Вопрос
authorization
cookies
JAVA
Технические вопросы
7.x

Возвращаются не все cvookies при авторизации через AuthService.svc

Developer2
24 мая 2016 12:18

Добрый день!

Я занимаюсь разработкой интеграции с BPM'Online Sales.

Возникла проблема при авторизации через AuthService.svc.

Проблема заключается в том, что я получаю не все необходимые cookie, чтобы совершать дальнейшие запросы к вашему API.

Отправляю все как надо, в ответ получаю 200 OK и такой JSON:

24-May-2016 11:44:03.878 INFO [http-nio-8443-exec-5] org.glassfish.jersey.filter.LoggingFilter.log 1 * Sending client request on thread http-nio-8443-exec-5
1 > POST https://phonetcomua.bpmonline.com/ServiceModel/AuthService.svc/Login

1 > Accept: application/json
1 > Content-Type: application/json
{"UserName":"somename","UserPassword":"somepassword"}

24-May-2016 11:44:04.487 INFO [http-nio-8443-exec-5] org.glassfish.jersey.filter.LoggingFilter.log 2 * Client response received on thread http-nio-8443-exec-5
2 200
2 Cache-Control: private
2 Content-Length: 84
2 Content-Type: application/json; charset=utf-8
2 Date: Tue, 24 May 2016 08:43:51 GMT
2 Location: /0
2 Server: Microsoft-IIS/8.5
2 Set-Cookie: UserName=68, 101, 118, 101, 108, 111, 112, 101, 114; expires=Thu, 23-Jun-2016 08:43:51 GMT; path=/; HttpOnly,.ASPXAUTH=AEBC2921C6FBEBE4612FD14307AF11E804E0298A87BC385C174E603186BE8333241A99EA3772CDBC02B3AC8DFB606F1E9534F873B82B760736AA12BA20A0FFD874C00BF3AFB873A738AB6FC2CB76EE3F9CDA053F0EB93CC8401CE400461F06A85D398499283E9CF2E43FF97636D7727DD4014F44EFB0EA1CB06CF71737F81C7E5AEEEC759A663663E985D4A3FFF532A9DE867CE798F2B16F4A8E334E16244F2B839151AB7E6AF9A7C89E61B0683E45EA20EAAC47B223BA41752387F66940CDC65BA9CB3BB374403566677609E3C2312834E5E045B8F0BEF2A64AC13CA4D3D0D6C6868B94113D91DE4A25915B0E69E261034622F075CE48FA9A340076F80D439E6979DA6AFDEAF037828C7A98AA217C7DB41C9FEB; path=/; HttpOnly,BPMLOADER=5glxdkdc4po55ripfr4wrq5g; path=/; HttpOnly,BPMLOADER=5glxdkdc4po55ripfr4wrq5g; path=/; HttpOnly
2 X-AspNet-Version: 4.0.30319
2 X-Powered-By: ASP.NET
2 X-Terrasoft-UserCulture: ru-RU
{"Code":0,"Message":"","Exception":null,"PasswordChangeUrl":null,"RedirectUrl":null}

Как можно видеть из значения заголовка Set-Cookie сервер вернул мне 4 значения cookie: UserName, .ASPXAUTH и дважды BPMLOADER.

В куках нет BPMSESSIONID, который я получаю, если отправляю запрос через приложение для Chrome Postman.

Если я отправляю запрос через Postman, то в дальнейшем могу успешно проводить запросы на поиск контакта или лида, а при запросе через java при авторизации получаю не все cookie и поэтому дальнейшие запросы возвращают статус код 401
В чем может быть причина?

Нравится

7 комментариев
Александр Зубков
25 мая 2016 14:29

Здравствуйте.
По идее, сессионный куки должен вернуться следующим запросом к приложению, а не к загрузчику.

Developer2
25 мая 2016 14:33

Здравствуйте!

В документации сказано, что делаем запрос на авторизацию и куки, которые вернулись нужно передавать в последующие запросы.

Когда делаю так, возвращается 401 ошибка.

Поэтому я и проверил через расширение. В нем после запроса на авторизацию сразу приходит BPMSESSIONID, что логично, по-моему.

Александр Зубков
25 мая 2016 16:31

А можно взглянуть на запрос, который Вы отправляете?

Developer2
25 мая 2016 16:52

"Александр Зубков" написал:

А можно взглянуть на запрос, который Вы отправляете?

Да.

GET запрос на

25-May-2016 16:51:35.741 INFO [http-nio-8443-exec-2] org.glassfish.jersey.filter.LoggingFilter.log 1 * Sending client request on thread http-nio-8443-exec-2
1 > GET https://phonetcomua.bpmonline.com/0/ServiceModel/EntityDataService.svc/LeadCollection?$select=Id,LeadName,OwnerId&$filter=MobilePhone+eq+'%2B380442246595'+or+BusinesPhone+eq+'%2B380442246595'&$top=1
1 > Cookie: BPMSESSIONID=2jv1su0azu1kqpcy1jip4m4r;Version=1,.ASPXAUTH=01FF6F8F02911836A45EF840B527B75130FE1FFB263C1453F8A2C727370CAEEBF3DFD7773DA5C4FE0052509FC902AF8D80B5E91CB88309E5774A310E8E6711A8E27D9B185E3ECA38AD7D9F04F811DD11D82D2229299D3A13A2067ECE3B6FEE115658D844389757D4219890703C3CE3766482B86688E38F0FD3B660F878FA1D61F7AAED7CFE0564F56AAFBF5668B7882F6E8905928636E9CE1CF7305675E44058FB157B45D6BC830D7F74087FA9D2617A7312FE87413F932A7FD089D63F401B2929ABD44C20E5CE877E57E0C8C93C2799DBCCE844A2A20EC7B05A172E858424BDE13E6F1069877CD203E199674A92B7BEBB97E6C661470E9A23ADFCBF8C7D392436ED9195BCC9E171CC8EAF1E45DA346A4C537715;Version=1,BPMLOADER=zkjjiebb4gomec40pk1yemcy;Version=1,UserName="68, 101, 118, 101, 108, 111, 112, 101, 114";Version=1,BPMSESSIONID=2jv1su0azu1kqpcy1jip4m4r;Version=1,.ASPXAUTH=01FF6F8F02911836A45EF840B527B75130FE1FFB263C1453F8A2C727370CAEEBF3DFD7773DA5C4FE0052509FC902AF8D80B5E91CB88309E5774A310E8E6711A8E27D9B185E3ECA38AD7D9F04F811DD11D82D2229299D3A13A2067ECE3B6FEE115658D844389757D4219890703C3CE3766482B86688E38F0FD3B660F878FA1D61F7AAED7CFE0564F56AAFBF5668B7882F6E8905928636E9CE1CF7305675E44058FB157B45D6BC830D7F74087FA9D2617A7312FE87413F932A7FD089D63F401B2929ABD44C20E5CE877E57E0C8C93C2799DBCCE844A2A20EC7B05A172E858424BDE13E6F1069877CD203E199674A92B7BEBB97E6C661470E9A23ADFCBF8C7D392436ED9195BCC9E171CC8EAF1E45DA346A4C537715;Version=1,BPMLOADER=zkjjiebb4gomec40pk1yemcy;Version=1,UserName="68, 101, 118, 101, 108, 111, 112, 101, 114";Version=1
 
25-May-2016 16:51:36.236 INFO [http-nio-8443-exec-2] org.glassfish.jersey.filter.LoggingFilter.log 2 * Client response received on thread http-nio-8443-exec-2
2 < 401
2 < Cache-Control: private
2 < Content-Length: 6389
2 < Content-Type: text/html; charset=utf-8
2 < Date: Wed, 25 May 2016 13:51:20 GMT
2 < Server: Microsoft-IIS/8.5
2 < WWW-Authenticate: Basic
2 < X-Powered-By: ASP.NET
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<title>IIS 8.5 Detailed Error - 401.1 - Unauthorized</title> 
<style type="text/css"> 
<!-- 
body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} 
code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} 
.config_source code{font-size:.8em;color:#000000;} 
pre{margin:0;font-size:1.4em;word-wrap:break-word;} 
ul,ol{margin:10px 0 10px 5px;} 
ul.first,ol.first{margin-top:5px;} 
fieldset{padding:0 15px 10px 15px;word-break:break-all;} 
.summary-container fieldset{padding-bottom:5px;margin-top:4px;} 
legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} 
legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; 
font-weight:bold;font-size:1em;} 
a:link,a:visited{color:#007EFF;font-weight:bold;} 
a:hover{text-decoration:none;} 
h1{font-size:2.4em;margin:0;color:#FFF;} 
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.4em;margin:10px 0 0 0;color:#CC0000;} 
h4{font-size:1.2em;margin:10px 0 5px 0; 
}#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; 
 color:#FFF;background-color:#5C87B2; 
}#content{margin:0 0 0 2%;position:relative;} 
.summary-container,.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;} 
.content-container p{margin:0 0 10px 0; 
}#details-left{width:35%;float:left;margin-right:2%; 
}#details-right{width:63%;float:left;overflow:hidden; 
}#server_version{width:96%;_height:1px;min-height:1px;margin:0 0 5px 0;padding:11px 2% 8px 2%;color:#FFFFFF; 
 background-color:#5A7FA5;border-bottom:1px solid #C1CFDD;border-top:1px solid #4A6C8E;font-weight:normal; 
 font-size:1em;color:#FFF;text-align:right; 
}#server_version p{margin:5px 0;} 
table{margin:4px 0 4px 0;width:100%;border:none;} 
td,th{vertical-align:top;padding:3px 0;text-align:left;font-weight:normal;border:none;} 
th{width:30%;text-align:right;padding-right:2%;font-weight:bold;} 
thead th{background-color:#ebebeb;width:25%; 
}#details-right th{width:20%;} 
table tr.alt td,table tr.alt th{} 
.highlight-code{color:#CC0000;font-weight:bold;font-style:italic;} 
.clear{clear:both;} 
.preferred{padding:0 5px 2px 5px;font-weight:normal;background:#006633;color:#FFF;font-size:.8em;} 
--> 
</style> 
 
