Good morning,
We seem to have an issue with http authorization on a REST webservice using resource fields for setting username and password.
Can we get the logging to display the header that is being sent?
the logging states:
FINE: Request:
POST https://<..url..>
Content-Type:application/json
{ <..payload..> }
Nov 02, 2022 11:43:08 AM org.apache.http.impl.auth.HttpAuthenticator generateAuthResponse
WARNING: NEGOTIATE authentication error: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
Nov 02, 2022 11:43:08 AM com.ebasetech.ufs.utility.LogHelper debug
FINE: Response:
HTTP/1.0 401 <html><head><title>Error</title></head><body>Unauthorized</body></html>
<..>
Nov 02, 2022 11:43:08 AM com.ebasetech.ufs.utility.LogHelper debug
FINE: Finished calling endpoint: <default>
We are using Basic Authentication and set the two variables in the rest security configuration.
This seems to be working ok in our testenvironment, but not in this integration environment.
Also, we can get a good answer when using curl, and by setting the header explicitly in VerjIO, so I'm thinking we're not building a good header somehow.
Maybe it is a configuration issue with respect to the org.apache.http.impl.auth.HttpAuthenticator library, but I wouldn't know where to look
http authorization issue
Moderators: Jon, Steve, Ian, Dave
-
- Ebase User
- Posts: 32
- Joined: Wed Jun 19, 2019 9:46 am
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: http authorization issue
Hi Bart,
I debugged the Basic Authentication on the rest resource and I could that the &&<fieldname> is being substituted for the field value in for the username and password fields for the Basic Authentication endpoint security.
Verj.io uses Apache HttpClient and you should be able to add a logger to the log42.xml inside:
UserData/Server/apps/ebase/app/ebaseConf/log4j.xml
Add the following Logger to the <Loggers> element. There should be a commented out examples.
<Logger name="org.apache.http" level="ALL" additivity="false">
<AppenderRef ref="Console" />
<AppenderRef ref="File" />
</Logger>
You will need to restart the Verj.io server after adding the Logger. The output should be in the stdout (it maybe the stderr) logs inside the UserData/Server/tomcat/logs directory.
Thanks
Steve
I debugged the Basic Authentication on the rest resource and I could that the &&<fieldname> is being substituted for the field value in for the username and password fields for the Basic Authentication endpoint security.
Verj.io uses Apache HttpClient and you should be able to add a logger to the log42.xml inside:
UserData/Server/apps/ebase/app/ebaseConf/log4j.xml
Add the following Logger to the <Loggers> element. There should be a commented out examples.
<Logger name="org.apache.http" level="ALL" additivity="false">
<AppenderRef ref="Console" />
<AppenderRef ref="File" />
</Logger>
You will need to restart the Verj.io server after adding the Logger. The output should be in the stdout (it maybe the stderr) logs inside the UserData/Server/tomcat/logs directory.
Thanks
Steve
0 x
-
- Ebase User
- Posts: 32
- Joined: Wed Jun 19, 2019 9:46 am
Re: http authorization issue
Thnx Steve, we'll give that a go, perhaps we will learn something new.
0 x
-
- Ebase User
- Posts: 32
- Joined: Wed Jun 19, 2019 9:46 am
Re: http authorization issue
Not sure where to find this extra logging, but what we did find: It seems that on this particular webservice, Verjio seems to negotiate the login method before sending the authorization header.
Can you confirm this is the case?
from our logging:
WARNING: NEGOTIATE authentication error: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
Nov 09, 2022 10:42:29 AM com.ebasetech.ufs.utility.LogHelper debug
FINE: Response:
HTTP/1.0 401 <html><head><title>Error</title></head><body>Unauthorized</body></html>
Strict-Transport-Security:max-age=15552000; includeSubDomains; preload&Cache-Control:no-cache, no-store, must-revalidate&Server:JBoss-EAP/7&WWW-Authenticate:Negotiate&Connection:keep-alive&......
Can you confirm this is the case?
from our logging:
WARNING: NEGOTIATE authentication error: Invalid name provided (Mechanism level: KrbException: Cannot locate default realm)
Nov 09, 2022 10:42:29 AM com.ebasetech.ufs.utility.LogHelper debug
FINE: Response:
HTTP/1.0 401 <html><head><title>Error</title></head><body>Unauthorized</body></html>
Strict-Transport-Security:max-age=15552000; includeSubDomains; preload&Cache-Control:no-cache, no-store, must-revalidate&Server:JBoss-EAP/7&WWW-Authenticate:Negotiate&Connection:keep-alive&......
0 x
-
- Moderator
- Posts: 419
- Joined: Fri Sep 07, 2007 3:44 pm
- Location: Sandy, UK
- Contact:
Re: http authorization issue
Hi Bart,
I believe that Apache HTTP Client does negotiate first.
It might be easier to just set the Authorization Http Header manually using a mapped resource field. Using the server side JavaScript, you could do something like this:
....
importPackage(import java.util);
//set http auth header
fields.auth.value = "Basic " + Base64.getEncoder().encodeToString(new java.lang.String((user + ":" + pwd)).getBytes()) ;
In the REST resource you can add a request header:
Name
Authorization
Value:
&&auth
Map the resource field "auth" to the form field "auth"
I think this will work for you.
Thanks
Steve
I believe that Apache HTTP Client does negotiate first.
It might be easier to just set the Authorization Http Header manually using a mapped resource field. Using the server side JavaScript, you could do something like this:
....
importPackage(import java.util);
//set http auth header
fields.auth.value = "Basic " + Base64.getEncoder().encodeToString(new java.lang.String((user + ":" + pwd)).getBytes()) ;
In the REST resource you can add a request header:
Name
Authorization
Value:
&&auth
Map the resource field "auth" to the form field "auth"
I think this will work for you.
Thanks
Steve
1 x
Who is online
Users browsing this forum: No registered users and 2 guests