[jbosstools-issues] [JBoss JIRA] (JBIDE-15830) openshift-java-client: incompatibility with OpenShift Enterprise and Origin when using the remote-user authentication plugin
[
https://issues.jboss.org/browse/JBIDE-15830?page=com.atlassian.jira.plugi...
]
Andre Dietisheim edited comment on JBIDE-15830 at 11/14/13 11:32 AM:
---------------------------------------------------------------------
I'm removing the erroneous check in RestServiceProperties that wont return the
*useragent* from the properties file if the id is *null*. I'm just checking that we
have a useragent pattern and replace eventual nulls in *clientId* and *version* by empty
strings (so that an overriding useragent-pattern may eventually decide to not provide
clientId and version.
{code}
if (!StringUtils.isEmpty(useragentPattern)) {
userAgent = MessageFormat.format(useragentPattern,
StringUtils.nullToEmptyString(version),
StringUtils.nullToEmptyString(clientId));
}
{code}
Created a PR for the above change (with test):
https://github.com/openshift/openshift-java-client/pull/107
was (Author: adietish):
I'm removing the erroneous check in RestServiceProperties that wont return the
*useragent* from the properties file if the id is *null*. I'm just checking that we
have a useragent pattern and replace eventual nulls in *clientId* and *version* by empty
strings (so that an overriding useragent-pattern may eventually decide to not provide
clientId and version.
{code}
if (!StringUtils.isEmpty(useragentPattern)) {
userAgent = MessageFormat.format(useragentPattern,
StringUtils.nullToEmptyString(version),
StringUtils.nullToEmptyString(clientId));
}
{code}
I'll push this change upstream today.
openshift-java-client: incompatibility with OpenShift Enterprise and
Origin when using the remote-user authentication plugin
----------------------------------------------------------------------------------------------------------------------------
Key: JBIDE-15830
URL: https://issues.jboss.org/browse/JBIDE-15830
Project: Tools (JBoss Tools)
Issue Type: Bug
Components: openshift
Affects Versions: 4.1.1.Beta1
Reporter: Brenton Leanhardt
Assignee: Andre Dietisheim
Labels: openshift-java-client
Fix For: 4.1.1.CR1, 4.2.0.Alpha1
OpenShift Enterprise and Origin both ship an authentication plugin that allows parts of
authentication to be handled by Apache and other parts to be delegated to the
openshift-origin-controller codebase. I've found that all versions of
openshift-java-client after 2.3.0.Final change a (poorly documented) requirement for the
OpenShift remote-user plugin.
In order for a request to bypass the Apache authentication and passthrough to the
OpenShift Broker the user-agent header is inspected. If the user-agent is
'OpenShift' then the Broker will require an encrypted authentication token. Today
this is used by the jenkins cartridge but I believe it's also still used for scaling.
You can see this for details:
https://github.com/openshift/origin-server/blob/master/documentation/arch...
In 2.3.0.Final of the openshift-java-client the user-agent was 'OpenShift'
however all versions after this set the user-agent to the java version (eg, User-Agent:
Java/1.7.0_45).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira