Bug 59174 - Host header gets ignored when doing basic authentication in HC4
Summary: Host header gets ignored when doing basic authentication in HC4
Status: RESOLVED FIXED
Alias: None
Product: JMeter
Classification: Unclassified
Component: HTTP (show other bugs)
Version: 2.13
Hardware: All All
: P2 normal (vote)
Target Milestone: ---
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-13 13:43 UTC by Felix Schumacher
Modified: 2017-02-18 15:24 UTC (History)
1 user (show)



Attachments
Test case demonstrating the behaviour with 3.1 (7.88 KB, application/xml)
2017-01-28 21:32 UTC, Felix Schumacher
Details
Add a table with static hosts to DNSCacheManager (24.66 KB, patch)
2017-01-29 14:36 UTC, Felix Schumacher
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Schumacher 2016-03-13 13:43:01 UTC
When using a host header together with basic authentication in HC4, the authorization context gets set based on the url in jmeter, while HC4 seems to expect the authorization context to be set based on the host header.

As a result we can't use basic authentication with a custom host header in HC4 at the moment.

Java implementation works.
Comment 1 Philippe Mouawad 2017-01-28 20:23:24 UTC
Hello Felix,
After fixing Bug 57242, I looked at this one and I am not sure to understand.
Could you provide a test case showing the problem and how it should work ?

Thanks
Comment 2 Felix Schumacher 2017-01-28 21:32:47 UTC
Created attachment 34691 [details]
Test case demonstrating the behaviour with 3.1

Test against the tomcat manager app which runs on localhost. But as this is a test case to demonstrate the usage of a host header, it is thought of running on example.com.

What I think is the expected behaviour:
 Authorization manager should be asked for credentials of "example.com"
It is asking for "localhost"

Java client is working with 3.1 (it is asking for localhost, though)
HttpClient 4.x is not working (neither asking for localhost nor example.com)

(This whole business of specifying a host header by hand to simulate virtual hosts seems wrong. We should be looking at giving a dns resolver, that resolves "example.com" to localhost (don't know how to change the port))
Comment 3 Philippe Mouawad 2017-01-28 22:03:02 UTC
(In reply to Felix Schumacher from comment #2)
> Created attachment 34691 [details]
> Test case demonstrating the behaviour with 3.1

Thanks
> 
> Test against the tomcat manager app which runs on localhost. But as this is
> a test case to demonstrate the usage of a host header, it is thought of
> running on example.com.
> 
> What I think is the expected behaviour:
>  Authorization manager should be asked for credentials of "example.com"
> It is asking for "localhost"
> 
> Java client is working with 3.1 (it is asking for localhost, though)
> HttpClient 4.x is not working (neither asking for localhost nor example.com)
> 
> (This whole business of specifying a host header by hand to simulate virtual
> hosts seems wrong. We should be looking at giving a dns resolver, that
> resolves "example.com" to localhost (don't know how to change the port))

So is this a real problem or is it due to the host hack ?
Did you try with current build on jenkins ?
Thanks
Comment 4 Philippe Mouawad 2017-01-28 22:20:58 UTC
I downloaded Tomcat 8 and ran your test.
For me Java and Http4 fail.
But the difference is that Java headers are:
Connection: keep-alive
Host: example.com:80

While  HC4:
Connection: keep-alive
Host: example.com:8080
User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_112)

If I comment element Simulate virtual host, it works for HC4.
 
What exactly is the bug for you in this case ? Is it that HC4  has port 8080 ?
Comment 5 Felix Schumacher 2017-01-29 10:26:28 UTC
Current tree didn't work anymore (I had tested it, of course :). Problem for java client was a missing "Basic " on the authorization header, that got dropped while conversion to Base64 implementation.

Now to the problem originally discussed here.

This problem was discussed on the mailing list, so it seems that at least for someone it was a real problem. The usual workaround is to set a host header manually. That works for java client, only.

But this setup has a few drawbacks.
 * It doesn't work for hc4.x (you seem to have found a way to partially support it)
 * One has to use a strange setup for authorization
 * It probably will not work with kereberos (because of the strange setup)
 * The header setup is complicated

Therefore I think the way to go is to add a way to setup a fake dns resolver, so that one can use the desired hostname while speaking to the real server name.
Comment 6 Philippe Mouawad 2017-01-29 10:39:08 UTC
(In reply to Felix Schumacher from comment #5)
> Current tree didn't work anymore (I had tested it, of course :). Problem for
> java client was a missing "Basic " on the authorization header, that got
> dropped while conversion to Base64 implementation.
> 
Thanks for fixing it.
My bad
> Now to the problem originally discussed here.
> 
> This problem was discussed on the mailing list, so it seems that at least
> for someone it was a real problem. The usual workaround is to set a host
> header manually. That works for java client, only.
> 
> But this setup has a few drawbacks.
>  * It doesn't work for hc4.x (you seem to have found a way to partially
> support it)
>  * One has to use a strange setup for authorization
>  * It probably will not work with kereberos (because of the strange setup)
>  * The header setup is complicated
> 
> Therefore I think the way to go is to add a way to setup a fake dns
> resolver, so that one can use the desired hostname while speaking to the
> real server name.

I still don't get the use case.
Is it when you're not on the target infrastructure and you need to simulate it ?
Localhost or another host mimicing example.org ?

Anyway ok for your idea which will be useful in other areas.

thanks
Comment 7 Felix Schumacher 2017-01-29 10:43:16 UTC
(In reply to Philippe Mouawad from comment #6)
> (In reply to Felix Schumacher from comment #5)

> > Now to the problem originally discussed here.
> > 
> > This problem was discussed on the mailing list, so it seems that at least
> > for someone it was a real problem. The usual workaround is to set a host
> > header manually. That works for java client, only.
> > 
> > But this setup has a few drawbacks.
> >  * It doesn't work for hc4.x (you seem to have found a way to partially
> > support it)
> >  * One has to use a strange setup for authorization
> >  * It probably will not work with kereberos (because of the strange setup)
> >  * The header setup is complicated
> > 
> > Therefore I think the way to go is to add a way to setup a fake dns
> > resolver, so that one can use the desired hostname while speaking to the
> > real server name.
> 
> I still don't get the use case.
> Is it when you're not on the target infrastructure and you need to simulate
> it ?
> Localhost or another host mimicing example.org ?

Right, that was the use case. Say, for example, you wanted to test, if your newly setup server works as expected, without exposing it to the public.

> 
> Anyway ok for your idea which will be useful in other areas.
> 
> thanks
Comment 8 Felix Schumacher 2017-01-29 14:36:29 UTC
Created attachment 34693 [details]
Add a table with static hosts to DNSCacheManager

With this patch it is possible to specify host to ip (address) translations, that will get resolved by a custom DNS Cache Manager.

This patch needs documentation, test cases and review.
Comment 9 Philippe Mouawad 2017-01-29 20:42:23 UTC
Hello,

Maybe there should be in GUI a mode to enable one of the 2 modes no ?
This would avoid having to test if host is in static hosts list every time a host is resolved no ?

I committed some changes to avoid NPE if init of resolver fails and added a new test methods to check as much cases as possible for current implementation.

Regards
Comment 10 Felix Schumacher 2017-01-30 07:13:29 UTC
(In reply to Philippe Mouawad from comment #9)
> Hello,
> 
> Maybe there should be in GUI a mode to enable one of the 2 modes no ?
> This would avoid having to test if host is in static hosts list every time a
> host is resolved no ?

I think that both modes are balls at the same time. You might have a custom resolver, but still want to change one or two hosts to other addresses.

At the moment the lookup for static hosts is awkward, but we could include results in the global cache, if we clear it on every edit.

That way it should have no performance impact on the usual use case.

> 
> I committed some changes to avoid NPE if init of resolver fails and added a
> new test methods to check as much cases as possible for current
> implementation.
> 
> Regards
Comment 11 Philippe Mouawad 2017-01-30 07:33:28 UTC
(In reply to Felix Schumacher from comment #10)
> (In reply to Philippe Mouawad from comment #9)
> > Hello,
> > 
> > Maybe there should be in GUI a mode to enable one of the 2 modes no ?
> > This would avoid having to test if host is in static hosts list every time a
> > host is resolved no ?
> 
> I think that both modes are balls at the same time. You might have a custom
> resolver, but still want to change one or two hosts to other addresses.
> 
> At the moment the lookup for static hosts is awkward, but we could include
> results in the global cache, if we clear it on every edit.
> 
> That way it should have no performance impact on the usual use case.
> 

Sounds good to me.
> > 
> > I committed some changes to avoid NPE if init of resolver fails and added a
> > new test methods to check as much cases as possible for current
> > implementation.
> > 
> > Regards
Comment 12 Felix Schumacher 2017-02-11 17:20:33 UTC
Date: Sat Feb 11 17:04:06 2017
New Revision: 1782622

URL: http://svn.apache.org/viewvc?rev=1782622&view=rev
Log:
Add a table of static hosts to the DNS Cache Manger. This resolves the problem,
that host header gets ignored when doing basic authentication in HC4.

Bugzilla Id: 59174

Added:
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/StaticHost.java
Modified:
    jmeter/trunk/bin/saveservice.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/core/org/apache/jmeter/save/SaveService.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/DNSCacheManager.java
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/gui/DNSCachePanel.java
    jmeter/trunk/test/src/org/apache/jmeter/protocol/http/control/TestDNSCacheManager.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/images/screenshots/dns-cache-manager.png
    jmeter/trunk/xdocs/usermanual/component_reference.xml
Comment 13 Philippe Mouawad 2017-02-17 21:42:08 UTC
Hi Felix,
Maybe in documentation you could add an example of configuration of Static Host table.
It is not that clear for me reading text:
Mapping of hostnames to a static host entry which will be resolved using the custom DNS resolver

I understand ,that in first column you could have many hostnames and in second column 1 static host entry. 
While from test case, I suppose it's the countrary.
Maybe an example could make it more clear and some explanation on what happens :
- First look in static hosts
- Then use DNS Servers
Comment 14 Philippe Mouawad 2017-02-17 21:42:21 UTC
Author: pmouawad
Date: Fri Feb 17 21:41:16 2017
New Revision: 1783471

URL: http://svn.apache.org/viewvc?rev=1783471&view=rev
Log:
Bug 59174 - Host header gets ignored when doing basic authentication in HC4
Translate host
Bugzilla Id: 59174

Modified:
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages.properties
    jmeter/trunk/src/core/org/apache/jmeter/resources/messages_fr.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/gui/DNSCachePanel.java
Comment 15 Felix Schumacher 2017-02-18 15:24:20 UTC
Date: Sat Feb 18 15:23:48 2017
New Revision: 1783565

URL: http://svn.apache.org/viewvc?rev=1783565&view=rev
Log:
Add more documentation on the usage of Static Host Table.

Bugzilla Id: 59174

Modified:
    jmeter/trunk/xdocs/usermanual/component_reference.xml