Hi All
I am trying to use the Openedge.Web.WebRequest class to access header data passed in on a request.
I want to do this as part of the HybridRealm class so i can use the header data as part of the authentication.
My code syntax checks but when it runs in the PAS it causes all sorts of errors and hangs the PAS e.g.
11:35:20.727/4438 [localhost-startStop-1] WARN com.progress.appserv.Prop - Using default value for minAgents: 0
11:35:20.727/4438 [localhost-startStop-1] WARN com.progress.appserv.Prop - Using default value for agentStartLimit: 1
11:35:20.727/4438 [localhost-startStop-1] WARN com.progress.appserv.Prop - Development Server is limited to 1 agent
11:35:20.727/4438 [localhost-startStop-1] WARN com.progress.appserv.Prop - Development Server is limited to 5 concurrent requests
11:35:20.727/4438 [localhost-startStop-1] WARN com.progress.appserv.Prop - Using default value for agentWatchdogTimeout: 3000
11:35:22.765/6476 [localhost-startStop-1] WARN c.p.appserv.IdleResourceWatchdog - Idle resource watchdog disabled
11:35:57.268/40979 [4nPvP1wJQPG6VaguLVow1A-agent-watchdog] WARN c.p.appserv.PoolMgt.AgentWatchdog - AgentWatchdog(4nPvP1wJQPG6VaguLVow1A) : agent 8xs80egKSgeSmtbUd939Pw PID= 8572 has terminated.
11:35:57.280/40991 [catalina-exec-1] ERROR com.progress.appserv.Session - LocalSession(kUghJ_zEQcOgS6-AKRBf9Q) : error occurred while reading a message readMsg() = java.net.SocketException: Socket operation on nonsocket: recv failed:Socket operation on nonsocket: recv failed. (18300)
11:35:57.281/40992 [catalina-exec-1] WARN com.progress.appserv.Agent - TcpAgentConnectionPool(W6FMmO2DSXy0Hc3fJbi5Cw) : removeAgentConnection() failed to remove connection : size= 0 max= 1
11:35:57.281/40992 [catalina-exec-1] ERROR com.progress.appserv.Session - LocalSession(kUghJ_zEQcOgS6-AKRBf9Q) : an error occurred while reading response message = java.net.SocketException: Socket operation on nonsocket: recv failed:Socket operation on nonsocket: recv failed. (18296)
11:35:57.299/41010 [catalina-exec-1] ERROR c.p.a.s.s.OERealmUserDetailsImpl - Username load error for ibs re: Realm o4gl error: com.progress.open4gl.Open4GLException: Communication layer message: General Error: READPACKET IOException : com.progress.appserv.broker.exception.BrokerException$NetworkException: Agent (NetworkError[java.net.SocketException: Socket operation on nonsocket: recv failed : Error reading message for (kUghJ_zEQcOgS6-AKRBf9Q) = Socket operation on nonsocket: recv failed]:Agent). (7175)
11:35:57.300/41011 [catalina-exec-1] WARN c.p.a.s.security.OERealmAuthProvider - User not found: ibs
Code attached.
[View:/cfs-file/__key/communityserver-discussions-components-files/19/SmartHybridRealm.cls:320:240]
Thanks
Christian.
Hi Christian,
As Peter mentioned, the calls to HybridRealm does not pass any of the WebRequest objects. What is your use-case and what headers would you like to pass it to HybridRealm ?
Hi Ifran
That is strange because i am sure i did have this working..
Also if i add the same code in the pasoe_activate procedure it crashes as well e.g.
The use case for being able to access this information is that i want ti use 2FA as part of the authentication process.
The Hybridrealm only checks the username and password as sent in the basic authentication header but i want the client to send a TOTP token as well in a separate header so i can validate this as well.
Christian.
Its a bit more nuanced.
If i try and use the following code:
ASSIGN oRequest = NEW Openedge.Web.WebRequest().
MESSAGE "Secret Key: " oRequest:GetHeader("secretkey").
in the pasoe_activate procedure just after the PAS has started then this crashes the PAS.
If i add this code in after a sucessful request then i start to see the secretkey appear in the log files and the PAS behaves normally.
This looks like a bug to me and i suspect this is the same issue with the HybridRealm.cls.
[View:/cfs-file/__key/communityserver-discussions-components-files/19/pasoe_5F00_activate.p:320:240]
Should it not be available in the Hybridrealm as well?
HybridRealm class only gets executed by OERealmAuthProvider class from Spring and this is an internal appserver call. So for this call, it should not have any WEB-CONTEXT related information AFAIK.
For a use-case where you wanted to pass headers instead of user-id you go for CustomAuthoriization. It will allow you to pass header information like 'Authorization' in the Custom Authorization class( a flavor of HybridRealm).
Hi Irfan
Could you provide an example of how to do this?
Thanks
Christian.
Hi Christian,
Please find attached the oeablSecurity.properties file that uses customAuthorization configuration. The use-case, that I have used here is to send a token using Authorization header which has schema 'Bearer' and validate that token in my CustomAuthorization class.Also, I have attached my CustomAuthorization class that validates the token.
Mike Jacobs gave a presentation on using 2FA with PASOE. I would recommend going through that presentation. Here is the link - http://pugchallenge.org/downloads2017/TwoFactorAuthn-PUG2017-2.pptx
[View:/cfs-file/__key/communityserver-discussions-components-files/19/oeablSecurity.properties:320:240][View:/cfs-file/__key/communityserver-discussions-components-files/19/CustomAuthorization.cls:320:240]