[Hawkular-dev] securing download WAR
John Mazzitelli
mazz at redhat.com
Thu Nov 19 16:02:55 EST 2015
OK, I at least think I got the infrastructure in place. But I'm seeing really weird behavior.
If I use curl:
1) wrong password. This fails, which is correct:
$ curl http://jdoe:WRONG@localhost:8080/hawkular/wildfly-agent/installer
<html><head><title>Error</title></head><body>Unauthorized</body></html>
2) correct password. This downloads fine, which is correct:
curl http://jdoe:password@localhost:8080/hawkular/wildfly-agent/installer | jar tv | wc -l
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 329k 0 329k 0 0 1970k 0 --:--:-- --:--:-- --:--:-- 1974k
241 <-- number of files in the 329K jar I downloaded
3) I don't give any credentials, and it still downloads fine. Shouldn't this fail?
curl http://localhost:8080/hawkular/wildfly-agent/installer | jar tv | wc -l
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 329k 0 329k 0 0 2102k 0 --:--:-- --:--:-- --:--:-- 2113k
241
More information about the hawkular-dev
mailing list