[jbosstools-issues] [JBoss JIRA] (JBIDE-15830) openshift-java-client: incompatibility with OpenShift Enterprise and Origin when using the remote-user authentication plugin
Andre Dietisheim (JIRA)
jira-events at lists.jboss.org
Wed Nov 13 11:35:07 EST 2013
[ https://issues.jboss.org/browse/JBIDE-15830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12923247#comment-12923247 ]
Andre Dietisheim edited comment on JBIDE-15830 at 11/13/13 11:34 AM:
---------------------------------------------------------------------
The useragent is set via a properties file:
{code:title=RestService (constructor)}
setupClient(properties.getUseragent(clientId), protocolVersion, acceptedMediaType, client);
{code}
The properties file that shipped with the client library has the useragent that we're using in OpenShift. The properties file allows the maven build to substitute the plugin version in the user-agent:
{code:title=src\/main\/resources\/restservice.properties}
useragent=Java OpenShift REST/{0} ({1})
{code}
To my current understanding you should be able to override the user-agent by providing your own restservice.properties.
This would then in turn allow us to remove the magic code (discussed above) that mangles the useragent when keys are present.
was (Author: adietish):
The useragent is set via a properties file:
{code:title=RestService (constructor)}
setupClient(properties.getUseragent(clientId), protocolVersion, acceptedMediaType, client);
{code}
The properties file that shipped with the client library has the useragent that we're using in OpenShift. The properties file allows the maven build to substitute the plugin version in the user-agent:
{code:src/main/resources/restservice.properties}
useragent=Java OpenShift REST/{0} ({1})
{code}
To my current understanding you should be able to override the user-agent by providing your own restservice.properties.
This would then in turn allow us to remove the magic code (discussed above) that mangles the useragent when keys are present.
> openshift-java-client: incompatibility with OpenShift Enterprise and Origin when using the remote-user authentication plugin
> ----------------------------------------------------------------------------------------------------------------------------
>
> Key: JBIDE-15830
> URL: https://issues.jboss.org/browse/JBIDE-15830
> Project: Tools (JBoss Tools)
> Issue Type: Bug
> Components: openshift
> Affects Versions: 4.1.1.Beta1
> Reporter: Brenton Leanhardt
> Assignee: Andre Dietisheim
> Labels: openshift-java-client
> Fix For: 4.1.1.CR1, 4.2.0.Alpha1
>
>
> OpenShift Enterprise and Origin both ship an authentication plugin that allows parts of authentication to be handled by Apache and other parts to be delegated to the openshift-origin-controller codebase. I've found that all versions of openshift-java-client after 2.3.0.Final change a (poorly documented) requirement for the OpenShift remote-user plugin.
> In order for a request to bypass the Apache authentication and passthrough to the OpenShift Broker the user-agent header is inspected. If the user-agent is 'OpenShift' then the Broker will require an encrypted authentication token. Today this is used by the jenkins cartridge but I believe it's also still used for scaling.
> You can see this for details:
> https://github.com/openshift/origin-server/blob/master/documentation/archive/how_nodes_act_on_behalf_of_users.md#how-the-encrypted-token-is-used
> In 2.3.0.Final of the openshift-java-client the user-agent was 'OpenShift' however all versions after this set the user-agent to the java version (eg, User-Agent: Java/1.7.0_45).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list