Can't login to kaui

[Khanh Bakthy]

Hello, 

Im trying to get kaki running using all default settings. I have the kaui war deployed in jetty. The start.ini has the following settings

-Dkaui.url=http://127.0.0.1:8080

-Dkaui.api_key=bob

-Dkaui.api_secret=lazar

-Dkaui.db.url=jdbc:mysql://192.168.1.122:3306/killbill

-Dkaui.db.username=killbill

-Dkaui.db.password=killbill

On the mysql db I ran the killbill, kaui, and stripe db files. I also created the bob lazar tenant from the examples which i can see exists in the db. The killbill and kaui servers have the default realm.properties set which should have the user/password set as admin/password. When I try to login the html returns "You need to sign in or sign up before continuing."

The kaui log

2015-01-19 16:12:49.636:INFO:root:qtp1811075214-32: Started POST "/users/sign_in" for 192.168.1.100 at 2015-01-19 16:12:49 -0500|

2015-01-19 16:12:49.652:INFO:root:qtp1811075214-32: Processing by Kaui::SessionsController#create as HTML|

2015-01-19 16:12:49.660:INFO:root:qtp1811075214-32:   Parameters: {"utf8"=>"✓", "authenticity_token"=>"bdl9OzUt6ZClEpaYt7sELASCnAXhb1tohhpHy33jmE8=", "user"=>{"kb_username"=>"admin", "password"=>"[FILTERED]"}, "commit"=>"Sign in"}|

2015-01-19 16:12:49.669:INFO:root:qtp1811075214-32: ===> GET http://127.0.0.1:8080/1.0/kb/tenants/?apiKey=bob|

2015-01-19 16:12:50.327:INFO:root:qtp1811075214-32: <=== 200 OK (658.0ms)|

2015-01-19 16:12:50.424:INFO:root:qtp1811075214-32: ===> GET http://127.0.0.1:8080/1.0/kb/security/permissions|

2015-01-19 16:12:50.716:INFO:root:qtp1811075214-32: <=== 200 OK (291.0ms)|

2015-01-19 16:12:50.727:INFO:root:qtp1811075214-32: ===> GET http://127.0.0.1:8080/1.0/kb/security/subject|

2015-01-19 16:12:50.730:INFO:root:qtp1811075214-32: <=== 401 Unauthorized (3.0ms)|

2015-01-19 16:12:50.733:INFO:root:qtp1811075214-32: Completed 401 Unauthorized in 1072.0ms|

2015-01-19 16:12:50.753:INFO:root:qtp1811075214-31: Started GET "/users/sign_in" for 192.168.1.100 at 2015-01-19 16:12:50 -0500|

2015-01-19 16:12:50.761:INFO:root:qtp1811075214-31: Processing by Kaui::SessionsController#new as HTML|

2015-01-19 16:12:50.771:INFO:root:qtp1811075214-31:   Rendered gems/gems/kaui-0.7.2/app/views/kaui/sessions/new.html.erb within kaui/layouts/kaui_application (6.0ms)|

2015-01-19 16:12:50.784:INFO:root:qtp1811075214-31: Completed 200 OK in 22.0ms (Views: 20.0ms | ActiveRecord: 0.0ms)

The killbill log

2015-01-19 16:11:36.425:INFO:oejs.Server:main: Started @25494ms

2015-01-19 16:12:49,743 [qtp1811075214-109] INFO  o.a.s.s.m.AbstractValidatingSessionManager - Enabling session validation scheduler...

2015-01-19 16:12:49,826 [qtp1811075214-109] INFO  o.a.s.cache.ehcache.EhCacheManager - Using existing EHCache named [shiro-activeSessionCache]

2015-01-19 16:12:50,249 [qtp1811075214-109] INFO  c.s.j.a.c.filter.LoggingFilter - 1 * Server in-bound request

1 > GET http://127.0.0.1:8080/1.0/kb/tenants/?apiKey=bob

1 > User-Agent: killbill/0.8.1; jruby 1.7.16 (1.9.3p392) 2014-09-25 575b395 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64]

1 > Authorization: Basic YWRtaW46cGFzc3dvcmQ=

1 > X-Killbill-Apikey: bob

1 > Host: 127.0.0.1:8080

1 > Accept: application/json

1 > X-Killbill-Apisecret: lazar

1 > 

2015-01-19 16:12:50,321 [qtp1811075214-109] INFO  c.s.j.a.c.filter.LoggingFilter - 1 * Server out-bound response

1 < 200

1 < Content-Type: application/json

1 < 

2015-01-19 16:12:50,702 [qtp1811075214-112] INFO  c.s.j.a.c.filter.LoggingFilter - 2 * Server in-bound request

2 > GET http://127.0.0.1:8080/1.0/kb/security/permissions

2 > User-Agent: killbill/0.8.1; jruby 1.7.16 (1.9.3p392) 2014-09-25 575b395 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64]

2 > Authorization: Basic YWRtaW46cGFzc3dvcmQ=

2 > X-Killbill-Apikey: bob

2 > Host: 127.0.0.1:8080

2 > Accept: application/json

2 > X-Killbill-Apisecret: lazar

2 > 

2015-01-19 16:12:50,714 [qtp1811075214-112] INFO  c.s.j.a.c.filter.LoggingFilter - 2 * Server out-bound response

2 < 200

2 < Content-Type: application/json

2 < 

Any ideas what may be happening? Thanks!

[Eduardo Boccato]

Try username = admin ; password = password ; you can find more information about it here: http://killbill.io/userguide/platform-userguide/#configuration-rbac

[Khanh]

Thanks for the response, I've been trying to login as admin/password but it doesn't work as shown in the logs of the original post. The RBAC documentation is a little confusing to me, Im using jetty so I have a realm.properties file defined with user=admin and password=password. Am I also supposed to have security.ini defined at the same time?

[Pierre-Alexandre Meyer]

On Tue, Jan 20, 2015 at 11:35 AM, Khanh <khanh....@gmail.com> wrote:

Thanks for the response, I've been trying to login as admin/password but it doesn't work as shown in the logs of the original post.

Which version of Kill Bill and Kaui are your running? Can you try with the latest (Kill Bill 0.13.1 / Kaui 0.7.2)?

 

The RBAC documentation is a little confusing to me

Stéphane just blogged about it: http://killbill.io/blog/multi-tenancy-authorization/

Let us know if that helps.

 

Im using jetty so I have a realm.properties file defined with user=admin and password=password. Am I also supposed to have security.ini defined at the same time?

The default shiro.ini file is on the classpath, so there shouldn't be any extra configuration needed.

--

Pierre

[Khanh]

Hi Pierre,

I just updated to kb 0.13.1, kaui stand alone 0.1.3 and upgraded the mysql db with the new ddl files and still have the same issue. Im running these servers locally on a mac using jetty 9 on different ports. I noticed there are now more kaui db tables, do I need to do something extra to make it work? Whats the difference between kaui stand alone 0.1.3 and kaui 0.7.2? Thanks!

[Pierre-Alexandre Meyer]

On Tue, Mar 10, 2015 at 5:24 PM, Khanh <khanh....@gmail.com> wrote:

I just updated to kb 0.13.1, kaui stand alone 0.1.3 and upgraded the mysql db with the new ddl files and still have the same issue. Im running these servers locally on a mac using jetty 9 on different ports.

Have you tried running the Kill Bill in 5' tutorial using cURL (http://killbill.io/userguide/subscriptions-userguide/)? Make sure your Kill Bill setup is working before trying to log-in with Kaui.

Could you also try running the following?

  curl -v -uadmin:password http://127.0.0.1:8080/1.0/kb/security/subject

I noticed there are now more kaui db tables, do I need to do something extra to make it work?

The new tables are for the multi-tenancy work that Stéphane recently did. It should not impact your ability to log-in.

 

Whats the difference between kaui stand alone 0.1.3 and kaui 0.7.2?

Kaui is a Rails mountable engine, i.e. a Ruby gem you can embed in your Rails application. The standalone Kaui war wraps the kaui gem to let you run it by itself, without having to rely on an existing Rails application.

--

Pierre

[Khanh]

I have gone through the 5 min tutorial and made sure kb was working before trying kaui. I got the stripe plugin working and was able to create tenants, users and charges. Here is the result of manually calling security/subject

