Crate SQL query using curl with basic access authentication - authentication

From the crate.io documentation I am told that an SQL query can be performed like this:
curl -sSXPOST 'CLUSTER_IP:4200/_sql?pretty' -d '{"stmt":"select name from sys.cluster"}'
The database I am trying to connect to requires a username and password:
How can I build this authentication into the curl call? I have tried several variants of things I found online with no success. The error I keep seeing looks like this:

Out of the box CrateDB does not provide any authentication.
Maybe you are running a HTTP Proxy or loadbalancer with authentication in front of it? NGINX? Try to connect to one of the CrateDB servers instead.

The query worked when I included the login credentials as follows:
curl -sSXPOST 'username:password#hostname:port/_sql?pretty' -d '{"stmt":"select name from sys.cluster"}'

Related

Keycloak 20.0.2 does not accept backchannel connection

I am having some issue with having Keycloak 20.0.2 working for my web application.
I have my keycloak URL accessible at:
https://example.com/white-graduation/keycloak/auth
This is designed for backend application to work with keycloak. It fundamentally usse haproxy as a reverse proxy to connect the https address to my internal keycloak.
So far, all frontend login has been working, without any issue. I can also have access to the keycloak control console UI.
The internal keycloak address is at:
http://loginservice:8080/white-graudation/keycloak/auth
This is designed for backend application to work with keycloak.
However, the backend login is facing a 401 issue.
By experimenting with different curl call in the container that's running the backend, I found that:
curl -I -X GET https://example.com/white-graduation/keycloak/auth/realms/shirasaki-academy/protocol/openid-connect/userinfo -H "Authorization: Bearer Example-Bearer-Token"
This API call gives 200, but
curl -I -X GET https://loginservice:8080/white-graduation/keycloak/auth/realms/shirasaki-academy/protocol/openid-connect/userinfo -H "Authorization: Bearer Example-Bearer-Token"
This gives 401. i.e. back-channel didn't work.
I did an expansion of Example-Bearer-Token, it does show that the iss is indeed only https://example.com/white-graduation/keycloak/auth/realms/shirasaki-academy, because the backend still uses frontend to login. But it should still work.
My Keycloak 20.0.2's setting:
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=whatever
KC_HTTP_RELATIVE_PATH=/white-graduation/keycloak/auth
KC_HOSTNAME_ADMIN_URL=https://example.com/white-graduation/keycloak/auth
KC_HOSTNAME_STRICT=false
KC_HTTP_ENABLED=true
KC_HTTP_PORT=8080
KC_HOSTNAME_STRICT_HTTPS=false
KC_PROXY=edge
The Keycloak 20.0.2's Quarkus is run through:
/opt/keycloak/bin/kc.sh start-dev --import-realm --log-level=org.keycloak.events:debug --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
Note that I did not set KC_HOSTNAME_STRICT_BACKCHANNEL but this is by default already false, which under such case should allow back-channel connection to work.
Note that this isn't the recommended setting for production environment. But this isn't a production environment after all.
Problem solved by setting:
KC_HOSTNAME_URL=https://example.com/white-graduation/keycloak/auth
which means, KC_HOSTNAME_URL == KC_HOSTNAME_ADMIN_URL
After such, the internal API point starts working.
Not really sure why...but at least this solves my problem.

Login Github with Curl

I tried call this command
curl -l -u "my_user_name" https://my-enterprise-github.com
Then, I input my password manually.
But it returns this
<html><body>You are being redirected.</body></html>
Please explain what's wrong with my command.
Thank you.
cURL should not be used for access to GitHub's (or most web) UI without specific reasons. GitHub provides an API to allow accessing data as a well-defined structure.
You mentioned wanting to get-a-single-pull-request. This relies on a URL pattern following GET /repos/:owner/:repo/pulls/:number.
So if you had a GitHub account, facebook, and wanted to look up a specific pull request 15947 in react-native. The full URL would be
https://api.github.com/repos/facebook/react-native/pulls/15947
The cURL command would be
curl -u osowskit -X GET https://api.github.com/repos/facebook/react-native/pulls/15947
Note that:
You will likely want to start using a PAT or OAuth token instead of username/password
There are tools that make exploring the GitHub API easier. postman or octokit
To start with you may want the -L flag. From the cURL Frequently Asked Questions
3.8 How do I tell curl to follow HTTP redirects?
Curl does not follow so-called redirects by default. The Location: header that informs the client about this is only interpreted if you're using the -L/--location option. As in:
curl -L http://redirector.com
Not all redirects are HTTP ones, see 4.14
There's also a CLI now that can be helpful for many similar use-cases:
https://cli.github.com/
$ gh pr list
Showing 2 of 2 open pull requests in Roblox/service-comms-nomad
#16 chi1 Traefik 1.7 GLB jobs chi1-glb-prep
#6 Cgt/t2 cgt/t2

Authenticating to Magento Rest API via Curl and token-based authentication fails

As all I want to do is connect to my own site, I should be able to ignore oAuth and do token-baseed authentication as per:
http://devdocs.magento.com/guides/v2.0/get-started/authentication/gs-authentication-token.html
My curl request looks exactly like:
curl -X POST "https://magento.host/index.php/rest/V1/integration/admin/token" \
-H "Content-Type:application/json" \
-d '{"username":"test#example.com", "password":"123123q"}'
The response I get is a HTML page from my own site that basically says 'page not found' I'm obviously going to the correct domain, but it seems something else in the URL is incorrect. Any ideas?
Am I using the wrong URL?
In version 1.9 you need to create a Guest endpoint. Then you don't need to use oAuth. You can see how to use it here: http://devdocs.magento.com/guides/m1x/api/rest/introduction.html
An authentication system that uses REST so that you do not need to actually track or manage the users in your system. This is done by using the HTTP methods POST, GET, PUT, DELETE. We take these 4 methods and think of them in terms of database interaction as CREATE, READ, UPDATE, DELETE.
There is no direct way to use REST token based authentication on the Magento 1.x version. You need to write this functionality to you for your own. I have write this functionality by using REST API and you can also follow this article for more details.
https://www.ipragmatech.com/magento-token-base-rest-api-for-authentication-and-authorization

Couchbase lite - user access control

I want to share data between multiple devices and users running a couchdb server on iriscouch.com and using couchbase-lite on ios and android. Users should be able to login with facebook and email. How do I handle user access to specific documents? I dont dont want anyone to be able to access the documents and databases. I thought about using HTTP basic auth (replication security), hard coding username and password into the app code. Unfortunately it is sent as plain text and seems totally insecure. Can you help me out with some ideas about this scenario?
You can use SSL ecncryption for security. Please refer the link for enabling SSL
https://wiki.apache.org/couchdb/How_to_enable_SSL.
I had similar problem while using Basic Auth, hence we had to use SSL to make it more secure.
If can follow this method If you want to use Basic AUth.
1. Encode the username and Password
ex: username#password which after encoding becomes dXNlcm5hbWVAcGFzc3dvcmQ=
(use https://www.base64encode.org/ to encode).
Using curl try to authenticate
curl -v -H "Authorization: Basic dXNlcm5hbWVAcGFzc3dvcmQ=" -H "Content- type:application/json" -X GET IP_Address_and_DatabaseName
In this way you can hide the Username and Password but still anyone can have the encoded string. Hence If possible, try to implement SSL.

XACML Authentication in Network Proxy Server

I am trying to implement Access Control Policies on Network Proxy Server. Presently, I am at a stage where I have modeled it like this:
The problem I am facing is how to send the resource url, username and password from PEP to PDP. I am presently using WSO2 for implementing PDP policies.
Relating to this I also saw a command on this link, which is as follow:
curl -X POST -H 'Content-type:text/xml' -T soap-xacml-request.xml https://localhost:8443/asm-pdp/pdp --cacert pdp.b64.cer --user pep:password
I also don't know what url should I be giving instead of https://localhost:8443/asm-pdp/pdp (as I am using WSO2).
Can somebody please help me regarding all these issues?
Did you look at the WSO2 documentation and blog? E.g. http://xacmlinfo.com/2012/06/14/pep-client-for-wso2is-pdp/.