This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
OpenGrok integration with LDAP issue #2352
Comments
|
How exactly is authentication/authorization setup ?
Dne po 10. 9. 2018 11:35 uživatel tiffanyzhou <[email protected]>
napsal:
… After my OpenGrok integration with LDAP, the following error is reported
at reindex when the code is update. How can I solve this problem.
2018-09-10 08:35:37.789+0800 FINEST t1 HttpURLConnection$1.run: Requesting
Authentication: host =127.0.0.1 url =
http://127.0.0.1:8080/source/api/v1/configuration?reindex=true
2018-09-10 08:35:37.789+0800 FINEST t1 HttpURLConnection$1.run:
Authentication returned: null
2018-09-10 08:35:37.789+0800 FINER t1
HttpURLConnection.getServerAuthentication: Server Authentication for
AuthenticationHeader: prefer Basic realm="Authentication required" returned
null
2018-09-10 08:35:37.789+0800 SEVERE t1 Indexer.sendToConfigHost: Failed to
send configuration to http://127.0.0.1:8080/source (is web application
server running with opengrok deployed?)
java.io.IOException:
InboundJaxrsResponse{context=ClientResponse{method=PUT, uri=
http://127.0.0.1:8080/source/api/v1/configuration?reindex=true,
status=401, reason=Unauthorized}}
at
org.opensolaris.opengrok.configuration.RuntimeEnvironment.writeConfiguration(RuntimeEnvironment.java:1395)
at
org.opensolaris.opengrok.index.Indexer.sendToConfigHost(Indexer.java:1124)
at org.opensolaris.opengrok.index.Indexer.main(Indexer.java:311)
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#2352>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACzGDB0CH6cB6R6084i1GJFWQsTcsTGmks5uZjI3gaJpZM4WhCuh>
.
|
|
I configured ldap in apache-tomcat-8.5.33/conf/server.xml , and added "" in apache-tomcat-8.5.33/webapps/source/WEB-INF/web.xml , The validation is in effect when I visit the opengrok home page. Configuration details are as follows:
|
|
For me it seems that you have to setup the authorization so it allows requests from localhost. But I have no other insights. |
|
That's my thinking as well. Localhost needs to be exempted from auth/authnz
checks.
Dne po 10. 9. 2018 11:59 uživatel Kryštof Tulinger <[email protected]>
napsal:
… For me it seems that you have to setup the authorization so it allows
requests from localhost. But I have no other insights.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#2352 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ACzGDLlHnAaUNxbS9OY7PAtX9r3a8Wc3ks5uZjf8gaJpZM4WhCuh>
.
|
|
I meant that for The part that I allows only requests from localhost is already part of opengrok. |
|
Yes, it seems that the |
|
I.e. this worked for me:
<security-constraint>
<web-resource-collection>
<web-resource-name>API endpoints are checked separately by the web app</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>In general everything needs to be authenticated</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>tomcat</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
<user username="foobar" password="foobar" roles="tomcat,manager-script"/>I was only able to see locations like |
|
This works because of the longest-path match used by the container (next to the other matching rules). |
|
I updated https://github.com/oracle/opengrok/wiki/Authorization#http-basic-tutorial with the working config. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
After my OpenGrok integration with LDAP, the following error is reported at reindex when the code is update. How can I solve this problem.
2018-09-10 08:35:37.789+0800 FINEST t1 HttpURLConnection$1.run: Requesting Authentication: host =127.0.0.1 url = http://127.0.0.1:8080/source/api/v1/configuration?reindex=true
2018-09-10 08:35:37.789+0800 FINEST t1 HttpURLConnection$1.run: Authentication returned: null
2018-09-10 08:35:37.789+0800 FINER t1 HttpURLConnection.getServerAuthentication: Server Authentication for AuthenticationHeader: prefer Basic realm="Authentication required" returned null
2018-09-10 08:35:37.789+0800 SEVERE t1 Indexer.sendToConfigHost: Failed to send configuration to http://127.0.0.1:8080/source (is web application server running with opengrok deployed?)
java.io.IOException: InboundJaxrsResponse{context=ClientResponse{method=PUT, uri=http://127.0.0.1:8080/source/api/v1/configuration?reindex=true, status=401, reason=Unauthorized}}
at org.opensolaris.opengrok.configuration.RuntimeEnvironment.writeConfiguration(RuntimeEnvironment.java:1395)
at org.opensolaris.opengrok.index.Indexer.sendToConfigHost(Indexer.java:1124)
at org.opensolaris.opengrok.index.Indexer.main(Indexer.java:311)
The text was updated successfully, but these errors were encountered: