Page 1 of 1

ExtendedPTVServlet unauthorized access

Posted: Tue Mar 29, 2016 11:38 am
by steiner
Hello,

I have a problem with the xlocate-module from xServer. We use on our custom-server the Version 1.20.1.0. Now i'm testing the Version 1.22 on my pc. On both system i get following issue:

Every time when i search for a City with findAddressByText i get a unauthorized Access. But i get a result and no error-message in our application. We use http-Authentification.

When i changes the credentials in the users.properties, then i get no result and a error-messages in the application.

this is the log-entry in xlocate-server.log:
2016-03-29 11:04:21,077;WARN;com.ptvag.jabba.core.session.ExtendedPTVServlet;unauthorized access
2016-03-29 11:04:23,874;INFO;RequestTimes;cdbee04c-c0a4-4e0a-9f0a-71adb76e78bb;10.0.0.57;csuser;50020;unknown-cluster;XLocate.findAddressByText;true;;;;none;m0001;2;0;0;2788;0;2;2789;2794;NO-TXN;e,locating;4130012.964105,5284121.111163;4204076.977974,5268729.981817;;1;;-;-;-
The same issue i get with the Testclient xLocate, i have today downloaded from this forum:
2016-03-29 13:12:33,083;WARN;com.ptvag.jabba.core.session.ExtendedPTVServlet;unauthorized access
2016-03-29 13:12:33,279;INFO;RequestTimes;70a53b5d-2edb-40e2-847c-b0dca3ba9e20;127.0.0.1;csuser;50020;unknown-cluster;XLocate.findAddressByText;true;PTVXLocate Testclient;;;default;m0001;1;0;0;182;0;3;182;188;NO-TXN;locating;;;;1;;-;-;-
It's like the search tries a funktion we don't have lisenced or the search tries a second authentification, that doesn't work (ex https).

I hope someone can help me.

best regards
Jürgen

Re: ExtendedPTVServlet unauthorized access

Posted: Wed Mar 30, 2016 1:22 pm
by Bernd Welter
Hello Jürgen,

looks like this is a framework issue. I made some tests on my local machine but I need some backend experts for further statements. I already triggered them but due to easter vacancies it might take some days (most of them are out-of-order this week).

Best regards
Bernd

PS:
I used a C# client where I override some web request objects.
A single call in the source produces 2 succeeding XML postings. Strange.
Looks similar to what you describe: one malicious response due to failed authentication and one successful one
Used PORTMON tool to capture traffic. Within a single HTTP conn there are two XML requests send - and two responses received: one is an empty geocoder result list (successful), the other one is an exception
Used PORTMON tool to capture traffic. Within a single HTTP conn there are two XML requests send - and two responses received: one is an empty geocoder result list (successful), the other one is an exception

Re: ExtendedPTVServlet unauthorized access

Posted: Wed Mar 30, 2016 1:30 pm
by Joost
For C# the behavior of sending 2 request is pretty common. I found an article that explains this:

http://stackoverflow.com/questions/6338 ... redentials

It could be that this is also the cause for the behavior Jurgen is seeing.

Re: ExtendedPTVServlet unauthorized access

Posted: Wed Mar 30, 2016 1:57 pm
by Bernd Welter
Hello together and thanks, Joost,

yeah, now we have a description of "what happens", but still no solution of "how to properly handle this" - do we?
Though some part of the HTTP communication looks successful the overall handling in the source is "there is an error".
How can we get rid of this?

Or are you (Jürgen) happy with Joosts hint?

Best regards Bernd

Re: ExtendedPTVServlet unauthorized access

Posted: Thu Mar 31, 2016 11:51 am
by steiner
Hello,

thanks for your help.

Basically everything in our program works. So it isn't a real problem.

We use the same function to set the Credentials (request.Credentials). So i try to set HttpHeader instead of using request.Credentials.

Thanks Joosts for the link.

@Bernd, I'm happy :D

Re: ExtendedPTVServlet unauthorized access

Posted: Thu Mar 31, 2016 12:32 pm
by Bernd Welter
Thanks for the explizit "you're done", Jürgen

:mrgreen: