I am following the example of Stormpath here:
http://docs.stormpath.com/java/spring-boot-web/http-request-authentication.html
So far everything else has been working.
But when I try to issue the command:
curl -X POST --data 'grant_type=password&username=ACCOUNT_USERNAME&password=ACCOUNT_PASSWORD' \
-H 'Origin: http://localhost:8080' http://localhost:8080/oauth/token
I get this error:
<body>
<div class="container-fluid">
<div class="row">
<div class="box col-md-6 col-md-offset-3">
<div class="stormpath-header">
<img src="https://stormpath.com/images/template/logo-nav.png" />
</div>
<div class="logo">
<h1>403</h1>
</div>
<p class="lead text-muted">Expected CSRF token not found. Has your session expired?</p>
Go Home
</div>
</div>
</div>
</body>
Any clues on how to solve this?
Which Stormpath Spring Boot Starter are you using?
stormpath-default-spring-boot-starter (and others) include Spring Security.
At this moment, Spring Security and /oauth/token are incompatible with the Stormpath integration.
Good News! We are literally releasing the new Token Management integration this week. It will be release 1.0.RC8.3. You can track it's status here. It integrates perfectly up through the Spring stack, including Spring Security. It also provides both access and refresh tokens and supports exchanging refresh tokens for new access tokens.
If you want the /oauth/token endpoint to work in advance of this release, you can either use a different Stormpath Starter or you can disable Spring Security.
For the first approach, you can use the stormpath-spring-boot-starter.
For the second approach, add the following lines to your application.properties file:
stormpath.spring.security.enabled = false
security.basic.enabled = false
Related
I am trying to hit using postman firebase url but it is giving me error.
I have setup all the things but it still it is giving me error
Here is the error which I am getting on postman
<HTML>
<HEAD>
<TITLE>The request was missing an Authentification Key (FCM Token). Please, refer to section "Authentification" of the FCM documentation, at https://firebase.google.com/docs/cloud-messaging/server.</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>The request was missing an Authentification Key (FCM Token). Please, refer to section "Authentification" of the FCM documentation, at https://firebase.google.com/docs/cloud-messaging/server.</H1>
<H2>Error 401</H2>
</BODY>
</HTML>
These things I am adding <br/>
url = 'https://fcm.googleapis.com/fcm/send'<br/>
method = POST<br/>
Headers <br/>
Authorization = 'FIREBASE_SERVER_API_KEY'<br/>
Content-Type = application/json<br/>
Body =
"{"registration_ids":["ids"],"priority":"high\",\"data\":{\"notification_id\":76,\"title\":\"dvxcv\",\"description\":\"xcvxv\",\"image\":\"/uploads/image/image/37513/Screenshot_from_2016-10-17_10_43_59.png\"}}"
All you need to do first in Header
Authorization: key='FIREBASE_SERVER_API_KEY'
And you are having problems with json parsing you have to remove '/'
{"registration_ids":["ids"],"priority":"high","data":{"notification_id":76,"title":"dvxcv","description":"xcvxv","image":"/uploads/image/image/37513/Screenshot_from_2016-10-17_10_43_59.png"}}
Edit
For any confusion follow my tutorial
how to integrate firebase with ruby on rails
Under Headers, Authorization: key=AAAA.....
HAVE TO ADD "key=" in front of the Firebase Server key token!!!
I'm creating an app using Grails 3 and SpringSecurity Core, as of now there is only a custom login page (named auth.gsp so that it can overwrite the default spring security auth.gsp, it does not have the Remember-me option), a index page with the message "Welcome" and a logout button, and some domain classes (the SpringSecurity User, Role and UserRole, beside some other classes that does nothing right now).
Every time I run the app after restarting the computer, on the first login attempt I'm redirected to a error (http://localhost:8080/error) such as this one:
Whitelabel Error PageThis application has no explicit mapping for /error, so you are seeing this as a fallback.Wed Apr 27 14:58:55 GMT-03:00 2016There was an unexpected error (type=None, status=999).No message available
If I erase the "/error" and go to the URL http://localhost:8080/ it works fine (it shows me the Welcome page), and if I logout and try to login again it does not show the error page (even if I run stop-app and run it again, the error page will not show anymore, I have to restart the computer for it to show again).