</head> 
<body> 
<div id="content"> 
<div class="content-container"> 
  <h3>HTTP Error 401.1 - Unauthorized</h3> 
  <h4>You do not have permission to view this directory or page using the credentials that you supplied.</h4> 
</div> 
<div class="content-container"> 
 <fieldset><h4>Most likely causes:</h4> 
  <ul> 	<li>The username supplied to IIS is invalid.</li> 	<li>The password supplied to IIS was not typed correctly. </li> 	<li>Incorrect credentials were cached by the browser.</li> 	<li>IIS could not verify the identity of the username and password provided.</li> 	<li>The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.</li> 	<li>The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.</li> 	<li>Invalid Kerberos configuration may be the cause if all of the following are true:</li> 	<ul> 		<li>Integrated authentication was used.</li> 		<li>the application pool identity is a custom account.</li> 		<li>the server is a member of a domain.</li> 	</ul> </ul> 
 </fieldset> 
</div> 
<div class="content-container"> 
 <fieldset><h4>Things you can try:</h4> 
  <ul> 	<li>Verify that the username and password are correct, and are not cached by the browser.</li> 	<li>Use a different username and password.</li> 	<li>If you are using a custom anonymous account, verify that the password has not expired.</li> 	<li>Verify that the authenticating user or the user's group, has not been denied login access to the server.</li> 	<li>Verify that the account was not locked out due to numerous failed login attempts.</li> 	<li>If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.</li> 	<li>Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click <a href="http://go.microsoft.com/fwlink/?LinkID=66439">here</a>. </li> </ul> 
 </fieldset> 
</div> 
 
<div class="content-container"> 
 <fieldset><h4>Detailed Error Information:</h4> 
  <div id="details-left"> 
   <table border="0" cellpadding="0" cellspacing="0"> 
    <tr class="alt"><th>Module</th><td>&nbsp;&nbsp;&nbsp;AuthModule</td></tr> 
    <tr><th>Notification</th><td>&nbsp;&nbsp;&nbsp;EndRequest</td></tr> 
    <tr class="alt"><th>Handler</th><td>&nbsp;&nbsp;&nbsp;svc-Integrated-4.0</td></tr> 
    <tr><th>Error Code</th><td>&nbsp;&nbsp;&nbsp;0x00000000</td></tr> 
 
   </table> 
  </div> 
  <div id="details-right"> 
   <table border="0" cellpadding="0" cellspacing="0"> 
    <tr class="alt"><th>Requested URL</th><td>&nbsp;&nbsp;&nbsp;https://phonetcomua.bpmonline.com:443/0/ServiceModel/EntityDataService.svc/LeadCollection?$select=Id,LeadName,OwnerId&amp;$filter=MobilePhone+eq+'%2B380442246595'+or+BusinesPhone+eq+'%2B380442246595'&amp;$top=1</td></tr> 
    <tr><th>Physical Path</th><td>&nbsp;&nbsp;&nbsp;D:\App\phonetcomua\Terrasoft.WebApp\ServiceModel\EntityDataService.svc\LeadCollection</td></tr> 
    <tr class="alt"><th>Logon Method</th><td>&nbsp;&nbsp;&nbsp;Not yet determined</td></tr> 
    <tr><th>Logon User</th><td>&nbsp;&nbsp;&nbsp;Not yet determined</td></tr> 
 
