Can't authenticate, getting 401 #100

Closed
laisoliveira opened this Issue Sep 13, 2013 · 5 comments

Comments

Projects
None yet
2 participants
@laisoliveira

I'm using a BetamaxHttpClient with the credentialsProvider needed to access my remote rest api.

DefaultHttpClient defaultHttpClient = new BetamaxHttpClient(recorder);
defaultHttpClient.setCredentialsProvider(credentialsProvider);

I noticed that TargetConnector is instantiated with a brand new DefaultHttpClient, so the request to my remote api is never executed with my http client and consequently without the credentials required, causing a 401 error.

I saw this issue robfletcher#48 , but it didn't help me much to figure out whether this is something that was supposed to work or not. I mean, is there a way to instantiate the TargetConnector with a custom http client (without extending BetamaxRequestDirector and BetamaxHttpClient ) ?

Have I done something wrong or missed something ?

Thanks

Laís

@robfletcher

This comment has been minimized.

Show comment Hide comment
@robfletcher

robfletcher Sep 16, 2013

Collaborator

I don't think you've done anything wrong I think this is a bug in the current functionality. That said the proxy should be passing request headers on on the TargetConnector. Are you using an Authorization header?

I'm currently working on a complete rewrite of the proxying functionality (hopefully using a proxy library rather than rolling my own). I'll add test coverage for this & ensure it's working.

Collaborator

robfletcher commented Sep 16, 2013

I don't think you've done anything wrong I think this is a bug in the current functionality. That said the proxy should be passing request headers on on the TargetConnector. Are you using an Authorization header?

I'm currently working on a complete rewrite of the proxying functionality (hopefully using a proxy library rather than rolling my own). I'll add test coverage for this & ensure it's working.

@laisoliveira

This comment has been minimized.

Show comment Hide comment
@laisoliveira

laisoliveira Oct 3, 2013

Hello Rob,

Sorry for the delay...

So, I'm not sending explicitly the Authorization header.

I'm not sure how HttpClient client works with its CredentialsProvider attribute, but perhaps by setting the CredentialsProvider the headers are created at some point further.

In a discussion with my colleagues, we explicitly added the Authorization header to the request and it worked as it should.
This workaround will do the job :)

I'm pretty interested to use betamax, I think it's great the work you've been doing.

Thanks

Hello Rob,

Sorry for the delay...

So, I'm not sending explicitly the Authorization header.

I'm not sure how HttpClient client works with its CredentialsProvider attribute, but perhaps by setting the CredentialsProvider the headers are created at some point further.

In a discussion with my colleagues, we explicitly added the Authorization header to the request and it worked as it should.
This workaround will do the job :)

I'm pretty interested to use betamax, I think it's great the work you've been doing.

Thanks

@robfletcher

This comment has been minimized.

Show comment Hide comment
@robfletcher

robfletcher Oct 4, 2013

Collaborator

You shouldn't need to explicitly set the header if you're using a CredentialsProvider. Take a look at this spec from the Betamax test suite: https://github.com/robfletcher/betamax/blob/master/betamax-proxy/src/test/groovy/co/freeside/betamax/BasicAuthSpec.groovy#L69

One thing it does do that maybe you're not is matching the tape based on headers as well as method and URI (just method & URI is the default). In that test it means 2 different recordings are made – one for each set of credentials.

Right now there's no way to only match on a particular header – it just checks they are all the same. There is an open issue for improving that, though – see #43

Glad you're finding Betamax useful!

Collaborator

robfletcher commented Oct 4, 2013

You shouldn't need to explicitly set the header if you're using a CredentialsProvider. Take a look at this spec from the Betamax test suite: https://github.com/robfletcher/betamax/blob/master/betamax-proxy/src/test/groovy/co/freeside/betamax/BasicAuthSpec.groovy#L69

One thing it does do that maybe you're not is matching the tape based on headers as well as method and URI (just method & URI is the default). In that test it means 2 different recordings are made – one for each set of credentials.

Right now there's no way to only match on a particular header – it just checks they are all the same. There is an open issue for improving that, though – see #43

Glad you're finding Betamax useful!

@robfletcher

This comment has been minimized.

Show comment Hide comment
@robfletcher

robfletcher Oct 4, 2013

Collaborator

Ah. One important difference is that you're using BetamaxHttpClient and that spec is using the proxy version. There is a good possibility that the translation of CredentialsProvider info into an Authorization header happens after I'm interecepting the request. I'll need to check that & fix it if there's a problem.

I need to convert some of the test coverage that's currently only running against the proxy into TCK style tests so that I can ensure both implementations are working correctly. I've created #108 to track that.

Collaborator

robfletcher commented Oct 4, 2013

Ah. One important difference is that you're using BetamaxHttpClient and that spec is using the proxy version. There is a good possibility that the translation of CredentialsProvider info into an Authorization header happens after I'm interecepting the request. I'll need to check that & fix it if there's a problem.

I need to convert some of the test coverage that's currently only running against the proxy into TCK style tests so that I can ensure both implementations are working correctly. I've created #108 to track that.

@laisoliveira

This comment has been minimized.

Show comment Hide comment
@laisoliveira

laisoliveira Dec 11, 2013

Thanks !

Thanks !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment