Hello, We recently enabled authentication security using Shiro and now find that we can no longer use the razor cli. How do we pass credentials to the cli without doing something like the below?
razor -u https://user:password@razorserver/api/... Additionally, after enabling the localhost to bypass authentication, we found that from the razor server read-only commands worked (i.e., razor nodes), but create/update/register/delete commands no longer worked. We would get a 500 error as follows: from /var/log/puppetlabs/razor-server/server.log: 15:35:35,274 INFO [razor.web.log] (http-/0.0.0.0:8151-3) 127.0.0.1 - - [03/Feb/2017:15:35:35 -0600] "GET /api " 200 6629 0.0120 15:35:35,356 INFO [razor.web.log] (http-/0.0.0.0:8151-3) 127.0.0.1 - - [03/Feb/2017:15:35:35 -0600] "GET /api/commands/register-node " 200 6205 0.0140 15:35:35,419 INFO [razor.web.api] (http-/0.0.0.0:8151-2) 2017-02-03 15:35:35 - Java::OrgApacheShiroAuthz::UnauthenticatedException - This subject is anonymous - it does not have any identifying principals and authorization operations require an identity to check against. A Subject instance will acquire these identifying principals automatically after a successful login is performed be executing org.apache.shiro.subject.Subject.login(AuthenticationToken) or when 'Remember Me' functionality is enabled by the SecurityManager. This exception can also occur when a previously logged-in Subject has logged out which makes it anonymous again. Because an identity is currently not known due to any of these conditions, authorization is denied.: org.apache.shiro.subject.support.DelegatingSubject.assertAuthzCheckPossible(org/apache/shiro/subject/support/DelegatingSubject.java:199) org.apache.shiro.subject.support.DelegatingSubject.checkPermissions(org/apache/shiro/subject/support/DelegatingSubject.java:214) java.lang.reflect.Method.invoke(java/lang/reflect/Method.java:498) RUBY.validate!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/validation/hash_schema.rb:149) RUBY.validate!(/opt/puppetlabs/server/apps/razor-server/share/torquebox/jruby/lib/ruby/1.9/forwardable.rb:201) RUBY.handle_http_post(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/command.rb:33) RUBY.POST /api/commands/:name(/opt/puppetlabs/server/apps/razor-server/share/razor-server/app.rb:610) org.jruby.RubyMethod.call(org/jruby/RubyMethod.java:124) RUBY.compile!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1610) org.jruby.RubyProc.call(org/jruby/RubyProc.java:271) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:974) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:974) Sinatra::Base.route_eval(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:993) Sinatra::Base.route_eval(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:993) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:974) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:974) Sinatra::Base.process_route(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1014) Sinatra::Base.process_route(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1014) org.jruby.RubyKernel.catch(org/jruby/RubyKernel.java:1264) Sinatra::Base.process_route(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1012) Sinatra::Base.process_route(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1012) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:972) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:972) org.jruby.RubyArray.each(org/jruby/RubyArray.java:1613) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:971) Sinatra::Base.route!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:971) Sinatra::Base.dispatch!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1084) Sinatra::Base.dispatch!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1084) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) org.jruby.RubyKernel.catch(org/jruby/RubyKernel.java:1264) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) Sinatra::Base.dispatch!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1081) Sinatra::Base.dispatch!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1081) Sinatra::Base.call!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:906) Sinatra::Base.call!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:906) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) org.jruby.RubyKernel.catch(org/jruby/RubyKernel.java:1264) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) Sinatra::Base.invoke(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:1066) Sinatra::Base.call!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:906) Sinatra::Base.call!(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:906) Sinatra::Base.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:894) Sinatra::Base.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:894) Razor::Middleware::Auth.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/middleware/auth.rb:52) Razor::Middleware::Auth.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/middleware/auth.rb:52) Razor::Middleware::Auth.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/middleware/auth.rb:50) Razor::Middleware::Auth.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/middleware/auth.rb:50) Rack::CommonLogger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-1.6.1/lib/rack/commonlogger.rb:33) Rack::CommonLogger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-1.6.1/lib/rack/commonlogger.rb:33) Rack::CommonLogger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:218) Rack::CommonLogger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:218) Razor::Middleware::Logger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/middleware/logger.rb:13) Razor::Middleware::Logger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/lib/razor/middleware/logger.rb:13) Rack::Protection::XSSHeader.