Hi all!
I have ords3.0 up and running and registered a client application for OAuth2 - Client-credentials flow as given in the documentation.
In the standalone-mode I can successfully get a token and issue a GET to a secured resource by giving this token. (all without SSL/TLS).
Works fine!
Now I want to deploy ords on WLS.
This works for http and https on unprotected resources.
But when I want to go for a token, I get 401 :
Request:
POST https://server:port/ords/ordstest/oauth/token HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/x-www-form-urlencoded
Authorization: Basic Vk1xczVYR1VCTnBtblZ5UUE5cXh1US4uOnJTZ1VoVVQ2UENTUFM4RzZvTmVUUWcuLiA=
Content-Length: 29
Host: server:port
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
grant_type=client_credentials
The Response is:
HTTP/1.1 401 Unauthorized
Date: Thu, 08 Oct 2015 15:42:22 GMT
Server: Oracle-Application-Server-11g
Content-Length: 1468
WWW-Authenticate: Basic realm="WebLogic Server"
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 401--Unauthorized</TITLE>
...
This is from WLS as it seems.
I didn't do this step (1.5.6) in the configuration:
http://docs.oracle.com/cd/E56351_01/doc.30/e56293/install.htm#AELIG7185
I'm afraid this change will affect other applications which are deployed on this WLS!
Is there a way to set this only for the ords-application on WLS?
Any other ways to bring OAuth2 to work on WLS without affecting other apps?
Thanks for your help!
Charly