Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-1966

External REST calls without any authentication specified are now refused

    XMLWordPrintable

Details

    • Sprint 19

    Description

      External REST calls without any authentication specified are now refused.
      This is caused by http://sources.forgerock.org/changelog/openidm?cs=3424
      in this CR it says "make username/password required if auth : basic is specified "
      but even when I don't specify any authentication, then usrname/password is expected anyway.
      This does not seem good: some URL can be accessed without auth, so why forcing one?

      Here is a way to reproduce the problem and the results on 2 builds:

      r3421:

      $ curl --header "Content-Type: application/json" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin" --data '{"url":"http://echo.jsontest.com/key/value/one/two","method":"GET"}' --request POST "http://localhost:8080/openidm/external/rest?_action=proxy"
      {"one":"two","key":"value"}
      

      r3426:

      $ curl --header "Content-Type: application/json" --header "X-OpenIDM-Password: openidm-admin" --header "X-OpenIDM-Username: openidm-admin" --data '{"url":"http://echo.jsontest.com/key/value/one/two","method":"GET"}' --request POST "http://localhost:8080/openidm/external/rest?_action=proxy"
      {"code":500,"reason":"Internal Server Error","message":"/authenticate/user: Expecting a value"}
      

      Attachments

        Activity

          People

            brmiller Brendan Miller
            laurent.bristiel Laurent Bristiel [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: