Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delegate system does not allow HTTP 401 responses with JSON-LD content #555

Closed
markmatney opened this issue Jan 15, 2022 · 2 comments
Closed

Delegate system does not allow HTTP 401 responses with JSON-LD content #555

markmatney opened this issue Jan 15, 2022 · 2 comments
Labels
bug
Milestone
5.0.6

Comments

@markmatney
Copy link

markmatney commented Jan 15, 2022
edited

I have implemented a minimal working example that demostrates this bug. Please see the commit message here for an explanation.

Steps to reproduce

  1. Build the delegate here: https://github.com/markmatney/sample-java-delegate/tree/all-or-nothing-access-mwe
  2. Run a local Cantaloupe with the delegate JAR on the classpath, according to the delegate README (and with the Cantaloupe config edited to point to a directory with test images)
  3. Request an info.json in your browser, using any of the Image API endpoints, until you get an HTTP 401 response (the delegate randomly cycles between 200 and 401)
  4. Note that for 401, an error page is returned (as was reported in Strange response #544, which this issue causes), but an info.json should be returned instead
  5. Also note that this issue occurs regardless of whether the authorization logic is in preAuthorize or in authorize

I was able to get the expected behavior (info.json returned with HTTP 401) by applying the following patch to 1d15800 (although I haven't tested it thoroughly):

diff --git a/src/main/java/edu/illinois/library/cantaloupe/resource/AbstractResource.java b/src/main/java/edu/illinois/library/cantaloupe/resource/AbstractResource.java
index 7b2c04e8d..7dab7ed32 100644
--- a/src/main/java/edu/illinois/library/cantaloupe/resource/AbstractResource.java
+++ b/src/main/java/edu/illinois/library/cantaloupe/resource/AbstractResource.java
@@ -364,6 +364,9 @@ public abstract class AbstractResource {
             if (code == 401) {
                 getResponse().setHeader("WWW-Authenticate",
                         info.getChallengeValue());
+                if (getRequestContext().getLocalURI().getPath().endsWith("info.json")) {
+                    return true;
+                }
             }
             throw new ResourceException(new Status(code));
         }

Edit: a better patch
@markmatney markmatney mentioned this issue Jan 25, 2022
Merged
markmatney pushed a commit to UCLALibrary/cantaloupe-auth-delegate that referenced this issue Feb 2, 2022
Use our Cantaloupe "nightly" image
06aba6e 
That image includes a downstream patch for
cantaloupe-project/cantaloupe#555
(which will hopefully be fixed upstream, but until then...)
markmatney pushed a commit to UCLALibrary/cantaloupe-auth-delegate that referenced this issue Feb 8, 2022
[IIIF-1182] Handle Sinai info.json requests (#12)
bff8529 
* Test against Cantaloupe's Image API 3 endpoint
* Use Cantaloupe Docker image that includes a downstream patch for 
  cantaloupe-project/cantaloupe#555
@adolski adolski added the bug label Mar 25, 2022
@adolski adolski added this to the 5.0.6 milestone Mar 25, 2022
adolski pushed a commit that referenced this issue Mar 25, 2022
Return JSON-LD in HTTP 4xx responses (#555)
c9aac75
@adolski
Copy link
Contributor

adolski commented Mar 25, 2022

Thanks for reporting this, @markmatney. This seems like a pretty glaring bug and it must have been an oversight. I just pushed a commit to the release/5.0 branch that forces all 4xx responses from information endpoints to JSON-LD. Please reopen if anything seems awry.

@adolski adolski closed this as completed Mar 25, 2022
@markmatney
Copy link
Author

Thank you!

@markmatney markmatney mentioned this issue Mar 30, 2022
Open
markmatney pushed a commit to UCLALibrary/cantaloupe that referenced this issue Apr 6, 2022
Revert "Return JSON-LD in HTTP 4xx responses (cantaloupe-project#555)"
a34e478 
This reverts commit c9aac75.
markmatney pushed a commit to UCLALibrary/cantaloupe that referenced this issue Jun 1, 2022
Revert "Return JSON-LD in HTTP 4xx responses (cantaloupe-project#555)"
017af48 
This reverts commit c9aac75.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
5.0.6
Development

No branches or pull requests
2 participants
@markmatney @adolski