[jboss-jira] [JBoss JIRA] (AS7-1856) HTTP auth breaks when console is accessed through proxy

Darran Lofthouse (Resolved) (JIRA) jira-events at lists.jboss.org
Mon Jan 9 13:38:13 EST 2012 

     [ https://issues.jboss.org/browse/AS7-1856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved AS7-1856.
-----------------------------------

    Resolution: Rejected


I am marking this issue as Rejected as it is fundamentally an issue of having two different authentication mechanisms on a single content (The /management context).

The authentication as configured by Apache is happening first which is causing a response for HTTP BASIC authentication.

This request then reaches the application server which sees the Basic header which is not supported so the request is rejected.

Testing making a change to the AS to 'ignore' the Basic header and prompt for Digest authentication also fails, the Apache server and browser continue trying to send the Basic authentication header.

If the '/management' context is going to be proxied through Apache then Apache should not secure this context at the same time as this same context is secured within AS itself.  If the security is disabled on AS7 for the HTTP interface then a secured Apache instance can proxy the requests but in the future this would cause a loss of the ACL / authorization support being added shortly.

                
> HTTP auth breaks when console is accessed through proxy
> -------------------------------------------------------
>
>                 Key: AS7-1856
>                 URL: https://issues.jboss.org/browse/AS7-1856
>             Project: Application Server 7
>          Issue Type: Bug
>          Components: Domain Management
>    Affects Versions: 7.0.1.Final
>            Reporter: Heiko Braun
>            Assignee: Darran Lofthouse
>             Fix For: 7.1.0.Final
>
>
> Update: when I secure the management interface as described here:
> https://docs.jboss.org/author/display/AS7/Securing+the+Management+Interfaces
> under Quick Configuration, the console does not ask for the user/pw, but I get in firebug:
> "NetworkError: 502 Proxy Error - http://urbansms.com:82/management"
> Does that mean that the HTTP Digest authentication does not work if proxied? Or is it a bug?
> Thanks

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list