On 10 February 2017 at 15:20, Vavricka <[email protected]> wrote:
> Hi, > > I successfully managed to connect to the Java Broker's REST API by Basic > Authentication using curl and Jersey framework. > > cURL command: > > curl -v -u admin:admin > http://localhost:8080/api/latest/queue/default/default/test.queue > > Java code: > > HttpAuthenticationFeature feature = HttpAuthenticationFeature. > basic("admin", > "admin"); > Client client = ClientBuilder.newClient(); > client.register(feature); > client.register(JsonProcessingFeature.class); > WebTarget target = > client.target(UriBuilder.fromUri("http://localhost/api/ > latest/queue/default/default/test.queue").port(8080).build()); > Response response = > target.request(APPLICATION_JSON).post(Entity.json("{}")); > > > But when I try to connect using SASL I always get 401 (Unauthorized) > status. > cURL command and Java code used for SASL connection below. > > cURL command: > > curl -v --digest -u admin:admin > http://localhost:8080/api/latest/queue/default/default/test.queue > > Java code: > > HttpAuthenticationFeature feature = > HttpAuthenticationFeature.digest("admin", "admin"); > Client client = ClientBuilder.newClient(); > client.register(feature); > client.register(JsonProcessingFeature.class); > WebTarget target = > client.target(UriBuilder.fromUri("http://localhost/api/ > latest/queue/default/default/test.queue").port(8080).build()); > Response response = > target.request(APPLICATION_JSON).post(Entity.json("{}")); > > I also tried to use HttpAuthenticationFeature feature = > HttpAuthenticationFeature.universal("admin", "admin"); with no success > (401 > status). > > Am I doing something wrong? > I think there is some confusion here.. From the code above, the difference appears to be the use of "DIGEST" rather than "BASIC" HTTP authentication (see https://tools.ietf.org/html/rfc7616 and https://tools.ietf.org/html/rfc7617 respectively). Neither of these provide a mechanism for general purpose SASL-like functionality whereby the authentication process may take multiple steps (rather than just a simple challenge/response interaction). For the HTTP connections in the Java Broker, the BASIC mechanism can be used for all authentication managers that use username/password style credentials - but by default will only be made available over TLS-secured connections. The Java Broker does not support DIGEST authentication for any authentication manager. There is a special servlet that the Broker implements which allows a mult-step authentication process for using the SASL mechanisms directly, but I would probably advise against using it. In general I would suggest that REST API calls should be made over a secure (TLS) connection and authenticated with the BASIC mechanism). Hope this helps, Rob > > Vavricka > > > > -- > View this message in context: http://qpid.2158936.n2.nabble. > com/Java-Broker-SASL-connection-to-REST-API-tp7659042.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