curl -v -uadmin:password http://127.0.0.1:8080/1.0/kb/security/subject

* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* Server auth using Basic with user 'admin'
> GET /1.0/kb/security/subject HTTP/1.1
> Authorization: Basic YWRtaW46cGFzc3dvcmQ=
> User-Agent: curl/7.37.1
> Host: 127.0.0.1:8080
> Accept: */*
>
< HTTP/1.1 200 OK
< Set-Cookie: visited=yes
< Expires: Thu, 01 Jan 1970 00:00:00 GMT
< Set-Cookie: JSESSIONID=1; Path=/; HttpOnly
< Set-Cookie: rememberMe=deleteMe; Path=/; Max-Age=0; Expires=Tue, 10-Mar-2015 15:47:57 GMT
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, DELETE, PUT, OPTIONS
< Access-Control-Allow-Headers: Authorization,Content-Type,X-Killbill-ApiKey,X-Killbill-ApiSecret,X-Killbill-Comment,X-Killbill-CreatedBy,X-Killbill-Pagination-CurrentOffset,X-Killbill-Pagination-MaxNbRecords,X-Killbill-Pagination-NextOffset,X-Killbill-Pagination-NextPageUri,X-Killbill-Pagination-TotalNbRecords,X-Killbill-Reason
< Content-Type: application/json
< Transfer-Encoding: chunked
* Server Jetty(9.2.6.v20141205) is not blacklisted
< Server: Jetty(9.2.6.v20141205)
<
* Connection #0 to host 127.0.0.1 left intact
{"principal":"admin","isAuthenticated":true,"isRemembered":false,"session":{"id":"1","startDate":"2015-03-11T15:47:57.567Z","lastAccessDate":"2015-03-11T15:47:57.567Z","timeout":3600000,"host":"127.0.0.1"}}


It appears to be an authorization issue with kaui and not an authentication issue but I dont know why :shrug:

The kaui_users table has 1 entry for "admin" in the kb_username column but the kb_session_id is null (probably from unsuccessful log in). Every other kaui table is empty as well.

[stephane brossier]

Khanh,

Since KAUI has been made to be multi-tenant, there are now two modes:

* Single tenant (previous behavior), where you need to add the 'KillBillClient.api_key' and 'KillBillClient.api_secret' in the 'config/initializers/killbill_client.rb' (as described in the REAME)

* Multi-tenant, where the new tables need to contain entries for existing tenants and existing allowed_users.

Which one are currently looking at?

Stéphane

--
You received this message because you are subscribed to the Google Groups "Kill Bill users mailing-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to killbilling-us...@googlegroups.com.
To post to this group, send email to killbill...@googlegroups.com.
Visit this group at http://groups.google.com/group/killbilling-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/5412839e-d6fe-49a6-a025-388d89341361%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Khanh]

Im using the prebuilt war from the kaui stand alone branch so there is no rb file to modify. Instead I have the following set in the jetty start.ini

-Dkaui.url=http://127.0.0.1:8080/

-Dkaui.api_key=bob
-Dkaui.api_secret=lazar
-Dkaui.db.url=jdbc:mysql://192.168.1.122:3306/killbill
-Dkaui.db.username=killbill
-Dkaui.db.password=killbill

I just start jetty as normal and let it scan for the kaui app to start it. I only need a single tenant for kaui. Does this configuration look ok?

[Khanh]

