On Jul 14, 2009, at 3:05 PM, Steffen Busch wrote:
Unfortunately, I am not aware of Hmux when Resin is running behind
Apache or IIS.
Are there any further hints about the 401? The Q:quit is logged by
the Hmux Protocol.
I would expect something from com.caucho.server.security.* which
indicates a reason for the 401.
The hmux codes don't have anything to do with authentication.
The 's' is just the HTTP status line. Either Resin or the application
is calling sendError(401).
-- Scott
2009/7/14 Mktg. Incorporate Fast <m...@incorporatefast.com>
Hey Steffen,
Thanks once again for your time and help!
I enabled the additional log settings which provide some more data.
There are a couple of questionable items that I thought I may note:
1.) It now shows the content=length: 2882, and the post-data:
2760. Apparently the entire xml file is being read in two pieces
At the beginning of the incoming XML there is an initial READ, and
then at the end of the XML their is another READ, to get the last
couple of tags and closing XML tag.
2.) It is also showing that the incoming connection is content-
type=application/xml;. The read type of file is : text/html;
charset=utf-8.
The apparent last post by Google is a Q:quit, this is right before
the next log entry of "s 401 Authentication Failed."
I am guessing that the problem may be related to the incoming
content type as an application, and Q:quit.
Thanks again....Joey.
From: resin-interest-boun...@caucho.com [mailto:resin-interest-boun...@caucho.com
] On Behalf Of Steffen Busch
Sent: Tuesday, July 14, 2009 1:26 PM
To: General Discussion for the Resin application server
Subject: SPAM-LOW: Re: [Resin-interest] Google Checkout / Web Service
I think the content-type S text/html; charset=utf-8 is due to the
HTML answer of Resin for 401 Authentication Failed.
Usually the sequence of requests is like this:
1.) Request without authentication header or wrong authentication
supplied.
2.) Resin replies with 401 Unauthorized (actually I don't have a 3.1
instance to verify. 2.1 replies with 401 Unauthorized)
3.) New Request with authorization header.
I would recommed to enable a full debug logging for the web-app
(resin-web.xml):
<web-app xmlns="http://caucho.com/ns/resin"
xmlns:resin="http://caucho.com/ns/resin/core">
<!--
- Debug Logging with a heavily loaded format attribute to get
more information ...
-->
<log level="finest" path="WEB-INF/debug_${webApp.name}.log"
timestamp="[%H:%M:%S.%s] {%{thread}} "
format="[${app.contextPath}] ${log.level} $
{log.sourceClassName} (${log.sourceMethodName}) ${log.message}">
<logger name="com.caucho" level="finest"/>
</log>
</web-app
Maybe this can give further information about the underlying issue.
2009/7/14 Mktg. Incorporate Fast <m...@incorporatefast.com>
Hey Steffen,
Thank you, the authentication appears to be partially working .
However I am still having an issue. I am creating a webservice for
Google Checkout, as shown below. The Basic authentication appears
to now be working, as I can see from the log files, however, when
the incoming XML is received I am still getting an 401
authentication failed error. It is kind of strange because I am
seeing the following in the log file? Should the web service be
setup a different way within Resin to allow for a web service or is
it possible a problem that the incoming file is viewed by Resin as
"S text/html; charset=utf-8" , instead of "content-type=application/
xml; charset=UTF-8" which was sent by Google?
