(moved the discussion from user@marmotta to dev@marmotta)
As my last question was "does ImportClient() and HTTPUtil really use the
ClientConfiguration user/pwd to set the HTTP authentication", I did a trial in
HTTPUtil.createPost(), replacing
return new HttpPost(serviceUrl);
by:HttpPost post = new HttpPost(serviceUrl);
String user = config.getMarmottaUser() ;
String pwd = config.getMarmottaPassword() ;
if (user != null && pwd != null) // if a user/pwd is specified, set the
Authentication
{
String credentials = config.getMarmottaUser() + ":" +
config.getMarmottaPassword() ;
try {
String encoded =
DatatypeConverter.printBase64Binary(credentials.getBytes("UTF-8"));
post.setHeader("Authorization", "Basic " + encoded);
} catch (UnsupportedEncodingException e) {
// no logger here, no 'error' is registered
System.out.println("UnsupportedEncodingException") ;
}
}
return post ;
This seems to work. But as I don't master the HTTP authentication, I am not
sure this code is fully correct.
For instance, I do post.setHeader() with a "Basic " string, but I see that
Marmotta has a parameter "security.method" that can be either "BASIC" or
"DIGEST". Do we have to take this into account here ?
Another question:
here I did modified the createPost(), but should other methods be modified as
well ?
Currently, I can use my own code as described earlier, so I am willing to
provide a patch for that only if it is useful for the Marmotta team.
Fabian
>>> "Fabian Cretton" <[email protected]> 28.10.2014 11:32 >>>
Jakob,
Thank you for your answer. So the patch I did was to allow one Marmotta module
that I am developping to call another existing marmotta module, which seems a
common use case for me when developping new modules in this SOA architecture.
Thank you for your proposal that I will try: "decrypt" the auth token and
provide user/passwd via the ClientConfiguration.
But now, here I am back to the current problem if I would like to use
ImportClient(), as the user/pwd passed to ClientConfiguration don't seem to
work.
I would be happy to have a look into that, but I would need your help about the
open question:
"I do see the deprecated methods in
org.apache.marmotta.client.util.HTTPUtil.createClient()
However I don't see anywhere in that createClient() that the user/pwd values
are used ? is it a hidden mechanisme ?"
Is that maybe the current bug: that HTTPUtil.createClient() don't use the
user/pwd to set the "Authorization" header ?
Thank you
Fabian
>>> Jakob Frank <[email protected]> 28.10.2014 11:20 >>>
Hi Fabian,
sorry, I mixed up the two. ClientConfiguration is the right one.
So you want to forward the auth-token you receive on your side to marmotta?
This usecase is currently not covered, the patch you did looks like a possible
solution.
A different approach would be to "decrypt" the auth token and provide
user/passwd via the ClientConfiguration.
Best,
Jakob
Am 27.10.2014 15:11 schrieb "Fabian Cretton" <[email protected]>:
Jakob,
Do we talk here about ClientConfiguration or ConfigurationClient ?
In my understanding ConfigurationClient is a client to access the configuration
of Marmotta whereas I was talking about ClientConfiguration here.
In my code, to call the ImportClient, I am doing:
ClientConfiguration configuration = new ClientConfiguration(marmottaURL,
"admin", "pass123");
configuration.setMarmottaContext(context);
ImportClient importClient = new ImportClient(configuration);
importClient.uploadDataset(is, format.getDefaultMIMEType());
Then, I do see the deprecated methods in
org.apache.marmotta.client.util.HTTPUtil.createClient()
However I don't see anywhere in that createClient() that the user/pwd values
are used ? is it a hidden mechanisme ?
If you can give me more precision I can still look into that, but hopefully I
am not causing you more troubles then help.
But still there is something not clear for me:
Ultimately, I don't want to pass a predefined user/pwd to my
ClientConfiguration in my java code, but I want to use the user/pwd currently
logged on the platform.
This is what I do in the current work-around I described in my first post:
>> To make it work, I had make my own copy of the method
>> ImportClient.uploadDataset(), and pass the headerAuth received by my own
>> webservice to the post object: post.setHeader("Authorization", headerAuth);
Fabian
>>> Jakob Frank <[email protected]> 27.10.2014 13:43 >>>
It is - setting the username/passwd in the ConfigurationClient should
do the trick.
I had a look into
org.apache.marmotta.client.clients.ConfigurationClient and
org.apache.marmotta.client.util.HTTPUtil, this is where I found the
warnings.
We updated HttpClient to 4.3 some time ago which changed the API, but
never followed up with all the usages in marmotta [1].
There are probably to strategies to fix the auth-issue:
* configure the HttpClient for "preemtive auth", so it sends the
auth-header right at the beginning, or
* implement a retry-strategy that reacts on 401 correctly (actually,
IMHO HttpClient should do so automatically)
Best,
Jakob
[1] https://issues.apache.org/jira/browse/MARMOTTA-406
On 27 October 2014 10:50, Fabian Cretton <[email protected]> wrote:
> Do you mean that passing the user/pwd to the ClientConfiguration should be
> the correct way to do it ?
>
> And, more precisely, where is the use of a deprecated API of HttpClient ?
>
> thanks
> Fabian
>
>>>> Jakob Frank <[email protected]> 27.10.2014 09:38 >>>
> Hi Fabian,
>
> while looking into the code for the data-import issue, I saw that we
> are using a deprecated API of HttpClient - maybe the authentication
> issue is related to that.
>
> Would be great if you could have a look into that and maybe provide a patch!
>
> Best,
> Jakob
>
>
> On 24 October 2014 13:56, Fabian Cretton <[email protected]> wrote:
>> Hi,
>>
>> In a Marmotta module I am developping, I did use ImportClient to upload
>> data, and it did work fine.
>>
>> However, when changing Marmotta's security from "simple" to "restricted",
>> the ImportClient was failing with a 401.
>> I did try to pass a user/pwd to the ClientConfiguration(), but the error
>> persisted (I was passing the user and password as 'clear' strings, for
>> instance 'admin' and 'pass123').
>>
>> To make it work, I had make my own copy of the method
>> ImportClient.uploadDataset(), and pass the headerAuth received by my own
>> webservice to the post object: post.setHeader("Authorization",
>> headerAuth);
>>
>> I thus have two question:
>> - is that normal that the ImportClient was failing or did I do something
>> wrong
>> - if that was normal, would you want a new version of ImportClient that
>> could handle this ?
>>
>> thank you
>> Fabian
>>
