10:50 a.m.
I'm setting up a new gateway in apiman. I put in the wrong password for the
configuration endpoint credentials, and this is what I got on the "New Gateway"
screen:
Gateway Configuration Invalid
Something has gone wrong when testing the Gateway. Hopefully the details (below) will help
you figure out what.
{"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The
Gateway","description":"Gateway to back-end
services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\"password\":\"api-manager$65454\"}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json,
text/plain,
*/*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer
[TOKEN]"}},"statusText":"Unauthorized"}
Granted that only a mistaken password is shown, this still doesn't seem secure, and
also makes me wonder if the credential may be exposed in other similar places. Should I
raise an issue on this?
11:17 a.m.
Hi Paul.
Which release of apiman are you using? Can you also attach a screenshot of
the Gateway as you are creating it?
Thanks!
On Tue, Jan 5, 2016 at 11:50 AM, Paul Blair <pblair(a)clearme.com> wrote:
I'm setting up a new gateway in apiman. I put in the wrong
password for
the configuration endpoint credentials, and this is what I got on the "New
Gateway" screen:
*Gateway Configuration Invalid*
Something has gone wrong when testing the Gateway. Hopefully the details
(below) will help you figure out what.
{"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The
Gateway","description":"Gateway to back-end
services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\*"password\":\"api-manager$65454\"*}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json,
text/plain,
*/*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer
[TOKEN]"}},"statusText":"Unauthorized"}
Granted that only a mistaken password is shown, this still doesn't seem secure, and
also makes me wonder if the credential may be exposed in other similar places. Should I
raise an issue on this?
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user
--
Len DiMaggio (ldimaggi(a)redhat.com)
JBoss by Red Hat
314 Littleton Road
Westford, MA 01886 USA
tel: 978.392.3179
cell: 781.472.9912
http://www.redhat.com
http://community.jboss.org/people/ldimaggio
11:30 a.m.
Yes please raise a JIRA issue for this.
Thanks!
-Eric
On 1/5/2016 11:50 AM, Paul Blair wrote:
I'm setting up a new gateway in apiman. I put in the wrong
password for
the configuration endpoint credentials, and this is what I got on the
"New Gateway" screen:
*Gateway Configuration Invalid*
Something has gone wrong when testing the Gateway. Hopefully the details
(below) will help you figure out what.
{"data":"<html><head><title>Error</title></head><body>Unauthorized</body></html>","status":401,"config":{"method":"PUT","transformRequest":[null],"transformResponse":[null],"data":{"name":"The
Gateway","description":"Gateway to back-end
services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-gateway-api/\",\"username\":\"apimanager\",\*"password\":\"api-manager$65454\"*}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","headers":{"Accept":"application/json,
text/plain,
*/*","Content-Type":"application/json;charset=utf-8","Authorization":"Bearer
[TOKEN]"}},"statusText":"Unauthorized"}
Granted that only a mistaken password is shown, this still doesn't seem
secure, and also makes me wonder if the credential may be exposed in
other similar places. Should I raise an issue on this?
_______________________________________________
Apiman-user mailing list
Apiman-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/apiman-user
12:23 p.m.
Ticket including screenshot is here:
https://issues.jboss.org/browse/APIMAN-876
Version is 1.1.9.Final.
On 1/5/16, 12:30 PM, "Eric Wittmann" <eric.wittmann(a)redhat.com> wrote:
Yes please raise a JIRA issue for this.
Thanks!
-Eric
On 1/5/2016 11:50 AM, Paul Blair wrote:
> I'm setting up a new gateway in apiman. I put in the wrong password for
> the configuration endpoint credentials, and this is what I got on the
> "New Gateway" screen:
>
> *Gateway Configuration Invalid*
> Something has gone wrong when testing the Gateway. Hopefully the details
> (below) will help you figure out what.
>
>
>{"data":"<html><head><title>Error</title></head><body>Unauthorized</body>
></html>","status":401,"config":{"method":"PUT","transformRequest":[null],
>"transformResponse":[null],"data":{"name":"The
>Gateway","description":"Gateway to back-end
>services","configuration":"{\"endpoint\":\"https://[GATEWAY_URI]/apiman-g
>ateway-api/\",\"username\":\"apimanager\",\*"password\":\"api-manager$654
>54\"*}","type":"REST"},"url":"https://[APIMAN_URI]/apiman/gateways","head
>ers":{"Accept":"application/json, text/plain,
>*/*","Content-Type":"application/json;charset=utf-8","Authorization":"Bea
>rer [TOKEN]"}},"statusText":"Unauthorized"}
>
> Granted that only a mistaken password is shown, this still doesn't seem
> secure, and also makes me wonder if the credential may be exposed in
> other similar places. Should I raise an issue on this?
>
>
>
>
> _______________________________________________
> Apiman-user mailing list
> Apiman-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user
>
3637
days inactive
3637
days old
3 comments
3 participants
participants (3)
-
Eric Wittmann -
Leonard Dimaggio -
Paul Blair