I am trying to developing Facebook API using Facebook4J. It is success to get access_token from facebook as flow.
#RequestMapping(value="biztopia.facebook.redirectLogin.do")
public void redirectLogin(ModelMap model, HttpServletRequest request, HttpServletResponse response, HttpSession session) {
String code = request.getParameter("code");
Facebook facebook = (Facebook) request.getSession().getAttribute("facebook");
String oauthCode = request.getParameter("code");
try {
facebook.getOAuthAccessToken(oauthCode);
AccessToken token = facebook.getOAuthAccessToken();
response.sendRedirect("biztopia.facebook.requestUserInfo.do");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
#RequestMapping(value="biztopia.facebook.requestUserInfo.do")
public void requestUserInfo(ModelMap model, HttpServletRequest request, HttpServletResponse response, HttpSession session) {
Facebook facebook = (Facebook) request.getSession().getAttribute("facebook");
try {
User user = facebook.getMe();
}catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
Recieved excetion message as flow
FacebookException{statusCode=400, response=HttpResponse{statusCode=400, responseAsString='{"error":{"message":"API calls from the server require an appsecret_proof argument","type":"GraphMethodException","code":100}}
', is=sun.net.www.protocol.http.HttpURLConnection$HttpInputStream#446f4515, streamConsumed=true}, errorType='GraphMethodException', errorMessage='API calls from the server require an appsecret_proof argument', errorCode=100, errorSubcode=-1}
at facebook4j.internal.http.HttpClientImpl.request(HttpClientImpl.java:189)
at facebook4j.internal.http.HttpClientWrapper.request(HttpClientWrapper.java:65)
at facebook4j.internal.http.HttpClientWrapper.get(HttpClientWrapper.java:93)
at facebook4j.FacebookImpl.get(FacebookImpl.java:2431)
at facebook4j.FacebookImpl.getMe(FacebookImpl.java:105)
at facebook4j.FacebookImpl.getMe(FacebookImpl.java:101)
at biztopia.facebook.web.FacebookController.requestUserInfo(FacebookController.java:292)
I found the solutions.
That is append appsecret_proof parameter at call API as "http://graph.facebook.com/me?access_token={access_token value}$appsecret_proof={appsecret_proof value}.
If you are no want append appsecret_proof parameter then you can change set to no use appsecret_proof paameter on your app management site.
The management site menu is setting>advanced>Require AppSecret Proof for Server API calls -> set to disabled.
Related
On the same controller handler method, I would like to either:
return a JSP view when the request is valid
set the appropriate HTTP status code and just write a simple String message to the Response body if the request is not valid
Is this possible with Spring MVC?
Yes possible.
#RequestMapping(value = "/show", method = RequestMethod.GET)
public String show(ModelMap model,
HttpServletRequest request,
HttpServletResponse response) {
if (isValidAsYouWant(request)) { // check validity
// setup reference data
return "viewName";
} else {
response.setStatus(400);
try {
response.getWriter().write("Invalid Request");
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
}
I am using Onelogin 2.0 toolkit . Instead of having Login and ACS as jsp files I have added them as rest services. I am getting this error when my IdP redirects to ACS Service Url.
SAML Response not found, Only supported HTTP_POST Binding
In request to ACS service SAMLResponse parameter is coming as null. How can I fix this ?
#Path("/saml")
public class SAMLAuthService {
#Context
HttpServletRequest request;
#Context
HttpServletResponse response;
#GET
#Produces(MediaType.APPLICATION_JSON)
#Path("/dologin")
public void SAMLLogin(){
try {
Auth auth = new Auth(CommonUtils.samlPropertyFileName,request, response);
System.out.println("Calling SAML Login::");
auth.login();
} catch (Exception e) {
e.printStackTrace();
}
}
#POST
#Produces(MediaType.APPLICATION_JSON)
#Path("/acs")
public Response SAMLACS()
throws ExecException {
Response samlResponse = null;
try {
System.out.println("Calling SAML ACS::");
Auth auth = new Auth(CommonUtils.samlPropertyFileName,request, response);
auth.processResponse();
if (!auth.isAuthenticated()) {
System.out.println("Not Authenticated");
}
List<String> errors = auth.getErrors();
if (!errors.isEmpty()) {
if (auth.isDebugActive()) {
String errorReason = auth.getLastErrorReason();
if (errorReason != null && !errorReason.isEmpty()) {
System.out.println(errorReason);
}
}
} else {
Map<String, List<String>> attributes = auth.getAttributes();
String nameId = auth.getNameId();
System.out.println("NameId::"+nameId);
if (attributes.isEmpty()) {
System.out.println("No Attributes");
}
else {
Collection<String> keys = attributes.keySet();
for(String name :keys){
List<String> values = attributes.get(name);
System.out.println(name+"::");
for(String value :values) {
System.out.print(value);
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
return samlResponse;
}
}
The Auth constructor that you are using expects a HttpServletRequest request object with a SAMLResponse POST parameter
If you don't have that HttpServletRequest object, you can build it using the makeHttpRequest
You can use the SAML Tracer to analyze the SAML flow between the IdP and the SP. You may be sure that the IdP is sending a SAMLResponse. I'm not familiar with the "Rest approach" you are using, but you may see the way to get the SAMLResponse and build the HttpServletRequest object injecting that parameter.
