I am sending requests to Elasticsearch over HTTP from a Java client using Jest. Since my requests must traverse the public Internet, I am using an Nginx proxy in front of Elasticsearch to provide SSL and HTTP Basic Auth. However, I don't see a way to set HTTP Basic Auth credentials with Jest.
Is it possible to use HTTP Basic Auth with Jest? If so how?
HTTP basic auth can be sent as a header.
String authHeader = "Basic " + new String(Base64.encodeBase64(String.format("%s:%s", username, password).getBytes()));
Index index = new Index.Builder(json)
.index(indexName)
.type(type)
.id(id)
.setHeader("Authorization", authHeader)
.build();
JestResult result = client.execute(index);
Related
I am having trouble getting the path and body into an AWS Lambda using AWS API Gateway. It works on Chrome with security disabled, but once I deploy the front end to S3, the path and body do not show up in the event that is sent to the Lambda. Here is the log from when I send locally:
And here is the log from when I send it with Chrome security enabled:
With Chrome security enabled, I get the following response:
"Access to XMLHttpRequest at 'https://1jlcspd2re.execute-api.us-east-1.amazonaws.com/genecab-bracket-optimizer' from origin 'http://www.genecab.com.s3-website-us-east-1.amazonaws.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status."
The JSON payload looks the same on both requests. Here are the headers and payload from when I send with Chrome security disabled:
And with Chrome security enabled:
I have the following CORS configuration on the AWS API Gateway:
Any help would be appreciated.
After searching extensively, I discovered that I have to return an Access-Control-Allow-Origin header when the httpMethod=OPTIONS on the request. Here is my java code:
MyLambdaResponse lambdaResponse = new MyLambdaResponse();
Map<String, String> headers = new HashMap<>();
headers.put("Access-Control-Allow-Origin", "*");
lambdaResponse.setHeaders(headers);
if (input!=null) {
if(input.toString().contains("httpMethod=OPTIONS")) {
return lambdaResponse;
}
}
Is it possible to use digest auth in jmeter.
When server answers 401 with auth header
(etc: WWW_Authenticate :SP Digest realm="SD Digest Authentication Realm", qop="auth", nonce="MTYyNTE2Mjc5MDE4NDo0ZTQ0NWJjM2Y0MWQ4OGFlMzQyODRmMjEzNWViMTYwNQ==")
on the first request from client and then client must resend original request with properly formed auth headers?
I try to use HTTP Authorization Manager with http client 4, but no luck.
Jmeter does not send any auth header and does not repeat original request.
Try removing this / from "Domain" section, I don't think it's applicable for Digest authentication, it's more for NTLM and/or Kerberos. But given server sends proper WWW-Authenticate header even given wrong HTTP Authorization Manager configuration you should be seeing the Authorization request header
Apart from this I cannot reproduce your issue using simple Apache web server with mod_auth_digest
What I want to do
Calling an URL which is proxied by the oauth2 proxy. The oauth2 proxy should perform an authorization code flow in case no authentication is available. In case there is already an authentication available, the access token should be set to the Authorization Header in the request which is forwarded to the upstream.
What I tried
According to the documentation I'd expect that, when setting --pass-authorization-header the token which is requested should be added to the authorization header.
I also experimented with --pass-access-token which should set an X-Forwarded-Access-Token header.
I couldn't see this header at my service either.
Could someone explain to me what I'm doing wrong?
I found the solution.
This post on a github issue lead me to my mistake.
I did misunderstand what the request is and what the response is and how to handle them using nginx ingresses.
If you are using OAuth2-Proxy with a Kubernetes ingress using nginx subrequests (https://kubernetes.github.io/ingress-nginx/examples/auth/oauth-external-auth/) the data that comes back to nginx is actually an HTTP response, so you will need to use HTTP Response headers (the --pass-* options configure request headers to the upstream).
Try --set-authorization-header and then you need to use this annotation to have the Kubernetes take the subrequest response header and add it to the proxied request header: nginx.ingress.kubernetes.io/auth-response-headers
https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#external-authentication
I have a Spring MVC server that provides a bunch of REST endpoints as well as a websocket endpoint. Everything except the login endpoint requires authentication. I'm using JWT to authenticate requests coming from the client.
When the user logs in I'm returning an X-AUTH-TOKEN header, containing the JWT token. This token is then passed in the same header on every request to the server. This all works fine for the REST endpoints, but I can't figure out how to do this on the websocket.
I'm using SockJS, and when I open the connection:
var socket = new SockJS('/socket/updates', null, {});
This causes a GET request to /socket/updates/info?t=xxx which returns a 403 (as everything requires auth by default).
Ideally I'd simply send my X-AUTH-TOKEN header on any XHR requests SockJS makes, but I can't see any way of adding headers looking at the API.
Worst case I can change SockJS to do this, but I'm wondering whether this functionality has been deliberately left out? I know SockJS doesn't support cookies for security reasons but that's not what I'm trying to do.
Also, for the sake of a test I did allow the info endpoint to have anonymous access but then it 403's on a bunch of other endpoints - it feels more elegant to simply pass in auth details on these requests than poke holes in my server security.
Any help appreciated.
Cheers
You cannot set the header from SockJS. Not because SockJS does not have this functionality, but because browser makers don't expose this API to Javascript. See:
https://github.com/sockjs/sockjs-client/issues/196
For a workaround, see JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket.
client side:
stompClient.connect({headername:header}, function () {
setConnected(true);
stompClient.subscribe(request.topic, function (message) {
output(message.body);
});
});
server side :
StompHeaderAccessor accessor
= MessageHeaderAccessor.getAccessor(message, StompHeaderAccessor.class);
String headervalue= accessor.getNativeHeader("your header name").get(0);
I use jersey 1.7. My client communicates with server over HTTPS. I figured out that HTTPS connection is established for each different request (URL). I would like to keep the same connection for multiple requests during specific period of time. I configure the client as it is describe in https://blogs.oracle.com/enterprisetechtips/entry/consuming_restful_web_services_with and send request via WebResource.Builder
public Response post(String actionName, Request request) {
WebResource webResource = rwsClient.resource( serverURL + actionName);
WebResource.Builder requestBuilder = webResource.accept(MediaType.APPLICATION_XML_TYPE);
Response response = requestBuilder.post(Request.class, request);
return response;
}
Connections from HTTP 1.1 requests are considered persistent unless declared otherwise.
If your client is making HTTP 1.0 request, they can pass the header "Connection: Keep-Alive"
Then you have to look at the connection timeout settings of your web servers. For Apache 2.2 for example, it is very low at only 5 seconds by default. Check your web server documentation.