I encountered a weird stuff and I've been struggling with it for a while now. Google AppEngine is processing my POST requests as GET. I've tried 3 different REST clients and they produced the same error (an html document that said GET is not available for the specified URL; but for God's sake I sent a POST!).
I'm using Java, and I've set the web.xml file correctly. Please note that this is not the first servlet in the project that responds to POST and others have worked properly. To complicate matters, this same servlet responds to POST normally when I run the app on my local development appengine server. I've cleaned and rebuilt the project several times and even changed the URL of the servlet but the problem still persists. Any help? Thanks.
The most common reason for this is that your POST is redirected for some reason, and redirects are always GET. What does the logging console say?
I was using the non secure url and it redirects POST to GET. Using https fixed this.
Related
I downloaded the Azure AD with spring boot from https://github.com/microsoft/azure-spring-boot. Its all nice and works well as long as I run theazure-active-directory-spring-boot-sample using
mvn spring-boot:run
as shown in the README file.
I am trying just a basic real-life scenario where the angular/react app is running separately on a separate port using npm. The moment I separated them out the main Filter AADAuthenticationFilter is only invoked once on the first request where it does token verification and never again for subsequent requests.
I went around and configured an nginx proxy so that the domains of these two are now same
localhost:9999 and I redirect based on the next path like web for the npm and app for the Spring boot. This enabled the cookies to be available at every request.
This helps because what I learned is that Spring uses cookies to maintain a session. But ideally, the AAD filter should revalidate the token every request.
But if I add a property of azure.activedirectory.session-stateless=true to my application.properties, as mentioned in the filter's code to make it stateless and validate on every request. It expects roles as a different attribute in AD instead of it being a group of the user.
I also don't understand get the behaviour, when the js files are embedded within the spring app and run all this works perfectly fine and the filter is invoked at every request. But when I separate them out it just doesn't work.
Any help or pointers would be appreciated.
I realize that a lot more info may be required for someone to debug the above problem. But I was just able to solve this - at least found the problem that was causing it. Like I mentioned earlier the problem started when I separated the client and spring APIs. And since the client was not able to send back the cookies set by server, due to change in domains I had to put a proxy server.
What I found out later was that every GET request was always invoking the AAD filter. Even multiple requests. But other requests like POST, PUT were failing. I tried disabling the csrf config in spring WebSecurityConfig.java -->> http.csrf().disable();
This solved my problem and now I receive a request and all works as expected. Now I am trying to figure out how not to disable csrf completely.
Thanks
In my application, user management is done through Keycloak. While testing my application end-to-end through Cypress, I came across an issue. When I sign up a user, it gives the following error:
We're sorry. An error has occurred, please login again through your application.
Cypress is adding something to a generated URL after I click the submit button, which is causing this issue. The same scenario tested through Protractor ran fine. I have noticed Cypress is appending session_code to the request URL. While doing manual testing, I don't get session_code.
Below is the URL generated through Cypress:
.../login-actions/registration?session_code=LsZbmsVVLwEH9s-xwFJ2JdDtaCu1_xzqAGOQCpjxGJI&execution=06fac3bb-fb19-474b-8659-2572586ae371&client_id=web_app&tab_id=PSlmfgdv0ls
Where as a manually generated URL is like following:
.../login-actions/registration?client_id=web_app&tab_id=PSlmfgdv0ls
My application backend is Spring Boot and the front-end is in React and Next.js.
It would be really helpful if anyone could guide us through this issue. Please let me know if you need more information about our application.
The Keycloak Authenticator documentation explains that the authenticate method checks the current HTTP request to determine if authentication requirements have been satisfied, and, if not, a challenge response is sent back. If the challenge response itself is authentication, then you'll see a URL with the session_code parameter.
It goes on to say that session_code, in the first URL example, pertains to the code generated from AuthenticationFlowContext.generateAccessCode(), which further explains:
String generateAccessCode()
Generates access code and updates clientsession timestamp. Access codes must be included in form action callbacks as a query parameter.
