Commit 4304b1d2 authored by Robert Bailey's avatar Robert Bailey

Set the 'WWW-Authenticate' header on 401 responses when basic

auth is enabled. This is required for basic auth to work with web browsers.
parent d327ba77
......@@ -297,6 +297,7 @@ func (s *APIServer) Run(_ []string) error {
ReadWritePort: s.SecurePort,
PublicAddress: net.IP(s.BindAddress),
Authenticator: authenticator,
SupportsBasicAuth: len(s.BasicAuthFile) > 0,
Authorizer: authorizer,
AdmissionControl: admissionController,
DisableV1Beta3: disableV1beta3,
......
......@@ -49,7 +49,18 @@ func NewRequestAuthenticator(mapper api.RequestContextMapper, auth authenticator
)
}
var Unauthorized http.HandlerFunc = unauthorized
func Unauthorized(supportsBasicAuth bool) http.HandlerFunc {
if supportsBasicAuth {
return unauthorizedBasicAuth
}
return unauthorized
}
// unauthorizedBasicAuth serves an unauthorized message to clients.
func unauthorizedBasicAuth(w http.ResponseWriter, req *http.Request) {
w.Header().Set("WWW-Authenticate", `Basic realm="kubernetes-master"`)
http.Error(w, "Unauthorized", http.StatusUnauthorized)
}
// unauthorized serves an unauthorized message to clients.
func unauthorized(w http.ResponseWriter, req *http.Request) {
......
......@@ -94,6 +94,8 @@ type Config struct {
APIPrefix string
CorsAllowedOriginList util.StringList
Authenticator authenticator.Request
// TODO(roberthbailey): Remove once the server no longer supports http basic auth.
SupportsBasicAuth bool
Authorizer authorizer.Authorizer
AdmissionControl admission.Interface
MasterServiceNamespace string
......@@ -500,7 +502,7 @@ func (m *Master) init(c *Config) {
// Install Authenticator
if c.Authenticator != nil {
authenticatedHandler, err := handlers.NewRequestAuthenticator(m.requestContextMapper, c.Authenticator, handlers.Unauthorized, handler)
authenticatedHandler, err := handlers.NewRequestAuthenticator(m.requestContextMapper, c.Authenticator, handlers.Unauthorized(c.SupportsBasicAuth), handler)
if err != nil {
glog.Fatalf("Could not initialize authenticator: %v", err)
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment