.18.18.122:8080/auth/users

Andrea Di Cesare
  • 1,125
  • 6
  • 11
1

Clients authenticate passing credentials via the standard basic authentication, a standard method for an HTTP user agent to provide a username and password when making a request. RESTHeart is stateless: there isn't any authentication session and credentials must be sent on every request.

Of course, it means you must secure your communications with HTTPS.

There's documentation on how the authentication process works in restheart at https://softinstigate.atlassian.net/wiki/x/JgDM

mturatti
  • 651
  • 5
  • 10