图形数据库用户/密码代理设置导致状态码 407。

huangapple go评论75阅读模式
英文:

graphDB User/PW proxy settings lead to statuscode 407

问题

我正在尝试在我的本地GraphDB实例(Windows上的GraphDB Free 9.4.1)上运行以下SPARQL查询。

PREFIX wd: <http://www.wikidata.org/entity/>
PREFIX wdt: <http://www.wikidata.org/prop/direct/>
PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#>
SELECT * WHERE {
    SERVICE <https://query.wikidata.org/sparql> {
        ?subj wdt:P31 wd:Q744913 ;
            wdt:P625 ?coord ;
            rdfs:label ?label
        FILTER (lang(?label) = "en")
    }
}

该查询在我的个人计算机上没有问题。
但是在我们公司的网络中,由于我们有代理,它无法正常工作。

我使用了一个RDF4J-Java程序来检查我的代理设置,它们完全正常。

[...]
System.setProperty("https.proxyHost", "<company_proxy>");
System.setProperty("https.proxyPort", "<company_proxy_port>");
System.setProperty("https.nonProxyHost", "localhost|127.0.0.1|<company_list>");
System.setProperty("https.proxyUser", "<user>");      
System.setProperty("https.proxyPassword", "<password>");  
[...]

我尝试了不同的方法为GraphDB设置相同的设置

  • 通过UI界面
  • 通过 C:\Users\XXXX\AppData\Local\GraphDB Free\runtime\conf\net 配置文件
  • 通过 C:\Users\XXXX\AppData\Roaming\GraphDB\conf\proxy.properties 配置文件
  • 通过 C:\Users\XXXX\AppData\Local\GraphDB Free\app\ 配置文件

所有这些方法都对配置进行了一些更改,这意味着我现在看到了一个错误消息,不再有连接超时。由于我已经使用RDF4J验证了设置,我猜问题在于如何应用配置,或者配置的解析存在问题。

编辑:
我得到了状态码407,要求代理身份验证。
我猜图形数据库不接受 https.proxyUserhttps.proxyPassword 属性。

是否有人遇到了相同的问题并有解决方案?或者我该如何进一步调试这个问题?

附:我的密码包含 '!' 字符。这可能是问题吗?我尝试了我能想到的每种转义机制(\!^!^^!,都在引号中),但都没有起作用。

编辑 2.0:
Ontotext的团队发现了一个bug,并在版本9.5.0-TR14中修复了它。
此问题中提到的代理配置现在已经生效。

英文:

I'm trying to run following SPARQL-query on my local graphDB-Instance (GraphDB Free 9.4.1 on Windows).

PREFIX wd: &lt;http://www.wikidata.org/entity/&gt;
PREFIX wdt: &lt;http://www.wikidata.org/prop/direct/&gt; 
PREFIX rdfs: &lt;http://www.w3.org/2000/01/rdf-schema#&gt;
SELECT * WHERE {
    SERVICE &lt;https://query.wikidata.org/sparql&gt; {
        ?subj wdt:P31 wd:Q744913 ;
            wdt:P625 ?coord ;
            rdfs:label ?label
        FILTER (lang(?label) = &quot;en&quot;)
    }
}

The query works without a problem on my personal computer.
But within my companies network, it doesn't, because we have a proxy.

I checked my proxy settings with a RDF4J-Java programm and they work perfectly fine.

[...]
System.setProperty(&quot;https.proxyHost&quot;, &quot;&lt;company_proxy&gt;&quot;);
System.setProperty(&quot;https.proxyPort&quot;, &quot;&lt;company_proxy_port&gt;&quot;);
System.setProperty(&quot;https.nonProxyHost&quot;, &quot;localhost|127.0.0.1|&lt;company_list&gt;&quot;);
System.setProperty(&quot;https.proxyUser&quot;, &quot;&lt;user&gt;&quot;);      
System.setProperty(&quot;https.proxyPassword&quot;, &quot;&lt;password&gt;&quot;);  
[...]

I tried to set the same settings for GraphDB with different approaches

  • via the UI
  • via the C:\Users\XXXX\AppData\Local\GraphDB Free\runtime\conf\net configuration-file
  • via the C:\Users\XXXX\AppData\Roaming\GraphDB\conf\proxy.properties configuration-file
  • via the C:\Users\XXXX\AppData\Local\GraphDB Free\app\ configuration-file

All do something to the configuration, meaning I now see an error message and don't have a connection timeout anymore. Since I validated the settings with RDF4J I am guessing the problem is how I apply the configuration or there is a problem with parsing the configuration.

Edit:
I get an statuscode 407, Proxy Authentication Required.
I'm guessing, that graphDB doesn't accept the properties https.proxyUser and https.proxyPassword.

Did anybody had the same issue and has a solution? Or how could I debug this problem further?

ps. my password contains the '!' character. might this be the problem? I tried every escape mechanism i could think of (!, ^!, ^^!, all in "") but neither did work.

Edit 2.0:
The guys from ontotext found a bug and it was fixed with the release 9.5.0-TR14.
The proxy-configuration mentioned in this questions works now.

答案1

得分: 1

最接近模拟问题的代理服务器情景是:

  1. 下载并安装 mitmproxy 服务器
  2. 信任 mitmproxy 的证书,以便所有 Java 程序都可以使用 HTTPS 连接到代理服务器。您可以使用以下命令:
# ~/.mitmproxy/mitmproxy-ca-cert.cer 是代理服务器附带的证书
sudo keytool -importcert -file ~/.mitmproxy/mitmproxy-ca-cert.cer -alias mitmproxy -keystore $JAVA_HOME/jre/lib/security/cacerts
  1. 使用用户名和密码启动代理服务器:
# 代理服务器需要用户名和密码
mitmproxy --set proxyauth=testUser:testPassword
  1. 启动 GraphDB 并将其指向本地 mitmproxy 服务器:
# 将 Apache HTTP 客户端指向 mitmproxy
./graphdb -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080 -Dhttps.proxyUser=testUser -Dhttps.proxyPassword=testPassword

在这一点上,我能够重现 HTTP 407 错误,即 GraphDB 的 HTTPS 客户端无法与代理服务器协商认证过程。相同的过程对于 HTTP 协议有效,因此我已经通过同时指定 https.proxyUser 及其 http.proxyUser 等效项来找到了一个解决方法。以下示例在您的查询和 mitmproxy 服务器上运行良好:

# 设置不仅 HTTPS 连接,还有 HTTP 连接
/graphdb -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080 -Dhttps.proxyUser=testUser -Dhttps.proxyPassword=testPassword -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080 -Dhttp.proxyUser=testUser -Dhttp.proxyPassword=testPassword
英文:

To closest possible scenario to simulate the issue with your proxy server was:

  1. Download and install mitmproxy server
  2. Trust the mitmproxy's certificate for all Java programs so GraphDB can use HTTPS connections to the proxy
# ~/.mitmproxy/mitmproxy-ca-cert.cer is the certificate shipped with the proxy
sudo keytool -importcert -file ~/.mitmproxy/mitmproxy-ca-cert.cer -alias mitmproxy -keystore $JAVA_HOME/jre/lib/security/cacerts
  1. Start the proxy server with username and password
# The proxy will require username and password
mitmproxy --set proxyauth=testUser:testPassword  
  1. Start GraphDB and point it to the local mitmproxy server:
# Point the Apache HTTP Client to use the mitmproxy
./graphdb -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080 -Dhttps.proxyUser=testUser -Dhttps.proxyPassword=testPassword

At this point, I was able to reproduce the HTTP 407 error, where the HTTPS client of GraphDB fails to negotiate the authenticating process with the proxy server. The same process works fine for the HTTP protocol, so this is how I have reached a workaround, which overcomes this glitch by specifying both the https.proxyUser and its http.proxyUser equivalent. The example works fine with your query and the mitmproxy server:

# Setup not only HTTPS but also HTTP connection
/graphdb -Dhttps.proxyHost=localhost -Dhttps.proxyPort=8080 -Dhttps.proxyUser=testUser -Dhttps.proxyPassword=testPassword -Dhttp.proxyHost=localhost -Dhttp.proxyPort=8080 -Dhttp.proxyUser=testUser -Dhttp.proxyPassword=testPassword

答案2

得分: 0

你可以尝试做的是将 'graphdb.workbench.external-url' 参数设置为实例应驻留的任何 URL 或子路径。该参数用于重写传入的请求,并可以在 API 调用方面提供帮助。

英文:

What you can try doing is setting up the 'graphdb.workbench.external-url' parameter to whatever URL/subpath your instance should reside at. This parameter is used for rewriting incoming requests and can help with API calls.

huangapple
  • 本文由 发表于 2020年10月9日 21:10:05
  • 转载请务必保留本文链接:https://go.coder-hub.com/64280773.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定