bloodhound-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Abbate <abbat...@gmail.com>
Subject Re: xmlrpc auth question
Date Tue, 11 Mar 2014 17:59:42 GMT
Hi Olemis

Great, thanks for the explanation and the links.

If I understand, I can continue my prototyping test with tracd and the 
*ridiculous* permissions for anonymous, but when it gets deployed with 
apache the auth should work for the xmlrpc.

It looks like I could also use the patch you submitted.

Below is the ticket creation code using the apache XmlRpcClient 3.1.3, 
running with BH 0.8dev.
Next I need to add a ticket modify call to perform assignment etc.

Best
Mark

import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Vector;

import org.apache.xmlrpc.client.XmlRpcClient;
import org.apache.xmlrpc.client.XmlRpcClientConfigImpl;
import org.apache.xmlrpc.serializer.*;

import com.sun.org.apache.xalan.internal.xsltc.runtime.Hashtable;

public class BHhook {

/**
* @param args
*/
public static void main(String[] args) {

System.out.println("osps bloodhound ticket creation");

try {
XmlRpcClientConfigImpl xmlRpcClientConfig = new XmlRpcClientConfigImpl();
xmlRpcClientConfig.setServerURL(new URL(
"http://leela:8000/main/products/P1/login/xmlrpc"));

// not applicable for tracd
xmlRpcClientConfig.setBasicEncoding("UTF-8");
xmlRpcClientConfig.setBasicUserName("user");
xmlRpcClientConfig.setBasicPassword("pass");
xmlRpcClientConfig.setEncoding("UTF-8");

XmlRpcClient xmlRpcClient = new XmlRpcClient();
xmlRpcClient.setConfig(xmlRpcClientConfig);

Vector params = new Vector();
params.addElement(new String("java rpc description"));
params.addElement(new String("java rpc comment"));

/*
* https://github.com/moses-smt/mosesdecoder/blob/master/contrib/server
* /SampleClient.java The XML-RPC data type <struct> can be
* represented using HashMap.
*/
HashMap<String, String> sParams = new HashMap<String, String>();
String textToTranslate = new String("some text to translate .");
sParams.put("product", "mercer");
sParams.put("categories", "acat");
/*
* But the XmlRpcClient.execute method doesn't accept Hashmap
* (pParams). It's either Object[] or List.
*/
Object[] structparams = new Object[] { null };
structparams[0] = sParams;

// add the struct to the params vector
params.addElement(structparams[0]);

// 4th parm: do or don't send notification
params.add(Boolean.FALSE);
Object result = xmlRpcClient.execute("ticket.create", params);

int ticketID = ((Integer) result).intValue();
System.out.println("The new ticketID is: " + ticketID);

return;
} catch (Throwable t) {
t.printStackTrace();
return;
}
}
}

On 03/10/2014 06:25 PM, Olemis Lang wrote:
>
>
> On Mon, Mar 10, 2014 at 4:43 PM, Mark Abbate <abbatemp@gmail.com 
> <mailto:abbatemp@gmail.com>> wrote:
>
>     Hello All
>
>
> Hi !
> :)
>
>     I am stuck on xmlrpc auth.
>
>     I am using 0.8dev and the latest xmlrpc plugin, with sqlite and
>     the builtin server.
>
>
> tracd you mean ? If so , this is a known issue . There's a candidate 
> solution proposed in this ticket for Trac [2]_
>
>     I am using the apache xmlrpc java libs and I am also using
>     chrome-postman to cross-check.
>
>
> jftr , see this sample code [1]_ . I tested against a BH 0.8-dev 
> instance (powered by apache2 web server , btw) and it works as 
> expected with minor modifications.
>
>     I *think* that the only way I can create a ticket using xmlrpc or
>     postman is by using this URL:
>     http://leela:8000/OSPS/products/mercer/login/xmlrpc
>     and by giving anonymous TRAC_ADMIN and XML_RPC permissions.
>
>
> that's a combination of permissions I honestly do not recommend
>
>
>     I cannot get this URL to work:
>     http://leela:8000/OSPS/login/rpc
>
>
> that URL seems to belong in the global environment , you should not 
> have tickets there in deployments by default , but in products .
>
>
>     The log output shows:
>     2014-03-10 16:10:07,696 Trac[web_ui] DEBUG: RPC(XML-RPC) call by
>     'anonymous'
>     despite creating valid basic auth headers in postman, or in the
>     java xmlrpc code.
>     The log output ends with:
>     ServiceException: ServiceException details : columns product, id
>     are not unique
>
>
> What version of BH are you running ?
>
>     If I log in from another tab in the browser, and then use postman,
>     I get the same error but I do see my login name:
>     2014-03-10 16:14:46,459 Trac[web_ui] DEBUG: RPC(XML-RPC) call by
>     'mabbate'
>     (That user does have TRAC_ADMIN and XML_RPC permissions)
>
>
> This is documented in [2]_ . What happens (with tracd) is that there 
> is no way to challenge the RPC client when requesting 
> /products/P/login/.* . The only possible URLs supported by the tracd 
> auth mechanism is /login/* which leads you to the global env .
>
>     So, how can I use xmlrpc with a non-anonymous user to avoid giving
>     giving anonymous those permissions?
>
>
> ... with tracd there's no hope as long as something is done about [2]_ 
> . AFAICR I proposed a patch for BH but it is not committed in /trunk .
> Sorry
>
>     I have looked around, read this:
>     https://groups.google.com/forum/#!msg/trac-users/lPnrfSOSmoo/6jmUIYqdttkJ
>     <https://groups.google.com/forum/#%21msg/trac-users/lPnrfSOSmoo/6jmUIYqdttkJ>
>     but that's over my head at this point. The fundamental issue seems
>     similar, the http server is defaulting to anonymous.
>     I saw the note about use of AccountManagerPlugIn. I am using
>     "TracAccountManager 0.4.3 User account management plugin for Trac"
>     so I did add as suggested.
>     [account-manager]
>     environ_auth_overwrite = false
>
>
> jftr ... it's a lower level issue with tracd . Like I just said , it 
> will not force the RPC client to send a challenge
>
> [...]
>
> .. [1] http://trac-hacks.org/attachment/ticket/11108/TracRpcApache.java
>
> .. [2] http://trac.edgewall.org/ticket/11287
>
> -- 
> Regards,
>
> Olemis - @olemislc
>
> Apacheā„¢ Bloodhound contributor
> http://issues.apache.org/bloodhound
> http://blood-hound.net
>
> Blog ES: http://simelo-es.blogspot.com/
> Blog EN: http://simelo-en.blogspot.com/
>
> Featured article:
>
>


Mime
View raw message