首页 文章

403来自Adobe Experience Manager OAuth 2令牌 endpoints 的响应

提问于
浏览
6

我正在使用Postman从vanilla AEM安装中测试OAuth 2 .

enter image description here

在我授予访问权限后,邮递员可以从/ oauth / authorize成功获取授权码:

enter image description here

但是当它尝试使用代码从/ oauth / token获取令牌时,它会收到以下响应:

HTTP错误:403访问/ oauth / token时出现问题 . 原因:禁止由Jetty提供支持://

在Fiddler中查看正在对/ oauth / token执行POST,并在正文中使用以下名称/值:

client_id:来自/libs/granite/oauth/content/client.html client_secret的客户端ID:来自/libs/granite/oauth/content/client.html redirect_uri的客户端密码:https://www.getpostman.com/oauth2/callback grant_type:authorization_code代码:从先前的请求返回到oauth / authorize的代码

我错过了什么吗?

oauth adobe aem postman experience-manager

3 回答

  • 2

    允许此列出允许的主机的好方法,否则这违反了AEM安全检查表的最佳做法 .

    它适用于开发环境,不适合 生产环境 .

    回复于
  • 2

    如果您可以列出有关如何构建URL和获取令牌的一些代码段,将会有所帮助 .

    以下是我们如何实现与您尝试的非常相似的示例,也许它会有所帮助 .

    定义类似下面的服务(片段)并在OSGI中定义值(主机,URL等)(或者您也可以将它们硬编码用于测试目的)

    @Service(value = OauthAuthentication.class)
     @Component(immediate = true, label = "My Oauth Authentication", description = "My Oauth Authentication", policy = ConfigurationPolicy.REQUIRE, metatype = true)
     @Properties({
       @Property(name = Constants.SERVICE_VENDOR, value = "ABC"),
       @Property(name = "service.oauth.host", value = "", label = "Oauth Host", description = "Oauth Athentication Server"),
       @Property(name = "service.oauth.url", value = "/service/oauth/token", label = "Oauth URL", description = "Oauth Authentication URL relative to the host"),
       @Property(name = "service.oauth.clientid", value = "", label = "Oauth Client ID", description = "Oauth client ID to use in the authentication procedure"),
       @Property(name = "service.oauth.clientsecret", value = "", label = "Oauth Client Secret", description = "Oauth client secret to use in the authentication procedure"),
       @Property(name = "service.oauth.granttype", value = "", label = "Oauth Grant Type", description = "Oauth grant type") })
      public class OauthAuthentication {   
      ...
      @Activate
      private void activate(ComponentContext context) {
         Dictionary<String, Object> properties = context.getProperties();
         host = OsgiUtil.toString(properties, PROPERTY_SERVICE_OAUTH_HOST,new String());

         // Similarly get all values
         url = 
         clientID = 
         clientSecret = 
         grantType = 
         authType = "Basic" + " "+ Base64.encode(new String(clientID + ":" + clientSecret));
      }

      public static void getAuthorizationToken(
         try {
            UserManager userManager = resourceResolver.adaptTo(UserManager.class);
            Session session = resourceResolver.adaptTo(Session.class);

            // Getting the current user                        
            Authorizable auth = userManager.getAuthorizable(session.getUserID());

         user = auth.getID();
         password = ...
         ... 
         ...
         String serviceURL = (host.startsWith("http") ? "": protocol + "://") + host + url;
         httpclient = HttpClients.custom().build();
         HttpPost httppost = new HttpPost(serviceURL);

         // set params
         ArrayList<BasicNameValuePair> formparams = new ArrayList<BasicNameValuePair>();
         formparams.add(new BasicNameValuePair("username", user));
         formparams.add(new BasicNameValuePair("password", password));
         formparams.add(new BasicNameValuePair("client_id", clientID));
         formparams.add(new BasicNameValuePair("client_secret",clientSecret));
         formparams.add(new BasicNameValuePair("grant_type",grantType));

          UrlEncodedFormEntity postEntity = new UrlEncodedFormEntity(formparams, "UTF-8");
          httppost.setEntity(postEntity);

          // set header
          httppost.addHeader("Authorization", authType);
          response = httpclient.execute(httppost);
          HttpEntity entity = response.getEntity();

          if (response.getStatusLine().getStatusCode() == 200) {
            if (entity != null) {
               object = new JSONObject(EntityUtils.toString(entity));
            }
            if (object != null) {
              accessToken = object.getString("access_token");
              ////
            }
          }
      }
    回复于
  • 0

    我自己找到了答案,并且认为我会分享我经历的过程以及答案,因为它可能会帮助其他新手AEM .

    如何找到错误原因:

    • 转到CRXDE Lite .

    • 选择控制台 .

    • 然后取消选择停止按钮以允许出现新的控制台日志(这对我来说非常违反直觉) .

    CRXDE Lite Console

    从这里我能够看到问题的原因:

    org.apache.sling.security.impl.ReferrerFilter拒绝对/ oauth / token的POST请求的空引用标头

    因为邮递员没有在请求标头中放置引用者,所以我必须告诉Apache Sling允许空请求标头 .

    去做这个:

    • 转至/ system / console / configMgr

    • 打开Apache Sling Referrer过滤器配置

    • 选中允许空复选框

    Apache Sling Referrer Filter Config

    回复于

相关问题