[JBoss JIRA] Created: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
4:26 a.m.
JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: http://jira.jboss.com/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assigned To: Tom Fennelly
Fix For: 4.2.1
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:15 a.m.
New subject: [JBoss JIRA] Updated: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[ http://jira.jboss.com/jira/browse/JBESB-807?page=all ]
Mark Little updated JBESB-807:
------------------------------
Component/s: Transports
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: http://jira.jboss.com/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assigned To: Tom Fennelly
Fix For: 4.2.1
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:07 a.m.
New subject: [JBoss JIRA] Commented: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[ http://jira.jboss.com/jira/browse/JBESB-807?page=comments#action_12384322 ]
Tom Fennelly commented on JBESB-807:
------------------------------------
At this stage in the game I'd be inclined to move away from JBossRemoting for HTTP
support. I've played with Jetty and it seems like a far more flexible option for us.
It allows us have far more control over the HTTP request and response, as well as security
related issues (re this issue).
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: http://jira.jboss.com/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assigned To: Tom Fennelly
Fix For: 4.2.1
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:59 a.m.
New subject: [JBoss JIRA] Updated: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[ http://jira.jboss.com/jira/browse/JBESB-807?page=all ]
Tom Fennelly updated JBESB-807:
-------------------------------
Fix Version/s: 4.3
(was: 4.2.1)
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: http://jira.jboss.com/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assigned To: Tom Fennelly
Fix For: 4.3
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5:40 a.m.
New subject: [JBoss JIRA] Updated: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[ http://jira.jboss.com/jira/browse/JBESB-807?page=all ]
Kevin Conner updated JBESB-807:
-------------------------------
Fix Version/s: 4.4
(was: 4.3)
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: http://jira.jboss.com/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assigned To: Tom Fennelly
Fix For: 4.4
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
7:17 a.m.
New subject: [JBoss JIRA] Updated: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[ http://jira.jboss.com/jira/browse/JBESB-807?page=all ]
Kevin Conner updated JBESB-807:
-------------------------------
Fix Version/s: 4.x
(was: 4.4)
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: http://jira.jboss.com/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assigned To: Tom Fennelly
Fix For: 4.x
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:18 a.m.
New subject: [JBoss JIRA] Commented: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[
https://jira.jboss.org/jira/browse/JBESB-807?page=com.atlassian.jira.plug...
]
Tom Fennelly commented on JBESB-807:
------------------------------------
On the request of support, I had another look at this last week just to see was there any
way we could make this work for the ESB. Thought I better add the comments I sent to
those guys.....
As far as the suggested approach of defining custom Marshallers and UnMarshallers on the
JBR invoker:
1. The unmarshallers have no way to signal to the invoker that auth is required.
2. The CoyoteInvoker itself was not written to support auth at all.
3. The Unmarshallers are only used for POST and PUT, so the other methods would not be
covered at all (GET, DELETE etc).
There's probably a way of doing this by overriding the protocol handler
(Http11Protocol) and specifying it in the config (param -
"protocolHandlerClassName"). From there, you could intercept the call to the
Adapter class (CoyoteInvoker in this case) service() method and wrap in the auth checks
there.
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: https://jira.jboss.org/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assignee: Tom Fennelly
Fix For: 4.x
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:39 a.m.
New subject: [JBoss JIRA] Commented: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[
https://jira.jboss.org/jira/browse/JBESB-807?page=com.atlassian.jira.plug...
]
Kevin Conner commented on JBESB-807:
------------------------------------
The suggestion of using marshallers was to encrypt the body of the post and not for
enabling basic auth.
It was supposed to be an alternative to using SSL.
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: https://jira.jboss.org/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assignee: Tom Fennelly
Fix For: 4.x
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
9:50 a.m.
New subject: [JBoss JIRA] Commented: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[
https://jira.jboss.org/jira/browse/JBESB-807?page=com.atlassian.jira.plug...
]
Tom Fennelly commented on JBESB-807:
------------------------------------
Ah OK... that would be possible.
SSL is supported by the JBR gateway as is and the title of the issue was re performing
BASIC Auth, so I didn't think this is what was being suggested.
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: https://jira.jboss.org/jira/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assignee: Tom Fennelly
Fix For: 4.x
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:32 a.m.
New subject: [JBoss JIRA] Reopened: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[
https://jira.jboss.org/browse/JBESB-807?page=com.atlassian.jira.plugin.sy...
]
Kevin Conner reopened JBESB-807:
--------------------------------
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: https://jira.jboss.org/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assignee: Tom Fennelly
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:32 a.m.
New subject: [JBoss JIRA] Closed: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[
https://jira.jboss.org/browse/JBESB-807?page=com.atlassian.jira.plugin.sy...
]
Kevin Conner closed JBESB-807.
------------------------------
Resolution: Out of Date
This has now been superseded by the http-gateway
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: https://jira.jboss.org/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assignee: Tom Fennelly
Fix For: 4.x
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:32 a.m.
New subject: [JBoss JIRA] Closed: (JBESB-807) JBossRemotingGateway doesn't support Http BASIC Auth (and probably more)
[
https://jira.jboss.org/browse/JBESB-807?page=com.atlassian.jira.plugin.sy...
]
Kevin Conner closed JBESB-807.
------------------------------
Fix Version/s: (was: 4.x)
Resolution: Won't Fix
JBossRemotingGateway doesn't support Http BASIC Auth (and
probably more)
------------------------------------------------------------------------
Key: JBESB-807
URL: https://jira.jboss.org/browse/JBESB-807
Project: JBoss ESB
Issue Type: Feature Request
Security Level: Public(Everyone can see)
Components: Transports
Affects Versions: 4.2 Milestone Release 3
Reporter: Tom Fennelly
Assignee: Tom Fennelly
Talked with Ron Sigal and he thinks we might have to explicitly use the Servlet transport
(i.e. the CoyoteInvoker might not be configurable for BASIC auth).
Here's what Ron said exactly.....
"1. HTTPServerInvoker is obsolete. It's been replaced by CoyoteInvoker.
2. According to my O'Reilly Tomcat book, BASIC authorization is configured in the
web.xml file by the <login-config> element. But CoyoteInvoker doesn't use the
full Tomcat implementation, just the Coyote adapter. I'm really not sure if the
Coyote adapter has anything to do with the web.xml file.
3. There is another Remoting transport, the servlet transport, which really does use
Tomcat. It uses a servlet as a front end to the server invoker. There's even a
web.xml file: src\etc\web\web.xml in the Remoting project directory."
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5301
days inactive
6313
days old
11 comments
3 participants
participants (3)
-
Kevin Conner (JIRA) -
Mark Little (JIRA)
-
Tom Fennelly (JIRA)