You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi Vladimir,
Thanks for the answer
But I think the issue is not in the config of tomcat. When I'm connecting
from a web client not in the local system it works.
Or if I'm passing the Basic authentication in curl it works also.
The issue is that the indexer is not filling the 'Authorization: Basic <>' in
the request therefore it's rejected by tomcat.
Regards,
Shmuel
web: https://wdp.harchoma.org.il/
How does your authentication setup look like ? In the above mentioned wiki there is a piece of configuration that exempts the API end points (one of which is used by the indexer) from being subject to the authentication checks, specifically this part:
<security-constraint>
<web-resource-collection>
<web-resource-name>API endpoints are checked separately by the web app</web-resource-name>
<url-pattern>/api/*</url-pattern>
</web-resource-collection>
</security-constraint>
This is fine to do because OpenGrok performs checks of most of the API locations by itself (as is actually noted in the web resource name) - however see the rest of the configuration on the wiki.
My point is that the basic auth information should not be necessary for the indexer to successfully reach the web app, if everything is configured correctly.
Activity
vladak commentedon Mar 29, 2022
Is the indexer running on the same machine as the web app ? If yes, see https://github.com/oracle/opengrok/wiki/Authorization-based-on-HTTP-Basic-Authentication , in particular the part about passing API calls. If not, see the same plus https://github.com/oracle/opengrok/wiki/Web-services#authenticationauthorization
sbouhnik commentedon Mar 31, 2022
vladak commentedon Mar 31, 2022
How does your authentication setup look like ? In the above mentioned wiki there is a piece of configuration that exempts the API end points (one of which is used by the indexer) from being subject to the authentication checks, specifically this part:
This is fine to do because OpenGrok performs checks of most of the API locations by itself (as is actually noted in the web resource name) - however see the rest of the configuration on the wiki.
My point is that the basic auth information should not be necessary for the indexer to successfully reach the web app, if everything is configured correctly.