search

PANTHEONtech / lighty

Lightweight OpenDaylight runtime library
https://lighty.io
Eclipse Public License 1.0
132 stars 75 forks source link

lighty-controller-springboot-netconf 403 problem #1929

Closed maurizio-lazzarini closed 2 days ago

maurizio-lazzarini commented 1 week ago

This morning I tried the example, after the import into Spring Tool Suite I have no problem to run the application. But after successful login:

C:\Windows\system32>curl -i -X POST -c /tmp/lighty.cookies.txt -H "Content-Type:application/json" --data "{\"username\": \"bob\", \"password\": \"secret\"}" http://localhost:8888/services/security/login HTTP/1.1 200 Set-Cookie: JSESSIONID=4E23ED5279546FECB71A68E884308AE4; Path=/; HttpOnly Content-Type: application/json Transfer-Encoding: chunked Date: Mon, 02 Sep 2024 09:05:31 GMT

{"userName":"bob"}

every HTTP request returns a 403 error code: C:\Windows\system32>curl -i -b /tmp/lighty.cookies.txt -X GET http://localhost:8888/services/data/topology/list HTTP/1.1 403 Vary: Origin Vary: Access-Control-Request-Method Vary: Access-Control-Request-Headers Set-Cookie: JSESSIONID=5447CC094471304E3F1AD2ACD46BAAB6; Path=/; HttpOnly X-Content-Type-Options: nosniff X-XSS-Protection: 0 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-Frame-Options: DENY Content-Length: 0 Date: Mon, 02 Sep 2024 09:06:55 GMT

Branch lighty.io branch 20.10

Environment (please complete the following information):

ihrasko commented 1 week ago

Thanks for your report. We will check the issue.

ihrasko commented 4 days ago

Java Version 11.0.13 - lighty.io 20.1.0 is designed for Java 17.

maurizio-lazzarini commented 4 days ago

Thank You very much !!!

ihrasko commented 4 days ago

Cannot reproduce. Your cookie is not correct, please invoke login request again.

See: Set-Cookie: JSESSIONID=4E23ED5279546FECB71A68E884308AE4; Path=/; HttpOnly and Set-Cookie: JSESSIONID=5447CC094471304E3F1AD2ACD46BAAB6; Path=/; HttpOnly

You can check the correct cookie is used by curl -v ....

Best,

maurizio-lazzarini commented 3 days ago

Thank you very much !
Due to the fact that I am really new to curl, can you please detail the curl syntax to check the cookie ?

ihrasko commented 2 days ago

You can ignore AskTimeoutExceptions and use example according to readme.

ihrasko commented 2 days ago

Invoke:

curl -v -i -X POST -c /tmp/lighty.cookies.txt -H "Content-Type:application/json" --data '{
    "username": "bob",
    "password": "secret"
}' "http://localhost:8888/services/security/login"

then 

curl -v -i -b /tmp/lighty.cookies.txt -X GET "http://localhost:8888/services/data/topology/list"

Check Cookie: JSESSIONID=<the value>.

Enjoy!