FAQ
This error occurs when I try to login dashboard:

org.springframework.web.client.HttpClientErrorException: 401 Unauthorized

I think it is caused by uaa-dashboard-login part, but I'm not clear about the reason, can anyone give tips about that?

BTW:Here's my config file:

uaa:
  catalina_opts: -Xmx768m -XX:MaxPermSize=256m
  url: http://uaa.cf.my
  resource_id: account_manager
  client_secret: somesecret
  token_secret: tokensecret
  cc:
  token_secret: WGvbxaiC371JM
  client_secret: fOZF5DMNDZIfCb9A
  admin:
  client_secret: MeM5fER8evgEisjj
  login:
  client_secret: HZtd2FyZS5jb20iL
  batch:
  username: do0H2AKay2jAc
  password: FSCTiplI5Q83n
  client:
  override: true
  autoapprove:
  - vmc
  - login
  - dashboard
  clients:
  dashboard:
  secret: YsLuKyUCZF53kBKS
  scope: openid,dashboard.user
  authorities: uaa.admin,uaa.resource,tokens.read,scim.read,scim.write
  authorized-grant-types: client_credentials,authorization_code,refresh_token
  scim:
  users:
  - b29|admin|openid,dashboard.user

tsdb.uri = http://172.17.4.112:4242
securityCookieName = XSRF
timeout.connection = 60000
timeout.socket = 60000
users.properties = file:///var/vcap/jobs/dashboard/config/dashboard/users.properties
logback.xml = /var/vcap/jobs/dashboard/config/dashboard/logback.xml

uaa.logout.url = http://login.cf.my/logout.do
uaa.accessToken.url = http://uaa.cf.my/oauth/token
uaa.userAuthorize.url = http://login.cf.my/oauth/authorize
uaa.checkToken.url = http://uaa.cf.my/check_token
uaa.client.id = dashboard
uaa.client.secret = YsLuKyUCZF53kBKS

---
name: login

logging:
  config: /var/vcap/jobs/login/config/log4j.properties


uaa:
  url: http://uaa.cf.my
  token:
  url: http://uaa.cf.my/oauth/token
  login:
  url: http://uaa.cf.my/login.do
  clientinfo:
  url: http://uaa.cf.my/clientinfo

links:
  home: http://portal.cf.my
  passwd: http://portal.cf.my/password_resets/new
  signup: http://portal.cf.my/register



LOGIN_SECRET: HZtd2FyZS5jb20iL

Search Discussions

  • Dave Syer at May 3, 2013 at 10:55 am

    On 03/05/13 10:33, Lei Zhang wrote:
    This error occurs when I try to login dashboard
    Occurs where, sorry? Some logs from the uaa, login server and dashboard
    app would probably help. If you are seeing that in the dashboard app
    maybe the client is misconfigured, or maybe you logged in as a user that
    doesn't have dashboard access?

    --
    Dave Syer
    dsyer@gopivital.com
  • Lei Zhang at May 3, 2013 at 11:16 am
    The exception occurs directly on the web page when I visit dashboard.cf.my
    and then login, it is reported by tomcat of dashboard

    I have added my account by using uaac like this:

    uaac member add dashboard.user

    I think it should be some configuration problem, can u help me to check if anything wrong with my config files?


    在 2013年5月3日星期五UTC+8下午6时55分14秒,Dave Syer写道:
    On 03/05/13 10:33, Lei Zhang wrote:
    This error occurs when I try to login dashboard
    Occurs where, sorry? Some logs from the uaa, login server and dashboard
    app would probably help. If you are seeing that in the dashboard app
    maybe the client is misconfigured, or maybe you logged in as a user that
    doesn't have dashboard access?

    --
    Dave Syer
    ds...@gopivital.com <javascript:>

  • Dave Syer at May 3, 2013 at 12:01 pm

    On 03/05/13 12:16, Lei Zhang wrote:
    I think it should be some configuration problem, can u help me to check if anything wrong
    with my config files?
    If you paste the config files into this forum the whitespace gets
    mashed, so it's hard to tell. Maybe you can add the uaa.yml, login.yml
    as attachments instead of inline? And some logs from the servers when
    the 401 is received would help a lot.

    --
    Dave Syer
    dsyer@gopivital.com
  • Lei Zhang at May 3, 2013 at 1:56 pm
    I sent u a yaml which contains most of my configuration in attachment.


    在 2013年5月3日星期五UTC+8下午8时00分57秒,Dave Syer写道:
    On 03/05/13 12:16, Lei Zhang wrote:
    I think it should be some configuration problem, can u help me to check
    if anything wrong
    with my config files?
    If you paste the config files into this forum the whitespace gets
    mashed, so it's hard to tell. Maybe you can add the uaa.yml, login.yml
    as attachments instead of inline? And some logs from the servers when
    the 401 is received would help a lot.

    --
    Dave Syer
    ds...@gopivital.com <javascript:>

  • Dave Syer at May 3, 2013 at 2:42 pm

    On 03/05/13 14:56, Lei Zhang wrote:
    yaml which contains most of my configuration in attachment.
    It's a bit of a mish mash. Looks like part of a BOSH manifest plus a
    properties file from dashboard plus the login.yml from the Login Server.
       Did this BOSH manifest get applied? What does the uaa.yml look like?
       Does the dashboard client get registered in the UAA database (you can
    use uaac to inspect the database)?

    --
    Dave Syer
    dsyer@gopivital.com
  • Lei Zhang at May 4, 2013 at 4:24 am
    It's my bad... I attached the files as a tar.gz here.

    在 2013年5月3日星期五UTC+8下午10时41分54秒,Dave Syer写道:
    On 03/05/13 14:56, Lei Zhang wrote:
    yaml which contains most of my configuration in attachment.
    It's a bit of a mish mash. Looks like part of a BOSH manifest plus a
    properties file from dashboard plus the login.yml from the Login Server.
    Did this BOSH manifest get applied? What does the uaa.yml look like?
    Does the dashboard client get registered in the UAA database (you can
    use uaac to inspect the database)?

    --
    Dave Syer
    ds...@gopivital.com <javascript:>

  • Dave Syer at May 4, 2013 at 1:13 pm

    On 04/05/13 05:23, Lei Zhang wrote:
    It's my bad... I attached the files as a tar.gz here.
    It looks like your user denied access explicitly in the approvals
    confirmation UI. I can see a token request being denied in the UAA:

    [2013-05-04 03:34:59.758] ... error="invalid_token",
    error_description="No scopes were granted"

    and just before that the denied approval is recorded:

    [2013-05-04 03:34:59.413] uaa - 1328 [http-bio-8080-exec-8] .... DEBUG
    --- JdbcApprovalStore: adding approval: [[resouer@163.com, openid,
    dashboard, Tue Jun 04 03:34:59 CST 2013, DENIED, Sat May 04 03:34:59 CST
    2013]]

    That page has some renderign problems with some browsers. It looks
    rubbish in older firefoxes, and probably doesn't work at all in older
    IE. That might make it confusing for users and they might deny access
    by mistake.

    Is that any help?

    --
    Dave Syer
    dsyer@gopivital.com
  • Lei Zhang at May 6, 2013 at 1:53 am
    Thank you very much! I have noticed that error too. But I can open the
    dashboard now though I don't know the reason... May because I restart all
    my VMs yesterday...

    在 2013年5月3日星期五UTC+8下午5时33分24秒,Lei Zhang写道:
    This error occurs when I try to login dashboard:

    org.springframework.web.client.HttpClientErrorException: 401 Unauthorized

    I think it is caused by uaa-dashboard-login part, but I'm not clear about the reason, can anyone give tips about that?

    BTW:Here's my config file:

    uaa:
    catalina_opts: -Xmx768m -XX:MaxPermSize=256m
    url: http://uaa.cf.my
    resource_id: account_manager
    client_secret: somesecret
    token_secret: tokensecret
    cc:
    token_secret: WGvbxaiC371JM
    client_secret: fOZF5DMNDZIfCb9A
    admin:
    client_secret: MeM5fER8evgEisjj
    login:
    client_secret: HZtd2FyZS5jb20iL
    batch:
    username: do0H2AKay2jAc
    password: FSCTiplI5Q83n
    client:
    override: true
    autoapprove:
    - vmc
    - login
    - dashboard
    clients:
    dashboard:
    secret: YsLuKyUCZF53kBKS
    scope: openid,dashboard.user
    authorities: uaa.admin,uaa.resource,tokens.read,scim.read,scim.write
    authorized-grant-types: client_credentials,authorization_code,refresh_token
    scim:
    users:
    - b29|admin|openid,dashboard.user

    tsdb.uri = http://172.17.4.112:4242
    securityCookieName = XSRF
    timeout.connection = 60000
    timeout.socket = 60000
    users.properties = file:///var/vcap/jobs/dashboard/config/dashboard/users.properties
    logback.xml = /var/vcap/jobs/dashboard/config/dashboard/logback.xml

    uaa.logout.url = http://login.cf.my/logout.do
    uaa.accessToken.url = http://uaa.cf.my/oauth/token
    uaa.userAuthorize.url = http://login.cf.my/oauth/authorize
    uaa.checkToken.url = http://uaa.cf.my/check_token
    uaa.client.id = dashboard
    uaa.client.secret = YsLuKyUCZF53kBKS

    ---
    name: login

    logging:
    config: /var/vcap/jobs/login/config/log4j.properties


    uaa:
    url: http://uaa.cf.my
    token:
    url: http://uaa.cf.my/oauth/token
    login:
    url: http://uaa.cf.my/login.do
    clientinfo:
    url: http://uaa.cf.my/clientinfo

    links:
    home: http://portal.cf.my
    passwd: http://portal.cf.my/password_resets/new
    signup: http://portal.cf.my/register



    LOGIN_SECRET: HZtd2FyZS5jb20iL




Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupvcap-dev @
postedMay 3, '13 at 9:33a
activeMay 6, '13 at 1:53a
posts9
users2

2 users in discussion

Lei Zhang: 5 posts Dave Syer: 4 posts

People

Translate

site design / logo © 2021 Grokbase