Core Server
  1. Core Server
  2. SERVER-2917

Rest / HTTP interface not working with AUTH and command

      Details

      • Type: Bug Bug
      • Status: Closed Closed
      • Priority: Major - P3 Major - P3
      • Resolution: Fixed
      • Affects Version/s: 1.8.1
      • Fix Version/s: 2.0.6, 2.1.0
      • Component/s: HTTP Console
      • Labels:
        None
      • Environment:
        Linux 64-bit
      • Backport:
        Done
      • Operating System:
        ALL
      • # Replies:
        3
      • Last comment by Customer:
        false

        Description

        This bug happens both remote and localhost.

        To repro:
        ---------
        1. Configure single server with --rest and --auth.
        2. Add a user to the admin Database.
        > use admin
        > db.addUser("theadmin", "anadminpassword")
        3. Connect to HTTP UI from
        3.a. local : http://localhost:28017
        3.b. remote : http://1.2.3.4:28017

        According to the documentation 3.a. should work and 3.b. should ask for authentication.
        This works correctly.
        http://www.mongodb.org/display/DOCS/Http+Interface#HttpInterface-HTTPConsoleSecurity

        4. Use an admin-level command from the HTTP UI
        4.a. local: http://localhost:28017/listDatabases
        4.b. remote: http://1.2.3.4:28017/listDatabases

        In both cases MongoDB is throwing the following exception:
        "error loading page: unauthorized db:admin lock type:-1 client:(NONE)"

        In the case of 4.a, no authentication request is made, the http request simply fails.

          Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. SERVER-4033 the most web stats pages show error message

          • Minor - P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed - The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.

          Bug - A problem which impairs or prevents the functions of the product. SERVER-4128 the most web stats pages show error message (also after update to 2.0.1)

          • Minor - P4 - Minor loss of function, or other problem where easy workaround is present.
          • Closed - The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.

            Activity

            Ascending order - Click to sort in descending order
            • Comments
            Hide
            Permalink
            Seamus Abshere             added a comment -

            Exact same situation, but through a proxy. 3.a works but 4.a doesn't work.

            error loading page: unauthorized db:admin lock type:-1 client:(NONE)

            ... when I proxy 1.8.1 through apache2 (ubuntu 10.10) ...

            <VirtualHost default:80>
            ServerName x.y.z
            CustomLog /var/log/apache2/mongodb.access.log combined

            ProxyPass / http://localhost:28017/
            <Location />
            Order Deny,Allow
            Allow from all
            AuthName "mongo"
            AuthType Digest
            AuthDigestDomain /
            AuthDigestProvider file
            AuthUserFile /home/xyz/htdigest
            Require valid-user
            </Location>

            DocumentRoot /var/www
            </VirtualHost>

            Show
            Seamus Abshere             added a comment - Exact same situation, but through a proxy. 3.a works but 4.a doesn't work. error loading page: unauthorized db:admin lock type:-1 client:(NONE) ... when I proxy 1.8.1 through apache2 (ubuntu 10.10) ... <VirtualHost default :80> ServerName x.y.z CustomLog /var/log/apache2/mongodb.access.log combined ProxyPass / http://localhost:28017/ <Location /> Order Deny,Allow Allow from all AuthName "mongo" AuthType Digest AuthDigestDomain / AuthDigestProvider file AuthUserFile /home/xyz/htdigest Require valid-user </Location> DocumentRoot /var/www </VirtualHost>
            Hide
            Permalink
            auto             added a comment -

            Author:

            {u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

            Message: SERVER-2917: REST interface now authenticate user to db when user successfully authenticates to web server
            Branch: master
            https://github.com/mongodb/mongo/commit/068cad4fbe97d9d004601cca08c5720c88acd8c9

            Show
            auto             added a comment - Author: {u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'} Message: SERVER-2917 : REST interface now authenticate user to db when user successfully authenticates to web server Branch: master https://github.com/mongodb/mongo/commit/068cad4fbe97d9d004601cca08c5720c88acd8c9
            Hide
            Permalink
            auto             added a comment -

            Author:

            {u'login': u'', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

            Message: SERVER-2917: REST interface now authenticate user to db when user successfully authenticates to web server

            Signed-off-by: Eric Milkie <milkie@10gen.com>
            Branch: v2.0
            https://github.com/mongodb/mongo/commit/77db8a50cfd1825a5848f908bf2860c5495ba528

            Show
            auto             added a comment - Author: {u'login': u'', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'} Message: SERVER-2917 : REST interface now authenticate user to db when user successfully authenticates to web server Signed-off-by: Eric Milkie <milkie@10gen.com> Branch: v2.0 https://github.com/mongodb/mongo/commit/77db8a50cfd1825a5848f908bf2860c5495ba528

              People

              • Votes:
                2 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since reply:
                  1 year, 48 weeks, 6 days ago
                  Date of 1st Reply: