When i send post request through jquery(Cross domain) it is not authenticated and in response null is coming while i am sending same request through using burp suite or http live header then it is working and able to authenticate please suggest me solution for the problem
JavaScript has a same origin policy. You can not make requests to other domains with the XMLHttpRequest object.
Most modern day browsers support CORS or you can use JSONP if you can make a GET request. If you can not use CORS or JSONP, you need to use a proxy on your server to send/retrieve the content.
Related
I used BlazeMeter's chrome extension to build a .jmx file for testing our login page in JMeter. Most of our application is written in node js. We are using Auth0 for our login and the /login/callback is giving me a 400. I am not sure why. My goal is to test our applications with about 200 users. Any help would be great!
The HTTP 400 Bad Request response status code indicates that the server could not understand the request due to invalid syntax.
Most probably you are getting this error due to malformed request body or missing header, most probably you need to add a HTTP Header Manager and configure it to send Content-Type header with the value of application/json
Also be aware that OAuth authorization flow isn't something you will be able to record and replay, it is all about obtaining an Authorization Bearer token and sending it along with the requests requiring authorization via the aforementined HTTP Header Manager.
There are several ways of obtaining an OAuth token, check out How to Run Performance Tests on OAuth Secured Apps with JMeter guide for more details on bypassing OAuth login challenge in JMeter tests.
When a html page makes a call to a rest webservice, how can the service credentials be sent in the request?
The username and pwd needed by the service can be sent in the request itself by using (usename:pwd#service.com) notation, but that would not be wise sending in the creds in the request itself.
Any other ways to solve this problem?
If it uses BASIC authentication, it is sent along the request as a header (in clear). Have a look at:
http://en.wikipedia.org/wiki/Basic_access_authentication
This can be hardened by using a secure protocol (https), with which you encode your request (basic authentication included).
http://en.wikipedia.org/wiki/HTTP_Secure
This requires additional configuration on the server-side
I am trying to get JSON (getJSON()) from server that doesn't have support for jsonp implemented. Namely, when adding callback=? to the URL, the server does return the data, but it returns pure JSON without padding.
I understand this is something that must be corrected server-side - there is no way to resolve it in jQuery. Is this correct?
If CORS support is not supported by server as well jsonp, you might try proxy approach in such cases. One example http://www.corsproxy.com/, there should be other proxy alternatives too.
What does it do?
CORS Proxy allows javascript code on your site to access resources on other domains that would normally be blocked due to the same-origin policy.
How does it work?
CORS Proxy takes advantage of Cross-Origin Resource Sharing, which is a feature that was added along with HTML 5. Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying "anyone can request this".
I have created a web-service that uses basic authentication in JDeveloper 11.1.1.4.
When i test my application using a client application is runs correctly so i know that the authentication mechanism has no problems.
How can i pass authentication info into the HTTP Analyzer by right clicking on Webservices and selecting Test Web Service?
I have tried to pass credentials through SOAP Headers > :WS-Security:Header like below but is not working
I have also tried to pass authentication through Credentials option like shown below
In both cases i get this error 500 HTTP Analyzer Server Error The server sent HTTP status code 401: Unauthorized: .....
How can i get through this?
Thanks
UPDATE
I also tried to pass Authentication option to Request HTTP Headers but get the error message :
Error 403--Forbidden
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.4 403 Forbidden
The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
If you're using Basic authentication, all you need is set request header Authorization. Value of this header: prefix Basic, one space, Base64 encoded string with usrname:password, so your header for Aladin:sesam open should be like this: Basic QWxhZGluOnNlc2FtIG9wZW4=.
On screenshot i see section Request HTTP headers, add Authorization header to it.
I am aware that this is an old post , but this may benefit those who run into this issue.
I am using Jdeveloper 11.1.2. I have secured the JAX-RPC web service (created by exposing PL/SQL poackage) using basic authentication. I attached the security policy: "Auth.xml" using the wizard.
I was able to test this using HTTP Analyzer. I just passed the user credentials in the SOAP Headers as shown below and it worked fine for me.(I also passed invalid creds and no creds to see if the security works as expected.)
Hope this helps !!!
I'm trying to extract information from an URL using my Java code. But the URL has a pop-up authentication scheme. How would I know the authentication scheme used? I have the credentials for it.
A browser typically shows an authentication "popup" when the server responds to an HTTP request with a "401 Unauthorized" response message. The response header includes a "WWW-Authentication" header which tells you the authentication scheme to use (among other things).
There are various ways to deal with this in a Java application, depending on how you are attempting to fetch the web resource associated with the URL. For instance, if you are using HttpUrlConnection, you can extract the "WWW-Authentication" header, parse it, and extract the authentication scheme.
Normally the authentication is based on HTTP. There are several techniques to use (HTTP basic authentication Kerberos NTLM and so on) Each of this technologies applies additional information into HTTP header. So the authentification is not URL based but HTTP Header based.
Please give us more information about your problem, to help you