jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignasi <ignasi.barr...@gmail.com>
Subject Re: Details logs for the exception
Date Wed, 15 May 2013 21:05:44 GMT
Hi Lisbeth,

The AuthorizationException you get, is raised because the Chef server is
returning a "401 Unauthorized" response, which is caused by a request
having invalid credentials.

The way authentication works in Chef [1] is by signing the request and
adding a set of headers with the signature, a timestamp, and a few more
fields. All those headers are validated by the Chef server in order to
decide if the request is authorized or not. In your case, it seems that the
request that arrives to the Chef server does not contain the appropriate
values in the headers.

The class that adds those headers to each http request sent to the Chef
server is the SignedHeaderAuth class [2]. This class is invoked before
sending any http request. There is also a unit test class [3] that verifies
that the signatures are being properly generated, so if that test succeeds,
the problem may not be in the signature generation. Anyway, it is worth
checking it.

If the issue is not in the signature generation, then is might be in the
code executed between the signature is generated and the request is
actually sent. If you want to take a look at this, the class that sends the
request is the JavaUrlHttpCommandExecutorService [4], in the jclouds core.

It is also a good idea, as Adrian suggested, to turn on the wire and trace
logs, as they will output the request (and the headers) that are being sent.


HTH

Ignasi


[1] http://docs.opscode.com/auth_authentication.html
[2]
https://github.com/jclouds/jclouds-chef/blob/master/core/src/main/java/org/jclouds/chef/filters/SignedHeaderAuth.java
[3]
https://github.com/jclouds/jclouds-chef/blob/master/core/src/test/java/org/jclouds/chef/filters/SignedHeaderAuthTest.java
[4]
https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/internal/JavaUrlHttpCommandExecutorService.java


On 15 May 2013 22:56, Lisbeth Arriaza <larriaza@us.ibm.com> wrote:

> Hello,
>
> You had mentioned that the issue may be related to the signature not being
> generated properly .  Can you please provide a link to the code that
> generates the signature?  We need to see how this application is calling
> the IBM JVM APIs.
>
> Thanks.
> Best regards,
>
> *Lisbeth Arriaza*
> Java Security Support
> IBM Security Compliance (IAM)
> IBM Security Systems Division
> *
> Submit and manage your PMRs online 24x7 using **IBM Service Request.*<http://ibm.co/we5tJ1>
> ------------------------------
>  *Phone:* +502 2410 4366*
> E-mail:* *larriaza@us.ibm.com* <larriaza@us.ibm.com>
> [image: IBM] <http://www.ibm.com/supportportal>
>
>
>
>
>
> From:        Ignasi <ignasi.barrera@gmail.com>
> To:        user@jclouds.incubator.apache.org,
> Cc:        George Moberly <george@opscode.com>, Vijay K Sukthankar <
> vksuktha@in.ibm.com>, Lisbeth Arriaza/Fairfax/Contr/IBM@IBMUS
> Date:        05/15/2013 11:10 AM
> Subject:        Re: Details logs for the exception
> ------------------------------
>
>
>
> Re-reading the old thread, if the tests in the SignedHeaderAuthTest pass,
> the problem shouldn't be in the signature.
>
> Follow Adrian's advice and turn on the wire logs to see the exact request
> that is being sent. Also take a look at this class [1]. It is the one that
> actually performs the http requests. Maybe the jvm specific issues are
> caused there.
>
> [1] *
> https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/internal/JavaUrlHttpCommandExecutorService.java
> *<https://github.com/jclouds/jclouds/blob/master/core/src/main/java/org/jclouds/http/internal/JavaUrlHttpCommandExecutorService.java>
>
> El 15/05/2013 18:40, "Ignasi" <*ignasi.barrera@gmail.com*<ignasi.barrera@gmail.com>>
> escribió:
> The thing here is that there is no specific code that directly causes
> that stacktrace.
> All requests to a chef server must have the headers signed (that is
> how authentication works in chef), and that signature is not being
> generated properly with your JRE. That's why the Chef server rejects
> the request.
>
> As told in the old thread, you can check this by running the
> SignedHeaderAuthTest class.
> What comes to my mind, is to run and debug that test class with a JVM
> that works and with your JVM, to try find and isolate where the
> generated signatures differ, so you can see what the JVMs are doing
> different
>
>
> On 15 May 2013 18:32, Rahul Nema <*rahulnema@in.ibm.com*<rahulnema@in.ibm.com>>
> wrote:
> > Hi,
> >
> > So I am running this code(Java) inside eclipse using a stand-alone java
> file
> > and added jClouds Jar as dependency. Correct Ignasi supported us last
> time
> > as well.
> >
> > Yes this code works in other level of JRE so it is a specific problem
> with
> > this version of JRE but we need to solve this one as it is with the
> product
> > which we are integrating with so no JRE change allowed.
> >
> > My question is so How can I get more details log such that we can track
> the
> > exact Java class which is causing the issue or the component which leads
> to
> > this.
> >
> > Do I need to add some property which I run the java program which i use
> to
> > connect.
> >
> > this is the code which I use today
> >
> >  context = ContextBuilder.newBuilder("chef") //
> >                     .endpoint(endpoint) //
> >                     .credentials(client, credentialForClient(credsDir,
> > client)) //
> >                     .buildView(ChefContext.class);
> >
> > I feel github has all the java files can you please look into the flow
> and
> > let me know. I passed the link to the java support team but they were not
> > able to get it in the flow.
> >
> >
> > With warm  regards,
> >  ------------------------------------------------------------
> > Rahul Nema,
> > Tivoli Group
> > IBM-India Software Lab,Pune
> > Mo: *+91-9860254300* <%2B91-9860254300>
> > ------------------------------------------------------------
> >
> >
> >
> > From:        Ignasi <*ignasi.barrera@gmail.com*<ignasi.barrera@gmail.com>
> >
> > To:        *user@jclouds.incubator.apache.org*<user@jclouds.incubator.apache.org>
> ,
> > Cc:        Lisbeth Arriaza <*larriaza@us.ibm.com* <larriaza@us.ibm.com>>,
> George Moberly
> > <*george@opscode.com* <george@opscode.com>>, Vijay K
> Sukthankar/India/IBM@IBMIN
> > Date:        05/15/2013 09:56 PM
> > Subject:        Re: Details logs for the exception
> > ________________________________
> >
> >
> >
> > I remember the issue [1], and with other JREs it worked fine.
> > This [2] is the class that generates the signature for each request.
> > Maybe you can debug it or add some extra traces to see what's going
> > on.
> >
> >
> > [1] *https://groups.google.com/d/msg/jclouds/KXPHgHxxQXg/V_EfNFpV3jcJ*<https://groups.google.com/d/msg/jclouds/KXPHgHxxQXg/V_EfNFpV3jcJ>
> > [2]
> > *
> https://github.com/jclouds/jclouds-chef/blob/master/core/src/main/java/org/jclouds/chef/filters/SignedHeaderAuth.java
> *<https://github.com/jclouds/jclouds-chef/blob/master/core/src/main/java/org/jclouds/chef/filters/SignedHeaderAuth.java>
> >
> > On 15 May 2013 18:23, Adrian Cole <*adrian.f.cole@gmail.com*<adrian.f.cole@gmail.com>>
> wrote:
> >> can you run the same command with a different JRE and log the category
> >> "jclouds.headers" at DEBUG or TRACE?
> >>
> >>
> >> On Wed, May 15, 2013 at 9:17 AM, Rahul Nema <*rahulnema@in.ibm.com*<rahulnema@in.ibm.com>>
> wrote:
> >>>
> >>> Hi,
> >>>
> >>> I am getting this exception when using IBM JRE of a specific version.
> It
> >>> seems to be a problem with the JRE but the support team need more logs
> >>> and
> >>> java component which is causing this issue.
> >>>
> >>> Can you please help us providing some details of which Java Security
> >>> components we call and also how can we get exact java stack trace for
> the
> >>> problem .
> >>>
> >>> This urgent a component release blocked because of this error.
> >>>
> >>>
> >>>
> >>>
> >>> With warm  regards,
> >>>  ------------------------------------------------------------
> >>> Rahul Nema,
> >>> Tivoli Group
> >>> IBM-India Software Lab,Pune
> >>> Mo: *+91-9860254300* <%2B91-9860254300>
> >>> ------------------------------------------------------------
> >>
> >>
> >
> >
>
>

Mime
  • Unnamed multipart/related (inline, None, 0 bytes)
View raw message