WA Authentication

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

WA Authentication

Sean P. DeNigris
Administrator
When I do:
  h := (WADispatcher default handlerAt: 'status').
  h configuration addParent: WAAuthConfiguration instance.
  h preferenceAt: #login put: 'admin'.
  h preferenceAt: #passwordHash put: (GRPlatform current secureHashFor: '123').
  h addFilter: WAAuthenticationFilter new.
per [1] and [2], I get a 404 on a ZnRequest(GET /favicon.ico). This is possibly similar to [3], but there didn't seem to be a resolution...

I tried this with a few of the built-in handlers, all with the same result. How do I fix this?

Thanks,
Sean

[1] http://book.seaside.st/book/advanced/deployment/deployment-preparing
[2] http://forum.world.st/odd-difference-in-behavior-when-using-WADispatcher-register-tp4637392p4637407.html
[3] http://forum.world.st/Apache-and-virtual-host-td96448.html#a96452
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
I get a 404 on a ZnRequest(GET /favicon.ico)

Update: I saved the favicon.ico bytearray as a file in the directory that my zn static file server was serving from, so now I'm getting an OK on the favicon, but still a "Not Found /status"...

Thanks again,
Sean
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Philippe Marschall
In reply to this post by Sean P. DeNigris
On Sun, Feb 10, 2013 at 10:35 PM, Sean P. DeNigris
<[hidden email]> wrote:

> When I do:
>   h := (WADispatcher default handlerAt: 'status').
>   h configuration addParent: WAAuthConfiguration instance.
>   h preferenceAt: #login put: 'admin'.
>   h preferenceAt: #passwordHash put: (GRPlatform current secureHashFor:
> '123').
>   h addFilter: WAAuthenticationFilter new.
> per [1] and [2], I get a 404 on a ZnRequest(GET /favicon.ico). This is
> possibly similar to [3], but there didn't seem to be a resolution...
>
> I tried this with a few of the built-in handlers, all with the same result.
> How do I fix this?

Hard to say without debugging. Do you have a hander registered that
should handle /favicon.ico? If you don't add the
WAAuthenticationFilter does it work?

Cheers
Philippe
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
Philippe Marschall wrote
Do you have a hander registered that should handle /favicon.ico?
It's a vanilla Seaside loaded via the mailing list script into Pharo 2.0. So I guess not out of the box, but I saved the bytes as a file, so I thought maybe the static file server would serve it (which it did, I got an OK response for that file, but that didn't help the situation with my component)

Philippe Marschall wrote
 If you don't add the
WAAuthenticationFilter does it work?
The page loads as if there was no authentication

Philippe Marschall wrote
Hard to say without debugging.
It's just a test image. I'd be happy to send it to you if you'd be willing to take a look...

Thanks,
Sean
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Paul DeBruicker
Doing that in Seaside 3.0.7/Pharo 1.4 gives two deprecation warnings.


"Deprecation: The method SmalltalkImage>>isRunningCog has been deprecated.
Use Smalltalk vm isRunningCog instead"


and


"Deprecation: The method SmalltalkImage>>getSystemAttribute: has been
deprecated.
This is a private method of Virtual machine. Use Smalltalk vm
<appropriateName> for retreiving attribute(s)
"



after deleting the deprecation warnings (or changing the code to use the
warnings suggested replacement) it is able to authenticate.







On 02/11/2013 07:23 PM, Sean P. DeNigris wrote:

> Philippe Marschall wrote
>> Do you have a hander registered that should handle /favicon.ico?
>
> It's a vanilla Seaside loaded via the mailing list script into Pharo 2.0. So
> I guess not out of the box, but I saved the bytes as a file, so I thought
> maybe the static file server would serve it (which it did, I got an OK
> response for that file, but that didn't help the situation with my
> component)
>
>
> Philippe Marschall wrote
>>  If you don't add the
>> WAAuthenticationFilter does it work?
>
> The page loads as if there was no authentication
>
>
> Philippe Marschall wrote
>> Hard to say without debugging.
>
> It's just a test image. I'd be happy to send it to you if you'd be willing
> to take a look...
>
> Thanks,
> Sean
>
>
>
> --
> View this message in context: http://forum.world.st/WA-Authentication-tp4669095p4669341.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Paul DeBruicker
Hit enter too fast.

By 'Doing that' I mean this:


  h := (WADispatcher default handlerAt: 'status').
  h configuration addParent: WAAuthConfiguration instance.
  h preferenceAt: #login put: 'admin'.
  h preferenceAt: #passwordHash put: (GRPlatform current secureHashFor:
'123').
  h addFilter: WAAuthenticationFilter new.



then going to 127.0.0.1:8080/status

I get the user/pwd dialog then the errors appear after the info is
entered and I hit 'Enter'.




On 02/11/2013 09:59 PM, Paul DeBruicker wrote:

> Doing that in Seaside 3.0.7/Pharo 1.4 gives two deprecation warnings.
>
>
> "Deprecation: The method SmalltalkImage>>isRunningCog has been deprecated.
> Use Smalltalk vm isRunningCog instead"
>
>
> and
>
>
> "Deprecation: The method SmalltalkImage>>getSystemAttribute: has been
> deprecated.
> This is a private method of Virtual machine. Use Smalltalk vm
> <appropriateName> for retreiving attribute(s)
> "
>
>
>
> after deleting the deprecation warnings (or changing the code to use the
> warnings suggested replacement) it is able to authenticate.
>
>
>
>
>
>
>
> On 02/11/2013 07:23 PM, Sean P. DeNigris wrote:
>> Philippe Marschall wrote
>>> Do you have a hander registered that should handle /favicon.ico?
>>
>> It's a vanilla Seaside loaded via the mailing list script into Pharo 2.0. So
>> I guess not out of the box, but I saved the bytes as a file, so I thought
>> maybe the static file server would serve it (which it did, I got an OK
>> response for that file, but that didn't help the situation with my
>> component)
>>
>>
>> Philippe Marschall wrote
>>>  If you don't add the
>>> WAAuthenticationFilter does it work?
>>
>> The page loads as if there was no authentication
>>
>>
>> Philippe Marschall wrote
>>> Hard to say without debugging.
>>
>> It's just a test image. I'd be happy to send it to you if you'd be willing
>> to take a look...
>>
>> Thanks,
>> Sean
>>
>>
>>
>> --
>> View this message in context: http://forum.world.st/WA-Authentication-tp4669095p4669341.html
>> Sent from the Seaside General mailing list archive at Nabble.com.
>> _______________________________________________
>> seaside mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>>
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Philippe Marschall
In reply to this post by Sean P. DeNigris
On Tue, Feb 12, 2013 at 4:23 AM, Sean P. DeNigris <[hidden email]> wrote:

> Philippe Marschall wrote
>> Do you have a hander registered that should handle /favicon.ico?
>
> It's a vanilla Seaside loaded via the mailing list script into Pharo 2.0. So
> I guess not out of the box, but I saved the bytes as a file, so I thought
> maybe the static file server would serve it (which it did, I got an OK
> response for that file, but that didn't help the situation with my
> component)
>
>
> Philippe Marschall wrote
>>  If you don't add the
>> WAAuthenticationFilter does it work?
>
> The page loads as if there was no authentication

Does that mean 404 or authentication failed/required?

Cheers
Philippe
_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
Philippe Marschall wrote
> The page loads as if there was no authentication

Does that mean 404 or authentication failed/required?
If I remove the filter the page loads successfully without ever asking for authentication
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
I may have found the problem...

In Pharo 2.0, ZnSeasideStaticServerAdaptorDelegate>>handleRequest: adds a few lines:
    response isError
                ifFalse: [ ^ response ].
        ^ self staticDelegate handleRequest: znRequest

changing to:
    (response isError and: [  response isAuthenticationRequired not ])
                ifFalse: [ ^ response ].
        ^ self staticDelegate handleRequest: znRequest

makes everything work!

I'll check with Sven...

Thanks for the help :)
- Sean
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Paul DeBruicker
Oooh.   I wrote that broken code.  Didn't even think about authentication.






On 02/12/2013 09:05 AM, Sean P. DeNigris wrote:

> I may have found the problem...
>
> In Pharo 2.0, ZnSeasideStaticServerAdaptorDelegate>>handleRequest: adds a
> few lines:
>     response isError
> ifFalse: [ ^ response ].
> ^ self staticDelegate handleRequest: znRequest
>
> changing to:
>     (response isError and: [  response isAuthenticationRequired not ])
> ifFalse: [ ^ response ].
> ^ self staticDelegate handleRequest: znRequest
>
> makes everything work!
>
> I'll check with Sven...
>
> Thanks for the help :)
> - Sean
>
>
>
> --
> View this message in context: http://forum.world.st/WA-Authentication-tp4669095p4669480.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
Ha ha... caught you! I emailed Sven... does the fix look reasonable to you?
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sven Van Caekenberghe-2
In reply to this post by Sean P. DeNigris

On 12 Feb 2013, at 18:05, "Sean P. DeNigris" <[hidden email]> wrote:

> I may have found the problem...
>
> In Pharo 2.0, ZnSeasideStaticServerAdaptorDelegate>>handleRequest: adds a
> few lines:
>    response isError
> ifFalse: [ ^ response ].
> ^ self staticDelegate handleRequest: znRequest
>
> changing to:
>    (response isError and: [  response isAuthenticationRequired not ])
> ifFalse: [ ^ response ].
> ^ self staticDelegate handleRequest: znRequest
>
> makes everything work!
>
> I'll check with Sven...
>
> Thanks for the help :)
> - Sean

Yes, that is Paul's code ;-)

Yes the fix looks good to me, it can be integrated in the Seaside adaptor, who will do it ?

Sven

--
Sven Van Caekenberghe
http://stfx.eu
Smalltalk is the Red Pill

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
On Feb 12, 2013, at 2:52 PM, Sven Van Caekenberghe-2 [via Smalltalk] <[hidden email]> wrote:
> Yes the fix looks good to me, it can be integrated in the Seaside adaptor, who will do it ?

Here's a MC package. I'm happy to upload it if you add me to the repo... lmk...


       

Zinc-Seaside-SeanDeNigris.39.mcz (19K) Download Attachment
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sven Van Caekenberghe-2
Hi Sean,

Thanks for the patch, I uploaded it (the squeak source repository is open to all, the mc.stfx.eu one not, I keep both in sync).

Did you mention in your original bug report that you were using ZnSeasideStaticServerAdaptorDelegate ?

Anyway, you found and fixed it yourself - that is cool.

Sven

On 12 Feb 2013, at 21:32, "Sean P. DeNigris" <[hidden email]> wrote:

> On Feb 12, 2013, at 2:52 PM, Sven Van Caekenberghe-2 [via Smalltalk] <[hidden email]> wrote:
> > Yes the fix looks good to me, it can be integrated in the Seaside adaptor, who will do it ?
>
> Here's a MC package. I'm happy to upload it if you add me to the repo... lmk...
>
>
>        
>
>  Zinc-Seaside-SeanDeNigris.39.mcz (19K) Download Attachment
>
> View this message in context: Re: WA Authentication
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside



--
Sven Van Caekenberghe
http://stfx.eu
Smalltalk is the Red Pill

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
Sven Van Caekenberghe-2 wrote
Thanks for the patch, I uploaded it
Great! Thanks for acting so quickly

Sven Van Caekenberghe-2 wrote
the squeak source repository is open to all
Okay, good to know

Sven Van Caekenberghe-2 wrote
Did you mention in your original bug report that you were using ZnSeasideStaticServerAdaptorDelegate ?
No, I didn't realize it was a Zinc problem until I stepped through the code in both 1.4 and 2.0 and saw the difference. I used ZnZincStaticServerAdaptor per your load script at http://forum.world.st/Seaside-3-1-on-Pharo-2-0-td4645550.html
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sven Van Caekenberghe-2

On 13 Feb 2013, at 06:24, "Sean P. DeNigris" <[hidden email]> wrote:

> Sven Van Caekenberghe-2 wrote
>> Thanks for the patch, I uploaded it
>
> Great! Thanks for acting so quickly
>
>
> Sven Van Caekenberghe-2 wrote
>> the squeak source repository is open to all
>
> Okay, good to know
>
>
> Sven Van Caekenberghe-2 wrote
>> Did you mention in your original bug report that you were using
>> ZnSeasideStaticServerAdaptorDelegate ?
>
> No, I didn't realize it was a Zinc problem until I stepped through the code
> in both 1.4 and 2.0 and saw the difference. I used ZnZincStaticServerAdaptor
> per your load script at
> http://forum.world.st/Seaside-3-1-on-Pharo-2-0-td4645550.html

Indeed, my bad: I can't imagine why I added ZnSeasideStaticServerAdaptorDelegate there as default. Anyway, the technique used in its #handleRequest: is not good enough for production use, as you discovered (but also fixed). The worse thing is: you generally use a static server to take load off the Seaside machinery, but if you let every static request first fail on Seaside, you gain little to no performance. Paul wrote this adaptor as a tool to use during development, serving static resources from a directory with little to no configuration. For production deploys, there are other techniques.

> --
> View this message in context: http://forum.world.st/WA-Authentication-tp4669095p4669555.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
Sven Van Caekenberghe-2 wrote
For production deploys, there are other techniques.
I'm really glad this came up!! Where can I read about that? Or, at least, what zn server type would you recommend as a default?
Cheers,
Sean
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Paul DeBruicker
On 02/13/2013 05:58 AM, Sean P. DeNigris wrote:
> Sven Van Caekenberghe-2 wrote
>> For production deploys, there are other techniques.
>
> I'm really glad this came up!! Where can I read about that? Or, at least,
> what zn server type would you recommend as a default?
>
>


Just use the ZnSeasideServerAdaptorDelegate and put nginx or apache in
front of the Seaside images and configure them to handle all the static
assets and proxy the other requests to Seaside.

here is a basic example of how to do it with nginx:

http://www.monkeysnatchbanana.com/posts/2010/06/23/reverse-proxying-to-seaside-with-nginx.html

With that one you'll want to add expires headers for the static assets
like so:

        location ~* ^.+\.(css|js|jpg|jpeg|gif|png|ico|svg)$ {
               expires max;
               log_not_found off;
        }




and with apache:
http://onsmalltalk.com/scaling-seaside-more-advanced-load-balancing-and-publishing





>
> --
> View this message in context: http://forum.world.st/WA-Authentication-tp4669095p4669650.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>

_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sven Van Caekenberghe-2
In reply to this post by Sean P. DeNigris

On 13 Feb 2013, at 14:58, "Sean P. DeNigris" <[hidden email]> wrote:

> Sven Van Caekenberghe-2 wrote
>> For production deploys, there are other techniques.
>
> I'm really glad this came up!! Where can I read about that? Or, at least,
> what zn server type would you recommend as a default?

Chapter 22 Deployment in Dynamic Web Development with Seaside is a good start.

Sven_______________________________________________
seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: WA Authentication

Sean P. DeNigris
Administrator
Sven and Paul, thanks!
Cheers,
Sean