Anyone has any idea why is this happening? There is absolutly nothing running besides SpringSecurity, the custom auto.gsp and the auto generated domain classes. Is it an issue with the plugin?
The auth.gsp form is as follow:
<form action="${postUrl ?: '/login/authenticate'}" method="POST" class="login-form">
<input class="form-control"
name="${usernameParameter ?: 'username'}" placeholder="User" type="text"/>
<input class="form-control" name="${passwordParameter ?: 'password'}"
placeholder="Password" type="password"/>
<button class="btn ing-btn-primary login-btn-confirm" type="submit">
Login
</button>
</form>
I am trying to get familiar with Geb. I’m trying to run it from inside Grails, but that shouldn’t matter at all since my question here is specific to Geb.
I have the following test directory structure:
myapp/
<lots of stuff here>
test/
functional/
GebConfig.groovy
LogInLogOutSpec.groovy
pages/
LogInPage.groovy
DashboardPage.groovy
Where LoginPage.groovy is (obviously) the login page, and where DashboardPage is where you should be redirected to after logging in successfully. In reality I have security filters in place that will check to see if the URL you are trying to access requires authentication. If so, they redirect you to the login page, and after successful login, redirect you again to the URL you were trying to access.
For good measure, here’s the HTML that comprises my login page (again, this is Grails, so a GSP file is dynamically converted into HTML at runtime):
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head>
<body>
<form action=“/myapp/auth/signIn" method="post">
<input type="hidden" name="targetUri" value="/dashboard" />
<table>
<tbody>
<tr>
<td>Username:</td>
<td><input type="text" name="username" value="" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" value="" /></td>
</tr>
<tr>
<td />
<td><input type="submit" value="Sign in" /></td>
</tr>
</tbody>
</table>
</form>
</body>
</html>
So I need a Geb test that:
Attempts to go to the Dashboard Page (unauthorized)
Verifies we have instead been redirected to the Login Page
Logs in with good credentials
Verifies we are not at the Dashboard Page
Furthermore:
I’d like to choose between: (a) either browser-based (Firefox or Chrome) or (b) a headless browser (which I believe is the HtmlUnitDriver, but correct me if I’m wrong)
I’d like the login credentials used by Geb to be injectable from either the GebConfig file or some external parameter (perhaps as env vars or runtime args supplied to the Grails command line). Essentially I don’t want to store username/password in test code.
My best attempt so far:
GebConfig.groovy:
driver = {
// Again, or Firefox
ChromeProfile profile = new ChromeProfile()
Driver driverInstance = new ChromeDriver(profile)
driverInstace.manage().window().maximize()
driverInstance
}
baseNavigatorWaiting = true
atCheckWaiting = true
// Need to inject from some external process somehow, but make these
// available to test specs somehow.
username = System.env("USERNAME")
password = System.env("PASSWORD")
LogInLogOutSpec.groovy:
import geb.spock.GerbReportingSpec
import spock.lang.*
import pages.*
#Stepwise
class LogInLogOutSpec extends GebReportingSpec {
String username
String password
/*
* Attempt to go to user dashboard, and confirm you are instead
* redirected to the login page. Login with good credentials,
* and verify you are now logged in and at the dashboard.
*/
def "successful login redirects to dashboard page"() {
when:
to DashboardPage
then:
"Login".equals($(".page-header").text())
when:
$("#login-form input[name=username]").value(username)
$("#login-form input[name=password]").value(password)
then:
"Dashboard".equals($(".page-header").text())
}
}
I think I'm close, but this is obviously wrong. Any ideas where I’m going awry? Thanks!
You should modularize your test code. You should use
modules for UI widgets which can occur on different pages
pages (1, 2) to model a certain HTML page
specs for the actual test logic
In your code example you have a dashboard page, but no login page object. You should also think about a login modul if all your pages have the possibility to login or at least provide the possibility to detect the login state. See this SO answer for a modul definition. What is missing here is a function to determine the login state.For another implementation look at the AuthModule and the login test spec of the Geb examples.
To the login credentials: I think you did a good job having the credentials in the environment. This works fine on a developer machine and also on the build server.
For testing with different browsers: geb-example-gradle is a gradle sample project with a GebConfig and a build.gradle. This allows you to switch browser as argument to gradle:
./gradlew chromeTest
./gradlew firefoxTest
./gradlew phantomJsTest
This also answers your last question: a good headless browser I like to use is phantomJs.
Refer this Geb spec for an example. Mainly you can check how LoginModule is provides the login behavior as used here.
void login(String username = "admin#sample.org", String password = "admin") {
loginForm.j_username = username
loginForm.j_password = password
loginButton.click()
}
Application uses HtmlUnit driver.
Let know if you need any further explanation.
I have gone through some of the blogs in internet, but I am not able to find out how to do my own login page without Spring Security. How can I do it?
To create a custom login page, create a view called auth.gsp in grails-app/views/login/. Make sure it passes the parameters j_username and j_password to the action ${postUrl}. Here is the default auth.gsp view that comes with Spring Security 1.x:
<html>
<head>
<meta name='layout' content='main'/>
<title><g:message code="springSecurity.login.title"/></title>
<link rel="stylesheet" href="${resource(dir: 'css', file: 'auth.css')}" type="text/css">
</head>
<body>
<div id='login'>
<div class='inner'>
<div class='fheader'><g:message code="springSecurity.login.header"/></div>
<g:if test='${flash.message}'>
<div class='login_message'>${flash.message}</div>
</g:if>
<form action='${postUrl}' method='POST' id='loginForm' class='cssform pure-form pure-form-aligned' autocomplete='off'>
<p>
<label for='username'><g:message code="springSecurity.login.username.label"/>:</label>
<input type='text' class='text_' name='j_username' id='username'/>
</p>
<p>
<label for='password'><g:message code="springSecurity.login.password.label"/>:</label>
<input type='password' class='text_' name='j_password' id='password'/>
</p>
<p>
<input type='submit' id="submit" class="btn" value='${message(code: "springSecurity.login.button")}'/>
</p>
</form>
</div>
</div>
<script type='text/javascript'>
<!--
(function() {
document.forms['loginForm'].elements['j_username'].focus();
})();
// -->
</script>
</body>
</html>
I would copy that into your auth.gsp view and change it from there.
This can be annoying sometimes.
So if am getting you right you want to change the look and feel of the login spring security offer right?
Do this after you are done with your UI design( CSS, HTML and others).
Now change the input name and compare it to auth.gsp, thus from Spring security.
You can hold ctrl+shift+N on the keyboard and type auth.gsp for you to check.
Compare it to yours and change where possible.
In your UrlMAppings.groovy do this editing
"/"(view:"/Your login page")
"/login/auth"(view:"/Your login page")
Now restart your service and thats all.
If the issue persist you can post the error here so we can see what to do to help.
Note this is for Grails 3.x
In order to do this you need to do this tasks:
Create a login view inside views directory
create two gsp views names auth.gsp and denied.gsp
in this step you probably need to copy content from plugin auth.gsp view and denied.gsp if you are using grails spring security core plugin version 2.0-RC3 these views are located at target > work > plugins > spring-security-core-2.0-RC2 > grails-app > view > login, copy content and paste it in your app auth.gsp and denied.gsp views
You can check an example of views location and views content in this repo.
Attempting to precompile a ember-handlebars template via gruntjs and contrib-ember-handlebars.
However, I am seeing a malformed template:
<section>
<div class="center">
<div class="logo-container">
</div>
<div class="misuseAct">
<script id="metamorph-0-start" type="text/x-placeholder"></S'+'CRIPT>
<h1>Super app</h1>
<p>The best app ever...</p>
Proceed
<script id='metamorph-0-end' type='text/x-placeholder'></S'+'CRIPT>
</div>
</div>
</section></script></div></div></section>
I am only seeing this on mobile phone browsers and with Ember minified, it works fine with Ember debug, on all devices and browsers.
Versions:
Grunt: 0.4.1
Grunt-CLI: 0.1.9
contrib-ember-handlebars: 0.6.0
Handlebars: RC-4
jQuery: 1.10.2
Ember.js: RC-6
Ember-Data: 0.13
I'm not sure if this is your problem but it seems very similar to my situation.
Ember, Handlebars, Contrib-Ember-Templates produce malformed templates on mobile browsers