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18) Rack::Protection::XSSHeader.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/xss_header.rb:18) Rack::Protection::PathTraversal.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16) Rack::Protection::PathTraversal.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/path_traversal.rb:16) Rack::Protection::JsonCsrf.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18) Rack::Protection::JsonCsrf.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/json_csrf.rb:18) Rack::Protection::Base.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49) Rack::Protection::Base.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49) Rack::Protection::Base.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49) Rack::Protection::Base.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/base.rb:49) Rack::Protection::FrameOptions.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31) Rack::Protection::FrameOptions.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-protection-1.5.3/lib/rack/protection/frame_options.rb:31) Rack::NullLogger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-1.6.1/lib/rack/nulllogger.rb:9) Rack::NullLogger.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-1.6.1/lib/rack/nulllogger.rb:9) Rack::Head.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-1.6.1/lib/rack/head.rb:13) Rack::Head.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/rack-1.6.1/lib/rack/head.rb:13) Sinatra::ExtendedRack.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:181) Sinatra::ExtendedRack.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:181) Sinatra::Wrapper.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:2021) Sinatra::Wrapper.call(/opt/puppetlabs/server/apps/razor-server/share/razor-server/vendor/bundle/jruby/1.9/gems/sinatra-1.4.6/lib/sinatra/base.rb:2021) org.torquebox.core.util.RuntimeHelper$3.call(org/torquebox/core/util/RuntimeHelper.java:91) org.torquebox.core.util.RuntimeHelper.withinContext(org/torquebox/core/util/RuntimeHelper.java:264) org.torquebox.core.util.RuntimeHelper.call(org/torquebox/core/util/RuntimeHelper.java:89) org.torquebox.core.component.AbstractRubyComponent._callRubyMethod(org/torquebox/core/component/AbstractRubyComponent.java:64) org.torquebox.core.component.AbstractRubyComponent._callRubyMethod(org/torquebox/core/component/AbstractRubyComponent.java:73) org.torquebox.web.component.RackApplicationComponent.call(org/torquebox/web/component/RackApplicationComponent.java:38) org.torquebox.web.servlet.RackFilter.doRack(org/torquebox/web/servlet/RackFilter.java:155) org.torquebox.web.servlet.RackFilter.doFilter(org/torquebox/web/servlet/RackFilter.java:138) org.torquebox.web.servlet.RackFilter.doFilter(org/torquebox/web/servlet/RackFilter.java:96) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(org/apache/catalina/core/ApplicationFilterChain.java:246) org.apache.catalina.core.ApplicationFilterChain.doFilter(org/apache/catalina/core/ApplicationFilterChain.java:214) org.torquebox.web.servlet.SendfileFilter.doFilter(org/torquebox/web/servlet/SendfileFilter.java:49) org.torquebox.web.servlet.SendfileFilter.doFilter(org/torquebox/web/servlet/SendfileFilter.java:33) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(org/apache/catalina/core/ApplicationFilterChain.java:246) org.apache.catalina.core.ApplicationFilterChain.doFilter(org/apache/catalina/core/ApplicationFilterChain.java:214) org.apache.catalina.core.StandardWrapperValve.invoke(org/apache/catalina/core/StandardWrapperValve.java:230) org.apache.catalina.core.StandardContextValve.invoke(org/apache/catalina/core/StandardContextValve.java:149) org.jboss.as.web.security.SecurityContextAssociationValve.invoke(org/jboss/as/web/security/SecurityContextAssociationValve.java:169) org.apache.catalina.core.StandardHostValve.invoke(org/apache/catalina/core/StandardHostValve.java:145) org.apache.catalina.valves.ErrorReportValve.invoke(org/apache/catalina/valves/ErrorReportValve.java:97) org.apache.catalina.core.StandardEngineValve.invoke(org/apache/catalina/core/StandardEngineValve.java:102) org.apache.catalina.connector.CoyoteAdapter.service(org/apache/catalina/connector/CoyoteAdapter.java:336) org.apache.coyote.http11.Http11Processor.process(org/apache/coyote/http11/Http11Processor.java:856) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(org/apache/coyote/http11/Http11Protocol.java:653) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(org/apache/tomcat/util/net/JIoEndpoint.java:920) java.lang.Thread.run(java/lang/Thread.java:745) 15:35:35,422 INFO [razor.web.log] (http-/0.0.0.0:8151-2) 127.0.0.1 - - [03/Feb/2017:15:35:35 -0600] "POST /api/commands/register-node " 500 30 0.0130 Our environment variables: profile.d # cat razor_env.sh # Razor Client Environment Variables export RAZOR_HOSTNAME=razor.lan.local export HTTP_PORT=8150 export HTTPS_PORT=8151 export RAZOR_API=https://localhost:8151/api PATH=$PATH:$HOME/bin:/opt/puppetlabs/puppet/bin Thank you for any assistance you can provide. Let me know if I should post a JIRA issue. Lenny -- You received this message because you are subscribed to the Google Groups "puppet-razor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/puppet-razor. For more options, visit https://groups.google.com/d/optout.
