In my request body I have property field names with "_" So I used #JsonProperty and mapped to camelCase names.
But the problem is I need to authenticate the request based on the hashed string value coming in header. This the initial request hash sha512 with a key.
But in my case since I used #JsonProperty, a field for which initial name is currency_received is deserialized to currencyReceived
#JsonProperty("currency_received")
private CurrencyReceived currencyReceived;
And I try to get the hashed value of request using
String reqObj = gson.toJson(req);
String hashVal = HashGeneratorUtils.generateHmacSHA512(reqObj, pvt_key);
the hashVal will never be same as the value coming in header hashed with original request.
So, what is the ideal way to solve this problem.
Related
I am implementing something similar to : https://login.microsoftonline.com/common/discovery/v2.0/keys
Spring boot JWT application which generate and validate JWT token.
I will generate many public/private keys (I do not want to generate all tokens with one key. One keys pair will be generate token with shorter life time, second will generate longer...)
I will create endpoint /keys with public keys. The question is : How to connect proper public key with private key in my application to validate it?
And the second one : How to generate keys like above (with fields like kty":"RSA","use":"sig", kid...) Is there any pattern to do it?
How to generate keys like above (with fields like "kty": "RSA", "use": "sig", "kid"...) Is there any pattern to do it?
It's a standard called JSON Web Key (JWK), defined in the RFC 7517, which defines a data structure that represents a cryptographic key in JSON.
In Java, you can use Nimbus JOSE + JWT, which supports JWK with RSA keys.
How to connect proper public key with private key in my application to validate it?
You can use the kid header claim in your token: It's is an optional header claim which holds a key identifier, particularly useful when you have multiple keys to sign the tokens and you need to look up the right one to verify the signature.
Once a signed JWT is a JWS, consider the definition from the RFC 7515:
4.1.4. "kid" (Key ID) Header Parameter
The kid (key ID) Header Parameter is a hint indicating which key
was used to secure the JWS. This parameter allows originators to
explicitly signal a change of key to recipients. The structure of the
kid value is unspecified. Its value MUST be a case-sensitive
string. Use of this Header Parameter is OPTIONAL.
When used with a JWK, the kid value is used to match a JWK kid
parameter value.
I have CompanyProfileVO in which I have declared companyProfile_addressVOMap as map of String and VO
i want to give value to the company_name which is present in side AddressIdentificationVO in the form of url encoded
How can I set value of company_name through url encoded form?
To get the value I'm using this
CompanyProfileVO.getCompanyProfile_addressVOMap().get("COMPANY").getCompany_name()
CompanyProfileVO.java
Map<String,AddressIdentificationVO> companyProfile_addressVOMap;
AddressIdentificationVO
#FormParam("company_name")
String company_name;
According to your Code you need to create two different Variable object 1 for json and 1 for XMl(URL encoded). you should pass your
Map<String,AddressIdentificationVO> companyProfile_addressVOMap;
AddressIdentificationVO inside JSONVO and call the JSON method When u hit the URL Encoded method .
I have query parameters which are being sent from browser in the following format
sort[0][field]:prodId
sort[0][dir]:asc
How can I retrieve the above parameters in server using #QueryParam?
From chrome console
take:5
skip:0
page:1
pageSize:5
sort[0][field]:prodId
sort[0][dir]:asc
#QueryParam should be obtained from a Query String that is appended to the end of the request URL. Something like
http://host:port/app/something?key1=value2&key2=value2
You could then get value1 and value2 with
#QueryParam("key1") String value1,
#QueryParam("key2") String value2
Now in the title of your post, you use the word "Form". If this is form data you are trying to submit, you should consider some things. When putting the form data in the query String, this is usually done with data that is not sensitive, and used mainly for GET request, where the parameter values are used to help filter in getting the resource. If this is sensitive data that should be stored on the server, you generally want to POST the data as form data in the body of the request, as seen in the answer from your previous post
UPDATE
If you don't know the key names, which is required to use #QueryParam, you can obtain the entire query string from an injected UriInfo. Something like
#GET
#Path("/path/to/resource")
public Response getKendo( #Context UriInfo uriInfo) {
MultivaluedMap params = uriInfo.getQueryParameters();
StringBuilder builder = new StringBuilder();
for (Object key : params.keySet()) {
builder.append(key).append(":")
.append(params.getFirst(key)).append("\n");
}
return Response.ok(builder.toString()).build();
}
getQueryParameters() will return all the keys and values in MultivalueMap
Alternatively, if you know the keys, which are shown in the URL you posted in the comment
test.jsp?take=5&skip=0&page=1&pageSize=5&sort%5B0%5D%5Bfield%5D=prodId&sort%5B0%5D%5Bdir%5D=asc
then you cause just use all those key for the QueryParam, i.e.
