incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Kocoloski <kocol...@apache.org>
Subject Re: jcouchdb anyone?
Date Sun, 02 May 2010 15:37:35 GMT
Hi Bharat, the credentials you supply in the setCredentials method should be set automatically
for any local databases (those not specified with a URL) in the replication request.  If they
aren't, that's a regression in CouchDB.

We don't assume that the same credentials will be valid for remote databases.  I suppose we
could consider patching CouchDB to supply the credentials from the replication request on
a 401 Unauthorized challenge from a remote server, but I think the current behavior is probably
less surprising.  I'm not sure I want CouchDB sharing my username and password with a remote
server when I don't explicitly authorize that.  Best,

Adam


On May 1, 2010, at 6:49 PM, Bharat wrote:

> Hi Adam, yes if you specify username and password in the source and target,
> it works fine.
> 
> replicate(http://username:pass@localhost
> :5984/sourceDB, http://username:pass@localhost:5984/targetDB, false);
> 
> My question was, why it doesnt work by just setting "setCredentials" method
> like I am doing for all get, put etc methods? Shouldnt it take care of auth
> so we dont have to pass usr/pass again in the post body? Because if I use
> above approach, I have to specify URls along with source and target DB which
> causes replication to slow down(which I can get around by using pull
> replication though).
> 
> Thanks!
> 
> On Sat, May 1, 2010 at 6:21 AM, Adam Kocoloski <kocolosk@apache.org> wrote:
> 
>> Hi Bharat, if your source or target DB requires authorization and is
>> specified using a URL, you need to include the credentials in the POST body.
>> Is that the problem?
>> 
>> Adam
>> 
>> On Apr 30, 2010, at 7:35 PM, Bharat wrote:
>> 
>>> back to this.
>>> 
>>> Looks like authentication works for mostly all other requests but not
>>> replication which is using a HttpPost object. Anyone seeing this
>> behavior?
>>> Again pretty striaght fwd code, using the same auth (after killing my
>> login
>>> ServerImpl instance):
>>> 
>>> ServerImpl service = new ServerImpl(sourceUrl);
>>>           Credentials credentials = new
>>> UsernamePasswordCredentials("username", "password");
>>>           AuthScope authScope = new AuthScope(sourceUrl, port,
>> "_admin");
>>>           service.setCredentials(authScope, credentials);
>>> 
>>>           ReplicationInfo repInfo = service.replicate(sourceDbName,
>>> targetDbName, false);
>>> ----------------------
>>> 
>>> I see this in the logs:
>>> 
>>> [debug] [<0.2228.0>] 'POST' /_replicate {1,1}
>>> Headers: [{'Connection',"Keep-Alive"},
>>>         {'Content-Encoding',"UTF-8"},
>>>         {'Content-Length',"44"},
>>>         {'Content-Type',"application/json"},
>>>         {'Host',"localhost:5984"}]
>>> [debug] [<0.2228.0>] OAuth Params: []
>>> [debug] [<0.2246.0>] Not a reader: UserCtx {user_ctx,null,[],undefined}
>> vs
>>> Names [<<"username">>] Roles [<<"_admin">>]
>>> [error] [<0.2246.0>] {error_report,<0.30.0>,
>>>   {<0.2246.0>,crash_report,
>>>    [[{initial_call,{couch_rep,init,['Argument__1']}},
>>>      {pid,<0.2246.0>},
>>>      {registered_name,[]},
>>>      {error_info,
>>>          {exit,
>>>              {bad_return_value,
>>>                  {unauthorized,
>>>                      <<"You are not authorized to access this db.">>}},
>>>              [{gen_server,init_it,6},{proc_lib,init_p_do_apply,3}]}},
>>>      {ancestors,
>>> 
>>> [couch_rep_sup,couch_primary_services,couch_server_sup,<0.31.0>]},
>>>      {messages,[]},
>>>      {links,[<0.80.0>]},
>>>      {dictionary,[]},
>>>      {trap_exit,true},
>>>      {status,running},
>>>      {heap_size,987},
>>>      {stack_size,24},
>>>      {reductions,326}],
>>>     []]}}
>>> 
>>> =CRASH REPORT==== 30-Apr-2010::16:28:14 ===
>>> crasher:
>>>   initial call: couch_rep:init/1
>>>   pid: <0.2246.0>
>>>   registered_name: []
>>>   exception exit: {bad_return_value,
>>>                       {unauthorized,
>>>                           <<"You are not authorized to access this
>>> db.">>}}
>>>     in function  gen_server:init_it/6
>>>   ancestors: [couch_rep_sup,couch_primary_services,couch_server_sup,
>>>                 <0.31.0>]
>>>   messages: []
>>>   links: [<0.80.0>]
>>>   dictionary: []
>>>   trap_exit: true
>>>   status: running
>>>   heap_size: 987
>>>   stack_size: 24
>>>   reductions: 326
>>> neighbours:
>>> [error] [<0.2228.0>] Uncaught error in HTTP request: {error,
>>>                                {case_clause,
>>>                                 {error,
>>>                                  {bad_return_value,
>>>                                   {unauthorized,
>>>                                    <<"You are not authorized to access
>>> this db.">>}}}}}
>>> [info] [<0.2228.0>] Stacktrace: [{couch_rep,start_replication_server,1},
>>>            {couch_rep,replicate,2},
>>>            {couch_httpd_misc_handlers,handle_replicate_req,1},
>>>            {couch_httpd,handle_request_int,5},
>>>            {mochiweb_http,headers,5},
>>>            {proc_lib,init_p_do_apply,3}]
>>> [info] [<0.2228.0>] 127.0.0.1 - - 'POST' /_replicate 500
>>> [debug] [<0.2228.0>] httpd 500 error response:
>>> {"error":"case_clause","reason":"{error,\n    {bad_return_value,\n
>>> {unauthorized,<<\"You are not authorized to access this db.\">>}}}"}
>>> ------------------------------------
>>> 
>>> On Wed, Apr 28, 2010 at 1:09 PM, Bharat <bharat.kjsce@gmail.com> wrote:
>>> 
>>>> Perfect James.
>>>> Thats what I was missing. Uncommenting WWW-authenticate and passing that
>> as
>>>> a realm, works.
>>>> 
>>>> Thanks guys.
>>>> 
>>>> On Wed, Apr 28, 2010 at 1:00 PM, James Marca <
>> jmarca@translab.its.uci.edu>wrote:
>>>> 
>>>>> Perhaps try passing the "authority" key when setting the AuthScope?
>>>>> 
>>>>> Example:
>>>>> 
>>>>> my /etc/couchdb/local.ini has:
>>>>> 
>>>>> ...
>>>>> [httpd]
>>>>> ; Uncomment next line to trigger basic-auth popup on unauthorized
>>>>> requests.
>>>>> WWW-Authenticate = Basic realm="administrator"
>>>>> ...
>>>>> 
>>>>> 
>>>>> My code in a test case looks as follows:
>>>>> 
>>>>> 
>>>>>  ...
>>>>>  private static final String TESTDB_AUTHORITY = "administrator";
>>>>>  ...
>>>>> 
>>>>>  @Before
>>>>>  public void setUp() throws Exception {
>>>>>      // load couchdb properties
>>>>> 
>>>>> 
>> props.load(getClass().getClassLoader().getResource(DB_PROPERTIES).openStream());
>>>>> 
>>>>>      ...
>>>>> 
>>>>>      dbname =props.getProperty("couchdb.db.dbname",TESTDB_NAME);
>>>>>      user =props.getProperty("couchdb.db.user");
>>>>>      pass =props.getProperty("couchdb.db.password");
>>>>>      authority
>>>>> =props.getProperty("couchdb.db.authority",TESTDB_AUTHORITY);
>>>>> 
>>>>>      ...
>>>>> }
>>>>> 
>>>>> 
>>>>> 
>>>>> then later, I create dbs as follows...note the authority in AuthScope
>> new
>>>>> call
>>>>> 
>>>>>  public static Database createDatabaseForTest()
>>>>>  {
>>>>>      // Load couchdb properties
>>>>>      Server server = new ServerImpl(host,port);
>>>>>      if(user != null && pass !=null) {
>>>>>          AuthScope as = new AuthScope(host, port, authority);
>>>>>          Credentials c = new UsernamePasswordCredentials(user, pass);
>>>>>          server.setCredentials(as,c);
>>>>>      }
>>>>> 
>>>>>      List<String> databases = server.listDatabases();
>>>>> 
>>>>>      log.debug("databases = " + databases);
>>>>> 
>>>>>      ...
>>>>> 
>>>>>  }
>>>>> 
>>>>> Hope that helps,
>>>>> James
>>>>> 
>>>>> 
>>>>> 
>>>>> On Wed, Apr 28, 2010 at 10:33:31AM -0700, Bharat wrote:
>>>>>> I am trying to use jcouchdb api for authenticating against my couchdb
>>>>>> instance(0.11). I have set the admin usr/pass in futon and in addition
>>>>>> specified ADMIN and READER on the DB I am trying to access so only
>>>>> people
>>>>>> with correct credentials can access/view the DB.
>>>>>> 
>>>>>> My code is pretty simple and directly using ServerImpl and its
>>>>>> setCredentials and get method:
>>>>>> 
>>>>>> -------------------------
>>>>>> ServerImpl service = new ServerImpl("localhost");
>>>>>>       Credentials credentials =
>>>>>>               new UsernamePasswordCredentials(<usr>, <pass>);
>>>>>>       AuthScope authScope = new AuthScope("http://localhost", 5984);
>>>>>> 
>>>>>>       service.setCredentials(authScope, credentials);
>>>>>> 
>>>>>>       Response res = service.get(/<database>);
>>>>>> -----------------------------
>>>>>> 
>>>>>> But everytime I do this, I keep getting http 401 in my response.
Is
>>>>> there
>>>>>> something I am missing or not setting correctly?
>>>>>> 
>>>>>> I know its not exactly a couchdb question but there is very little
to
>> no
>>>>>> documentation available so thought I ll try here.
>>>>>> 
>>>>>> Thanks!
>>>>> 
>>>>> --
>>>>> This message has been scanned for viruses and
>>>>> dangerous content by MailScanner, and is
>>>>> believed to be clean.
>>>>> 
>>>>> 
>>>> 
>> 
>> 


Mime
View raw message