Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

try to connect to openStack from webserver and get ClientResponseException{message=Target service not allowed, status=403, status-code=FORBIDDEN} #769

Closed
eitanElmalam opened this issue Aug 9, 2016 · 13 comments
Closed

try to connect to openStack from webserver and get ClientResponseException{message=Target service not allowed, status=403, status-code=FORBIDDEN} #769

eitanElmalam opened this issue Aug 9, 2016 · 13 comments

Comments

@eitanElmalam
Copy link

we are try to connect from cloud java application to openstack environment and get error:
ClientResponseException{message=Target service not allowed, status=403, status-code=FORBIDDEN}
The code is :
OSClientV3 os = OSFactory.builderV3().endpoint(OPEN_STACK_URL)
.credentials("admin", "devstack", domainIdentifier)
.scopeToProject( projectIdentifier,domainIdentifier)

            .authenticate();
@vinodborole
Copy link
Contributor

@eitanElmalam it seems the permissions are not enabled, check without scopeToProject

@eitanElmalam
Copy link
Author

I check with out scopeToProject get same error.

@vinodborole
Copy link
Contributor

can you check with V2 authentication?

@eitanElmalam
Copy link
Author

I check with V2 same error.
Maybe is certificate issue or ssl certificate ??

@eitanElmalam
Copy link
Author

Hello,

we are call with openstack4j from cloud environment so there a problem of security ..
The missing in your clode is :
we need to secure the protocol and the port ...
Can you add it to your code to support secure schems and port
SSLSocketFactory sslsf = null;
try {
sslsf = new SSLSocketFactory(new TrustStrategy() {

            public boolean isTrusted(
                    final X509Certificate[] chain, String authType) throws CertificateException {
                return true;
            }

        });
    } catch (KeyManagementException | UnrecoverableKeyException
            | NoSuchAlgorithmException | KeyStoreException e) {
        e.printStackTrace();
    }

    Scheme httpsScheme = new Scheme("http", 5000, sslsf);
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(httpsScheme);

    ClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry);
    this.httpClient = new DefaultHttpClient(cm);

@auhlig
Copy link
Member

auhlig commented Aug 15, 2016

@eitanElmalam I guess it's easier if you do and test the change on your side and follow up with a PR.

@eitanElmalam
Copy link
Author

Hi,

Ok no problem , but how I do it ? I see your sources in the git , I do not know how to bring it to eclipse.
Can you help me ?? please explain how I imlement the change.

@eitanElmalam
Copy link
Author

I bring it to eclipse I got a few error like
Description Resource Path Location Type
Project 'it-httpclient' is missing required Java project: 'openstack4j-core-integration-test' it-httpclient Build path Build Path Problem
The project cannot be built until build path errors are resolved it-httpclient Unknown Java Problem
Description Resource Path Location Type
Plugin execution not covered by lifecycle configuration: org.apache.maven.plugins:maven-jar-plugin:2.6:test-jar (execution: default, phase: test-compile) pom.xml /it-httpclient line 4 Maven Project Build Lifecycle Mapping Problem
Plugin execution not covered by lifecycle configuration: org.apache.maven.plugins:maven-jar-plugin:2.6:test-jar (execution: default, phase: test-compile) pom.xml /it-jersey2 line 4 Maven Project Build Lifecycle Mapping Problem

Where I can write unit test in which package ?

@eitanElmalam
Copy link
Author

I investigate the code , I do not know how to add the change , please help it is urgent.

@vinodborole
Copy link
Contributor

vinodborole commented Aug 18, 2016
edited
Loading

@eitanElmalam please try this approach
TestConfigAuthenticate.txt

@eitanElmalam
Copy link
Author

I try, it did not help.
The Aoutentication need to be on the HttpClient not sslContext.

@auhlig
Copy link
Member

auhlig commented Aug 23, 2016

Hey @eitanElmalam,
If the solution discussed via IM worked please close the issue.
Else feel free to reach out to me.

@eitanElmalam
Copy link
Author

Hi,

I did the fix and it solve the issue .

The fix in file - HttpClienFactory:
private CloseableHttpClient buildClient(Config config) {
HttpClientBuilder cb = HttpClientBuilder.create().setUserAgent(USER_AGENT);

    SSLSocketFactory sslsf = null;
    try {
        sslsf = new SSLSocketFactory(new TrustStrategy() {

            public boolean isTrusted(
                    final X509Certificate[] chain, String authType) throws CertificateException {
                return true;
            }

        });
    } catch (KeyManagementException | UnrecoverableKeyException
            | NoSuchAlgorithmException | KeyStoreException e) {
        e.printStackTrace();
    }

    cb.setSSLSocketFactory(sslsf);

Can you add the fix to next realese ?
Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@vinodborole @auhlig @eitanElmalam