Spring Security - How to access v2 API using basic HTTP authentication in Hybris?

0
votes

I want to access v2 API using basic authentication(username/password), I have done all below-mentioned changes. But when I hit the web service URL, I'm getting a popup for providing username/password which is not taking(validating) my username/password. I'm sure I have entered correct username & password.

web.xml:

<security-role>
<description>
The role that is required to access the application
</description>
<role-name>admin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>RestrictedWebResource</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<!-- transport-guarantee can be CONFIDENTIAL, INTEGRAL, or NONE -->
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>

security-v2-spring.xml:

<security:http auto-config="true"  use-expressions="true">      <security:intercept-url pattern="/rest/*" access="admin" />
<security:http-basic />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="ash" password="ash" authorities="admin" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>

tomcat-users.xml:

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="manager"/>
<role rolename="admin"/>
<user username="ash" password="ash" roles="admin,manager"/>
</tomcat-users>

config/local.properties:

hybris.security.http.basic.auth.enable=true
hybris.security.http.basic.auth.username=ash
hybris.security.http.basic.auth.password=ash

tomcat-users.xml location is correctly configured in server.xml also

<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />

The endpoint URL which I try to access is 

https://localhost:9002/rest/v2/**/**/**

Usual admin console admin/nimda also doesn't work. I'm breaking my head in this for more than a week now. Any help will be great. Thanks in advance.

1
springweb-servicestomcatspring-securityhybris
Please provide endpoint URL you're trying to access, also try with admin/nimda once.HybrisHelp
Yes I have added the endpoint URL & edited the question.Aswin G
v2 version is the default, which is based on Auth2, you need to add OAuth client in the system(using backoffice) to access v2 API. Is this your requirement to access v2 on basic auth? otherwise, without any code change, you can access it.HybrisHelp
Yes, my requirement is to access v2 services using basic auth. I am not using OAuth which is available out of the box.Aswin G
@Aswin,Did you had a chance to find an answer for this? Please let me know.techy360

1 Answers

0
votes

From the URL it appears as if you are trying to access the OCC API.
Access to OCC has nothing to do with the regular authentication.
You need to create an OAuth Client using OAuthClientDetails model and give it appropriate authorization.

Sample-

INSERT_UPDATE OAuthClientDetails;clientId[unique=true];resourceIds;scope;authorizedGrantTypes;clientSecret;authorities
                                ;abc;hybris;basic;authorization_code,refresh_token,password,client_credentials;password;ROLE_TRUSTED_CLIENT