   </table> 
   <div class="clear"></div> 
  </div> 
 </fieldset> 
</div> 
 
<div class="content-container"> 
 <fieldset><h4>More Information:</h4> 
  This error occurs when either the username or password supplied to IIS is invalid, or when IIS cannot use the username and password to authenticate the user. 
  <p><a href="http://go.microsoft.com/fwlink/?LinkID=62293&amp;IIS70Error=401,1,0x00000000,9600">View more information &raquo;</a></p> 
  <p>Microsoft Knowledge Base Articles:</p> 
 <ul><li>907273</li><li>871179</li><li>896861</li></ul> 
 
 </fieldset> 
</div> 
</div> 
</body> 
</html>

Через Postman возвращает XML с данными, а если через Jersey(java-библиотека), получаю 401.

Developer2
25 мая 2016 17:01
25-May-2016 17:00:17.050 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 3 * Sending client request on thread http-nio-8443-exec-10
3 > POST https://phonetcomua.bpmonline.com/ServiceModel/AuthService.svc/Login
3 > Accept: application/json
3 > Content-Type: application/json
{"UserName":"Developer","UserPassword":"Password"}

25-May-2016 17:00:17.147 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 4 * Client response received on thread http-nio-8443-exec-10
4 < 200
4 < Cache-Control: private
4 < Content-Length: 84
4 < Content-Type: application/json; charset=utf-8
4 < Date: Wed, 25 May 2016 14:00:00 GMT
4 < Location: /0
4 < Server: Microsoft-IIS/8.5
4 < Set-Cookie: UserName=68, 101, 118, 101, 108, 111, 112, 101, 114; expires=Fri, 24-Jun-2016 14:00:01 GMT; path=/; HttpOnly,.ASPXAUTH=B6CE704BC28B00303511E111A2C49FED9C626A2D1B630D24B2D621E84E9A758AC8D837E61C359C02E7CD6E3ABB2EC293E167CD753954949C5F114816676F61C3ED1CD7E9DCA769145CCE80BCE26948BFE588A030B64A446BC15F687B29E5A0D321FF6D09711E24E765B05B4E743D41EC5DDE4A05484446F79DECC8D37CA692D556CC54AB24D355A4EFD90D0B9A38AD5982AD941F0942D5C5758314EE7AC0DA62317C4505CF9B998B161050429109C83DDB76697522D4402478C615282EEA4328889425580751447BE7667DB33A532783E52A7486303B5C735480ECF02C25DB38CC52C78A1D196F7C23982F22ABB160C7C11EF7D0269969F32035906B3400EA2C7BDDB0F742A3A2C1F58025254588004A01F339EB; path=/; HttpOnly,BPMLOADER=cm20rhifoqh0xh2puzp0ovh4; path=/; HttpOnly,BPMLOADER=cm20rhifoqh0xh2puzp0ovh4; path=/; HttpOnly
4 < X-AspNet-Version: 4.0.30319
4 < X-Powered-By: ASP.NET
4 < X-Terrasoft-UserCulture: ru-RU
{"Code":0,"Message":"","Exception":null,"PasswordChangeUrl":null,"RedirectUrl":null}

78224 [http-nio-8443-exec-10] DEBUG teler.connector.bpmonline.BpmConnector  - authorize: Authorization is succeeded
25-May-2016 17:00:17.194 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 5 * Sending client request on thread http-nio-8443-exec-10
5 > GET https://phonetcomua.bpmonline.com/0/ServiceModel/EntityDataService.svc/LeadCollection?$select=Id,LeadName,OwnerId&$filter=MobilePhone+eq+'%2B380442246595'+or+BusinesPhone+eq+'%2B380442246595'&$top=1
5 > Cookie: UserName=68;Version=1;Path=/;HttpOnly;Expires=Fri, 24 Jun 2016 14:00:01 GMT,.ASPXAUTH=B6CE704BC28B00303511E111A2C49FED9C626A2D1B630D24B2D621E84E9A758AC8D837E61C359C02E7CD6E3ABB2EC293E167CD753954949C5F114816676F61C3ED1CD7E9DCA769145CCE80BCE26948BFE588A030B64A446BC15F687B29E5A0D321FF6D09711E24E765B05B4E743D41EC5DDE4A05484446F79DECC8D37CA692D556CC54AB24D355A4EFD90D0B9A38AD5982AD941F0942D5C5758314EE7AC0DA62317C4505CF9B998B161050429109C83DDB76697522D4402478C615282EEA4328889425580751447BE7667DB33A532783E52A7486303B5C735480ECF02C25DB38CC52C78A1D196F7C23982F22ABB160C7C11EF7D0269969F32035906B3400EA2C7BDDB0F742A3A2C1F58025254588004A01F339EB;Version=1;Path=/;HttpOnly,BPMLOADER=cm20rhifoqh0xh2puzp0ovh4;Version=1;Path=/;HttpOnly