I have this JavaScript code which is connecting with the service and sending back the result.
Now the requirement is to call the same service from Pure Java.
Below is the javascript code for calling the service.
If some one can guide me to convert this Javascript to Java in my GWT Application
Thanks
function verifyValidationSyntax(textToValidate)
{
var url = "https://validation-grammar.example.com/validation_grammar_service/rest/validation_step_validation";
var client = new XMLHttpRequest();
client.open("POST", url, false);
client.setRequestHeader("Content-Type", "text/plain");
client.send(textToValidate);
if (client.responseText==='true') {
return "true";
} else {
return "false";
}
}
I wont convert your code, But here is the sweetest example from docs
String url = "http://www.myserver.com/getData?type=3";
RequestBuilder builder = new RequestBuilder(RequestBuilder.GET, URL.encode(url));
try {
Request request = builder.sendRequest(null, new RequestCallback() {
public void onError(Request request, Throwable exception) {
// Couldn't connect to server (could be timeout, SOP violation, etc.)
}
public void onResponseReceived(Request request, Response response) {
if (200 == response.getStatusCode()) {
// Process the response in response.getText()
} else {
// Handle the error. Can get the status text from response.getStatusText()
}
}
});
} catch (RequestException e) {
// Couldn't connect to server
}
You may miss this in docs
To use the HTTP types in your application, you'll need to first inherit the GWT HTTP module by adding the following tag to your module XML file:
<inherits name="com.google.gwt.http.HTTP" />
I want to write a .jsp (tomcat5.5) that calls a web service (IIS in domain). I get an HTTP Error 401 Unauthorized. It seems that in order to call the web service you have to be a domain user. I want to allow access to the jsp only to domain users. The request.getRemoteUser() in the jsp returns null but not the domain user that calls the jsp.
From a web browser I call the web service and it works fine.
I am a bit confused with this. Can someone tell me how can the issue be resolved?
Do i have to make tomcat make SSO?
Thank you for your time.
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter o = response.getWriter();
o.println("sstarting...");
o.println("user.name ".concat(System.getProperty("user.name")));
o.println("request.getRemoteUser() ".concat(request.getRemoteUser()));
try {
GetUserRoles getUserRolesRequest = new GetUserRoles();
getUserRolesRequest.setApplicationId(121);
getUserRolesRequest.setUserName("user");
GetUserRolesResponse getUserRolesResponse;
ServiceStub stub =new ServiceStub() ;
stub._getServiceClient().getOptions().setProperty(HTTPConstants.CHUNKED,"false");
getUserRolesResponse = stub.getUserRoles(getUserRolesRequest); //IT FAILS HERE 401
String str =getUserRolesResponse.getGetUserRolesResult().toString();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
o.println(e.getMessage());
}
}
I'm facing an issue in socialAuth java library. I used that library for logging to my app by using social networks. Login with Facebook is working properly. But when i try to use google and yahoo is does not work for me. Error occur when after authentication process, redirection part is not working properly,
#SuppressWarnings("unused")
#RequestMapping(params = "code")
private String oauth2Callback(final HttpServletRequest request,
HttpServletResponse response,
Model model) throws Exception {
String serviceReturnUrl = request.getParameter("service");
String clientAppKey = request.getParameter("app_key");
org.brickred.socialauth.AuthProvider provider = null;
SocialAuthManager manager = socialAuthTemplate.getSocialAuthManager();
if (manager != null) {
try {
provider = manager.connect(SocialAuthUtil.getRequestParametersMap(request));
} catch (Exception e) {
e.printStackTrace();
}
} else {
response.sendRedirect(appLoadConfigurer.getProperty("caslk"));
return "";
}
When redirecting Facebook to my app this method catch the request. but when it comes to google, i could not catch the request from google by using this method. request is not comes to here. Any one can idea to fix my issue as soon as possible
For google you will have to use
#RequestMapping(params = "openid.claimed_id")
Because google doen't return any attribute with name 'code' that's why it is not matching with this.