Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Always send basic auth header to Virtuoso #1326

Merged
merged 1 commit into from
Nov 10, 2023
Merged

Always send basic auth header to Virtuoso #1326

merged 1 commit into from
Nov 10, 2023

Conversation

andersju
Copy link
Member

XL Tomcat log:

2023-11-10T16:06:48,247 [SparqlUpdater-2] WARN  whelk.component.SparqlUpdater - Failed, will retry: java.net.SocketException: Broken pipe
2023-11-10T16:07:18,211 [SparqlUpdater-0] WARN  whelk.component.SparqlUpdater - Failed, will retry: java.net.SocketException: Broken pipe
2023-11-10T16:07:48,215 [SparqlUpdater-3] WARN  whelk.component.SparqlUpdater - Failed, will retry: java.net.SocketException: Broken pipe
2023-11-10T16:08:18,207 [SparqlUpdater-1] WARN  whelk.component.SparqlUpdater - Failed, will retry: java.net.SocketException: Broken pipe

Virtuoso log:

x.x.x.x - - [10/Nov/2023:16:07:48 +0100] "PUT /sparql-graph-crud-auth?graph=https://libris-qa.kb.se/00nj5pg320vg4482 HTTP/1.1" 401 40 "" "Apache-HttpClient/4.5.13 (Java/17.0.9)"
x.x.x.x - - [10/Nov/2023:16:07:48 +0100] "PUT /sparql-graph-crud-auth?graph=https://libris-qa.kb.se/00nj5pg320vg4482 HTTP/1.1" 401 40 "" "Apache-HttpClient/4.5.13 (Java/17.0.9)"
x.x.x.x - - [10/Nov/2023:16:07:48 +0100] "PUT /sparql-graph-crud-auth?graph=https://libris-qa.kb.se/00nj5pg320vg4482 HTTP/1.1" 401 40 "" "Apache-HttpClient/4.5.13 (Java/17.0.9)"
x.x.x.x - - [10/Nov/2023:16:07:48 +0100] "PUT /sparql-graph-crud-auth?graph=https://libris-qa.kb.se/00nj5pg320vg4482 HTTP/1.1" 401 40 "" "Apache-HttpClient/4.5.13 (Java/17.0.9)"

This has been going on for quite a while. Looking at the traffic on sparql01-qa with tcpflow -c -a port 8890 -i any I notice that SparqlUpdater doesn't send a basic auth header at first, which is the way it's supposed to be:

By default, httpclient will not provide credentials preemptively, it will first create a HTTP request without authentication parameters. This is by design, as a security precaution, and as part of the spec. But, this causes issues if you don't retry the connection, or wherever you're connecting to expects you to send authentication details on the first connection. It also causes extra latency to a request, as you need to make multiple calls, and causes 401s to appear in the logs.

(https://stackoverflow.com/a/21592593)

Seems like something goes wrong in this interaction between SparqlUpdater and Virtuoso. So, let's just send the Authorization header right away, because not doing so is anyway pointless in this situation.

@andersju andersju merged commit 3afcaf1 into develop Nov 10, 2023
1 check passed
@andersju andersju deleted the feature/always-send-basic-auth-to-sparql branch November 10, 2023 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jannistsiroyannis jannistsiroyannis Awaiting requested review from jannistsiroyannis

@lrosenstrom lrosenstrom Awaiting requested review from lrosenstrom

@olovy olovy Awaiting requested review from olovy

@kwahlin kwahlin Awaiting requested review from kwahlin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@andersju