#327 Perhaps a minory bug in WMS http headers

closed-fixed
nobody
None
5
2014-11-18
2013-06-27
Jukka Rahkonen
No

It looks like OpenJUMP may create wrong http headers if it is using http basic authentication without https.
If I give the WMS URL for a secured WMS server this way
https://username:password@server.com, then OpenJUMP is writing into http headers
Authorization: Basic [auth_string] and
Host: server.com

If I do not use https but
http://username:password@server.com, then OpenJUMP writes into http headers
Authorization: Basic [auth_string] and
Host: username:password@server.com

If proxy server captures the hostname from the headers then the latter case will fail. Fiddler2 proxy behaves this way. All proxy servers, like our company proxy, do not utilize the hostname which is announced it the headers so they do not have troubles. Basic auth is also usually used together with https so the issue is not so big.

Related

Bugs: #327

Discussion

  • Jukka Rahkonen
    Jukka Rahkonen
    2014-01-04

    Hi,

    Made a test with r3854 by trying to add service with fake user/passwd from
    http://demo.opengeo.org/geoserver/wms?

    Hostname in headers seems to be "test:test@demo.opengeo.org"

    GET http://test:test@demo.opengeo.org/geoserver/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetCapabilities HTTP/1.1
    Authorization: Basic dGVzdDp0ZXN0
    User-Agent: OpenJUMP 20131224 snapshot rev.3854 Java/1.7.0_45
    Host: test:test@demo.opengeo.org
    Accept: text/html, image/gif, image/jpeg, ; q=.2, /*; q=.2
    Proxy-Connection: keep-alive

     
  • ede
    ede
    2014-01-04

    just tried with trunk.

    use privoxy, enabled debugging
    defined jre runtime parameters -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8118 -Dhttp.nonProxyHosts="localhost|host.mydomain.com" -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8118

    results
    header Host seems to be fine for https and http
    header Authentification was missing for https requests

    can someone confirm that https auth actually works?

    ..ede

     
    • mentaer
      mentaer
      2014-01-04

      uhm, Ede, do you think you can instruct what to do for testing (steps).
      Means, I am not sure I understand which https auth part (of the OpenGeo
      server or the OJ internal functions).

      stefan

      Am 04.01.14 15:36, schrieb ede:

      just tried with trunk.

      use privoxy, enabled debugging
      defined jre runtime parameters -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8118 -Dhttp.nonProxyHosts="localhost|host.mydomain.com" -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8118

      results
      header Host seems to be fine for https and http
      header Authentification was missing for https requests

      can someone confirm that https auth actually works?

      ..ede


      [bugs:#327] Perhaps a minory bug in WMS http headers

      Status: open
      Created: Thu Jun 27, 2013 05:01 PM UTC by Jukka Rahkonen
      Last Updated: Sat Jan 04, 2014 05:27 PM UTC
      Owner: nobody

      It looks like OpenJUMP may create wrong http headers if it is using http basic authentication without https.
      If I give the WMS URL for a secured WMS server this way
      https://username:password@server.com, then OpenJUMP is writing into http headers
      Authorization: Basic [auth_string] and
      Host: server.com

      If I do not use https but
      http://username:password@server.com, then OpenJUMP writes into http headers
      Authorization: Basic [auth_string] and
      Host: username:password@server.com

      If proxy server captures the hostname from the headers then the latter case will fail. Fiddler2 proxy behaves this way. All proxy servers, like our company proxy, do not utilize the hostname which is announced it the headers so they do not have troubles. Basic auth is also usually used together with https so the issue is not so big.


      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/jump-pilot/bugs/327/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #327

  • ede
    ede
    2014-01-04

    yes,

    find a wms service that actually needs authentication and is accessible via https. try to use it with OJ.

    probably Jukka's departement as he seems to be the most experienced wms user capable of setting up his own if need arises.

    ..ede

     
    • Jukka Rahkonen
      Jukka Rahkonen
      2014-01-04

      Hi,

      Authentication with https and basic auth works. I do not undesrstand basic auth well enough for saying if there is a real problem or not. Here is the summary:
      - basic auth + https works from OJ to WMS with direct connection
      - basic auth + https works from OJ to WMS through a proxy server
      - basic auth + http works from OJ to WMS with direct connection
      - basic auth + http does work from OJ to WMS though some proxy servers, like our company proxy
      - basic auth + http does not works from OJ to WMS though some other proxy servers, for example Fiddler2

      It is possible that this in not a real problem but something related to Fiddler2.

      -Jukka-


      ede [edso@users.sf.net] wrote

      yes,

      find a wms service that actually needs authentication and is accessible via https. try to use it with OJ.

      probably Jukka's departement as he seems to be the most experienced wms user capable of setting up his own if need arises.

      ..ede


      [bugs:#327]http://sourceforge.net/p/jump-pilot/bugs/327/ Perhaps a minory bug in WMS http headers

      Status: open
      Created: Thu Jun 27, 2013 05:01 PM UTC by Jukka Rahkonen
      Last Updated: Sat Jan 04, 2014 06:36 PM UTC
      Owner: nobody

      It looks like OpenJUMP may create wrong http headers if it is using http basic authentication without https.
      If I give the WMS URL for a secured WMS server this way
      https://username:password<UrlBlockedError.aspx>@server.com, then OpenJUMP is writing into http headers
      Authorization: Basic [auth_string] and
      Host: server.com

      If I do not use https but
      http://username:password<UrlBlockedError.aspx>@server.com, then OpenJUMP writes into http headers
      Authorization: Basic [auth_string] and
      Host: username:password@server.com

      If proxy server captures the hostname from the headers then the latter case will fail. Fiddler2 proxy behaves this way. All proxy servers, like our company proxy, do not utilize the hostname which is announced it the headers so they do not have troubles. Basic auth is also usually used together with https so the issue is not so big.


      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/jump-pilot/bugs/327/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       

      Related

      Bugs: #327

  • ede
    ede
    2014-01-04

    It is possible that this in not a real problem but something related to Fiddler2.

    i'm inclined to agree. so can we close this ticket as fixed?

    ..ede

    PS: should we add https proxy settings to oj_windows.bat?

     
  • Jukka Rahkonen
    Jukka Rahkonen
    2014-01-04

    Oh yes. I am not sure if it is because of jre 7 or what, but nowadays I must set https_proxy separately. In earlier days http_proxy was used also for https automatically if the latter setting was missing.

     
  • Jukka Rahkonen
    Jukka Rahkonen
    2014-11-17

    • status: open --> closed-fixed
     
  • Jukka Rahkonen
    Jukka Rahkonen
    2014-11-17

    Fixed.