I'm trying to access rest api through my companies proxy server this requires me authenticate with the proxy.
I can access the outside world using curl with the parameters:
curl -v -s -user $kerbrosId -x $ProxyServer:$proxyPort --proxy-negotiate https://google.com
I receive the following output:
Enter proxy password for user '$user':
* Trying $proxyIP:$proxyPort...
* Connected to $proxyURL ($proxyIP) port $proxyPort (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using Negotiate with user 'bradsw'
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> Proxy-Authorization: Negotiate ${shortBase64token}
> User-Agent: curl/7.83.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 407 Proxy Authentication Required
< Proxy-Authenticate: NEGOTIATE ${longerBase64token}
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html; charset=utf-8
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Content-Length: 5621
<
* Ignore 5621 bytes of response-body
* Establish HTTP proxy tunnel to google.com:443
* Proxy auth using Negotiate with user '$user'
> CONNECT google.com:443 HTTP/1.1
> Host: google.com:443
> Proxy-Authorization: Negotiate ${evenLongerBase64token}
> User-Agent: curl/7.83.1
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
<
* Proxy replied 200 to CONNECT request
* CONNECT phase completed
* schannel: disabled automatic use of client certificate
* ALPN: offers http/1.1
* ALPN: server accepted http/1.1
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.83.1
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 301 Moved Permanently
< Location: https://www.google.com/
< Content-Type: text/html; charset=UTF-8
< Date: Thu, 29 Sep 2022 22:09:00 GMT
< Expires: Sat, 29 Oct 2022 22:09:00 GMT
< Cache-Control: public, max-age=2592000
< Server: gws
< Content-Length: 220
< X-XSS-Protection: 0
< X-Frame-Options: SAMEORIGIN
< Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
I have tried a million variations of
RestTemplate(HttpComponentsClientHttpRequestFactory(
HttpClientBuilder.create()
.setProxy(HttpHost(proxyUrl, proxyPort))
//other calls here to set things up
.build()
)
)
Nothing seems to authenticate correctly. I get back a 407 PROXY_AUTHENTICATION_REQUIRED with the companies default call the help desk if your browser doesn't work page in my stack trace.
Our systems are configured with an appropriate kbr5.config file so that should not be the issue & in other places in the code we are getting an SSO token a based on a ticket stored by kinit using the equivalent of RestTemplate().getForEntity("${sso-endpoint}", String::class.java).
I would ideally like to be able to delegate credentials to the OS via logged on user (either windows or REL based Linux systems) though I would consider simply authenticating at all a win at this point. I'm working in Kotlin but can easily translate a Java solution to Kotlin.
Any ideas appreciated?
Related
I am building a basic Spring Boot app, using the built is resource handler.
registry.addResourceHandler("/**")
.addResourceLocations("classpath:/public/")
.setCachePeriod(60 * 60 * 24 * 365)
.resourceChain(true)
.addResolver(versionResourceResolver);
The file structure is as follows:
src
main
java
..
resources
public
js
app.js
Making a request to localhost:8080/js/app.js works as expected, returning the contents of the file with the correct MIME type.
However, making a request to the container directory also returns 200 OK and an empty response!
$ curl -v http://localhost:8080/js/
* Trying ::1...
* Connected to localhost (::1) port 8080 (#0)
> GET /js/ HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.49.1
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Mon, 28 Nov 2016 21:13:26 GMT
< X-Application-Context: application
< Last-Modified: Mon, 28 Nov 2016 21:06:28 GMT
< Cache-Control: max-age=31536000
< Accept-Ranges: bytes
< Content-Type: application/octet-stream
< Content-Length: 0
<
* Connection #0 to host localhost left intact
How can I get this to return 404 Not Found instead? It's not a huge issue, but definitely not what I'd expected.
In my pet project I have a simple jersey (v 2.13) resource that performs some crud operations, and the input is validated by hibernate-validator (v 5.0.1.Final).
The problem is that while the junit tests works as expected, when I deploy the webapp all the ExceptionMapper implementations are ignored.
Here some details:
#POST
#Consumes(MediaType.APPLICATION_JSON)
#Produces(MediaType.APPLICATION_JSON)
public JsonResult<User> addUser(#Valid Userbean user) {
//do stuff...
}
The validation is made by hibernate-validator.
the Userbean is annotate with:
#NotNull
private String password;
I've created an ExceptionMapper implementation:
#Provider
public class ValidationExceptionMapper implements ExceptionMapper<ValidationException> {
#Override
public Response toResponse(ValidationException e) {
return Response.status(422).build();
}
}
Leaving aside that on validation the proper status code should be 400, my problem is that while in my junit-test everything goes fine...