public Response getKendo(#QueryParam("take") int take,
#QueryParam("skip") int skip,
#QueryParam("page") int page,
#QueryParam("sort[0][field]") String field...) {
}
All this crazy stuff sort%5B0%5D%5Bfield%5D is just how URL are encoded with special character, but JAX-RS will convert back to their rightful form, ie "sort[0][field]"
Ok so this is the code on the server side i just have question on how is the path gonna be defined on the client's side.
This is the method on the server
#Path("{index}/{product}/{amount}")
#PUT
#Produces("text/plain")
public String editTable (#PathParam("index") Integer index, #PathParam("product") String product, #PathParam("amount") Integer amount)
{...}
Now on the client side
{url = new URL( "http://localhost:8080/OrderService/service/tableservice/"+num+"/"+product+"/"+amount);
.....}
/"+num+"/"+product+"/"+amount);
Is this the correct syntax??
Also can the num and amount be integers while the product a string or am i gonna have a problem with it?
You will have problems if the product name has 'unsafe' URL characters in it. Which will probably be the case. To get around that you could URL encode the name before appending it to the URL.
But I think you should rethink your PATH definition in the first place. A good resource endpoint should uniquely identify it. But in your case you are including an amount field in the URL! Which means depending on who is ordering the product the resource URL is changing:
Customer A orders 2 Furbies:
/OrderService/service/tableservice/9/Furbies/2
Customer B orders 1 Furbie
/OrderService/service/tableservice/9/Furbies/1
But in both cases the customers are trying to order the same thing - a Furbie! This is not RESTful. Instead you should define a unique resource endpoint, then send the additional order information as appended data. So for example:
public class Order {
private Integer productId;
private Integer amount;
}
#PUT
#Path("/{productId}/orders")
#Produces("text/plain")
public String updateOrder(#PathParam("productId"), Order order) { ... }
You will notice I removed the index field as well, you can add that back in if absolutely required. You will notice I also added tacked an orders suffix to the end of the URL. To indicate that you are PUT'ing an updated representation for an order made for a product.
If you are mapping any #QueryParam to Integer, ensure that you are taking care of the following:
From the link on Oracle docs:
If a query parameter exists in the query component of the request URI, then the value will be extracted and parsed as a 32–bit signed integer and assigned to the method parameter. If the value cannot be parsed as a 32–bit signed integer, then an HTTP 400 (Client Error) response is returned.
Just to be safe, have your index and amount as String. Parse them to Integer within your service and handle NumberFormatException instead of HTTP 400.
I understand that if I want to delete a cookie through Selenium I should do the next:
this.getDriverProvider().get().manage().deleteCookieNamed("cookie");
But, when I created this cookie I set:
Cookie cookie = new Cookie("name=cookie", "max_age=1200");
I found that if I want to delete this cookie, I have to pass name=cookie and not cookie alone. So, I don't understand how these pairs values are used then.
Please, can somebody help me?
Thanks,
Sarang
When you create a cookie, you're passing name=cookie as its name. Constructor parameters are ordered and are mapped to its corresponding attribute so you don't have to specify that the first parameter will be the cookie's name.
If you were to add a value AFTER the creation, you invoke a method that will set the value you use as the value of the key associated to the method. For example:
Cookie c = new Cookie("name", "value");
c.setVersion("cookieVersion"); //Here, the version key will have the "cookieVersion" value
c.setMaxAge(1200);
And then, when you invoke the getName() method you'll get the value associated to the key name, passed on the corresponding constructor. In your case is "name=cookie" and in my case is just "name".
If you feel like, you can check the documentation.