Hi I'm trying to add rest support for my application which uses CAS.
I did all the steps of the tutorials, but when i try from Postman to test the tickets
http://localhost:8080/cas/v1/tickets?username=admin&password=admin
I'm always getting
HTTP Status 415
The server refused this request because the request entity is in a
format not supported by the requested resource for the requested
method.
and the response is always as an html page. what is still missing from my side, and what content type should i use ?
I get this too, from a set of new CAS servers I just upgraded from 3.5 to 4.2.5.
The requests succeed if I send them encoded as x-www-form-urlencoded using postman (and this is a workaround that I've implemented in our tools that use the REST interface), but not using the text/plain content type described in the documentation. My remaining 3.5 servers accept both content-types.
I'd much rather support both content types, since there are some tools floating around that use the old servers that we don't want to have to update.
Related
I am trying to set up HAProxy to redirect POST requests hitting on the on-prem endpoint to a new address in the Kubernetes cluster while preserving all URL parameters and 200 response code.
There are lots of Java clients using this to POST data and the easy method of using http-request redirect location http://api.dev.k8s.company.com/%[path] indeed redirects, while preserving all the url parameters. This returns HTTP 301 response code. This is fine as long as I use a desktop browser, but Java clients throw errors as they expect 200 code. This is rather a strict requirement, because I we don't want to rewrite all Java clients. How should I reimplement this to get HTTP 200 response codes? I would rather use HAProxy, but if you have other suggestions where this could be done easily I will be happy to hear them.
When testing with the jsonplaceholder.typicode.com site java code does not need to set any headers. Reading the json from a URLConnection works fine. However other http endpoints will return a 403 Forbidden unless a HttpURLConnection is used and the User-Agent request property is set.
Is there a way other than trial and error to figure out the required headers for a given http endpoint?
There's nothing in the HTTP protocol that allows you to observe what headers a particular server is expecting. You send a request, and the server sends a response, that's all. (A nice server may, of course, choose to embed a helpful error message in its response.)
So the literal answer to your question is: no, there's no way to determine this beyond trial and error (unless you have access to documentation and/or source code).
The server sending JSON to the API is a Tomcat server in the Gradle packages (it is built in Java).
I am having trouble's making an API call with Angular. I know my API is working because I can view it on "Postman."
var app = angular.module("todo", []);
app.controller("AppCtrl", function($http){
$http.get("192.168.5.100:8080/aggregators/datafile")
.success(function(data){
console.log(data)
})
})
When I run it I get the following error:
XMLHttpRequest cannot load %3192.168.5.100:8080/aggregators/datafile. Cross origin requests are only supported for HTTP.
The problem you're running into is that you can't make cross origin requests from the browser without CORS or using JSONP.
Postman operates outside of the context of the browser (as if you had issued a cURL request, if you're familiar with cURL).
This is for security reasons.
So, how do you implement JSONP? It really depends on the server, but in general, your resource would look for a GET request that had a pre-determined querystring parameter (normally callback for simplicity):
http://192.168.5.100:8080/aggregators/datafile?callback=mycallback
How do you make a JSONP call?
The server wraps the JSON in that callback, causing it to look something like the following:
mycallback({json:object});
This Stack Overflow answer goes into more detail.
The callback is the function the browser should hit when the request is executed, and that's what allows for cross-domain requests.
Now, on to CORS.
CORS is a system for allowing the browser to communicate with the server to determine whether or not it should accept a cross domain request. It's a bit complicated, but in general it involves settings up certain Headers on your API Server; and then executing an Ajax request in a particular fashion (for JQuery, use the withCredentials property for $.ajax). The server checks where the request is from, and if it's a valid source, it let's the browser know and the browser allows the request (I'm being simplistic).
MDN has a thorough explanation of CORS that is worth reading.
I am trying to get JSON (getJSON()) from server that doesn't have support for jsonp implemented. Namely, when adding callback=? to the URL, the server does return the data, but it returns pure JSON without padding.
I understand this is something that must be corrected server-side - there is no way to resolve it in jQuery. Is this correct?
If CORS support is not supported by server as well jsonp, you might try proxy approach in such cases. One example http://www.corsproxy.com/, there should be other proxy alternatives too.
What does it do?
CORS Proxy allows javascript code on your site to access resources on other domains that would normally be blocked due to the same-origin policy.
How does it work?
CORS Proxy takes advantage of Cross-Origin Resource Sharing, which is a feature that was added along with HTML 5. Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying "anyone can request this".
I have created a web-service that uses basic authentication in JDeveloper 11.1.1.4.
When i test my application using a client application is runs correctly so i know that the authentication mechanism has no problems.
How can i pass authentication info into the HTTP Analyzer by right clicking on Webservices and selecting Test Web Service?
I have tried to pass credentials through SOAP Headers > :WS-Security:Header like below but is not working
I have also tried to pass authentication through Credentials option like shown below
In both cases i get this error 500 HTTP Analyzer Server Error The server sent HTTP status code 401: Unauthorized: .....
How can i get through this?
Thanks
UPDATE
I also tried to pass Authentication option to Request HTTP Headers but get the error message :
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
If you're using Basic authentication, all you need is set request header Authorization. Value of this header: prefix Basic, one space, Base64 encoded string with usrname:password, so your header for Aladin:sesam open should be like this: Basic QWxhZGluOnNlc2FtIG9wZW4=.
On screenshot i see section Request HTTP headers, add Authorization header to it.
I am aware that this is an old post , but this may benefit those who run into this issue.
I am using Jdeveloper 11.1.2. I have secured the JAX-RPC web service (created by exposing PL/SQL poackage) using basic authentication. I attached the security policy: "Auth.xml" using the wizard.
I was able to test this using HTTP Analyzer. I just passed the user credentials in the SOAP Headers as shown below and it worked fine for me.(I also passed invalid creds and no creds to see if the security works as expected.)
Hope this helps !!!