Userbean entity = new Userbean();
entity.setUsername(username);
Response response = target.path("users").request(MediaType.APPLICATION_JSON).post(Entity.json(entity));
int status = response.getStatus();
assertEquals(422 status);
...I cannot reproduce the same behaviour when I run it on tomcat (I've tried tomcat7 / tomcat 8 and also glassfish 4.1)
I always get a 400 status code instead of 422 and ValidationExceptionMapper is being skipped.
$ curl -v -X POST -H "Content-Type: application/json" --data "{\"username\":\"MrFoo\"}" http://localhost:8080/playground-webapp/jaxrs/jersey/users/
* About to connect() to localhost port 8080 (#0)
* Trying ::1... connected
> POST /playground-webapp/jaxrs/jersey/users/ HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: localhost:8080
> Accept: */*
> Content-Type: application/json
> Content-Length: 20
>
* upload completely sent off: 20out of 20 bytes
< HTTP/1.1 400 Bad Request
< Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
< Content-Language: en
< Content-Length: 990
< Date: Sun, 28 Dec 2014 15:07:34 GMT
< Connection: close
<
* Closing connection #0
<html><head><title>Apache Tomcat/7.0.52 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 400 - Bad Request</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Bad Request</u></p><p><b>description</b> <u>The request sent by the client was syntactically incorrect.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.52</h3></body></html>
The same call made on the test server works as expected:
curl -v -X POST -H "Content-Type: application/json" --data "{\"username\":\"MrFoo\"}" http://localhost:8080/users/
* About to connect() to localhost port 8080 (#0)
* Trying ::1... Connessione rifiutata
* Trying 127.0.0.1... connected
> POST /users/ HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: localhost:8080
> Accept: */*
> Content-Type: application/json
> Content-Length: 20
>
* upload completely sent off: 20out of 20 bytes
< HTTP/1.1 422
< Content-Type: application/json
< Date: Sun, 28 Dec 2014 15:05:35 GMT
< Content-Length: 94
<
* Connection #0 to host localhost left intact
the code of the server I use for junit is:
#Before
public void setUpClient() throws Exception {
ResourceConfig rc = new UserResourceConfig();
rc.property("contextConfig", appContext);
server = GrizzlyHttpServerFactory.createHttpServer(BASE_URI, rc);
server.start();
....
Thanks in advance for your help.
I am trying to get contents of the page: http://www.washingtonpost.com/wp-srv/simulation/simulation_test.json
I am able to get the contents in my java project. Here is the code:
HttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet(url);
HttpResponse response = client.execute(request);
BufferedReader rd = new BufferedReader(
new InputStreamReader(response.getEntity().getContent()));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = rd.readLine()) != null) {
result.append(line);
}
This prints the contents in my Java project.
However, when I execute this code in my Android project, I get the following in return :
<HTML><HEAD><TITLE>Cisco Systems Inc. Web Authentication Redirect</TITLE><META http-equiv="Cache-control" content="no-cache"><META http-equiv="Pragma" content="no-cache"><META http-equiv="Expires" content="-1"><META http-equiv="refresh" content="1; URL=https://1.1.1.1/login.html?redirect=www.washingtonpost.com/wp-srv/simulation/simulation_test.json"></HEAD></HTML>
How can i solve this problem? why does it occur only in my Android project and not in my Java project?
Thanks
ref for android client
assume not useing proxy when on android connected to WIFI.
Assume that on android you are NOT using net interface for 3G/4G
Assume that you are using the android httpclient packages and not the apache httpclient.
assume that manifest has granted Web permissions.
You have to know the above in order to do much with debug.
You will get a bunch of default headers from default packages when you invoke these:
HttpClient client = new DefaultHttpClient();
HttpGet request = new HttpGet(url);
You will need to either turn on logging for WIRE & HEADERS OR you will need to dump your headers for the get request so that you know exactly whats in there.
Then , compare your android generated http GET ( all headers ) to the curl test script you see below.. If your android headers are reasonably close ( dont need to be exact there can be some extras in there like 'gzip' encoding ) to the curl headers , then the android will work. The curl example shows only 3 headers and i would make a wild guess that your android client , by default, is setting 7 or 8 headers and that the WP server does not like something in the cruft of the extra headers and is redirecting to the logon.
# ~$ curl --verbose http://www.washingtonpost.com/wp-srv/simulation/simulation_test.json
* About to connect() to www.washingtonpost.com port 80 (#0)
* Trying 23.204.109.48...
