[SERVER-2917] Rest / HTTP interface not working with AUTH and command Created: 08/Apr/11  Updated: 12/Jul/16  Resolved: 19/Oct/11

Status: Closed
Project: Core Server
Component/s: HTTP Console
Affects Version/s: 1.8.1
Fix Version/s: 2.0.6, 2.1.0

Type: Bug Priority: Major - P3
Reporter: Gaetan Voyer-Perrault Assignee: Unassigned
Resolution: Done Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Linux 64-bit


Issue Links:
Depends
Duplicate
is duplicated by SERVER-4033 the most web stats pages show error m... Closed
is duplicated by SERVER-4128 the most web stats pages show error m... Closed
Related
Operating System: ALL
Participants:

 Description   

This bug happens both remote and localhost.

To repro:
---------
1. Configure single server with --rest and --auth.
2. Add a user to the admin Database.
> use admin
> db.addUser("theadmin", "anadminpassword")
3. Connect to HTTP UI from
3.a. local : http://localhost:28017
3.b. remote : http://1.2.3.4:28017

According to the documentation 3.a. should work and 3.b. should ask for authentication.
This works correctly.
http://www.mongodb.org/display/DOCS/Http+Interface#HttpInterface-HTTPConsoleSecurity

4. Use an admin-level command from the HTTP UI
4.a. local: http://localhost:28017/listDatabases
4.b. remote: http://1.2.3.4:28017/listDatabases

In both cases MongoDB is throwing the following exception:
"error loading page: unauthorized db:admin lock type:-1 client:(NONE)"

In the case of 4.a, no authentication request is made, the http request simply fails.



 Comments   
Comment by auto [ 10/May/12 ]

Author:

{u'login': u'', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

Message: SERVER-2917: REST interface now authenticate user to db when user successfully authenticates to web server

Signed-off-by: Eric Milkie <milkie@10gen.com>
Branch: v2.0
https://github.com/mongodb/mongo/commit/77db8a50cfd1825a5848f908bf2860c5495ba528

Comment by auto [ 19/Oct/11 ]

Author:

{u'login': u'TonyGen', u'name': u'Tony Hannan', u'email': u'tony@10gen.com'}

Message: SERVER-2917: REST interface now authenticate user to db when user successfully authenticates to web server
Branch: master
https://github.com/mongodb/mongo/commit/068cad4fbe97d9d004601cca08c5720c88acd8c9

Comment by Seamus Abshere [ 21/Apr/11 ]

Exact same situation, but through a proxy. 3.a works but 4.a doesn't work.

error loading page: unauthorized db:admin lock type:-1 client:(NONE)

... when I proxy 1.8.1 through apache2 (ubuntu 10.10) ...

<VirtualHost default:80>
ServerName x.y.z
CustomLog /var/log/apache2/mongodb.access.log combined

ProxyPass / http://localhost:28017/
<Location />
Order Deny,Allow
Allow from all
AuthName "mongo"
AuthType Digest
AuthDigestDomain /
AuthDigestProvider file
AuthUserFile /home/xyz/htdigest
Require valid-user
</Location>

DocumentRoot /var/www
</VirtualHost>

Generated at Thu Feb 08 03:01:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.