-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] MirthConnect Version 4.5.0 - Java 17 - Web Service Sender - button "Get Operations" fails if authentication is needed #6169
Comments
Hi @javandre |
and
I think you need additional Java9 entries for the WebService sender to work. This is still a bug in MC, since the suggested options should support the software that NextGen publishes. I think a workaround would be to add this to your VM options file: |
Hi @jonbartels |
@hanspeterbrun read the latest error message. It is still a modules error but it is a DIFFERENT module. You need additional |
Hi @jonbartels Thanks for your comments. We added this java.io entry, too. After this we got no more errors in mirth.log, but a HTTP 401 error as response. I think that no username/password was transmitted with the request, because the destination could not read the input textfields. |
Are you using hardcoded credentials or mapped values? "Test Connection" usually does not work with mapped values. Can you change the URL to a server you control and see what it sends? You should see the appropriate authn headers. The request won't work but you should be able to see what Mirth is transmitting. |
I'm a little bit confused, I think we are talking about the button "Get Operations" (not "Test Connection")... Yes, I'm using hardcoded credentials and I'm sure there are correct (tested with SoapUI). Unfortunately I don't have a SOAP server under my control at the moment. I'll try to check this later and then comment here. |
You don't need a soap server. e.g. if you have node installed:
|
Actaully tried this - and it does not send authorization.
|
Workaround of course is just the grab the WSDL and host it anywhere you can in fact access. |
@pacmano1 seems to have reproduced the issue. @javandre you should edit your bug report to focus ONLY on the WSDL auth issue. The The relevant code that generates the auth error is:
This generates the credentials in the URL: connect/server/src/com/mirth/connect/connectors/ws/WebServiceConnectorServlet.java Line 197 in c1bbf98
This generates the credentials in the format @javandre what authentication mechanism is the SOAP server expecting you to use for the WSDL? HTTP Basic? Oauth? something else? Using a browser or |
I think that I have found the problem. In this commit prior to the version 4.5.0, the existing SoapUI library that handled WSDL requests (com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader) was replaced by the Java native javax.wsdl.xml.WSDLReader one. The root of the problem seems to be that Mirth Connect is placing the Basic auth credentials from the connector form directly in the URL. This worked for SoapUI library, but I think that it is forbidden on purpose in the native Java implementation at some level. In fact it makes sense, since for example I have just found a URL with credentials in the console of my server instance. This could cause passwords to be leaked for some. I can think of a few ways to solve this bug in no particular order:
@jonbartels netcat or similar will not work, since at least the Mirth Connect versions prior to 4.5.0 used the HTTP authentication framework, so they wait for the server to ask back for the password if needed (The client is expecting a 401 error code along with a I also suggest a simple way to workaround this issue. It is to create another channel with an HTTP listener and an HTTP sender that acts as a proxy for the other channel, requesting the WSDL for it using the appropriate credentials. After using it, it could simply be disabled or removed. |
I just realized another simpler way to solve it without changing much! We could just simply define a default I even have just wrote a Rhino script that if executed once will even fix the issue until the server is restarted. It can be put for example in the deploy script of any channel or in the global deploy script. The following works, but the username and password parsing has to be done better to comply with RFC 1738.
var url_userinfo_authenticator = new java.net.Authenticator({
getPasswordAuthentication: function() {
var userInfo = null;
try {
var url = new java.net.URL(this.getRequestingURL());
userInfo = url.getUserInfo();
} catch (e) {
e.printStackTrace();
}
if (userInfo != null) {
var parts = userInfo.split(":");
if (parts.length === 2) {
var username = parts[0];
var password = parts[1];
return new java.net.PasswordAuthentication(username, password.toCharArray());
}
}
return null;
}
});
java.net.Authenticator.setDefault(url_userinfo_authenticator); |
Describe the bug
In a "Web Service Sender" destination the button "Get Operations" produces an error when "Authentication" is set to "Yes" and the WSDL server requires authentication. Bug is consistently reproducible.
To Reproduce
Expected behavior
Get operations from WSDL Server without error.
Actual behavior
Java-Error occurs (screenshot 1 and 2), operations are not loaded.
Screenshots
Screenshot 1: Java Error Window
Screenshot 2: Error in mirth.log file
Environment:
Workaround
Fill in the needed WSDL operations manually.
Additional context
Hint: The destination works correctly as a WebServiceSender if you fill in the operations manually. Only clicking the button "Get Operations" fails.
The text was updated successfully, but these errors were encountered: