I have learned in another question how can I detect if I am running on development or a production server. Is there some way how to get programmatically following:
protocol used (http / https)
port used (8080 / 80)
server domain (xxx.appspot.com on production)
I can special case them for a development / production, but it smells to me - getting those values from a server would seem nicer to me. Is there a way?
I need those values so that I can construct redirectUri for OAuth authentication.
It depends on the web framework you're using. If you're using webapp2, you can get it from the request attribute
https://webapp-improved.appspot.com/guide/request.html#common-request-attributes
For java servlet, http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html
Related
I'm trying to use HTTPS in Java EE, for my own login directives and transfering information via a secure protocol. This should be trivial, but I'm having trouble finding a tutorial/guide to do it.
Currently, I'm using Netbeans for all my J2EE work, which uses Glassfish 4.1.1, along with JDK and JRE at the 1.8 version.
I'm basically looking for a comprehensive guide or a quick resume on how to implement HTTPS on a Servlet, so when I access to that servlet (mydomain/#/myServlet) the protocol gets set to HTTPS, uses my own created certificate (I also need help with that), so it encrypts the GET/POST requests, in order to make it unable to read the info (or at least make it a non-trivial thing).
Knowing a list of TO-DO things could be enough; if I know what I have to do, I can look for the information in a proper way. But now, I really don't find anything easy to understand.
Anyone can help? Thank you!
Your server will have a port for HTTP communication and other for HTTPS communication. So if you will communicate on HTTPS port the communication will be on HTTPS. So see your server configuration and check the HTTPS port and use that port in the URL.
I have a GAE project and I would like to make requests to an external server. The server needs to whitelist the IP address but GAE works with dynamic IP addresses and the list is too long. I have been looking at 2 options:
1. Move the GAE project to Compute Engine
My biggest concern about this is the time it would take to move the project to Compute Engine. So far we've been using App Engine for free and we would like to avoid extra costs.
2. Use our domain to make the requests
We could white list the IPs ourselves and receive requests from the GAE project to our domain and then make requests from the domain's static host IP itself to their server.
For this option I'd also like to know if transferring the domain to GAE has any advantage. Will the outgoing requests from GAE through the transferred domain be made through the domain's IP?
Note:
This is largely based on assumption, I am highly inexperienced with networking so if there's anything that could be better expressed please tell me. I tried to search online for a way to do this but couldn't get to a satisfactory answer.
You don't need to think about domains in this context, because you're whitelisting IPs, not domains. And it's not necessary to move the whole project, you need only move that part that makes this requests.
Just create a proxy on any server with a static IP, like micro instance on Google Compute, and do all requests through this server.
As I understand you do all request to the same external server, right? In this case it could be even simpler. You don't need to install a full featured proxy, just install an Nginx on a micro instance (with SSL and some authentication, of course) that will proxy all requests to the target server.
I ended up using RabbitMQ to send messages from Google App Engine to Compute Engine, the compute engine then forward those messages as Http requests.
Hello stackoverflow'ers
we are currently faced with the task to support Single Sign On in our Java based web service.
The setup is like this: Linux server running Apache as a proxy -> Jetty -> Java web service.
All of this in a Windows Domain with Windows workstations as clients accessing the web service through their browser (mainly IE, some firefox).
The SSO will go through the Windows AD DC utilizing Kerberos through SPNEGO.
From what I have gathered it would be possible to implement the SSO either step of the way, in Apache, in Jetty or in the Java Code itself.
What I haven't been able to figure out so far is which approach makes the most sense in the given environment.
We obviously need to access the REMOTE_USER one way or another later on to perform further authorization in our application, but this is the only real requirement we have.
So what are the actual pro's and con's of implementing the SSO / SPNEGO on the Apache level vs. the Jetty level vs. in our own software - if there are any ?
Any help would be greatly appreciated!
Enjoy your day,
Tom
https://github.com/michael-o/mod_spnego/ for Apache Web Server and you are done.
I have a Java client that consumes SharePoint 2010 standard web services (sitedata.asmx, permissions.asmx, etc) written with JAX-WS implementation from the JDK 6.
So far, authentication is done with NTLM using a custom Authenticator implementation and Authenticator.setDefault(...) approach.
When running on my test environment which has only one SharePoint server, it works fine. I can see all the NTLM negotiation using WireShark.
But, if running on a costumer which has multiple servers, hardware load balancing and multiple SharePoint alternate access mappings I get Error 401 Unauthorized from the web service calls. I haven't had a chance to use WireShark to debug on that environment.
I run my client from a Windows machine (on the costumer setup), so according to Java documentation it should be fine for NTLM. Also, I used the default URL from SharePoint to access the web services (not the load balanced URLs).
The machine running the client application, is not a SharePoint server. It has Windows Integrated Authentication with NTLM configured.
Also, due SharePoint administration policies, I´m unable to access SharePoint Central Administration or do any change to the configuration (nor IIS).
I want to ask if anyone knows what the issue may be? And hopefully if anyone knows how to fix it?
Thanks in advance.
EDIT:
It´s important to mention, that the same permission levels were granted on both environments.
Well, finally I had a chance to use WireShark on the costumer environment.
First I noticed they have NTLM v2 configured, but that's OK since Java 1.6 supports it.
Then I saw that since Windows Integrated Authentication is enabled, the current logged user credentials are sent instead of the ones configured on the code. Since logged user has no permissions on SharePoint, I received 401 Unauthorized.
According to Java documentation this is the normal behavior
In fact, if you are running on a Windows machine as a domain user, or, you are running on a Linux or Solaris machine that has already issued the kinit command and got the credential cache. The class MyAuthenticator will be completely ignored .....
which shows the username and password are not consulted. This is the so-called Single Sign-On.
I hope someone can answer this question since I think that's exactly what I need.
Finally, I observed that with HTTP first Windows credentials will be tried, and on failure the credentials provided by the code will be used instead. Thus, everything works fine.
When using HTTPS, only Windows credentials will be used, so I always got 401 Unauthorized.
Not sure what the causes the difference between HTTP and HTTPS.
You have to disable the tranparent authentication in java. you can do this either by dropping in a custom rt.jar or using reflection to modify the java classes.
tryTransparentNTLMServer and tryTransparentNTLMProxy are the fields in the HttpURLConnection which you need to set accessible and then to false when using the reflection method. Obviously just change this class if your making your own rt.jar
I'm using GWT for a web-app and I need to access to a mySql-database. There will be only one client (The app is used on a iPad localy). Is there any way to access the database without RPC? I'm looking for a possibility to direkty query a database.
Thanks!
There are 2.5 reasons you cannot use gwt to directly access MySQL.
Reason #1.
GWT is compiled into Javascript. You need to open a socket to the database server. GWT does not allow you to open a socket. In fact, no unaugmented browser (before advent of html5) is able to open a socket. But you can open a socket using Flash actionscript, or HTML 5 javascript.
Reason #2.
OK, let's say you used HTML5 sockets. And you spent 6 months writing in Javascript a JDBC connectivity. But, your websocket would still need to address a servlet on the server which would help your websocket establish a persistent connection - and mysql is unable to perform such an establishment.
Reason #3.
SLD - SOP restriction:
(Second Level Domain Same Origin Policy)
Standard browser restricts its pages to only be able to request for, and to include, content from within the same second-level domain (SLD) as the server that provided that page to the browser. Top level domains (and top-level and a half) are such as .com, .org, .net, .me.us or .co.uk. So, domain names such as google.com, fbi.gov, mit.edu are second level domains. While, mail.google.com would be a third-level domain. Therefore, GWT would work only within the confines of an SLD. Your web server must also be accessible at the same SLD as your mysql server.
SLD-SOP and tunneling requirement is to close a security hole that could have allowed any tom-rick-or-mary to log into your system thro your browser. Tunneling is always required for a browser to connect to a server other than a http server. Tunneling is when a browser exploits the web server as a yenta (yiddish for busy-body/go-between/match-maker) to get to another server.
You have no choice but to use GWT-RPC. Perhaps you don't wish to use RPC, then you could use RequestBuilder, or Script-Include or RequestFactory. But they are all still diverse means of tunneling. http://h2g2java.blessedgeek.com/2011/06/gwt-requestbuilder-vs-rpc-vs-script.html.
There is one reason why you can connect to your database server from your gwt client:
Your database server must run httpd connection engine. That is, your gwt app would access the db server thro http. I am not familiar with which relational database has a http access available. Most probably, you would have to query thro xml or json.
However, a company I had worked for created our own http service to allow "direct" client access. "direct" is a misnomer because we used tomcat. It is stil tunneling. Any database company that offers "direct" http access is still tunneling. Tunneling - no escape from it.
You could augment the browser with Flash and write a Flash application rather than using GWT. If direct access is so essential to you, you would have to abandon GWT and develop in Flash and run a httpd engine for your database server.
GWT is ultimately Javascript. As noted at Are there JavaScript bindings for MySQL?
, there is currently no way of accessing MySQL from Javascript.
Therefore you can't access it from client-side GWT code.
AFAIK it's not possible, and even if it were, it would be a really bad idea. Are you sure you actually need a database? Maybe something like gwt-client-storage would be more appropriate.
EDIT
Your database would we publicly accessible and open for any sort of attacks.
EDIT 2
This may even be a better solution, as it offers support for accessing the HTML5 Database API and is targeted to iPhone/iPad.
gwt-mobile-webkit
If you were even successful in doing so, in short, doing a CTRL + U on the browser would make your database name, username, password, tables names etc visible... And done, any developer curious to know your code has a way to hack anything and everything in your server.
I think it's not possible, I mean, if you want all your data stored in DBs. I mean, GWT compiles into javascript and javascript executes on the client (typically a web browser).
If you want to access data stored somewhere (by some mean) in a server, then you have no option but RPC. If I were you, I would stop thinking in client-server paradigm (GWT was developed with that in mind). Perhaps some embedded database like H2 and then hold connections through JDBC.