I am developing a sharepoint web service client with Apache CXF and I am having a lot of problems with the NTLM authentication when the client runs on the weblogic server.
If I run a simple test on Eclipse, the code works perfectly, but If I run the same code on a web application deployed on weblogic 10.3.6, the NTLM authentication fails and sends the following error:
org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with http://win-server-2008/sitios /sitio_registro/_vti_bin/Lists.asmx
I don't know what could be the difference between running the same code on a test and on a web application deployed on weblogic. Any idea?
The authentication code snipet is:
Client client = ClientProxy.getClient(listsSoap);
HTTPConduit http = (HTTPConduit) client.getConduit();
if (http instanceof AsyncHTTPConduit) {
AsyncHTTPConduit conduit = (AsyncHTTPConduit) http;
DefaultHttpAsyncClient defaultHttpAsyncClient;
try {
defaultHttpAsyncClient = conduit.getHttpAsyncClient();
} catch (IOException exception) {
throw new RuntimeException(exception);
}
Credentials credentials = new NTCredentials( conexionSharepointConfigVO.getUser(), conexionSharepointConfigVO.getPwd(), "", "" );
defaultHttpAsyncClient.getCredentialsProvider().setCredentials( AuthScope.ANY,credentials);
((BindingProvider) listsSoap).getRequestContext().put(Credentials.class.getName(), credentials);
}
UPDATE: I tested the same code in Tomcat 6.0.43 and it works ok.
You can either create a Windows service setting the service to run under the desired account or use the "Run as different user" option when opening the command prompt so WebLogic will start from the command line as the desired user.
Related
I have a backend application that is running on weblogic server. It is running on http://localhost:7000. This application has to be called with http://localhost:7000 then after verification it checks if the application schema is on https or not. If its not then it asks you to redirect to https://localhost:7001. The HTTPS configuration is enabled on weblogic server
WEBLOGIC SSL CONFIGURATION
So far everything running on same domain meaning the application is full fledge with java backend and angular js embedded frontend. So everything running on weblogic server.
Now we are in the process of migrating from angular js to angular. Now angular is running on http://localhost:4200. So I have created a proxy for HTTP call
{
"/api": {
"target": " http://127.0.01:7000",
"secure": false,
"logLevel": "debug",
"changeOrigin": true
}
}
And started server like so:
ng serve --proxy-config proxy.conf.json -o
server started on 4200 and creates proxy on http://127.0.01:7000/api
I have also created ssl proxy for HTTPS call
{
"/api": {
"target": "https://127.0.01:7001",
"secure": false,
"logLevel": "debug",
"changeOrigin": true
}
}
Also started server like so on different port
ng serve --proxy-config proxy.ssl.conf.json –-port 4400
server started on 4400 and creates proxy on https://127.0.01:7001/api
Now I make the first call to backend url http://127.0.01:7000/api/permission
It calls through as http://localhost:4200/api/permission
It goes through filter and does some processing then it checks if call is through http or https if not then asks to redirect to https://localhost:7001/api/permission with some status code.
So in angular inside interceptor I check for the status, if status is for redirect, I redirect the url to
https://127.0.01:7001/api/permission
using
window.location.href=”https://localhost:4400/api/permission”
don’t be confuse because it calls like https://localhost:4400 and concat with backend url which is /api/permission.
Angular folks must be aware of that.
But I get a 504 error gateway timeout on chrome dev tools console
On cmd where I have started the ng server I get this
Error occurred while trying to proxy request /api/permission from localhost:4400 to https://127.0.01:7001 (ECONNRESET) (https ://nodejs.org/api/errors.html#errors_common_system_errors)
I am dead sure it’s a SSL issue but I just don’t know how to fix this.
I have done a lot research on this. I am frustrated, I have spent more than enough time to find a solution for this. I cant basically move pass this till its converted from http to https because rest of the uri calls must be made on https.
I found a link
How to send an HTTPS request from an Angular front-end to a server secured with a self signed certificate?
I think solution number one made sense
Add the self-signed certificate to the trusted store on the server where the angular app runs. (But in your case u cant do this because u got no access to the gitpages trusted store.
But I cant say for sure.
Any help please. I would really appreciate that. I am pretty much stuck at this point.
Cheers
This should work:
#Injectable()
export class httpsInterceptor implements HttpInterceptor {
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
console.log(req.url);
const secureReq = req.clone({
url: req.url.replace('http://', 'https://')
});
return next.handle(secureReq);
}
}
you must create an interceptor and import it in the module inside provider,
providers: [
{ provide: HTTP_INTERCEPTORS, useClass: TokenInterceptor, multi: true } ]
Sorry I am a bit late to answer. But the exact answer to my problem was PKI which is mutual authentication configured on weblogic and the way its done is you need to deploy your angular app on weblogic to kick in mutual authentication. There are several videos out their on how to deploy angular app on weblogic if someone looking to learn as well as how to configure mutual authentication on weblogic. Cheers
I'm trying to setup up an http client to authenticate with spnego (apache http client 4.5.2)
Here's the code that setups the client
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
final CredentialsProvider credsProvider = new SystemDefaultCredentialsProvider();
credsProvider.setCredentials(new AuthScope(null, -1, null), new KerberosCredentials(null));
final HttpClientBuilder builder = HttpClientBuilder.create();
builder.setDefaultCredentialsProvider(credsProvider);
final ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(builder.build());
final Client client = new ResteasyClientBuilder().httpEngine(engine).build();
On the server, I have a JAX-RS service which is sitting behind a waffle.servlet.NegotiateSecurityFilter to allow for ntlm or spnego authentication.
When I send my HTTP request from my chrome rest client, it works, authentication is successfully completed using negotiate.
When I try and use the apache http client however, it fails with the message in the log:
2018-03-05 16:47:16,048 DEBUG o.a.h.impl.auth.GGSSchemeBase main Authentication already attempted
2018-03-05 16:47:16,048 DEBUG o.a.h.i.auth.HttpAuthenticator main Authentication failed
After some further investigation I've discovered that the waffle filter is encoutingering GSS_S_CONTINUE_NEEDED and responding with an additional challenge which the apache client is simply ignoring and giving up on.
I've tested my apache client setup against another service which uses spnego (provided by a 3rd party) and it works properly, although doesn't employ the continue token.
I'm not sure if my system is setup incorrectly, and that the continue token shouldn't be happeneing or if the apache http client is improperly configured (or doesn't support continue tokens at all)
There's a very old ticket here https://issues.apache.org/jira/browse/HTTPCLIENT-1107 indicating that something was added to handle additional challenges, but from reading the code in org.apache.http.impl.auth.GGSSchemeBase.parseChallenge(CharArrayBuffer, int, int) it looks as though only the first challange is ever accepted.
I am trying to build a chat application.
+Server : I use java websocket to create an endpoint. Here is my endpoint:
#ServerEndpoint("/server")
public class ChatServer {
//My code is ok ! Tested in localhost
}
+Client : I use java swing to create GUI. In my localhost, I use this URL :
ws://localhost:8080/ChatServer-1.0/server
to connect to Server Endpoint and my app run successful.
-> I have deployed my server endpoint to Heroku
My Heroku Server Endpoint
How can my client to connect to server endpoint ?
I have tried to use:
wss://jp-chatting-server.herokuapp.com/server
But it gives a 404 code.
I think you have used instruction for webapp-runner. I'm afraid this solution will not work for websockets. It is because support of websocket is not implemented yeat. Issue with websocket in webapp-runner. I see one of the options in using Tomcat 7 and it's custom implementation. Like in this example.
I have a JAX-RS Web Service that returns a KMZ file.
I am running into an issue returning hte .kmz file when this is deployed to a test glassfish server. Deploying this code to a local glassfish server I have no issues and it returns the kmz normally.
#GET
#Path("bar/v1")
#Produces("application/vnd.google-earth.kmz")
public Response getKmz() {
Client client = ClientBuilder.newClient();
WebTarget resource = client.target(URL);
System.out.println(resource.getUri().toString());
Response test = resource.request().get();
System.out.println(test.toString());
return test;
}
When deployed to the test server the test.toString() being printed so this code is being called. There is no other errors in the logs.
Looking at the transaction in Firefox HttpRequester
the request is as follows:
GET http://foo/bar/v1
accept: application/vnd.google-earth.kmz
-- response --
0
Any ideas what could be causing the file not to be returned? I checked the glassfish settings both locally and on the test server and they were the same.
I have a WCF based web service and hosted on local machine written in c#. I want to get a response from this hosted service in my GWT client side.
Please check the following code:
url = "localhost:8089/request"
RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, url);
Request response = builder.sendRequest(null, new RequestCallback() {
#override
public void onResponseReceived(Request request, Response response) {
Window.alert(response + " ");
}
});
Everytime when i am trying to run the code it shows an "http://localhost:8089 is not allowed by Access-Control-Allow-Origin."
PS: i searched for this error but i don't want to disable the web security of all browsers.
Is there any alternative solution to do get response of localhost server running on different porn on same machine. That is why i want to call a url in client side.
Please suggest a solution.
Edit
Let me explain you full scenario in points:
GWT application is hosted on some server (www.abc.com)
WCF is a web service installed at each client.
A client open his/her browser and put the url (www.abc.com/page)
This page want to access the web services hosted on a client machine.
Can't you configure your WCF service to send an Access-Control-Allow-Origin: www.abc.com response header?
Otherwise, I guess you could use a proxy servlet in www.abc.com that proxies the call to the getRemoteAddr, assuming there's no proxy in-between.