[arquillian-issues] [JBoss JIRA] (ARQ-1474) When security auths are enabled, always receive a 401 unauthorized
John Ament (JIRA)
jira-events at lists.jboss.org
Sun Sep 8 09:49:03 EDT 2013
[ https://issues.jboss.org/browse/ARQ-1474?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Ament updated ARQ-1474:
----------------------------
Steps to Reproduce:
Created a simple security auth in my web.xml
{noformat}
<security-constraint>
<web-resource-collection>
<web-resource-name>REST API</web-resource-name>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>webservice</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>wsidp</realm-name>
</login-config>
<security-role>
<role-name>webservice</role-name>
</security-role>
{noformat}
Develop a simple REST API that uses this:
{noformat}
@Path("/echo")
public interface SimpleAPI {
@GET
@Produces("text/plain")
public String echo(@HeaderParam("Authorization") final String auth);
}
{noformat}
where the REST API is bound to /rest
Add an Arquillian test:
{noformat}
private <T> T getClientProxy(Class<T> className) {
RegisterBuiltin.register(ResteasyProviderFactory.getInstance());
final String contextUrl = "http://localhost:8082/webservices/rest";
//return JAXRSClientFactory.create(contextUrl,className);
return (T) ProxyFactory.create(className, contextUrl);
}
@Deployment(name="ee-webservices.war")
public static org.jboss.shrinkwrap.api.spec.WebArchive createDeployment() {
return DeploymentUtils.createWebserviceForTest().addClass(WebServiceInfoAPI.class);
}
@Test
@OperateOnDeployment("ee-webservices.war")
public void createWebServiceUser() throws InterruptedException {
String username = "bob";
String password = "abc123";
byte[] data = String.format("%s:%s",username,password).getBytes();
BASE64Encoder encoder = new BASE64Encoder();
String auth = "Basic "+ encoder.encode(data);
System.out.println("basic auth "+auth);
//Thread.sleep(4*60*1000);
SimpleAPI api = this.getClientProxy(SimpleAPI.class);
String result = api.echo(auth);
Assert.assertEquals("Hello", result);
}
{noformat}
And receive back a 401 unauthorized. When I comment out the thread call, and invoke the REST API manually, I also see that the server is prompting for authentication but never accepting it. I can see in the logs that my login module is never called. I can confirm that when this same WAR file is deployed to the server directly, authentication works.
I did see that the Servlet protocol does not support authentication. This shouldn't be an issue here, since my auth is only against /webservices/rest, and not against /webservices/ArquillianServletRunner.
This is using Arquillian 1.0.4 Final on JBoss EAP 6.1, with upgraded picketlink 2.1.7.
was:
Created a simple security auth in my web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>REST API</web-resource-name>
<url-pattern>/rest/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>webservice</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>wsidp</realm-name>
</login-config>
<security-role>
<role-name>webservice</role-name>
</security-role>
Develop a simple REST API that uses this:
@Path("/echo")
public interface SimpleAPI {
@GET
@Produces("text/plain")
public String echo(@HeaderParam("Authorization") final String auth);
}
where the REST API is bound to /rest
Add an Arquillian test:
private <T> T getClientProxy(Class<T> className) {
RegisterBuiltin.register(ResteasyProviderFactory.getInstance());
final String contextUrl = "http://localhost:8082/webservices/rest";
//return JAXRSClientFactory.create(contextUrl,className);
return (T) ProxyFactory.create(className, contextUrl);
}
@Deployment(name="ee-webservices.war")
public static org.jboss.shrinkwrap.api.spec.WebArchive createDeployment() {
return DeploymentUtils.createWebserviceForTest().addClass(WebServiceInfoAPI.class);
}
@Test
@OperateOnDeployment("ee-webservices.war")
public void createWebServiceUser() throws InterruptedException {
String username = "bob";
String password = "abc123";
byte[] data = String.format("%s:%s",username,password).getBytes();
BASE64Encoder encoder = new BASE64Encoder();
String auth = "Basic "+ encoder.encode(data);
System.out.println("basic auth "+auth);
//Thread.sleep(4*60*1000);
SimpleAPI api = this.getClientProxy(SimpleAPI.class);
String result = api.echo(auth);
Assert.assertEquals("Hello", result);
}
And receive back a 401 unauthorized. When I comment out the thread call, and invoke the REST API manually, I also see that the server is prompting for authentication but never accepting it. I can see in the logs that my login module is never called. I can confirm that when this same WAR file is deployed to the server directly, authentication works.
I did see that the Servlet protocol does not support authentication. This shouldn't be an issue here, since my auth is only against /webservices/rest, and not against /webservices/ArquillianServletRunner.
This is using Arquillian 1.0.4 Final on JBoss EAP 6.1, with upgraded picketlink 2.1.7.
> When security auths are enabled, always receive a 401 unauthorized
> ------------------------------------------------------------------
>
> Key: ARQ-1474
> URL: https://issues.jboss.org/browse/ARQ-1474
> Project: Arquillian
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Reporter: John Ament
>
> Arquillian won't accept authentication headers, no matter how hard I try.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the arquillian-issues
mailing list