However, the "manually" generated URL, that does not include the session_code parameter, seems to indicate that the initial registration of the client has been successful and a client configuration endpoint is being used to make a GET request - a client read request - and all is well. Everything works fine.
Therefore, it seems that Cypress is being sent a challenge response (and potentially exposing a security flaw in your application). Possible reasons for this might be further explained within Cypress's documentation on Web Security.
Common Workarounds might provide you with a remedy, or, if all else fails, you might try Disabling Web Security for testing purposes as well.
I have followed the Angular 2 tour of Heroes tutorial to the T, and I have successfully implemented the displaying of the heroes (I renamed them to employees).
However, the tutorial uses an in memory mock web server. When I try to pass a localhost url (that displays json) from my spring-boot backend, I get this error:
XMLHttpRequest cannot load http://localhost:8080/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:3000' is therefore not allowed access
However, if I decide to use an online web api, for example :
https://jsonplaceholder.typicode.com/users
Then it works perfectly fine.
Any help would be greatly appreciated.
There was indeed duplicate questions (I posted since none of them seemed to have solved my problem). Turns out one of them did put me on the right track. I just had to put
#CrossOrigin(origin ="http://localhost:3000")
on top of my controller class in Spring. This enabled CORS in spring.
For more details, look here
https://spring.io/blog/2015/06/08/cors-support-in-spring-framework
Google auto-generates and HTTP PATCH endpoint when you code an HTTP PUT
But this PATCH endpoint doesn't run at localhost
The HTTP answer error code is 404
At GAE production server you don't have any problem
It makes himself, two consecutive calls: GET and PUT
Anyone is running PATCH at localhost ?
I planned to use that (and MERGE as well) but will now be careful. GET followed by PUT looks like a hacky workaround. Unfortunately all you can do is add your star to Support for HTTP PATCH and similar feature requests, and try to lobby others to do the same (I've added my vote).
Away from the Endpoint library I hope to implement doPatch and doMerge in an OpenData compatible servlet, and then hope that Jetty connects the HTTP requests from jQuery ajax to those methods. You might be able to try something similar by editing the generated Endpoint library, but that approach might encounter more problems. I'd appreciate feedback on how you fare.
I have a client written in Java using the Springsource toolkit (that is, the #Service attribute) that is talking to an external webservice (completely seperate, nothing to do with my company) via HTTPS. I'm getting an exception on the marshalSendAndReceive step, which states that the content-type is coming back as text/html instead of the expected text/xml - with the message "could this be an error message?"
The webservice itself is the public test for the next version of the service, and calling the live service from the same code works fine. This particular method I am calling works fine on the live system but not on the test system.
My hunch is that the request is not correctly formatted for the test system - although only the response should have changed in the schema according to the release notes - and this is causing the service to return an error that is incorrectly parsed by my client. I am getting this error with all requests, even those that (according to the release notes) have not changed.
I have tried to use Fiddler and Wireshark to inspect the traffic, but can't get Fiddler to see it at all (I suspect this is a problem using Tomcat in STS with a proxy) and Wireshark can't decode the HTTPS stuff (I don't have the keys). I can't use HTTP, as the external service returns 403 Forbidden if I try.
I'm not the original developer, and I'm not even a Java developer. I am an experienced .NET developer, so any analogies with that will be understood - otherwise, I am a dummy and phrase your instructions/questions/possible help accordingly. As instructed by my predecessor, I have created a JAR file from the WSDL using XmlBeans and added that as a referenced library but I can't be sure that I've done that correctly, or even what it is that that is doing. It doesn't appear to have a discernable effect on things.
How can I debug this problem, and verify whether it is a problem with my client or their service?
My first goal would be getting Fiddler working. It is difficult to debug in the dark. However, where I get confused is when you discuss your client running in Tomcat in STS. Is your client a webapp?
Have you tried other tools like SoapUI to validate that the service is responding to your requests as expected?