I am getting this error in chrome:
The page at 'https://www.SERVER_ONE.com/' was loaded over HTTPS, but
requested an insecure XMLHttpRequest endpoint
'http://SERVER_TWO.com/someAPI'. This request has been blocked; the
content must be served over HTTPS.
Both SERVER_ONE, and SERVER_TWO are owned by me.
But the problem is that the HTTPS certificate I hold is only for server_ONE.
Is there anything I can do to resolve this error, can I introduce some mode_proxy in SERVER_TWO to redirect all https to http, or is there any way in which I can write some proxy in java side and put it on server_one which can act as an adapter for https to http?
Please guide me with some snippet code if any such adapter code is possible.
You should not call directly SERVER_TWO, you should configure or implement a proxy on SERVER_ONE so that every call can be done over HTTPS.
Just enable https on server2 and change your call from http to https.
For the certificate you can use https://letsencrypt.org/ for server2 for free.
Related
Can anyone please guide me how to fetch request.getHeader("referer") in HTTPS mode?
Currently it is returning null.
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3
I am new to Windows authentication and am facing a weird issue.
I have setup an application with SPNEGO filter library for Java.
All settings as per the documentations have been set.
Now when i open the URL of my application from another machine in the same domain, using any browser, i get a negotiation header as
TlRMTVNTUAABAAAAl4II...
This means that it is an NTLM negotiation request.
if i start fiddler and then try to run the same request for testing, i am getting a kerberos authentication request.
YIIGgwYGKwYBBQUCoIIGdzCCBnOgMDAuBg...
This means that when I am calling using fiddler, the browser is assuming that the system is on same network.
I am unable to figure out why this is happening..??
I need the kerberos ticket even in normal execution.
Server: JBoss 4.3.2 GA
anybody has any idea...??
thanks in advance
I'm trying to write a utility class (as I haven't been able to find one), that allows me the check that an HTTPS connection is okay. When I curl the site I get the error
curl: (60) SSL certificate problem: Invalid certificate chain
When I access the site on Chrome, I get
The identity of this website has not been verified. Server's certificate does not match the URL. The server could not prove that is is *.domain.com; its security certificate is from *.another.com.
This is exactly what I'd like to test for in Java but I haven't been able to do so. How can I test that the SSL connection is okay?
One easy way could be to to do a GET to a given URL. If the connection is OK must return an HTTP 200 OK response code, else the Java request library e.g Java's HttpsUrlConnection, Apache's HttpCLient, Ning's HttpClient should return the exception.
It is very rudimentary but depends on your needs could serve.
I'm trying to implement SSO on an intranet application we are developing. I am using SPNEGO for this. Now I'm having some trouble configuring the SSO and hope someone here is able to help me.
The setup is like this:
Linux server with tomcat to serve the intranet application
Windows Server 2008 as domain controller (Active Directory)
Windows 7 client with IE9 and Firefox
When I open the intranet application I see a GET request going from the client to the tomcat server. The first response of the tomcat server and the SpnegoFilter is a 401 unauthorized which is right, cause the client needs to be authenticated.
806 6.117724 192.168.65.50 192.168.65.50 HTTP 284 HTTP/1.1 401 Unauthorized
WWW-Authenticate: Negotiate\r\n
The response of the client then is a GET request with a flag NTLMSSP_NEGOTIATE. Here it breaks. I don't expect a NTLM response, but a kerberos/spnego response. Somehow I just can't figure out how to send the correct response to the tomcat server.
808 6.123277 192.168.65.50 192.168.65.50 HTTP 637 GET / HTTP/1.1 , NTLMSSP_NEGOTIATE
By default NTLM isn't supported by SPNEGO so I get the following entry in my log:
java.lang.UnsupportedOperationException: NTLM specified. Downgraded to Basic Auth (and/or SSL) but downgrade not supported.
So I'm doing something wrong, but aftert a day fiddling with configurations and policies I just can't figure out what it is.
Hoping for some response.
Kerberos does not work on IPs, use fully qualified domain names.
Have you registered the SPN and is the client domain joined? The WWW-Authenticate: Negotiate will tell the web browser to try kerberos. The browser hands of that request to the OS (SSPI) based on URL in the address bar. There must be a SPN in AD for the URL. As others noted above, using an IP in your URL is more complicated, but can be done. If your client is not domain joined, there is extra config work to get it to contact your AD KDC. Firefox takes extra setup as well. Solve ths with IE, to eliminate that and them come back to FF when the issue is resolved.
I am new in HTMLunit and trying to set HTTPS proxy for HTMLunit.
I tried to use https:// just before the HOST IP, but I got Exception.
Anyone can help me to solve this issue?
Update: My Code is:
WebClient webClient = new WebClient(BrowserVersion.FIREFOX_3_6,"https://199.127.100.13", 11888);
Update 2:
I asked the developer team, The said that it is a bug in the framework. They will fix it.
You should not be putting http:// or https:// behind the ip address of the proxy server.
If your http proxy server supports https then htmlunit would automatically use it. Here is an example of how to use proxy with htmlunit
For HTTP proxy
ProxyConfig pc = new ProxyConfig();
pc.setSocksProxy(false); //Set to false if it is a http server
pc.setProxyHost("192.168.1.200"); //your proxy IP
pc.setProxyPort(proxyPort);
webClient.getOptions().setProxyConfig(pc);
and of course if you are using socks proxy than set the setSocksProxy to true.