78301 [http-nio-8443-exec-10] INFO teler.connector.bpmonline.BpmConnector  - Request 'https://phonetcomua.bpmonline.com/0/ServiceModel/EntityDataService.svc/LeadCollection' returns 401 status
25-May-2016 17:00:17.269 INFO [http-nio-8443-exec-10] org.glassfish.jersey.filter.LoggingFilter.log 6 * Client response received on thread http-nio-8443-exec-10
6 < 401
6 < Cache-Control: private
6 < Content-Length: 6389
6 < Content-Type: text/html; charset=utf-8
6 < Date: Wed, 25 May 2016 14:00:00 GMT
6 < Server: Microsoft-IIS/8.5
6 < WWW-Authenticate: Basic
6 < X-Powered-By: ASP.NET
 
 
 
IIS 8.5 Detailed Error - 401.1 - Unauthorized 
 
 
 
 
 
 
 
 
  
HTTP Error 401.1 - Unauthorized
 
  
You do not have permission to view this directory or page using the credentials that you supplied.
 
 
 
 
Most likely causes:
 
  
     	
  • The username supplied to IIS is invalid.
    •  	
  • The password supplied to IIS was not typed correctly. 
    •  	
  • Incorrect credentials were cached by the browser.
    •  	
  • IIS could not verify the identity of the username and password provided.
    •  	
  • The resource is configured for Anonymous authentication, but the configured anonymous account either has an invalid password or was disabled.
    •  	
  • The server is configured to deny login privileges to the authenticating user or the group in which the user is a member.
    •  	
  • Invalid Kerberos configuration may be the cause if all of the following are true:
    •  	
       		
    • Integrated authentication was used.
      •  		
    • the application pool identity is a custom account.
      •  		
    • the server is a member of a domain.
      •  	
     
 
  
 
 
 
Things you can try:
 
  
     	
  • Verify that the username and password are correct, and are not cached by the browser.
    •  	
  • Use a different username and password.
    •  	
  • If you are using a custom anonymous account, verify that the password has not expired.
    •  	
  • Verify that the authenticating user or the user's group, has not been denied login access to the server.
    •  	
  • Verify that the account was not locked out due to numerous failed login attempts.
    •  	
  • If you are using authentication and the server is a member of a domain, verify that you have configured the application pool identity using the utility SETSPN.exe, or changed the configuration so that NTLM is the favored authentication type.
    •  	
  • Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here. 
    •  
 
  
 
 
 
 
Detailed Error Information:
 
   
    
    Module   AuthModule 
    Notification   EndRequest 
    Handler   svc-Integrated-4.0 
    Error Code   0x00000000 
     
    
   
   
    
    Requested URL   https://phonetcomua.bpmonline.com:443/0/ServiceModel/EntityDataService.svc/LeadCollection?$select=Id,LeadName,OwnerId&$filter=MobilePhone+eq+'%2B380442246595'+or+BusinesPhone+eq+'%2B380442246595'&$top=1 
    Physical Path   D:\App\phonetcomua\Terrasoft.WebApp\ServiceModel\EntityDataService.svc\LeadCollection 
    Logon Method   Not yet determined 
    Logon User   Not yet determined 
     
    
    
   
  
 
 
 
 
More Information:
 
  This error occurs when either the username or password supplied to IIS is invalid, or when IIS cannot use the username and password to authenticate the user. 
  
View more information »
 
  
Microsoft Knowledge Base Articles:
 
 
  • 907273
  • 871179
  • 896861
Александр Зубков
26 мая 2016 10:20

Здравствуйте.
На вскидку видно, что нужно передать http header-ы в запрос:
Authorization: Cookie
ForceUseSession: true

Developer2
26 мая 2016 10:44

"Александр Зубков" написал:

Здравствуйте.

На вскидку видно, что нужно передать http header-ы в запрос:

Authorization: Cookie

ForceUseSession: true

Спасибо! Я попробую, но в документации об этом ни слова)

Показать все комментарии