[
https://issues.apache.org/jira/browse/GEODE-2212?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dan Smith updated GEODE-2212:
-----------------------------
Assignee: (was: Mark Bretl)
> gfsh http authentication fails when routed through a proxy
> ----------------------------------------------------------
>
> Key: GEODE-2212
> URL: https://issues.apache.org/jira/browse/GEODE-2212
> Project: Geode
> Issue Type: Bug
> Components: core, gfsh
> Reporter: Ben Moss
>
> We encountered a bug with Geode that only reveals itself when routing
> requests through the a proxy that modifies HTTP headers to standardize them
> in title case format.
> gfsh uses the security-username and security-password headers to pass
> authentication credentials to the locator, but what we saw is that when these
> go through our proxy and are turned into Security-Username /
> Security-Password, we can no longer authenticate.
> This request emulates what gfsh executes when you run "list members" with an
> HTTP connection:
> {code:none}
> curl http://$LOCATOR_IP/gemfire/v1/members -H "security-username: admin" -H
> "security-password: admin"
> {code}
> This request emulates what gets sent when going through our proxy. This
> should be the same but will fail:
> {code:none}
> curl http://$LOCATOR_IP/gemfire/v1/members -H "Security-Username: admin" -H
> "Security-Password: admin"
> {code}
> We narrowed the bug down to [these
> lines|https://github.com/apache/geode/blob/bd229d7681376a11ba2e37747e48844ffe65584c/geode-core/src/main/java/org/apache/geode/management/internal/web/controllers/support/LoginHandlerInterceptor.java#L99-L111].
> The HTTP spec specifies that headers should treated as case-insensitive but
> it looks like Geode is only capable of working with lower-case versions of
> these headers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
