authentication failure via http(s)

[Conrad Leonard]

Hi;

After upgrading to version 4.0RC1, I can't authenticate using explicit http(s) protocol using either the stardog command-line tools or GET/POST/PUT

Working in version 3: 

== v3.1.4 ==

[conradL@qimr13054 ~]$ stardog-admin version

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Stardog 3.1.4

For information on Stardog, please visit http://stardog.com.

For help using Stardog, visit the documentation http://docs.stardog.com.

[conradL@qimr13054 ~]$ stardog query -u grafli-rw snarl://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.371

[conradL@qimr13054 ~]$ stardog query -u grafli-rw snarls://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.057

[conradL@qimr13054 ~]$ stardog query -u grafli-rw http://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.055

[conradL@qimr13054 ~]$ stardog query -u grafli-rw https://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Not working in version 4:

== v4.0RC1 ==

[conradL@qimr13054 ~]$ stardog-admin version

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Stardog 4.0-RC1

For information on Stardog, please visit http://stardog.com.

For help using Stardog, visit the documentation http://docs.stardog.com.

[conradL@qimr13054 ~]$ stardog query -u grafli-rw snarl://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.052

[conradL@qimr13054 ~]$ stardog query -u grafli-rw snarls://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.056

[conradL@qimr13054 ~]$ stardog query -u grafli-rw http://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

Authentication failed.

[conradL@qimr13054 ~]$ stardog query -u grafli-rw https://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Picked up JAVA_TOOL_OPTIONS: -Djavax.net.ssl.trustStore=/opt/local/genomeinfo/java/truststore/keystore.jks

Password for user grafli-rw:

Authentication failed.

This happens using both native auth, and LDAP.

Any knobs you suggest I twiddle to help track this down?

[Conrad Leonard]

Correction - using HTTP methods directly does work, e.g 

GET http://localhost:5820/grafli/query?query=select (count(?s) as ?n) where {?s ?p ?o}

with the same user (and either http or https) returns:

<?xml version='1.0' encoding='UTF-8'?>

<sparql xmlns='http://www.w3.org/2005/sparql-results#'>

    <head>

        <variable name='n'/>

    </head>

    <results>

        <result>

            <binding name='n'>

                <literal datatype='http://www.w3.org/2001/XMLSchema#integer'>1377221</literal>

            </binding>

        </result>

    </results>

</sparql>

but the command-line tool gives the 'Authentication failed' error:

[conradL@qimr13054 ~]$ stardog version

Stardog 4.0-RC1

For information on Stardog, please visit http://stardog.com.

For help using Stardog, visit the documentation http://docs.stardog.com.

[conradL@qimr13054 ~]$ stardog query -u grafli-rw http://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

[Michael Grove]

Can you try running this with `--verbose` to see if there's any more detailed information.  I was not able to reproduce the behavior, but this is what I tried:

With a running server I:

1) Created a new database with a few triples in it

2) Created a new user

3) Granted that user read permission to the new database

4) Executed your provided query

I'm using the default out of the box setup, so maybe there's a configuration thing that I'm missing that's causing the problem here.

If you run the query w/ an admin user on the CLI, does it work?

Cheers,

Mike

 

--
-- --
You received this message because you are subscribed to the C&P "Stardog" group.
To post to this group, send email to sta...@clarkparsia.com
To unsubscribe from this group, send email to
stardog+u...@clarkparsia.com
For more options, visit this group at
http://groups.google.com/a/clarkparsia.com/group/stardog?hl=en

[Conrad Leonard]

Hi Mike, thanks for checking.

For me, the CLI tool works both with no protocol specified, and with snarl explicitly specified, but not http:

Running with --verbose:

[conradL@qimr13054 ~]$ stardog query --verbose -u grafli-rw grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Executing Query:

select (count(?s) as ?n) where {?s ?p ?o}

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.435

[conradL@qimr13054 ~]$ stardog query --verbose -u grafli-rw snarl://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Executing Query:

select (count(?s) as ?n) where {?s ?p ?o}

+---------+

|    n    |

+---------+

| 1377221 |

+---------+

Query returned 1 results in 00:00:00.047

[conradL@qimr13054 ~]$ stardog query --verbose -u grafli-rw http://localhost:5820/grafli "select (count(?s) as ?n) where {?s ?p ?o}"

Executing Query:

select (count(?s) as ?n) where {?s ?p ?o}

Authentication failed.

The detailed stack trace for the error is:

com.complexible.stardog.cli.CliException: Authentication failed.

at com.complexible.stardog.cli.impl.ConnectionCommand.call(ConnectionCommand.java:113)

at com.complexible.stardog.cli.CLIBase.execute(CLIBase.java:56)

at com.complexible.stardog.cli.CLI.main(CLI.java:101)

the 'grafli-rw' user password is in a .sdpass file for these examples, although I see the same thing when entering it manually. 

As background, the 'grafli' database was created in 4.0RC1 by restoring from a backup created in 3.1.4.

[Michael Grove]

Turns out that the restored database has a lot of properties associated with it and the http client was mistakenly sending them over the wire in the query request, which the server was rejecting due to it's length.

I created a ticket for this #2585, and we'll fix it for the next release.

Cheers,

Mike