brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (BROOKLYN-417) In default install, web-console/REST from localhost needs username:password
Date Wed, 21 Dec 2016 14:07:01 GMT

    [ https://issues.apache.org/jira/browse/BROOKLYN-417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15767129#comment-15767129
] 

ASF GitHub Bot commented on BROOKLYN-417:
-----------------------------------------

GitHub user aledsage opened a pull request:

    https://github.com/apache/brooklyn-server/pull/499

    BROOKLYN-417: default to no-auth

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/aledsage/brooklyn-server BROOKLYN-417

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/brooklyn-server/pull/499.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #499
    
----
commit e320be2d32b6bce90f6e78080ba8173679b0f860
Author: Aled Sage <aled.sage@gmail.com>
Date:   2016-12-21T14:02:12Z

    BROOKLYN-417: default to no-auth

----


> In default install, web-console/REST from localhost needs username:password
> ---------------------------------------------------------------------------
>
>                 Key: BROOKLYN-417
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-417
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Aled Sage
>
> Previously in a default install (in 0.9.0), on localhost one could connect to the web-console
and REST api without any password (i.e. if no username:password had been set up).
> Now with 0.10.0-SNAPSHOT, it requires that a username:password be supplied when connecting
from localhost - but any values will do!
> This was spotted by Alex during the 0.10.0 rc3 release vote on dev@brooklyn mailing list.
> To reproduce, start Brooklyn:
> {noformat}
> ./bin/brooklyn launch --noGlobalBrooklynProperties
> {noformat}
> Run the curl commands below, which will give the output shown:
> {noformat}
> $ curl -v http://localhost:8081/ 2>&1 | grep "< HTTP"
> < HTTP/1.1 401 Unauthorized
> $ curl -u anyuser:passwordignored -v http://localhost:8081/ 2>&1 | grep "<
> HTTP"
> < HTTP/1.1 200 OK
> {noformat}
> Looking at the stacktrace when the second curl command is made:
> {noformat}
> "brooklyn-jetty-server-8083-qtp412153403-31" prio=5 tid=0x00007fb9313f9800 nid=0x6e03
at breakpoint[0x0000700001ff1000]
>    java.lang.Thread.State: RUNNABLE
>         at org.apache.brooklyn.rest.security.provider.BrooklynUserWithRandomPasswordSecurityProvider.authenticate(BrooklynUserWithRandomPasswordSecurityProvider.java:48)
>         at org.apache.brooklyn.rest.security.jaas.BrooklynLoginModule.login(BrooklynLoginModule.java:270)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:606)
>         at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
>         at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
>         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
>         at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
>         at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
>         at org.eclipse.jetty.jaas.JAASLoginService.login(JAASLoginService.java:241)
>         at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:61)
>         at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:92)
>         at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:512)
>         at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)
>         at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)
>         at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)
>         at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>         at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)
>         at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>         at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)
>         at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
>         at org.eclipse.jetty.server.Server.handle(Server.java:499)
>         at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:310)
>         at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)
>         at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:540)
>         at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)
>         at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)
>         at java.lang.Thread.run(Thread.java:745)
> {noformat}
> However, in the first curl command (with no credentials)...
> In {{org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest()}},
the credentials are null (obtained by calling {{request.getHeader(HttpHeader.AUTHORIZATION.asString())}}).
> This means it skips the call to {{login()}}, and just returns {{SC_UNAUTHORIZED}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message