Out of curiosity I built an executable kaui war with the same results :/

KMBP:killbill-admin-ui-standalone-master kb$ java -Dkaui.url=http://127.0.0.1:8080 \-Djetty.port=3000 \-Dkaui.api_key=bob \-Dkaui.api_secret=lazar \-Dkaui.db.url=jdbc:mysql://192.168.1.122:3306/killbill \-Dkaui.db.username=killbill \-Dkaui.db.password=killbill \-jar killbill-admin-ui-standalone-master.war
2015-03-11 18:55:50.397:INFO:oejs.Server:jetty-8.y.z-SNAPSHOT
2015-03-11 18:55:50.435:INFO:oejw.WebInfConfiguration:Extract jar:file:/Users/kb/killbill-admin-ui-standalone-master/killbill-admin-ui-standalone-master.war!/ to /private/var/folders/n2/s8l2n_4j4hj21hz1tn49j8hh0000gn/T/warbler7893176046701141863webroot/killbill-admin-ui-standalone-master.war/work/jetty-0.0.0.0-3000-killbill-admin-ui-standalone-master.war-_-any-/webapp
2015-03-11 18:55:54.068:INFO:/:INFO: jruby 1.7.19 (1.9.3p551) 2015-01-30 32f5af0 on Java HotSpot(TM) 64-Bit Server VM 1.8.0_20-b26 +jit [darwin-x86_64]
2015-03-11 18:55:54.070:INFO:/:INFO: using a shared (threadsafe!) runtime
2015-03-11 18:56:03.787:INFO:/:Connecting to database specified by database.yml|
2015-03-11 18:56:07.508:INFO:oejsh.ContextHandler:started o.e.j.w.WebAppContext{/,file:/private/var/folders/n2/s8l2n_4j4hj21hz1tn49j8hh0000gn/T/warbler7893176046701141863webroot/killbill-admin-ui-standalone-master.war/work/jetty-0.0.0.0-3000-killbill-admin-ui-standalone-master.war-_-any-/webapp/},/Users/kb/killbill-admin-ui-standalone-master/killbill-admin-ui-standalone-master.war
2015-03-11 18:56:07.544:INFO:oejs.AbstractConnector:Started SelectChann...@0.0.0.0:3000
2015-03-11 18:56:19.099:INFO:/:Started GET "/users/sign_in" for 0:0:0:0:0:0:0:1 at 2015-03-11 18:56:19 -0400|
2015-03-11 18:56:19.326:INFO:/:Processing by Kaui::SessionsController#new as HTML|
[deprecated] I18n.enforce_available_locales will default to true in the future. If you really want to skip validation of your locale you can set I18n.enforce_available_locales = false to avoid this message.
2015-03-11 18:56:20.694:INFO:/:  Rendered gems/gems/kaui-0.8.3/app/views/kaui/sessions/new.html.erb within kaui/layouts/kaui_application (1314.0ms)|
2015-03-11 18:56:20.717:INFO:/:Completed 200 OK in 1390.0ms (Views: 1351.0ms | ActiveRecord: 14.0ms)|
2015-03-11 18:56:26.503:INFO:/:Started POST "/users/sign_in" for 0:0:0:0:0:0:0:1 at 2015-03-11 18:56:26 -0400|
2015-03-11 18:56:26.521:INFO:/:Processing by Kaui::SessionsController#create as HTML|
2015-03-11 18:56:26.526:INFO:/:  Parameters: {"utf8"=>"✓", "authenticity_token"=>"WH+krWsXLthXGEsi+3LEg3T297/OvMmvoivfCh/RBHM=", "user"=>{"kb_username"=>"admin", "password"=>"[FILTERED]"}, "commit"=>"Sign in"}|
2015-03-11 18:56:26.564:INFO:/:===> GET http://127.0.0.1:8080/1.0/kb/security/permissions|
2015-03-11 18:56:26.827:INFO:/:<=== 200 OK (263.0ms)|
2015-03-11 18:56:26.839:INFO:/:===> GET http://127.0.0.1:8080/1.0/kb/security/subject|
2015-03-11 18:56:26.845:INFO:/:<=== 401 Unauthorized (5.0ms)|
2015-03-11 18:56:26.847:INFO:/:Completed 401 Unauthorized in 319.0ms|
2015-03-11 18:56:26.867:INFO:/:Started GET "/users/sign_in" for 0:0:0:0:0:0:0:1 at 2015-03-11 18:56:26 -0400|
2015-03-11 18:56:26.880:INFO:/:Processing by Kaui::SessionsController#new as HTML|
2015-03-11 18:56:26.892:INFO:/:  Rendered gems/gems/kaui-0.8.3/app/views/kaui/sessions/new.html.erb within kaui/layouts/kaui_application (5.0ms)|
2015-03-11 18:56:26.903:INFO:/:Completed 200 OK in 22.0ms (Views: 19.0ms | ActiveRecord: 0.0ms)|


Im not sure what else I can try at this point. Any help would be appreciated, thanks.

[stephane brossier]

Khan,

It looks like what is not working is the authorization of your 'admin' user; by default Kill Bill uses a static shiro.ini file that contains one user 'admin' with the password 'password'.

Have you tried the curl as Pierre suggested:

> curl -v -uadmin:password http://127.0.0.1:8080/1.0/kb/security/subject

Is that working?

Then when you do the login screen from KAUI, do you see the call going to KB?

Which versions are you using for KB and KAUI?

S.

To view this discussion on the web visit https://groups.google.com/d/msgid/killbilling-users/72dfcf72-1784-4fa6-9489-eeece759299d%40googlegroups.com.

[Khanh]

Hi Stephane,

I tried calling security/subject with curl a few posts up (at noon) and it looked successful. I was just now able to log into kaui. The issue was that my jetty container had a security realm defined which also included admin/password. I removed the realm and logging into kaui was successful. It was hard to debug because calling security/subject worked with a web browser, curl and rest client but did not work with kaui. Thanks everyone in this thread for the help!

[Pierre-Alexandre Meyer]

On Wed, Mar 11, 2015 at 9:32 PM, Khanh <khanh....@gmail.com> wrote:

The issue was that my jetty container had a security realm defined which also included admin/password. I removed the realm and logging into kaui was successful.

I'm glad it's now working! Do you mind sharing what you did exactly, as it may help others in the future?

 

It was hard to debug because calling security/subject worked with a web browser, curl and rest client but did not work with kaui.

That's odd. Maybe Jetty was trying to interpret the JSESSIONID cookie, although in that case, I would have expected the test to have failed in the web browser (if you try at least twice in a row).

--

Pierre

[Khanh]

All I did was remove the line that defined my security realm located in $jetty.base/start.ini for the killbill server. In my case this is ok because its for a local TEST environment not prod.