На 12.06.11 15:14, Bauersachs Ingo написа:
I took a quick look and this seems to be a non-trivial bug introduced
with the HttpUtils in April.
Basically the Provisioning-Service doesn't use standard
HTTP-Basic-Auth but posts the username/password as form fields. This
causes the standard auth handling of HttpUtils to fail.
Unless I am misunderstanding, that behaviour was in the provisioning
service from the very start.
My recommendation would be to change to Provisioning-Service to use
standard HTTP-Basic-Auth instead of "posting" the login data. This
would be more in line with normal http requests anyway, because
currently we're posting login data even if we're not asked for them.
We don't need to change the Provisioning Service in order to have that.
We only send the user name and the password in the post request if they
are part of the provisioning URI entered by the user. Apparently, this
is required by some provisioning systems which is why we included it.
This doesn't explain the problem described by Chris though. Chris, could
you please open an issue? We'll have a look.
Seb, you recently worked on the Provisioning-Service: What do you
think? (and of course all others too).
[mailto:firstname.lastname@example.org] Sent: Samstag, 11. Juni 2011 11:19 To:
email@example.com Subject: [jitsi-dev] HTTP provisioning bug Hi,
It seems to me there is a bug in HTTP provisioning. I enabled it
by entering the following URI into Manual Provisioning URI field:
index.php always returns 401 Unauthorized:
-----Original Message----- From: firstname.lastname@example.org
<?php header('HTTP/1.0 401 Unauthorized'); echo "Access denied" ?>
Now when I start Jitsi it prompts for a username and password and
when I click "OK" it POSTs to the web server which returns 401
response. Jitsi instead of showing a message like "Incorrect
username and/or password. Please try again." launches a "DoS
attack" again a web server and starts an infinite loop with empty
Please see HTTP trace log here: http://pastebin.com/EGtR2UcJ
The same happens if "Cancel" button is pressed.
Emil Ivov, Ph.D. 67000 Strasbourg,
Project Lead France
email@example.com PHONE: +22.214.171.124.43.30
http://jitsi.org FAX: +126.96.36.199.47.31