Re: [Resin-interest] SPAM-LOW: Re: Google Checkout / Web Service

Tue, 14 Jul 2009 17:18:41 -0700 


On Jul 14, 2009, at 3:05 PM, Steffen Busch wrote:
Unfortunately, I am not aware of Hmux when Resin is running behind Apache or IIS. Are there any further hints about the 401? The Q:quit is logged by the Hmux Protocol. I would expect something from com.caucho.server.security.* which indicates a reason for the 401. 

The hmux codes don't have anything to do with authentication.
The 's' is just the HTTP status line. Either Resin or the application is calling sendError(401). 

-- Scott




2009/7/14 Mktg. Incorporate Fast <m...@incorporatefast.com>
Hey Steffen,

Thanks once again for your time and help!
I enabled the additional log settings which provide some more data. There are a couple of questionable items that I thought I may note:
1.) It now shows the content=length: 2882, and the post-data: 2760. Apparently the entire xml file is being read in two pieces
At the beginning of the incoming XML there is an initial READ, and then at the end of the XML their is another READ, to get the last couple of tags and closing XML tag.
2.) It is also showing that the incoming connection is content- type=application/xml;. The read type of file is : text/html; charset=utf-8.
The apparent last post by Google is a Q:quit, this is right before the next log entry of "s 401 Authentication Failed."
I am guessing that the problem may be related to the incoming content type as an application, and Q:quit. 

Thanks again....Joey.
From: resin-interest-boun...@caucho.com [mailto:resin-interest-boun...@caucho.com ] On Behalf Of Steffen Busch 
Sent: Tuesday, July 14, 2009 1:26 PM
To: General Discussion for the Resin application server
Subject: SPAM-LOW: Re: [Resin-interest] Google Checkout / Web Service
I think the content-type S text/html; charset=utf-8 is due to the HTML answer of Resin for 401 Authentication Failed. 
Usually the sequence of requests is like this:
1.) Request without authentication header or wrong authentication supplied. 2.) Resin replies with 401 Unauthorized (actually I don't have a 3.1 instance to verify. 2.1 replies with 401 Unauthorized) 
3.) New Request with authorization header.
I would recommed to enable a full debug logging for the web-app (resin-web.xml): 

<web-app xmlns="http://caucho.com/ns/resin";
         xmlns:resin="http://caucho.com/ns/resin/core";>

  <!--
- Debug Logging with a heavily loaded format attribute to get more information ... 
  -->
  <log level="finest" path="WEB-INF/debug_${webApp.name}.log"
       timestamp="[%H:%M:%S.%s] {%{thread}} "
format="[${app.contextPath}] ${log.level} $ {log.sourceClassName} (${log.sourceMethodName}) ${log.message}"> 
    <logger name="com.caucho" level="finest"/>
  </log>

</web-app

Maybe this can give further information about the underlying issue.



2009/7/14 Mktg. Incorporate Fast <m...@incorporatefast.com>
Hey Steffen,
Thank you, the authentication appears to be partially working . However I am still having an issue. I am creating a webservice for Google Checkout, as shown below. The Basic authentication appears to now be working, as I can see from the log files, however, when the incoming XML is received I am still getting an 401 authentication failed error. It is kind of strange because I am seeing the following in the log file? Should the web service be setup a different way within Resin to allow for a web service or is it possible a problem that the incoming file is viewed by Resin as "S text/html; charset=utf-8" , instead of "content-type=application/ xml; charset=UTF-8" which was sent by Google? 

<<XML incoming from Google Checkout>>
[10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] start request [10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] channel 1 [10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] U:uri /notification [10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] m:method POST [10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] c protocol: HTTP/1.0 [10:49:06.917] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] v server-host: www.domain.com [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] g server-port: 80 [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] h 74.125.64.136 [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] i 74.125.64.136 [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] j remote-port: 57305 [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] q content-type=application/xml; charset=UTF-8 [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H User-Agent=Google Checkout Notification Agent 1.0 [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Authorization=Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Host=www.domain.com [10:49:06.918] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] p content-length=2882 [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Via=1.1 proxy.google.com:80 (squid) [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H X-Forwarded-For=unknown [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Cache-Control=max-age=259200 [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Connection=keep-alive [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H SCRIPT_URL=/notification [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H SCRIPT_URI=http://www.domain.com/notification [10:49:06.919] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] D post-data: 2882 [10:49:06.924] {hmux-127.0.0.1:6809-8$16874657}Dispatch '/ notification' to WebAppFilterChain[http://www.domain.com, next=CacheFilterChain[null?null, next=SecurityFilterChain[]]] [10:49:06.925] {hmux-127.0.0.1:6809-8$16874657}SessionImpl[abcwZa9bhDI6b_OcDy6js,] new [10:49:06.925] {hmux-127.0.0.1:6809-8$16874657}SessionImpl[abcwZa9bhDI6b_OcDy6js,] create session 
[10:49:06.925] {hmux-127.0.0.1:6809-8$16874657}basic: userID -> userID
[10:49:06.925] {hmux-127.0.0.1:6809-8$16874657}userID is in role: resin 



<<Then the following apparent error>>
[10:49:06.927] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] Q:quit [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] s 401 Authentication Failed. [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] M cpu-load [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] S 0 [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Set-Cookie [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] S JSESSIONID=abcwZa9bhDI6b_OcDy6js; path=/ [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] H Content-Type [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] S text/html; charset=utf-8 [10:49:06.928] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] G [10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] write-chunk(161) [10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] D:data 161 [10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] data <<html> [10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<head><title>401 Authentication Failed.</title></head> 
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<body>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<h1>401 Authentication Failed.</h1> 
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<p /><hr />
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}<small>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Resin/3.1.8
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}</small>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}</body></html>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}>
[10:49:06.929] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] Q: quit channel [10:49:06.930] {hmux-127.0.0.1:6809-8$16874657}Hmux[www.domain.com: 8] complete request - keepalive [10:49:06.930] {hmux-127.0.0.1:6809-8$16874657}Tcp[www.domain.com,8] keepalive (thread) 


Thanks very much for your help!
From: resin-interest-boun...@caucho.com [mailto:resin-interest-boun...@caucho.com ] On Behalf Of Steffen Busch 
Sent: Tuesday, July 14, 2009 12:51 AM
To: General Discussion for the Resin application server
Subject: Re: [Resin-interest] Google Checkout

Hi Joey,
I don't have experience with Google Checkout integration with Resin, but maybe I can still help a little bit. First of all, do you know the content of Authorization-Header from Google? Something like this: 


Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
The above line contains the BASE64 value of user name "Aladdin", password "open sesame". If you put "QWxhZGRpbjpvcGVuIHNlc2FtZQ==" into a BASE64 decoder (for example http://www.motobit.com/util/base64-decoder-encoder.asp) you will receive: "Aladdin:open sesame".
If you receive a value that you already know and is your (afaik from the google api doc) MERCHANT_ID:MERCHANT_KEY then you would need to change the Resin Configuration to use BASIC auth-method and no password-digest: 


<authenticator type="com.caucho.server.security.XmlAuthenticator">
  <init>
    <password-digest-realm>none</password-digest-realm>
    <user>userID:userPWD:resin</user>
  </init>
</authenticator>
<login-config auth-method="BASIC"/>
<security-constraint url-pattern='/notification' role-name='resin'/>

You need to regenerate the userPWD with digest-realm of "none".

Hope this helps.

Regards,
Steffen



2009/7/14 Mktg. Incorporate Fast <m...@incorporatefast.com>
Hello,
I'm trying to integrate google checkout with Resin, and they require BASIC HTML authentication on callback of XML posts. 

<authenticator type="com.caucho.server.security.XmlAuthenticator">
  <init>
    <password-digest-realm>resin</password-digest-realm>
    <password-digest>MD5-base64</password-digest>
    <user>userID:userPWD:resin</user>
  </init>
</authenticator>
<login-config auth-method="DIGEST"/>
<security-constraint url-pattern='/notification' role-name='resin'/>
It constantly fails with error of wrong password. I have created the password as suggested in the Docs on caucho.com, however, the encrypted password sent back by Google is slightly different. I can't post those passwords becuase they are live passwords, so instead I'll post to the Google Docs. 

http://code.google.com/apis/checkout/developer/index.html#https_auth_scheme

Has anybody had success setting up Google Checkout to work with Resin?

Thanks

Joey.

_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest


_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest



_______________________________________________
resin-interest mailing list
resin-interest@caucho.com
http://maillist.caucho.com/mailman/listinfo/resin-interest

Reply via email to