Skip to content
This repository has been archived by the owner on Nov 6, 2018. It is now read-only.

BasicPolicy fails #306

Open
cmoulliard opened this issue May 12, 2016 · 4 comments
Open

BasicPolicy fails #306

cmoulliard opened this issue May 12, 2016 · 4 comments
Labels
api-management apiman

Comments

@cmoulliard
Copy link
Contributor

cmoulliard commented May 12, 2016
edited
Loading

Deployed the CXF CDI Quickstart on OSEv3, open the Api endpoint within Apiman Management Console and add a Basic Policy with a user cxf / password : cxf

Send a HTTP request returning a "HTTP/1.1 401 Unauthorized"

http --verify=no -a cxf:cxf http://apiman-gateway.vagrant.f8/gateway/demo2/cdi-cxf/3.0/customerservice/customers/123
HTTP/1.1 401 Unauthorized
Content-Type: application/json
Date: Thu, 12 May 2016 12:57:25 GMT
Server: Jetty(9.2.10.v20150310)
Set-Cookie: OPENSHIFT_default_apiman-gateway_SERVERID=172.17.0.6:7777; path=/; HttpOnly
Transfer-Encoding: chunked
WWW-Authenticate: Basic realm="cxf"
X-Policy-Failure-Code: 10011
X-Policy-Failure-Message: BASIC authentication failed.
X-Policy-Failure-Type: Authentication

{"type":"Authentication","failureCode":10011,"responseCode":0,"message":"BASIC authentication failed.","headers":{"entries":[{"WWW-Authenticate":"Basic realm=\"cxf\""}],"empty":false}}<?xml version="1.0" encoding="UTF-8" standalone="yes"?><Customer xmlns="http://cxfcdi.fabric.quickstarts.fabric8.io/"><id>123</id><name>John</name></Customer>

The log of the apiman gateway is not really verbose as it only reports INFO messages

12:55:14,608  INFO /system/status
12:55:16,316  INFO /apis/demo2/cdi-cxf/3.0/endpoint
12:55:24,603  INFO /system/status
12:55:34,617  INFO /system/status
12:55:44,608  INFO /system/status
12:55:54,603  INFO /system/status
12:56:04,603  INFO /system/status
@cmoulliard
Copy link
Contributor Author

cmoulliard commented May 12, 2016
edited
Loading

The workaround is to disable (or not selected the checkbox under Require Transport Security field) when we define the Basic Authentication Policy

screenshot 2016-05-12 16 18 16

Basic Auth is working now

http -a cxf:cxf http://apiman-gateway.vagrant.f8/gateway/demo2/cdi-cxf/4.0/customerservice/customers/123
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 158
Content-Type: application/xml
Date: Thu, 12 May 2016 14:11:37 GMT
Server: Jetty(9.2.10.v20150310)
Set-Cookie: OPENSHIFT_demo2_cdi-cxf_SERVERID=172.17.0.12:9092; path=/; HttpOnly
Set-Cookie: OPENSHIFT_default_apiman-gateway_SERVERID=172.17.0.6:7777; path=/; HttpOnly

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns0:Customer xmlns:ns0="http://cxfcdi.fabric.quickstarts.fabric8.io/">
    <ns0:id>123</ns0:id>
    <ns0:name>John</ns0:name>
</ns0:Customer>

@KurtStam
Copy link
Member

KurtStam commented Jun 3, 2016

So is this working ok? Do we need to add something to the readme?

@cmoulliard
Copy link
Contributor Author

We should add a remark within the README file to mention that https transport option ofr the plugin is only possible if we have deployed apiman/apiman-gateway using SSL

@KurtStam
Copy link
Member

KurtStam commented Jun 9, 2016

I've asked Eric if he can add a few words in the console to explain that it can be used only when the gateway runs ssl. https://issues.jboss.org/browse/APIMAN-1175

@KurtStam KurtStam added the apiman label Jun 9, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
api-management apiman
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@KurtStam @cmoulliard