I need to use Blackboard Web Services and I don't know how to establish a connection throught SOAP. I need something like Security Header. I read a lot, but always when I try to connect I get this kind of error.
I have a little big problem with this exception. Nothing is clear for me. I have nothing at the application log. I cannnot guess what should be the problem. I read also about AXIS2, Timestamps...
2016-03-08 20:53:58,739 ERROR edu.ku.it.si.registerproxytool.controller.RegisterToolController.registerProxyToolWithBlackboard:84 - There was an error in registering the tool: WSDoAllReceiver: Incoming message does not contain required Security header
Process finished with exit code 0
I'm looking to connect with a Blackboard web service through SOAP, and I can not send a correct Security Header
I read a lot about it, and finally I found this article. I'm using the project this guy post in the pdf. I have a Blackboard instance working at localhost on port 9876. I can do everything I want with it. It works fully.
I also tried to use SOAPui and I'm reaching a different error:
WSDoAllReceiver: security processing failed (actions mismatch)
I don't want to read more, I read more than 150 articles about it, and nothing.
Thanks :)
I have just started playing around with Blackboard web services, at the moment I am just accessing using SOAPui.
I am able to connect and send various functions, along the way I experienced the same error via SOAPui as you and so I found your question.
I overcame this error by doing the following:
Create a session using ContextWS.initialize, the username should be 'session' and the password 'nosession'. If successful this should return a token string.
Login using ContextWS.login. The username in the header should be 'session' and the password should be the token returned in 1. The userid and password in the body should be those of a user with sufficient web services permissions. If successful this should return 'true'.
Call whichever WS functions you wish. Always send the 'session' and token username and password in the header.
I found this here:
https://community.blackboard.com/docs/DOC-1116
I also found https://community.blackboard.com/thread/2147 and the linked youtube video useful to understand how to send the data correctly using SOAPui - you may need to change the wsdl url to https as SOAPui reverts it to a standard http. You also need to add a timestamp for every call.
Related
In my application, user management is done through Keycloak. While testing my application end-to-end through Cypress, I came across an issue. When I sign up a user, it gives the following error:
We're sorry. An error has occurred, please login again through your application.
Cypress is adding something to a generated URL after I click the submit button, which is causing this issue. The same scenario tested through Protractor ran fine. I have noticed Cypress is appending session_code to the request URL. While doing manual testing, I don't get session_code.
Below is the URL generated through Cypress:
.../login-actions/registration?session_code=LsZbmsVVLwEH9s-xwFJ2JdDtaCu1_xzqAGOQCpjxGJI&execution=06fac3bb-fb19-474b-8659-2572586ae371&client_id=web_app&tab_id=PSlmfgdv0ls
Where as a manually generated URL is like following:
.../login-actions/registration?client_id=web_app&tab_id=PSlmfgdv0ls
My application backend is Spring Boot and the front-end is in React and Next.js.
It would be really helpful if anyone could guide us through this issue. Please let me know if you need more information about our application.
The Keycloak Authenticator documentation explains that the authenticate method checks the current HTTP request to determine if authentication requirements have been satisfied, and, if not, a challenge response is sent back. If the challenge response itself is authentication, then you'll see a URL with the session_code parameter.
It goes on to say that session_code, in the first URL example, pertains to the code generated from AuthenticationFlowContext.generateAccessCode(), which further explains:
String generateAccessCode()
Generates access code and updates clientsession timestamp. Access codes must be included in form action callbacks as a query parameter.
However, the "manually" generated URL, that does not include the session_code parameter, seems to indicate that the initial registration of the client has been successful and a client configuration endpoint is being used to make a GET request - a client read request - and all is well. Everything works fine.
Therefore, it seems that Cypress is being sent a challenge response (and potentially exposing a security flaw in your application). Possible reasons for this might be further explained within Cypress's documentation on Web Security.
Common Workarounds might provide you with a remedy, or, if all else fails, you might try Disabling Web Security for testing purposes as well.
I'm learning Web services. I have created an Rest API on local machine in eclipse. And the url looks like this http://localhost.com/Web/Test/Client
What It does is when I call this url as POST method with username and parameters in url's body, I get one token which I'm using somewhere else. Upto here its working fine. I pass username and password and I get a token once my API's code verifies the credentials coming in url's body.
So after that I read about security of Rest API so that no body could access my credentials which are coming with url. It says it needs to be converted into HTTPS from HTTP.
But I could not understand more how and where this security needs to be configured in my code. Do I need to write any code to achieve this or any settings are required ? I'm totally blank here.
Can anyone please help me to understand this and tell me what needs to be done to get HTTPS for my url ?
What you need to do here is create a self signed certificate and configure channel security. I highly recommend you to use spring security framework to get this thing done. This article will help you.
To require HTTPS for the login page modify your security configuration by adding the following:
http.requiresChannel()
.antMatchers("/login*").requiresSecure();
I have a Java Application running on Tomcat. I want to get the details of all machines installed in Microsoft Azure portal by taking user's subscription details as input. Preferably a REST API. I am expecting response same like what we get in azure resource explorer.
I made a request with this url "https://management.core.windows.net/"+subscriptionId+"/services/disks" following this method. It gives me result like this
<Disks xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
<Disk>
<AttachedTo>
<DeploymentName>TEST1</DeploymentName>
<HostedServiceName>TEST1</HostedServiceName>
<RoleName>TEST1</RoleName>
</AttachedTo><OS>Linux</OS>
<Location>South Central US</Location>
<LogicalDiskSizeInGB>30</LogicalDiskSizeInGB>
<MediaLink>link.vhd</MediaLink>
<Name>TEST1-TEST1-0-20</Name>
<SourceImageName>imageName</SourceImageName>
When I call the same method with
"https://management.azure.com/subscriptions/"+subscriptionid+"/providers/Microsoft.Compute/virtualMachines?api-version=2016-03-30" I am getting 401 error.
I even tried downloading the SDK , ListVirtualMachines.java is listing some 600 images, not the one under my subscription.
How Can I achieve it using JAVA REST API?
Per my experience, this issue is due to the authentication method. I do all the requests that you have made and I get the same results with you.
The 401 error code means "Unauthorized". Your authentication method is right for the old REST API request, but not for new.
The new authentication is handled by Azure Active Directory(AD).
The followings may be useful for you.
You could figure out Virtual Machines Rest API by this URL https://msdn.microsoft.com/en-us/library/mt163647.aspx.
You could understand how to authenticate Azure Resource Manager Request by Azure Active Directory by this URL https://msdn.microsoft.com/en-us/library/dn790557.aspx.
Hope it helps. Any concerns, please feel free to let me know.
I have a client written in Java using the Springsource toolkit (that is, the #Service attribute) that is talking to an external webservice (completely seperate, nothing to do with my company) via HTTPS. I'm getting an exception on the marshalSendAndReceive step, which states that the content-type is coming back as text/html instead of the expected text/xml - with the message "could this be an error message?"
The webservice itself is the public test for the next version of the service, and calling the live service from the same code works fine. This particular method I am calling works fine on the live system but not on the test system.
My hunch is that the request is not correctly formatted for the test system - although only the response should have changed in the schema according to the release notes - and this is causing the service to return an error that is incorrectly parsed by my client. I am getting this error with all requests, even those that (according to the release notes) have not changed.
I have tried to use Fiddler and Wireshark to inspect the traffic, but can't get Fiddler to see it at all (I suspect this is a problem using Tomcat in STS with a proxy) and Wireshark can't decode the HTTPS stuff (I don't have the keys). I can't use HTTP, as the external service returns 403 Forbidden if I try.
I'm not the original developer, and I'm not even a Java developer. I am an experienced .NET developer, so any analogies with that will be understood - otherwise, I am a dummy and phrase your instructions/questions/possible help accordingly. As instructed by my predecessor, I have created a JAR file from the WSDL using XmlBeans and added that as a referenced library but I can't be sure that I've done that correctly, or even what it is that that is doing. It doesn't appear to have a discernable effect on things.
How can I debug this problem, and verify whether it is a problem with my client or their service?
My first goal would be getting Fiddler working. It is difficult to debug in the dark. However, where I get confused is when you discuss your client running in Tomcat in STS. Is your client a webapp?
Have you tried other tools like SoapUI to validate that the service is responding to your requests as expected?
We're trying to upload a file from a flex client to a Java EE app.
In a full HTTPS environment
Java EE server is JBoss 5
Using BlazeDS 'Custom' authentication (username and password are entered trhough a flex form)
Using BlazeDS per session authentication
In regular AMF calls, we can access user principal and use role mecanism.
However, in our upload servlet, we have no access to user principal.
request.getUserPrincipal() // returns null
How to fix this ?
A while ago a guy commented on a blog post of mine that https + flex + firefox doesn't work:
have you tried uploading a file in firefox via https? Well, don’t bother, it can’t be done! Adobe blames it on firefox and puts their head in the sand. Read the teeth gnashing and ridiculous claims of Adobe here:
http://bugs.adobe.com/jira/browse/FP-201
Ultimately they threw up their hands and said it couldn’t be fixed, and, although said ‘We understand that this is a serious issue and are committed to resolving it’ suggested that either you:
1) Send the file to your server in a different way
2) Find another form of authentication
This may no longer be the case - register and see if the linked bug is still unresolved.
Also - this might not be your exact issue (at least not yet) - I'm just giving pointers.
From your post, and since I haven't used BlazeDS, I can't tell whether you're running into this issue specifically, but it sounds to me like you are --
Take a look at your server logs, or try using a Web debugger like Fiddler (you can tweak it to reveal HTTPS traffic in clear text), and you'll see that Flash blocks custom HTTP auth headers with FileReference.upload(). Why it does, I've no idea, but there's no workaround I know of, other than crafting something or your own manually.