Im pretty new to webservice etc and I need figure out what is causing a http 403 response code.
I am hitting a service that was recently secured using siteminder, what I need to find out is what siteminder expects when receiving a http get request. Is there anyway I can find this out I assume that it is authenticating correctly due to the 403.
Im thinking that the request maybe missing some headers or indeed cookies I'm just finding it hard figuring out what is needed and would be great if I can get some guidance into how to at least find out what is expected.
I can hit the service fine through the browser.
T.I.A
You should turn on tracing on the web agent, check the log and see what headers are being sent, and if the 403 is coming from SiteMinder or your web service
Related
I'm working with an API and recently something went wrong with the authentication.
The API uses jwt authentication, and when POSTing the client jwt request, instead of getting back an auth jwt, I'm getting a 401 (final) status code (or 404, depending on the library I use to handle requests...), but I'm also getting 407 and 200 when setting a verbose traceback?
I'm pretty new to handling HTTP requests so I'm curious how exactly that might be happening, where are those additional two status codes coming from?
I want to use Apache Nifi to track real time tweets
i pasted in my keys correctly but all requests return this error :
19:15:20 UTC ERROR
GetTwitter[id=59b5cb18-017e-1000-a6a2-991a653ec138] Received error HTTP_ERROR: HTTP/1.1 403 Forbidden. Will attempt to reconnect
i dont know where the problem is from.
thank you.
403 Forbidden means the Twitter API is rejecting your request - your access keys could be incorrect, or you might not have the right access rights for the endpoint you're accessing.
The request is understood, but it has been refused or access is not allowed. An accompanying error message will explain why.
Check that your developer account includes access to the endpoint you’re trying to use. You may also need to get your App allowlisted (e.g. Engagement API or Ads API) or sign up for access.
From https://developer.twitter.com/en/support/twitter-api/error-troubleshooting
Make sure you follow the advice from Twitter here and make note of:
With Essential access, you are only able to make requests to the Twitter API v2 endpoints, and not the v1.1 or enterprise endpoints. You are limited to 500K Tweets/month, and unable to take advantage of certain developer portal functionality such as teams and access to additional App environments
There are limits on what you can do with the Essential access level. See here.
If that doesn't help - please include a screenshot of your GetTwitter config and your version of NiFi.
If it raises 403 error while using GetTwitter processor in nifi.
API Key & consumer key aren't only a problem. Change the Twitter endpoint field while configuring the GetTwitter processor from
Filter Endpoint
to
Firehose Endpoint
In the field of twitter endpoint
Probably this will work!!
Recently, my app's google signin stopped working by throwing 400 Error. We were earlier using the old oauth endpoints and I updated to the new v2 endpoints for auth/token and it doesn't seem to help as well.
Upon sending the Auth request (using WS url in Scala) with the required parameters, the ahc response gives back the following URL to redirect to
https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26XXXXXXXXXXXXXXXXX.......
Instead of taking to the prompt screen to login the above url redirects to this 400 error page
https://accounts.google.com/signin/oauth/legacy/consent?authuser=0&part=XXXXXXXXXXXXXXXXXX......
Any insights on this is much appreciated!
Thanks,
Baskaran
I'm not sure if it will help, you, but I've had something like that in this bug issue discussion, that lead me to this same https://accounts.google.com/signin/oauth/legacy/consent URL.
TL;DR: A MITM is using/destroying your request.
The application tried to open a link to Google Auth, the desktop captured the link and either mangled the data or did a preflight on that one-time URL, which expired it, and then it opened the browser.
See if something between you and the web is "proxying" your requests the wrong way.
I have a problem with JMeter. When I try to send some request, it returns me a 403 Forbidden status code. I know that it needs an authentication, I've seen many things about that.
I'm working with Apache ActiveMQ Artemis. I need to execute some API request, which removes all messages in the queue. The API looks like that:
http://10.2.5.23:8161/console/jolokia/exec/org.apache.activemq.artemis:broker=%220.0.0.0%22,component=addresses,address=%22TEST.GSH%22,subcomponent=queues,routing-type=%22anycast%22,queue=%22TEST.GSH%22/removeAllMessages()
When I try to execute it, it returns me a 403 Forbidden status code. I've tried to add HTTP Authorization Manager, added this url and typed username and password, but still it gives me the same output.
This is from where I login, also I added this in HTTP Authorization Manager and set the username and password.
http://10.2.5.23:8161/console/login
Any idea or advice will help me.
I know that here are questions like mine, but I have not found what would help me.
The answer was quite simple. I've just added in HTTP Header Manager an authorization with Basic encoded. Now it works fine. But I have one question, why did HTTP Authorization Manager not work ? Why should i add authorization in header ? I can't make it only with HTTP Authorization Manager ?
i've been facing a problem lately and i don't know how to handle it, or even what the problem might be coming from.
Tools:
-MYSQL(for data base)
-JAVA EE web application(to service as back-end)
-Jersey 2.26 dependency (to service as API on top of web application /CORS filter implemented)
-Apache Tomcat/7.0.69 ( as web server where web app sets )
-Angular 4 ( as website and client to the API)
-CentOS Linux release 7.3 (Core) (Server operating system )
Problem:
once the request is sent to the API ( to a specific secured Endpoint ) lets call it customers, Sometimes the response is 401 Unauthorized, and in other times it works just fine, from the angular website for instance, if press f12 and follow the requests, i send the same request again ( for the one i got 401 for ) but this time it works, the JWT is valid and it works just fine, and its not that there is too many request going to the server, even if its few sometimes i get 401, but most of the time it works great.
the only thing in the code that can return 401 is the authentication filter, which checks the validity of token, but it looks fine to me.
i checked this article that talks about 401 response, but still, its hard for me to grasp the idea why it works good sometimes and not work other times for the same request. i get the 401 while checking with the website and also with checking with postman. so i guess it's not a cache or cookies thing, but i might be wrong to assume this.
any ideas on what might be wrong ? or where should i be checking for bugs or errors ?
Thanks allot
Set tomcat security to false .