cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Access Denied while creating cart using webservices

Former Member

on ‎2018 May 17 1:03 AM

0 Kudos
1,837

HI,

I am trying to create anonymous user cart using the webservices module. I get the following error.

{ "errors": [ { "message": "Access is denied", "type": "AccessDeniedError" } ] }

localhost:9001/customwebservices/v2/insurance/users/anonymous/carts/ - POST create cart

INFO [hybrisHTTP28] [RestHandlerExceptionResolver] Translating exception [org.springframework.security.access.AccessDeniedException]: Access is denied

I had created the oauth token

https://localhost:9002/authorizationserver/oauth/token?client_id=customuser&client_secret=secret&gra...

token is generated and I use the same token to create cart for anonymous user.

I havae also added ROLE_TRUSTED_CLIENT to my controller. 

 @RequestMapping(method = RequestMethod.POST)
 @ResponseStatus(HttpStatus.CREATED)
 @Secured(
 { "ROLE_CLIENT", "ROLE_TRUSTED_CLIENT" })
 @ResponseBody
 @ApiOperation(value = "Creates or restore a cart for a user.", notes = "Creates a new cart or restores an anonymous cs a user's cart (if an old Cart Id is given in the request).")
 @ApiBaseSiteIdAndUserIdParam
 public CartWsDTO createCart(@ApiParam(value = "Anonymous cart GUID.") @RequestParam(required = false) final String oldCartId,
         @ApiParam(value = "User's cart GUID to merge anonymous cart to.") @RequestParam(required = false) final String toMergeCartGuid,
         @ApiParam(value = "Response configuration (list of fields, which should be returned in response)", allowableValues = "BASIC, DEFAULT, FULL") @RequestParam(required = false, defaultValue = DEFAULT_FIELD_SET) final String fields)
 {

Please tell me what am I doing wrong?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member747843
Active Participant
‎2018 May 17 9:33 AM
0 Kudos

Hi
The question is how you have defined your client (client_id=customuser). Does it have ROLE_CLIENT or ROLE_TRUSTED_CLIENT in authorities?
https://help.hybris.com/6.7.0/hcd/627c92db29ce4fce8b01ffbe478a8b3b.html
For example :
INSERT_UPDATE OAuthClientDetails;clientId[unique=true];resourceIds;scope;authorizedGrantTypes;authorities;clientSecret;registeredRedirectUri ;mobile_android;hybris;basic;authorization_code,refresh_token,password,client_credentials;ROLE_CLIENT;secret;http://localhost:9001/authorizationserver/oauth2_callback;

Show replies
Show replies
Former Member
‎2018 May 17 4:37 PM
0 Kudos

Hi,

i had already added the roles. but still geting the same error.

former_member747843
Active Participant
‎2018 May 17 9:19 PM
0 Kudos

On attached screen there is no OAuth resource id. Try to import client with sample impex from : https://help.hybris.com/6.7.0/hcd/627c92db29ce4fce8b01ffbe478a8b3b.html to be sure that it is defined corectly.

Ask a Question