XavierFR has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks I'm trying to authenticate against Rundeck's REST API with REST::Client : 
%options = ( "url"      => "j_security_check",
            "j_username" => $username,
            "j_password" => $password );

$res = $client->POST( \%options );
$res = $client->GET("api/14/system/info");
print Dumper ($res);

[download]

But I still get a 403 error. Note that it is not a basic authentication via headers.. I browsed the doc, with no success.

Thanks for any help

Regards, Xavier

Replies are listed 'Best First'.
Re: Authenticate via REST::Client against Rundeck API
by hdb (Monsignor) on Mar 14, 2019 at 11:57 UTC

    According to the API Reference you must retain a session cookie. I cannot see an option to specify a cookie jar in Rest::Client but there is an option to provide a LWP::UserAgent. So you might have to set up a UserAgent with a cookie jar and pass that to Rest::Client. Setting up an agent with cookie support could work like this: 

    my $myagent    = LWP::UserAgent->new();
my $cookie_jar = HTTP::Cookies->new(
    autosave       => 1,
    ignore_discard => 1,
    );
$myagent->cookie_jar( $cookie_jar );

    [download]

    Update: I cannot test this but it should look like 

    %options = ( "url"      => "j_security_check",
            "j_username" => $username,
            "j_password" => $password,
            "useragent"  => $myagent );

    [download]

    Update 2: The useragent that Rest::Client sets up if you do not provide one can be accessed as well. So it could also work like 

    my $cookie_jar = HTTP::Cookies->new(
    autosave       => 1,
    ignore_discard => 1,
    );
$client->getUseragent()->cookie_jar( $cookie_jar );

    [download]
[reply]
[d/l]
[select]
      Thanks for your answer. Unfortunately this is not sufficient, as the library already provides a cookie jar : 
      '_msg' => 'Forbidden',
'_rc' => '403',
'_headers' => bless( {
    'connection' => 'close',
    'client-ssl-cipher' => 'ECDHE-RSA-AES128-GCM-SHA256',
    'set-cookie' => 'JSESSIONID=node0k6eor4wib9o5cbccpa3lkm5l220939.no
+de0;Path=/;HttpOnly',
    'date' => 'Thu, 14 Mar 2019 12:28:03 GMT',
    '::std_case' => {
        'client-ssl-cert-issuer' => 'Client-SSL-Cert-Issuer',
        'x-application-context' => 'X-Application-Context',
        'client-ssl-socket-class' => 'Client-SSL-Socket-Class',
        'client-ssl-cert-subject' => 'Client-SSL-Cert-Subject',
        'client-peer' => 'Client-Peer',
        'set-cookie' => 'Set-Cookie',
        'client-ssl-cipher' => 'Client-SSL-Cipher',
        'client-date' => 'Client-Date',
        'client-response-num' => 'Client-Response-Num'
    },
    'client-response-num' => 1,
    'client-date' => 'Thu, 14 Mar 2019 12:29:19 GMT',
    'client-ssl-socket-class' => 'IO::Socket::SSL',
    'client-peer' => 'XXSnipped at boss requestXX',
    'client-ssl-cert-subject' => 'XXSnipped at boss requestXX',
    'expires' => 'Thu, 01 Jan 1970 00:00:00 GMT',
    'x-application-context' => 'application:production:4440',
    'client-ssl-cert-issuer' => '/C=NL/ST=Noord-Holland/L=Amsterdam/O=
+TERENA/CN=TERENA SSL CA 3',
    'content-type' => 'text/xml;charset=utf-8'
}, 'HTTP::Headers' )

      [download]
      Xavier
[reply]
[d/l]

        Sorry if it did not work. I have no access to a Rundeck instance so I cannot test. Just for my personal education: did you try my proposed code or did you conclude from the $res that I won't work?

[reply]
[d/l]

Back to Seekers of Perl Wisdom