* connected
* Connected to www.washingtonpost.com (23.204.109.48) port 80 (#0)
> GET /wp-srv/simulation/simulation_test.json HTTP/1.1
> User-Agent: curl/7.28.1-DEV
> Host: www.washingtonpost.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: webserver
< Content-Type: text/plain
< Last-Modified: Wed, 12 Feb 2014 21:16:22 GMT
< Content-Length: 58187
< ETag: "e34b-52fbe4a6"
< Accept-Ranges: bytes
< Date: Mon, 10 Mar 2014 16:54:42 GMT
< Connection: keep-alive
<
{
"posts": [
android httpclient 4.3 sample with HEADER logs turned on...
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> PUT /1/classes/MediaItem/XPdLazBUzV HTTP/1.1
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> Content-Length: 90
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> Content-Type: application/json; charset=UTF-8
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> Host: api.parse.com
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> Connection: Keep-Alive
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> User-Agent: Apache-HttpClient/UNAVAILABLE (java 1.5)
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> Accept-Encoding: gzip,deflate
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> X-Parse-Session-Token: li9ds
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> X-Parse-Application-Id: 3qovv
D/ch.boye.httpclientandroidlib.headers(15360): http-outgoing-2 >> X-Parse-REST-API-Key: Theoj
D/
I'm trying to send a request, I do the following in curl:
curl -v --header "location: 60.004:8.456" --cookie "sessionToken=~session" -i -X PUT -H 'Content-Type: application/json' -d '{"data":"{"FCT":"Welcome", "Uni":"Welcome to DI"}"}' localhost:8080/tester/apps/e39/data
and for some reason it matches the class but no this method:
#PUT
#Consumes(MediaType.APPLICATION_JSON)
#Produces(MediaType.APPLICATION_JSON)
public Response createDocumentRoot(JSONObject inputJsonObj,
#Context UriInfo ui, #Context HttpHeaders hh) {
}
Edit:
The class is defined with #Path("{appId}/data")
The problem isn't the paths, as I've debugged it and seen it identifies the class right, it just throws the bad request after going inside the class without entering any method.
Here is the curl verbose:
* About to connect() to localhost port 8080 (#0)
* Trying 127.0.0.1... connected
> PUT /tester/apps/e39/data HTTP/1.1
> User-Agent: curl/7.22.0 (i686-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: localhost:8080
> Accept: */*
> Cookie: sessionToken=~session
> location: 60.004:8.456
> Content-Type: application/json
> Content-Length: 60
>
* upload completely sent off: 60out of 60 bytes
< HTTP/1.1 400 Bad Request
HTTP/1.1 400 Bad Request
< Server: Apache-Coyote/1.1
Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
Content-Type: text/html;charset=utf-8
< Content-Length: 990
Content-Length: 990
< Date: Tue, 02 Jul 2013 21:46:56 GMT
Date: Tue, 02 Jul 2013 21:46:56 GMT
< Connection: close
Connection: close
The problem was in the json syntax that was incorrect, I had
'{"data":"{"FCT":"Welcome", "Uni":"Welcome to DI"}"}'
after changing to this, it worked fine:
'{"data":
{"FCT":"Welcome",
"Uni":"Welcome to DI"}}'
I used a JSON online parser to check the json syntax, here is the link incase someone needs it:
http://json.parser.online.fr/
Below is the url using in my code
URL url = new URL("https://8.7.177.4/ns-api?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001");
but iam getting exception as
java.io.FileNotFoundException: https://8.7.177.4/ns-api/?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at AuthenticateCurl.authenticatenewPostUrl(AuthenticateCurl.java:311)
at AuthenticateCurl.main(AuthenticateCurl.java:341)
in the exception we can find url where /?object=answerrule is getting appended before starting query string.
How can i resolve this.
When you access the url without the extra '/', the web server forwards you to the version that has the extra '/'. You can see this when attempting to curl the URL at the command line:
$ curl --insecure -v 'https://8.7.177.4/ns-api?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001'
> GET /ns-api?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001 HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: 8.7.177.4
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Thu, 12 Jul 2012 18:45:28 GMT
< Server: Apache/2.2.11 (Fedora)
< Location: https://8.7.177.4/ns-api/?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001
< Content-Length: 392
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<
This is fine, and HttpURLConnection automatically follows the redirect to the new URL. This is normal behaviour.
Following the new URL, we get a different result:
$ curl --insecure -v 'https://8.7.177.4/ns-api/?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001'
> GET /ns-api/?object=answerrule&action=read&domain=amj.nms.mixnetworks.net&user=9001 HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: 8.7.177.4
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Date: Thu, 12 Jul 2012 18:46:46 GMT
< Server: Apache/2.2.11 (Fedora)
< X-Powered-By: PHP/5.2.9
< Content-Length: 0
< Connection: close
< Content-Type: text/html; charset=UTF-8
<
...And we get a 404, which is why you get a FileNotFoundException!
If you were not expecting a redirect and you are running the server as well, maybe there is a configuration problem on the server.