couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Kocoloski (JIRA)" <j...@apache.org>
Subject [jira] Commented: (COUCHDB-34) Enable replicator to use HTTP authentication
Date Fri, 30 Jan 2009 03:16:59 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12668724#action_12668724
] 

Adam Kocoloski commented on COUCHDB-34:
---------------------------------------

So, the CouchDB replicator works with HTTP authentication already.  Since we have no restrictions
on reader access, we only have to worry about two cases:  local target and remote target.

Local Target: specify credentials in the POST to replicate.  Either of the following works:
curl -X POST http://admin:mysecretpassword@localhost:5984/_replicate works
curl -X POST http://localhost:5984/_replicate -H "Authorization:Basic YWRtaW46bXlzZWNyZXRwYXNzd29yZA=="

Remote Target: specify credentials in the JSON body.  This works in trunk:

{
  "source":"test_suite_db_a",
  "target":"http://admin:mysecretpassword@localhost:5984/test_suite_db_b"
}

This works if you the header value in couch_httpd_misc_handlers:handle_replicate_req using
?b2l:
{
  "source":"test_suite_db_a", 
  "target":"http://localhost:5984/test_suite_db_b", 
  "target_options":{
    "headers":{
      "Authorization":"Basic YWRtaW46bXlzZWNyZXRwYXNzd29yZA=="
    }
  }
}

One thing we could do is format a nice 401 response if the replicator fails because of missing
credentials.  Currently the replicator crashes when update_docs fails and no response is sent
to the client.  In the local target case returning a 401 is a no brainer.  

In the remote target case it's a little weird because the credentials need to be sent in the
JSON body.  One idea might be to set realm="target" in the response.  CouchDB-aware clients
would know that means the credentials need to go in the body, not the URL or Headers.

> Enable replicator to use HTTP authentication
> --------------------------------------------
>
>                 Key: COUCHDB-34
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-34
>             Project: CouchDB
>          Issue Type: New Feature
>          Components: Database Core
>            Reporter: Christopher Lenz
>            Priority: Blocker
>             Fix For: 0.9
>
>
> You can currently give the CouchDB replicator HTTP URIs to remote databases. However,
if one of those remote instances is behind HTTP authentication, the replication will fail.
It should be possible to specify authentication credentials to the replicator, which it would
then use in response to 401 responses.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message