[jira] Commented: (COUCHDB-34) Enable replicator to use HTTP authentication

Thu, 29 Jan 2009 19:17:22 -0800 

    [ 
https://issues.apache.org/jira/browse/COUCHDB-34?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12668724#action_12668724
 ] 

Adam Kocoloski commented on COUCHDB-34:
---------------------------------------

So, the CouchDB replicator works with HTTP authentication already.  Since we 
have no restrictions on reader access, we only have to worry about two cases:  
local target and remote target.

Local Target: specify credentials in the POST to replicate.  Either of the 
following works:
curl -X POST http://admin:mysecretpassw...@localhost:5984/_replicate works
curl -X POST http://localhost:5984/_replicate -H "Authorization:Basic 
YWRtaW46bXlzZWNyZXRwYXNzd29yZA=="

Remote Target: specify credentials in the JSON body.  This works in trunk:

{
  "source":"test_suite_db_a",
  "target":"http://admin:mysecretpassw...@localhost:5984/test_suite_db_b";
}

This works if you the header value in 
couch_httpd_misc_handlers:handle_replicate_req using ?b2l:
{
  "source":"test_suite_db_a", 
  "target":"http://localhost:5984/test_suite_db_b";, 
  "target_options":{
    "headers":{
      "Authorization":"Basic YWRtaW46bXlzZWNyZXRwYXNzd29yZA=="
    }
  }
}

One thing we could do is format a nice 401 response if the replicator fails 
because of missing credentials.  Currently the replicator crashes when 
update_docs fails and no response is sent to the client.  In the local target 
case returning a 401 is a no brainer.  

In the remote target case it's a little weird because the credentials need to 
be sent in the JSON body.  One idea might be to set realm="target" in the 
response.  CouchDB-aware clients would know that means the credentials need to 
go in the body, not the URL or Headers.

> Enable replicator to use HTTP authentication
> --------------------------------------------
>
>                 Key: COUCHDB-34
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-34
>             Project: CouchDB
>          Issue Type: New Feature
>          Components: Database Core
>            Reporter: Christopher Lenz
>            Priority: Blocker
>             Fix For: 0.9
>
>
> You can currently give the CouchDB replicator HTTP URIs to remote databases. 
> However, if one of those remote instances is behind HTTP authentication, the 
> replication will fail. It should be possible to specify authentication 
> credentials to the replicator, which it would then use in response to 401 
> responses.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to