It looks like OpenJUMP may create wrong http headers if it is using http basic authentication without https.
If I give the WMS URL for a secured WMS server this way
https://username:password@server.com, then OpenJUMP is writing into http headers
Authorization: Basic [auth_string] and
Host: server.com
If I do not use https but
http://username:password@server.com, then OpenJUMP writes into http headers
Authorization: Basic [auth_string] and
Host: username:password@server.com
If proxy server captures the hostname from the headers then the latter case will fail. Fiddler2 proxy behaves this way. All proxy servers, like our company proxy, do not utilize the hostname which is announced it the headers so they do not have troubles. Basic auth is also usually used together with https so the issue is not so big.
Jukka,
I made an attempt to fix this problem in r3828, please check nothing is broken.
Here is the one line change :
https://sourceforge.net/p/jump-pilot/code/3828/tree//core/trunk/src/com/vividsolutions/wms/WMService.java?diff=51af43355fcbc9755abc401d:3827
Hi,
Made a test with r3854 by trying to add service with fake user/passwd from
http://demo.opengeo.org/geoserver/wms?
Hostname in headers seems to be "test:test@demo.opengeo.org"
GET http://test:test@demo.opengeo.org/geoserver/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetCapabilities HTTP/1.1
Authorization: Basic dGVzdDp0ZXN0
User-Agent: OpenJUMP 20131224 snapshot rev.3854 Java/1.7.0_45
Host: test:test@demo.opengeo.org
Accept: text/html, image/gif, image/jpeg, ; q=.2, /*; q=.2
Proxy-Connection: keep-alive
just tried with trunk.
use privoxy, enabled debugging
defined jre runtime parameters -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8118 -Dhttp.nonProxyHosts="localhost|host.mydomain.com" -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8118
results
header Host seems to be fine for https and http
header Authentification was missing for https requests
can someone confirm that https auth actually works?
..ede
uhm, Ede, do you think you can instruct what to do for testing (steps).
Means, I am not sure I understand which https auth part (of the OpenGeo
server or the OJ internal functions).
stefan
Am 04.01.14 15:36, schrieb ede:
Related
Bugs:
#327yes,
find a wms service that actually needs authentication and is accessible via https. try to use it with OJ.
probably Jukka's departement as he seems to be the most experienced wms user capable of setting up his own if need arises.
..ede
Hi,
Authentication with https and basic auth works. I do not undesrstand basic auth well enough for saying if there is a real problem or not. Here is the summary:
- basic auth + https works from OJ to WMS with direct connection
- basic auth + https works from OJ to WMS through a proxy server
- basic auth + http works from OJ to WMS with direct connection
- basic auth + http does work from OJ to WMS though some proxy servers, like our company proxy
- basic auth + http does not works from OJ to WMS though some other proxy servers, for example Fiddler2
It is possible that this in not a real problem but something related to Fiddler2.
-Jukka-
ede [edso@users.sf.net] wrote
yes,
find a wms service that actually needs authentication and is accessible via https. try to use it with OJ.
probably Jukka's departement as he seems to be the most experienced wms user capable of setting up his own if need arises.
..ede
[bugs:#327]http://sourceforge.net/p/jump-pilot/bugs/327/ Perhaps a minory bug in WMS http headers
Status: open
Created: Thu Jun 27, 2013 05:01 PM UTC by Jukka Rahkonen
Last Updated: Sat Jan 04, 2014 06:36 PM UTC
Owner: nobody
It looks like OpenJUMP may create wrong http headers if it is using http basic authentication without https.
If I give the WMS URL for a secured WMS server this way
https://username:password<UrlBlockedError.aspx>@server.com, then OpenJUMP is writing into http headers
Authorization: Basic [auth_string] and
Host: server.com
If I do not use https but
http://username:password<UrlBlockedError.aspx>@server.com, then OpenJUMP writes into http headers
Authorization: Basic [auth_string] and
Host: username:password@server.com
If proxy server captures the hostname from the headers then the latter case will fail. Fiddler2 proxy behaves this way. All proxy servers, like our company proxy, do not utilize the hostname which is announced it the headers so they do not have troubles. Basic auth is also usually used together with https so the issue is not so big.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/jump-pilot/bugs/327/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs:
#327i'm inclined to agree. so can we close this ticket as fixed?
..ede
PS: should we add https proxy settings to oj_windows.bat?
Oh yes. I am not sure if it is because of jre 7 or what, but nowadays I must set https_proxy separately. In earlier days http_proxy was used also for https automatically if the latter setting was missing.
Fixed.