#1565 closed defect (fixed)
Web service login invocation returns invalid token
| Reported by: | Kohsuke Kawaguchi | Owned by: | |
|---|---|---|---|
| Component: | webservices | Version: | VirtualBox 1.6.0 |
| Keywords: | Cc: | ||
| Guest type: | other | Host type: | other |
Description
When I invoke the IWebsessionManager_logon operation, the invocation succeeds but it doesn't return any valid token, and successive invocations fail.
The following is the request message I sent (via JAX-WS 2.1.3)
SOAPAction: "" Content-Type: text/xml;charset="utf-8" Accept: text/xml, multipart/related, text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 <?xml version="1.0" ?><S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"><S:Body><ns2:IWebsessionManager_logon xmlns:ns2="http://www.virtualbox.org/"><username></username><password></password></ns2:IWebsessionManager_logon></S:Body></S:Envelope>
And the following is the response I get:
HTTP/1.1 200 OK Content-length: 468 Content-type: text/xml; charset=utf-8 Connection: close Server: gSOAP/2.7 <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:vbox="http://www.virtualbox.org/"><SOAP-ENV:Body><vbox:IWebsessionManager_logonResponse><returnval></returnval></vbox:IWebsessionManager_logonResponse></SOAP-ENV:Body></SOAP-ENV:Envelope>
As you can see the response is indicated as success, but <returnval> has a string of length 0.
Change History (5)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
You have to disable authentication using VBoxManage setproperty vrdpauthlibrary null. We will change how it does authentication in the future. The recommendation will be to setup a local Apache web server that acts as a reverse proxy for the Web Service and handles authentication. This way you do not expose the internal simplistic HTTP server of the VirtualBox Web Service on the network and you have the full power of Apache to perform authentication.
comment:3 by , 16 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
You must have meant "VBoxManage setproperty websrvauthlibrary null"
In any case, there still is a bug --- if the authentication failed, the error code needs to be returned, not the success code with empty token. So I still consider this bug open.
comment:4 by , 16 years ago
| Component: | other → webservices |
|---|
comment:5 by , 16 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
This should have been fixed with 2.0. If the problem persists, please reopen.


Argh, looks like I messed up the formatting, so here it goes again:
Request:
Response: