TIBCO Spotfire Server SOAP Web Services fail to execute with an Unauthorized error
Article ID: KB0077953
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.13 and higher |
Description
When executing a web service like LibraryService, UpdateAnalysisService or any other it may fail and return an Unauthorized error in the soap response as below.
We can also observe the below log entries in server.log
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Body> <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Unauthorized</faultstring> </soap:Fault> </soap:Body> </soap:Envelope>
We can also observe the below log entries in server.log
DEBUG 2019-06-12T10:58:34,900-0400 [a205cfaef7f15119c2fd01a972062d35.oauth-clients.spotfire.tibco.com@SPOTFIREOAUTH2, #-, #1852] ws.security.CxfSecurityInterceptor: Denying access to web method UpdateAnalysisServiceImpl.loadAnalysis(com.spotfire.ws.pub.UpdateAnalysis) (in the service at /api/soap/UpdateAnalysisService), because the user does not have any of the required roles: [], nor any of the required scopes: [api.soap.update-analysis-service] WARN 2019-06-12T10:58:34,904-0400 [a205cfaef7f15119c2fd01a972062d35.oauth-clients.spotfire.tibco.com@SPOTFIREOAUTH2, #-, #1852] cxf.phase.PhaseInterceptorChain: Interceptor for {http://spotfire.tibco.com/ws/2015/08/externalScheduledUpdate.xsd}UpdateAnalysisServiceImplService#{http://spotfire.tibco.com/ws/2015/08/externalScheduledUpdate.xsd}loadAnalysis has thrown exception, unwinding now org.apache.cxf.interceptor.security.AccessDeniedException: Unauthorized at org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor.handleMessage(AbstractAuthorizingInInterceptor.java:60) ~[cxf-core.jar:3.3.0] at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:308) ~[cxf-core.jar:3.3.0] at org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121) ~[cxf-core.jar:3.3.0] ... Issue/Introduction
This article explains on how to resolve the issue where SOAP WebServices fail to execute
Resolution
This issue occurs when the AccessToken generated to authorize the user uses a different scope from the one required.
Starting with Spotfire 7.13, the Spotfire Server SOAP webservices now use OAuth 2.0 protocol for authentication and authorization. To authorize we need to generate an access token by making a request to the Token Endpoint at: http[s]://<host>[:<port>]/spotfire/oauth2/token and the access token is only valid for the services and operations described in the scope parameter provided when obtaining the access token.
Thus if you have generated an AccessToken using scope "api.soap.library-service" and try to execute the loadAnalysis operation of the UpdateAnalysisService webservice then this will fail because the required scope in this case is "api.soap.update-analysis-service"
To resolve the issue make sure to generate the AccessToken with the right scope required to access the services and operations as below. You can find the required scope in the documentation for each service.
Starting with Spotfire 7.13, the Spotfire Server SOAP webservices now use OAuth 2.0 protocol for authentication and authorization. To authorize we need to generate an access token by making a request to the Token Endpoint at: http[s]://<host>[:<port>]/spotfire/oauth2/token and the access token is only valid for the services and operations described in the scope parameter provided when obtaining the access token.
Thus if you have generated an AccessToken using scope "api.soap.library-service" and try to execute the loadAnalysis operation of the UpdateAnalysisService webservice then this will fail because the required scope in this case is "api.soap.update-analysis-service"
To resolve the issue make sure to generate the AccessToken with the right scope required to access the services and operations as below. You can find the required scope in the documentation for each service.
Additional Information
Doc: Spotfire Server Web Services API Reference
Feedback
Yes
No
Powered by
