Uploaded image for project: 'Couchbase Java Client'
  1. Couchbase Java Client
  2. JCBC-339

Couchbase java client ignores provided username and always use bucket as username during HTTP authorization step

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Won't Fix
    • Affects Version/s: 1.1.8
    • Fix Version/s: None
    • Component/s: Core
    • Security Level: Public
    • Labels:
      None
    • Environment:
      Server: CentOS 2.6.32 x86_64, Client: MacOS Darwin 12.4.0, Java 1.6

      Description

      new CouchbaseClient(servers, "default", "username", "password") doesn't honor provided username and always use bucket as username during HTTP authorization step.

      Outgoing request is:
      FINE: sun.net.www.MessageHeader@658f73867 pairs:

      {GET /pools HTTP/1.1: null} {Accept: application/json} {user-agent: Couchbase Java Client} {X-memcachekv-Store-Client-Specification-Version: 1.0} {Authorization: Basic ZGVmYXVsdDpwYXNzd29yZA==} {Host: 192.168.1.79:8091} {Connection: keep-alive}

      Text value of Authorization header corresponds to "Basic default:password", while it should be "Basic username:password"

      Therefore 401 unauthorized response received:
      sun.net.www.MessageHeader@92f1bf07 pairs:

      {null: HTTP/1.1 401 Unauthorized} {WWW-Authenticate: Basic realm="Couchbase Server Admin / REST"} {Server: Couchbase Server 2.1.0-718-rel-enterprise} {Pragma: no-cache} {Date: Wed, 31 Jul 2013 13:10:21 GMT} {Content-Length: 0} {Cache-Control: no-cache}

      The actual bug hides at line #131 of method com.couchbase.client.CouchbaseConnectionFactoryBuilder.buildCouchbaseConnection(final List<URI> baseList, final String bucketName, final String usr, final String pwd), wher usr parameter is not used anyhow and just ignored

      Or see it at:
      https://github.com/couchbase/couchbase-java-client/blob/master/src/main/java/com/couchbase/client/CouchbaseConnectionFactoryBuilder.java#L131

      No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

        Hide
        daschl Michael Nitschinger added a comment -

        Hi Sergey,

        that's intended and not an issue. This is because the "user" is currently not being used, you always need to use the bucket name as the user and the password.

        The only occasion where you dont get around with bucket level credentials is by adding/removing buckets, with the ClusterManager, and there you need to provide the admin creds.

        Makes sense?

        Show
        daschl Michael Nitschinger added a comment - Hi Sergey, that's intended and not an issue. This is because the "user" is currently not being used, you always need to use the bucket name as the user and the password. The only occasion where you dont get around with bucket level credentials is by adding/removing buckets, with the ClusterManager, and there you need to provide the admin creds. Makes sense?
        Hide
        sergey.bushik Sergey Bushik added a comment -

        Technically, I see extended signature which accepts bucket, username & password parameters. Even though the credentials are valid, it throws out error, which says nothing about username parameter usage, but...

        java.io.IOException: Server returned HTTP response code: 401 for URL: http://192.168.1.79:8091/pools
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436)
        at com.couchbase.client.vbucket.ConfigurationProviderHTTP.readToString(ConfigurationProviderHTTP.java:424)
        at com.couchbase.client.vbucket.ConfigurationProviderHTTP.readPools(ConfigurationProviderHTTP.java:210)
        at com.couchbase.client.vbucket.ConfigurationProviderHTTP.getBucketConfiguration(ConfigurationProviderHTTP.java:147)
        at com.couchbase.client.CouchbaseConnectionFactory.getVBucketConfig(CouchbaseConnectionFactory.java:229)
        at com.couchbase.client.CouchbaseClient.<init>(CouchbaseClient.java:241)
        Exception in thread "main" com.couchbase.client.vbucket.ConfigurationException: Configuration for bucket "default" was not found in server list (http://192.168.1.79:8091/pools).

        That's confusing. By the way, I debugged and found that it's possible to authenticate using bucket/username/password over HTTP (modified ConfigurationProviderHTTP).

        Show
        sergey.bushik Sergey Bushik added a comment - Technically, I see extended signature which accepts bucket, username & password parameters. Even though the credentials are valid, it throws out error, which says nothing about username parameter usage, but... java.io.IOException: Server returned HTTP response code: 401 for URL: http://192.168.1.79:8091/pools at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1436) at com.couchbase.client.vbucket.ConfigurationProviderHTTP.readToString(ConfigurationProviderHTTP.java:424) at com.couchbase.client.vbucket.ConfigurationProviderHTTP.readPools(ConfigurationProviderHTTP.java:210) at com.couchbase.client.vbucket.ConfigurationProviderHTTP.getBucketConfiguration(ConfigurationProviderHTTP.java:147) at com.couchbase.client.CouchbaseConnectionFactory.getVBucketConfig(CouchbaseConnectionFactory.java:229) at com.couchbase.client.CouchbaseClient.<init>(CouchbaseClient.java:241) Exception in thread "main" com.couchbase.client.vbucket.ConfigurationException: Configuration for bucket "default" was not found in server list ( http://192.168.1.79:8091/pools ). That's confusing. By the way, I debugged and found that it's possible to authenticate using bucket/username/password over HTTP (modified ConfigurationProviderHTTP).

          People

          • Assignee:
            daschl Michael Nitschinger
            Reporter:
            sergey.bushik Sergey Bushik
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Gerrit Reviews

              There are no open Gerrit changes