VirtualBox

Ticket #1565 (closed defect: fixed)

Opened 6 years ago

Last modified 4 years ago

Web service login invocation returns invalid token

Reported by: kohsuke Owned by:
Priority: major Component: webservices
Version: VirtualBox 1.6.0 Keywords:
Cc: Guest type: other
Host type: other

Description

When I invoke the IWebsessionManager_logon operation, the invocation succeeds but it doesn't return any valid token, and successive invocations fail.

The following is the request message I sent (via JAX-WS 2.1.3)


SOAPAction: "" Content-Type: text/xml;charset="utf-8" Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 <?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:IWebsessionManager_logon xmlns:ns2="http://www.virtualbox.org/"><username></username><password></password></ns2:IWebsessionManager_logon></S:Body></S:Envelope>


And the following is the response I get:


HTTP/1.1 200 OK Content-length: 468 Content-type: text/xml; charset=utf-8 Connection: close Server: gSOAP/2.7 <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:vbox="http://www.virtualbox.org/"><SOAP-ENV:Body><vbox:IWebsessionManager_logonResponse><returnval></returnval></vbox:IWebsessionManager_logonResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>


As you can see the response is indicated as success, but <returnval> has a string of length 0.

Change History

comment:1 Changed 6 years ago by kohsuke

Argh, looks like I messed up the formatting, so here it goes again:

Request:

SOAPAction: ""
Content-Type: text/xml;charset="utf-8"
Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
<?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:IWebsessionManager_logon xmlns:ns2="http://www.virtualbox.org/"><username></username><password></password></ns2:IWebsessionManager_logon></S:Body></S:Envelope>

Response:

HTTP/1.1 200 OK
Content-length: 468
Content-type: text/xml; charset=utf-8
Connection: close
Server: gSOAP/2.7
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:vbox="http://www.virtualbox.org/"><SOAP-ENV:Body><vbox:IWebsessionManager_logonResponse><returnval></returnval></vbox:IWebsessionManager_logonResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>

comment:2 Changed 6 years ago by achimha

  • Status changed from new to closed
  • Resolution set to invalid

You have to disable authentication using VBoxManage setproperty vrdpauthlibrary null. We will change how it does authentication in the future. The recommendation will be to setup a local Apache web server that acts as a reverse proxy for the Web Service and handles authentication. This way you do not expose the internal simplistic HTTP server of the VirtualBox Web Service on the network and you have the full power of Apache to perform authentication.

comment:3 Changed 6 years ago by kohsuke

  • Status changed from closed to reopened
  • Resolution invalid deleted

You must have meant "VBoxManage setproperty websrvauthlibrary null"

In any case, there still is a bug --- if the authentication failed, the error code needs to be returned, not the success code with empty token. So I still consider this bug open.

comment:4 Changed 6 years ago by frank

  • Component changed from other to webservices

comment:5 Changed 6 years ago by umoeller

  • Status changed from reopened to closed
  • Resolution set to fixed

This should have been fixed with 2.0. If the problem persists, please reopen.

Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use