Hi Bharat, the credentials you supply in the setCredentials method should be set automatically for any local databases (those not specified with a URL) in the replication request. If they aren't, that's a regression in CouchDB.
We don't assume that the same credentials will be valid for remote databases. I suppose we could consider patching CouchDB to supply the credentials from the replication request on a 401 Unauthorized challenge from a remote server, but I think the current behavior is probably less surprising. I'm not sure I want CouchDB sharing my username and password with a remote server when I don't explicitly authorize that. Best, Adam On May 1, 2010, at 6:49 PM, Bharat wrote: > Hi Adam, yes if you specify username and password in the source and target, > it works fine. > > replicate(http://username:p...@localhost > :5984/sourceDB, http://username:p...@localhost:5984/targetDB, false); > > My question was, why it doesnt work by just setting "setCredentials" method > like I am doing for all get, put etc methods? Shouldnt it take care of auth > so we dont have to pass usr/pass again in the post body? Because if I use > above approach, I have to specify URls along with source and target DB which > causes replication to slow down(which I can get around by using pull > replication though). > > Thanks! > > On Sat, May 1, 2010 at 6:21 AM, Adam Kocoloski <[email protected]> wrote: > >> Hi Bharat, if your source or target DB requires authorization and is >> specified using a URL, you need to include the credentials in the POST body. >> Is that the problem? >> >> Adam >> >> On Apr 30, 2010, at 7:35 PM, Bharat wrote: >> >>> back to this. >>> >>> Looks like authentication works for mostly all other requests but not >>> replication which is using a HttpPost object. Anyone seeing this >> behavior? >>> Again pretty striaght fwd code, using the same auth (after killing my >> login >>> ServerImpl instance): >>> >>> ServerImpl service = new ServerImpl(sourceUrl); >>> Credentials credentials = new >>> UsernamePasswordCredentials("username", "password"); >>> AuthScope authScope = new AuthScope(sourceUrl, port, >> "_admin"); >>> service.setCredentials(authScope, credentials); >>> >>> ReplicationInfo repInfo = service.replicate(sourceDbName, >>> targetDbName, false); >>> ---------------------- >>> >>> I see this in the logs: >>> >>> [debug] [<0.2228.0>] 'POST' /_replicate {1,1} >>> Headers: [{'Connection',"Keep-Alive"}, >>> {'Content-Encoding',"UTF-8"}, >>> {'Content-Length',"44"}, >>> {'Content-Type',"application/json"}, >>> {'Host',"localhost:5984"}] >>> [debug] [<0.2228.0>] OAuth Params: [] >>> [debug] [<0.2246.0>] Not a reader: UserCtx {user_ctx,null,[],undefined} >> vs >>> Names [<<"username">>] Roles [<<"_admin">>] >>> [error] [<0.2246.0>] {error_report,<0.30.0>, >>> {<0.2246.0>,crash_report, >>> [[{initial_call,{couch_rep,init,['Argument__1']}}, >>> {pid,<0.2246.0>}, >>> {registered_name,[]}, >>> {error_info, >>> {exit, >>> {bad_return_value, >>> {unauthorized, >>> <<"You are not authorized to access this db.">>}}, >>> [{gen_server,init_it,6},{proc_lib,init_p_do_apply,3}]}}, >>> {ancestors, >>> >>> [couch_rep_sup,couch_primary_services,couch_server_sup,<0.31.0>]}, >>> {messages,[]}, >>> {links,[<0.80.0>]}, >>> {dictionary,[]}, >>> {trap_exit,true}, >>> {status,running}, >>> {heap_size,987}, >>> {stack_size,24}, >>> {reductions,326}], >>> []]}} >>> >>> =CRASH REPORT==== 30-Apr-2010::16:28:14 === >>> crasher: >>> initial call: couch_rep:init/1 >>> pid: <0.2246.0> >>> registered_name: [] >>> exception exit: {bad_return_value, >>> {unauthorized, >>> <<"You are not authorized to access this >>> db.">>}} >>> in function gen_server:init_it/6 >>> ancestors: [couch_rep_sup,couch_primary_services,couch_server_sup, >>> <0.31.0>] >>> messages: [] >>> links: [<0.80.0>] >>> dictionary: [] >>> trap_exit: true >>> status: running >>> heap_size: 987 >>> stack_size: 24 >>> reductions: 326 >>> neighbours: >>> [error] [<0.2228.0>] Uncaught error in HTTP request: {error, >>> {case_clause, >>> {error, >>> {bad_return_value, >>> {unauthorized, >>> <<"You are not authorized to access >>> this db.">>}}}}} >>> [info] [<0.2228.0>] Stacktrace: [{couch_rep,start_replication_server,1}, >>> {couch_rep,replicate,2}, >>> {couch_httpd_misc_handlers,handle_replicate_req,1}, >>> {couch_httpd,handle_request_int,5}, >>> {mochiweb_http,headers,5}, >>> {proc_lib,init_p_do_apply,3}] >>> [info] [<0.2228.0>] 127.0.0.1 - - 'POST' /_replicate 500 >>> [debug] [<0.2228.0>] httpd 500 error response: >>> {"error":"case_clause","reason":"{error,\n {bad_return_value,\n >>> {unauthorized,<<\"You are not authorized to access this db.\">>}}}"} >>> ------------------------------------ >>> >>> On Wed, Apr 28, 2010 at 1:09 PM, Bharat <[email protected]> wrote: >>> >>>> Perfect James. >>>> Thats what I was missing. Uncommenting WWW-authenticate and passing that >> as >>>> a realm, works. >>>> >>>> Thanks guys. >>>> >>>> On Wed, Apr 28, 2010 at 1:00 PM, James Marca < >> [email protected]>wrote: >>>> >>>>> Perhaps try passing the "authority" key when setting the AuthScope? >>>>> >>>>> Example: >>>>> >>>>> my /etc/couchdb/local.ini has: >>>>> >>>>> ... >>>>> [httpd] >>>>> ; Uncomment next line to trigger basic-auth popup on unauthorized >>>>> requests. >>>>> WWW-Authenticate = Basic realm="administrator" >>>>> ... >>>>> >>>>> >>>>> My code in a test case looks as follows: >>>>> >>>>> >>>>> ... >>>>> private static final String TESTDB_AUTHORITY = "administrator"; >>>>> ... >>>>> >>>>> @Before >>>>> public void setUp() throws Exception { >>>>> // load couchdb properties >>>>> >>>>> >> props.load(getClass().getClassLoader().getResource(DB_PROPERTIES).openStream()); >>>>> >>>>> ... >>>>> >>>>> dbname =props.getProperty("couchdb.db.dbname",TESTDB_NAME); >>>>> user =props.getProperty("couchdb.db.user"); >>>>> pass =props.getProperty("couchdb.db.password"); >>>>> authority >>>>> =props.getProperty("couchdb.db.authority",TESTDB_AUTHORITY); >>>>> >>>>> ... >>>>> } >>>>> >>>>> >>>>> >>>>> then later, I create dbs as follows...note the authority in AuthScope >> new >>>>> call >>>>> >>>>> public static Database createDatabaseForTest() >>>>> { >>>>> // Load couchdb properties >>>>> Server server = new ServerImpl(host,port); >>>>> if(user != null && pass !=null) { >>>>> AuthScope as = new AuthScope(host, port, authority); >>>>> Credentials c = new UsernamePasswordCredentials(user, pass); >>>>> server.setCredentials(as,c); >>>>> } >>>>> >>>>> List<String> databases = server.listDatabases(); >>>>> >>>>> log.debug("databases = " + databases); >>>>> >>>>> ... >>>>> >>>>> } >>>>> >>>>> Hope that helps, >>>>> James >>>>> >>>>> >>>>> >>>>> On Wed, Apr 28, 2010 at 10:33:31AM -0700, Bharat wrote: >>>>>> I am trying to use jcouchdb api for authenticating against my couchdb >>>>>> instance(0.11). I have set the admin usr/pass in futon and in addition >>>>>> specified ADMIN and READER on the DB I am trying to access so only >>>>> people >>>>>> with correct credentials can access/view the DB. >>>>>> >>>>>> My code is pretty simple and directly using ServerImpl and its >>>>>> setCredentials and get method: >>>>>> >>>>>> ------------------------- >>>>>> ServerImpl service = new ServerImpl("localhost"); >>>>>> Credentials credentials = >>>>>> new UsernamePasswordCredentials(<usr>, <pass>); >>>>>> AuthScope authScope = new AuthScope("http://localhost";, 5984); >>>>>> >>>>>> service.setCredentials(authScope, credentials); >>>>>> >>>>>> Response res = service.get(/<database>); >>>>>> ----------------------------- >>>>>> >>>>>> But everytime I do this, I keep getting http 401 in my response. Is >>>>> there >>>>>> something I am missing or not setting correctly? >>>>>> >>>>>> I know its not exactly a couchdb question but there is very little to >> no >>>>>> documentation available so thought I ll try here. >>>>>> >>>>>> Thanks! >>>>> >>>>> -- >>>>> This message has been scanned for viruses and >>>>> dangerous content by MailScanner, and is >>>>> believed to be clean. >>>>> >>>>> >>>> >> >>
