thank you Sergio, I will try it. on the other hand, I am ready to do "pull request" from my own marmotta fork. If so, as I do have my own 'dev-overLOD' and 'develop' branch, I guess I should implement the change in 'develop' and do a pull request for 'develop', is that right ? Fabian
>>> Sergio Fernández<[email protected]> 31.10.2014 12:14 >>> Hi Fabian, I've just implemented the suggested patch in the develop branch: http://git-wip-us.apache.org/repos/asf/marmotta/diff/27750cd7 Please, check if the Java Client Library now correctly implements HTTP Basic Authentication as expected. Thanks for all your support on debugging and fixing this issue. Cheers, On 30/10/14 15:50, Fabian Cretton wrote: > (moved the discussion from user@marmotta to dev@marmotta) > > As my last question was "does ImportClient() and HTTPUtil really use the ClientConfiguration user/pwd to set the HTTP authentication", I did a trial in HTTPUtil.createPost(), replacing > > return new HttpPost(serviceUrl); > by:HttpPost post = new HttpPost(serviceUrl); > String user = config.getMarmottaUser() ; > String pwd = config.getMarmottaPassword() ; > if (user != null && pwd != null) // if a user/pwd is specified, set the Authentication > { > String credentials = config.getMarmottaUser() + ":" + config.getMarmottaPassword() ; > > try { > String encoded = DatatypeConverter.printBase64Binary(credentials.getBytes("UTF-8")); > post.setHeader("Authorization", "Basic " + encoded); > } catch (UnsupportedEncodingException e) { > // no logger here, no 'error' is registered > System.out.println("UnsupportedEncodingException") ; > } > } > > return post ; > > > This seems to work. But as I don't master the HTTP authentication, I am not sure this code is fully correct. > For instance, I do post.setHeader() with a "Basic " string, but I see that Marmotta has a parameter "security.method" that can be either "BASIC" or "DIGEST". Do we have to take this into account here ? > > Another question: > here I did modified the createPost(), but should other methods be modified as well ? > > Currently, I can use my own code as described earlier, so I am willing to provide a patch for that only if it is useful for the Marmotta team. > Fabian > > > >>>> "Fabian Cretton" <[email protected]> 28.10.2014 11:32 >>> > Jakob, > > Thank you for your answer. So the patch I did was to allow one Marmotta module that I am developping to call another existing marmotta module, which seems a common use case for me when developping new modules in this SOA architecture. > Thank you for your proposal that I will try: "decrypt" the auth token and provide user/passwd via the ClientConfiguration. > > But now, here I am back to the current problem if I would like to use ImportClient(), as the user/pwd passed to ClientConfiguration don't seem to work. > > I would be happy to have a look into that, but I would need your help about the open question: > "I do see the deprecated methods in org.apache.marmotta.client.util.HTTPUtil.createClient() > However I don't see anywhere in that createClient() that the user/pwd values are used ? is it a hidden mechanisme ?" > Is that maybe the current bug: that HTTPUtil.createClient() don't use the user/pwd to set the "Authorization" header ? > > Thank you > Fabian > >>>> Jakob Frank <[email protected]> 28.10.2014 11:20 >>> > > Hi Fabian, > sorry, I mixed up the two. ClientConfiguration is the right one. > So you want to forward the auth-token you receive on your side to marmotta? This usecase is currently not covered, the patch you did looks like a possible solution. > A different approach would be to "decrypt" the auth token and provide user/passwd via the ClientConfiguration. > > > Best, > Jakob > > > > Am 27.10.2014 15:11 schrieb "Fabian Cretton" <[email protected]>: > > > Jakob, > Do we talk here about ClientConfiguration or ConfigurationClient ? > In my understanding ConfigurationClient is a client to access the configuration of Marmotta whereas I was talking about ClientConfiguration here. > In my code, to call the ImportClient, I am doing: > ClientConfiguration configuration = new ClientConfiguration(marmottaURL, "admin", "pass123"); > configuration.setMarmottaContext(context); > ImportClient importClient = new ImportClient(configuration); > importClient.uploadDataset(is, format.getDefaultMIMEType()); > > Then, I do see the deprecated methods in org.apache.marmotta.client.util.HTTPUtil.createClient() > However I don't see anywhere in that createClient() that the user/pwd values are used ? is it a hidden mechanisme ? > If you can give me more precision I can still look into that, but hopefully I am not causing you more troubles then help. > But still there is something not clear for me: > Ultimately, I don't want to pass a predefined user/pwd to my ClientConfiguration in my java code, but I want to use the user/pwd currently logged on the platform. > This is what I do in the current work-around I described in my first post: >>> To make it work, I had make my own copy of the method >>> ImportClient.uploadDataset(), and pass the headerAuth received by my own >>> webservice to the post object: post.setHeader("Authorization", headerAuth); > Fabian > >>>> Jakob Frank <[email protected]> 27.10.2014 13:43 >>> > It is - setting the username/passwd in the ConfigurationClient should > do the trick. > > I had a look into > org.apache.marmotta.client.clients.ConfigurationClient and > org.apache.marmotta.client.util.HTTPUtil, this is where I found the > warnings. > > We updated HttpClient to 4.3 some time ago which changed the API, but > never followed up with all the usages in marmotta [1]. > > There are probably to strategies to fix the auth-issue: > * configure the HttpClient for "preemtive auth", so it sends the > auth-header right at the beginning, or > * implement a retry-strategy that reacts on 401 correctly (actually, > IMHO HttpClient should do so automatically) > > > Best, > Jakob > > [1] https://issues.apache.org/jira/browse/MARMOTTA-406 > > On 27 October 2014 10:50, Fabian Cretton <[email protected]> wrote: >> Do you mean that passing the user/pwd to the ClientConfiguration should be >> the correct way to do it ? >> >> And, more precisely, where is the use of a deprecated API of HttpClient ? >> >> thanks >> Fabian >> >>>>> Jakob Frank <[email protected]> 27.10.2014 09:38 >>> >> Hi Fabian, >> >> while looking into the code for the data-import issue, I saw that we >> are using a deprecated API of HttpClient - maybe the authentication >> issue is related to that. >> >> Would be great if you could have a look into that and maybe provide a patch! >> >> Best, >> Jakob >> >> >> On 24 October 2014 13:56, Fabian Cretton <[email protected]> wrote: >>> Hi, >>> >>> In a Marmotta module I am developping, I did use ImportClient to upload >>> data, and it did work fine. >>> >>> However, when changing Marmotta's security from "simple" to "restricted", >>> the ImportClient was failing with a 401. >>> I did try to pass a user/pwd to the ClientConfiguration(), but the error >>> persisted (I was passing the user and password as 'clear' strings, for >>> instance 'admin' and 'pass123'). >>> >>> To make it work, I had make my own copy of the method >>> ImportClient.uploadDataset(), and pass the headerAuth received by my own >>> webservice to the post object: post.setHeader("Authorization", >>> headerAuth); >>> >>> I thus have two question: >>> - is that normal that the ImportClient was failing or did I do something >>> wrong >>> - if that was normal, would you want a new version of ImportClient that >>> could handle this ? >>> >>> thank you >>> Fabian >>> > > -- Sergio Fernández Partner Technology Manager Redlink GmbH m: +43 660 2747 925 e: [email protected] w: http://redlink.co
