Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Basic authentication configuration

Help
Duarte
2012-10-24
2014-02-24
  • Duarte
    Duarte
    2012-10-24

    Hi,

    I'm a bit confused as to how I'm supposed to enable basic authentication, in section 5.9 of the User Guide for v3.1 the parameters embedded.webserver.basic.auth.username and embedded.webserver.basic.auth.password are mentioned but these don't seem to be listed on appendix B.

    With a bit more investigation I've noticed that in the release notes for 3.0.0 there is a reference to http://www.symmetricds.org/issues/view.php?id=548 which states these parameters don't actually configure the node to require basic auth.

    So my question is, how do I enable basic auth?

    Thank you in advance,

    Duarte

     
  • Duarte
    Duarte
    2012-11-19

    Anyone using basic auth at all, any help would be greatly appreciated?

     
  • Chris Henson
    Chris Henson
    2012-11-19

    Configuration for this feature was lost somewhere along the way. I'll enter a bug to add it back in. In the meantime you could create your own version of SymmetricLauncher.java to setBasicAuthPassword and setBasicAuthUsername on SymmetricWebServer.java before the server is started.

    http://www.symmetricds.org/issues/view.php?id=918

     
  • Duarte
    Duarte
    2012-11-21

    Thanks Chris, the bug is marked as resolved in 3.2.0, is that still on schedule for release at the end of the month?

     
  • John Carter
    John Carter
    2012-11-21

    Hi Chris,

    Duarte and I also set http.push.stream.output.enabled=true (to address out of heap space errors), the comments suggest that basic auth might not work with this setting. Is this the case?

    Thanks,

    John.

     
  • Chris Henson
    Chris Henson
    2012-11-21

    Running a bit behind on 3.2. Shooting for the end of the month still, but it might slip into December.

    I don't remember the history of the comment about basic auth possibly not working. If you test, let me know.

    If you want to test you can use the latest snapshot from here (version number hasn't been incremented)

    http://snapshots.repository.codehaus.org/org/jumpmind/symmetric/symmetric-assemble/3.1.10-SNAPSHOT/

     
  • John Carter
    John Carter
    2012-11-22

    Hi Chris,

    Tried the snapshot, http auth settings work when http.push.stream.output.enabled=true.

    The logs are a little cryptic, i.e. this is the only error I found when a push failed due to wrong credentials:

    2012-11-22 00:46:18,073 ERROR [startup] [SymmetricServlet] [qtp15531576-23] No handlers were found to handle the request /push from the host 192.168.137.13 with an ip address of 192.168.137.13. The query string was: nodeId=46422660dd6a424e51868079a009c6f7369a78c5&securityToken=7c0c62674e7a20c6d9e27191d81e7d&hostName=sym13.merutest.com&ipAddress=192.168.137.13

    On the recipient of the push the logs are more informative.

    There's also a problem when using https for the sync and registration URLs - the server side always assumes a http connection:

    2012-11-22 00:01:38,645 WARN [idm-f9cb6c36c4c5fd7c5046a446311cb1b9b6bfedc6] [PushService] [idm-f9cb6c36c4c5fd7c5046a446311cb1b9b6bfedc6-push-6] There was an error whil
    e pushing data to the server
    2012-11-22 00:01:39,153 WARN [idm-f9cb6c36c4c5fd7c5046a446311cb1b9b6bfedc6] [PushService] [idm-f9cb6c36c4c5fd7c5046a446311cb1b9b6bfedc6-push-7] Could not communicate w
    ith node 'idm:46422660dd6a424e51868079a009c6f7369a78c5:46422660dd6a424e51868079a009c6f7369a78c5' at https://sym13.merutest.com:31415/sync because of unexpected error
    org.jumpmind.exception.IoException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at org.jumpmind.symmetric.transport.http.HttpOutgoingTransport.requestReservation(HttpOutgoingTransport.java:142)
    at org.jumpmind.symmetric.transport.http.HttpOutgoingTransport.getSuspendIgnoreChannelLists(HttpOutgoingTransport.java:211)
    at org.jumpmind.symmetric.service.impl.DataExtractorService.extract(DataExtractorService.java:306)
    at org.jumpmind.symmetric.service.impl.PushService.pushToNode(PushService.java:174)
    at org.jumpmind.symmetric.service.impl.PushService.execute(PushService.java:144)
    at org.jumpmind.symmetric.service.impl.NodeCommunicationService$2.run(NodeCommunicationService.java:236)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
    at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
    at org.jumpmind.symmetric.transport.http.HttpOutgoingTransport.requestReservation(HttpOutgoingTransport.java:140)
    ... 8 more

    Thanks,

    John.

     
  • John Carter
    John Carter
    2012-11-22

    Hi Chris, please ignore my SSL comment - I was using the wrong config file.

    John.

     
  • Binyamin
    Binyamin
    2014-02-06

    How can we implementing our own logic for authentication of each client node to server? Please give a clue towards it, if possible.

     
  • Eric Long
    Eric Long
    2014-02-24

    It looks like basic authentication has changed in the latest 3.5 version of SymmetricDS. Here is how to configure basic authentication with the standalone SymmetricDS server. Perform these steps on your root SymmetricDS server:

    1. At the bottom of your existing web/WEB-INF/web.xml file, add a security constraint by adding the following lines:

      <security-constraint>
      <web-resource-collection>
      <url-pattern>/sync/*</url-pattern>
      </web-resource-collection>
      <auth-constraint>
      <role-name>node</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>default</realm-name>
      </login-config>

    2. Create a file named jetty-web.xml to the web/WEB-INF folder. This will add a login service handler.

    <Configure class="org.eclipse.jetty.webapp.WebAppContext">
    <Get name="securityHandler">
    <Set name="loginService">
    <New class="org.eclipse.jetty.security.HashLoginService">
    <Set name="name">default</Set>
    <Set name="config"><SystemProperty name="user.dir" default="."/>/../web/WEB-INF/realm.properties</Set>
    </New>
    </Set>
    </Get>
    </Configure>

    1. Create a file named realm.properties file in the web/WEB-INF folder. This file contains the usernames and passwords needed by nodes to authenticate. It uses the format of "user: password, role".

    node: secret,node
    node2: secret2,node

    For your SymmetricDS client nodes, the documented steps remain the same, where you add the following properties to their properties file:

    http.basic.auth.username=node
    http.basic.auth.password=secret