VirtualBox

Opened 16 years ago

Closed 15 years ago

Last modified 14 years ago

#1565 closed defect (fixed)

Web service login invocation returns invalid token

Reported by: Kohsuke Kawaguchi Owned by:
Component: webservices Version: VirtualBox 1.6.0
Keywords: Cc:
Guest type: other Host type: other

Description

When I invoke the IWebsessionManager_logon operation, the invocation succeeds but it doesn't return any valid token, and successive invocations fail.

The following is the request message I sent (via JAX-WS 2.1.3)


SOAPAction: "" Content-Type: text/xml;charset="utf-8" Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 <?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:IWebsessionManager_logon xmlns:ns2="http://www.virtualbox.org/"><username></username><password></password></ns2:IWebsessionManager_logon></S:Body></S:Envelope>


And the following is the response I get:


HTTP/1.1 200 OK Content-length: 468 Content-type: text/xml; charset=utf-8 Connection: close Server: gSOAP/2.7 <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:vbox="http://www.virtualbox.org/"><SOAP-ENV:Body><vbox:IWebsessionManager_logonResponse><returnval></returnval></vbox:IWebsessionManager_logonResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>


As you can see the response is indicated as success, but <returnval> has a string of length 0.

Change History (5)

comment:1 by Kohsuke Kawaguchi, 16 years ago

Argh, looks like I messed up the formatting, so here it goes again:

Request:

SOAPAction: ""
Content-Type: text/xml;charset="utf-8"
Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
<?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:IWebsessionManager_logon xmlns:ns2="http://www.virtualbox.org/"><username></username><password></password></ns2:IWebsessionManager_logon></S:Body></S:Envelope>

Response:

HTTP/1.1 200 OK
Content-length: 468
Content-type: text/xml; charset=utf-8
Connection: close
Server: gSOAP/2.7
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:vbox="http://www.virtualbox.org/"><SOAP-ENV:Body><vbox:IWebsessionManager_logonResponse><returnval></returnval></vbox:IWebsessionManager_logonResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>

comment:2 by Achim Hasenmueller, 16 years ago

Resolution: invalid
Status: newclosed

You have to disable authentication using VBoxManage setproperty vrdpauthlibrary null. We will change how it does authentication in the future. The recommendation will be to setup a local Apache web server that acts as a reverse proxy for the Web Service and handles authentication. This way you do not expose the internal simplistic HTTP server of the VirtualBox Web Service on the network and you have the full power of Apache to perform authentication.

comment:3 by Kohsuke Kawaguchi, 16 years ago

Resolution: invalid
Status: closedreopened

You must have meant "VBoxManage setproperty websrvauthlibrary null"

In any case, there still is a bug --- if the authentication failed, the error code needs to be returned, not the success code with empty token. So I still consider this bug open.

comment:4 by Frank Mehnert, 16 years ago

Component: otherwebservices

comment:5 by umoeller, 15 years ago

Resolution: fixed
Status: reopenedclosed

This should have been fixed with 2.0. If the problem persists, please reopen.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use