<<XML incoming from Google Checkout>>
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] start request
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] channel 1
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] U:uri /notification
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] m:method POST
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] c protocol: HTTP/1.0
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] v server-host: www.domain.com
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] g server-port: 80
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] h 74.125.64.136
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] i 74.125.64.136
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] j remote-port: 57305
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] q content-type=application/xml; charset=UTF-8
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H User-Agent=Google Checkout Notification Agent 1.0
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Authorization=Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Host=www.domain.com
[10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] p content-length=2882
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Via=1.1 proxy.google.com:80 (squid)
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H X-Forwarded-For=unknown
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Cache-Control=max-age=259200
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Connection=keep-alive
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H SCRIPT_URL=/notification
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H SCRIPT_URI=http://www.domain.com/notification
[10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] D post-data: 2882
[10:49:06.924] {hmux-127.0.0.1:6809-8$16874657}Dispatch '/
notification' to WebAppFilterChain[http://www.domain.com,
next=CacheFilterChain[null?null, next=SecurityFilterChain[]]]
[10:49:06.925]
{hmux-127.0.0.1:6809-8$16874657}SessionImpl[abcwZa9bhDI6b_OcDy6js,]
new
[10:49:06.925]
{hmux-127.0.0.1:6809-8$16874657}SessionImpl[abcwZa9bhDI6b_OcDy6js,]
create session
[10:49:06.925] {hmux-127.0.0.1:6809-8$16874657}basic: userID -> userID
[10:49:06.925] {hmux-127.0.0.1:6809-8$16874657}userID is in role:
resin
<<Then the following apparent error>>
[10:49:06.927] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] Q:quit
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] s 401 Authentication Failed.
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] M cpu-load
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] S 0
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Set-Cookie
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] S JSESSIONID=abcwZa9bhDI6b_OcDy6js; path=/
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] H Content-Type
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] S text/html; charset=utf-8
[10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] G
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] write-chunk(161)
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] D:data 161
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] data <<html>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<head><title>401
Authentication Failed.</title></head>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<body>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<h1>401
Authentication Failed.</h1>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<p /><hr />
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<small>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Resin/3.1.8
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}</small>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}</body></html>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] Q: quit channel
[10:49:06.930] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com:
8] complete request - keepalive
[10:49:06.930] {hmux-127.0.0.1:6809-8$16874657}Tcp[www.domain.com,8]
keepalive (thread)
Thanks very much for your help!
From: resin-interest-boun...@caucho.com [mailto:resin-interest-boun...@caucho.com
] On Behalf Of Steffen Busch
Sent: Tuesday, July 14, 2009 12:51 AM
To: General Discussion for the Resin application server
Subject: Re: [Resin-interest] Google Checkout
Hi Joey,
I don't have experience with Google Checkout integration with Resin,
but maybe I can still help a little bit.
First of all, do you know the content of Authorization-Header from
Google? Something like this:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
The above line contains the BASE64 value of user name "Aladdin",
password "open sesame".
If you put "QWxhZGRpbjpvcGVuIHNlc2FtZQ==" into a BASE64 decoder (for
example http://www.motobit.com/util/base64-decoder-encoder.asp) you
will receive: "Aladdin:open sesame".
If you receive a value that you already know and is your (afaik from
the google api doc) MERCHANT_ID:MERCHANT_KEY then you would need to
change the Resin Configuration to use BASIC auth-method and no
password-digest:
<authenticator type="com.caucho.server.security.XmlAuthenticator">
<init>
<password-digest-realm>none</password-digest-realm>
<user>userID:userPWD:resin</user>
</init>
</authenticator>
<login-config auth-method="BASIC"/>
<security-constraint url-pattern='/notification' role-name='resin'/>
You need to regenerate the userPWD with digest-realm of "none".
Hope this helps.
Regards,
Steffen
2009/7/14 Mktg. Incorporate Fast <m...@incorporatefast.com>
Hello,
I'm trying to integrate google checkout with Resin, and they require
BASIC HTML authentication on callback of XML posts.
<authenticator type="com.caucho.server.security.XmlAuthenticator">
<init>
<password-digest-realm>resin</password-digest-realm>
<password-digest>MD5-base64</password-digest>
<user>userID:userPWD:resin</user>
</init>
</authenticator>
<login-config auth-method="DIGEST"/>
<security-constraint url-pattern='/notification' role-name='resin'/>
It constantly fails with error of wrong password. I have created
the password as suggested in the Docs on caucho.com, however, the
encrypted password sent back by Google is slightly different. I
can't post those passwords becuase they are live passwords, so
instead I'll post to the Google Docs.
http://code.google.com/apis/checkout/developer/index.html#https_auth_scheme
Has anybody had success setting up Google Checkout to work with Resin?
Thanks
Joey.
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest
_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest