I chose the UnboundID LDAP SDK for Java. I deployed, somewhere in cloud, a Bastion server and a Microsoft Active Directory in the same network. If I run the LDAP client code on the Bastion server, it works. Now I want to run the code locally. For this, I installed the Squid on the Bastion and I configured it to allow everything. I start the Java application with -Dhttp.proxyHost, -Dhttp.proxyPort, -Dhttps.proxyHost and -Dhttps.proxyPort.
I use the following method:
LDAPConnection(String host, int port, String bindDN, String password).
Using this approach doesn't work for me. I don't see the requests that are forwarded to the Squid proxy. I want to achieve this for developing purposes. I am new to this library.
Question: Does anybody achieved this before? Is it possible?
It won't work. I am not aware of any open source LDAP client in Java or C which will utilize CONNECT to tunnel through an HTTP proxy. Especially as soon as you will use certs or Kerberos your jump server will not work.
Related
I am able to succesfully use my dropwizard application when accessing with localhosts, but it doesnt work when I access with a different machine. Is there something you need to do make your web application respond to hosts besides localhosts?
I know with flask you must run with the flask run --host=0.0.0.0 is there a setting in the config file which controls this.
If you connect from the same network you´ll probably have an windows firewall issue (if you run on windows) or any other firewall depending on the OS.
You´ll have to allow inbound connections for the specific application on or port 80/443 TCP.
If you´re trying to connect from another network then it probably still is the above but you also have to setup port-forwarding to the machine running your application.
If it´s HTTP, probably port 80. If HTTPS then probably 443, for any other protocol you have to find out the correct port.
Since it´s dropwizard it´s probably HTTP/HTTPS, depending if it has to be secure (definatly recommended for REST APIs)
So i have my site on hosting company, and this company support let encrypt certificate, so i generated it and now the site is running with https protocol.My server side(spring boot application web service oriented started on VPS) for this site is on another company. My questions are:
How can i use this generated certificate on my server side part,
is it possible, what should i do?
What i need to provide to the server, and all things that are needed the server to work?
When i was without the certificate everything worked perfect, but right now on the server side i get
java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens
and in the browser i get
net::ERR_SSL_PROTOCOL_ERROR,
when I`m trying the get resources from server.
From the hosting company i can get everything connected to the certificate
It seems that you are passing HTTPs traffic to web server which "talks" in plain HTTP.
Normally SSL termination is done on software like Apache HTTPD or Nginx.
Then you configure it to act as reverse proxy to your actual Spring boot application running in JVM.
You can also configure your JVM webserver (Jetty,Tomcat .. whatever you have) to use your Let's encrypt certificate, but I have doubt that certbot will be able to easily renew them.
I have a Java Google App Engine webapp, which I am trying to connect to a Google Compute Engine instance running a Squid proxy. However it does not seem that the connection is working at all. Can anyone advise?
What I've done:
Set up a GCE f1 micro instance with Squid installed
Added username and password authentication for Squid
Set up a Google Cloud firewall rule to allow requests from port 3128 (the default Squid port)
Added the following to my GAE webapp:
System.setProperty("http.proxyHost", address);
System.setProperty("http.proxyPort", port);
System.setProperty("http.proxyUser", user);
System.setProperty("http.proxyPassword", password);
If you feel like you can provide more information about witch component of your solution is not working (maybe providing some logs) editing the question and I can help more with the debug that right now is only superficial.
By the way first of all I advise you to go through this small step to step guide from the official Google documentation describing how to use a gateway instance as a Squid proxy server. Maybe you can notice that you merely forgot a rule in the configuration of the Squid Proxy or to run it.
However, I would follow these classical steps in order to debug:
First of all I would try to install tcpdump if you didn't do it yet to check if it is a configuration issue or a network issue. Filter all the packets to highlight only the ones having source IP, protocol and port you expect.
In case you see no packet received, it can be a firewall issue dropping your packets or a client misconfigured that is not issuing any request.
Add a rule in your project allowing the incoming traffic from every protocol and port and try again with tcpdump
If the firewall was not the issue, try to connect the proxy from the different terminal disabling the authentication of Squid Proxy.
if you notice that your Squid Proxy is working fine then go through the debug of your client to understand why no request was sent.
If there are no issue with the traffic, try to disable authentication and to setup the debug mode of Squid to understand what is happening.
By the way are you sure you messing with HTTP and HTTPS requests?
Try to retrieve a simple webpage with the proxy and not the external API to reduce the area where error can be hidden.
I have developed a Java server using Eclipse that accepts TCP socket connection from android client, performs some computations, and returns the result to the android phone using this socket. I tried it on Wi-Fi.
I want now to move the Java server to the cloud - basically amazon EC2. Is this possible? I am just using a simple tcp socket connection. I have checked and couldn't find an example but came across "elastic beanstalk". Any help is appreciated, maybe a link or tutorial with such an example.
can i convert my java project to .war and use it or can i install eclipse on the cloud and run it as i do locally?
It is definitely possible. And you don't have to convert your project to a .war, unless you want to.
All you have to do is:
Pick the Amazon Image (AMI) you want to use - Amazon Linux is a good place to start, but there are plenty of other options, including Ubuntu and Windows.
Set up a security group - you need to set an incoming rule for your server's port number. It is pretty easy to do this from the Amazon web-based console.
Start a machine and assign it to the security group you created. Again, this is easily accomplished from the amazon web console.
Once the machine is up, log in (using ssh for Linux or Remote Desktop for windows) and install your server.
A few things to remember:
Since you are now running on a public server, sooner or later your server will be attacked. EVERYONE gets attacked. If all you are opening is your single application port, make sure it is secured.
An Amazon server has a private and public IP. Your client application will connect to the public IP.
Servers can fail, and new servers get new public IPs! You need to prepare for this. Either make the IP in the client configurable, or look into something like Amazon Elastic IPs or dynamic DNS.
I regularly upload files to a particular RedHat 5.5 Server with no problems using FileZilla.
I am now trying to FTP to the same server with the Java Library org.apache.commons.net.ftp.FTPClient while using the exact same credentials (un, pw, and ip address). I keep getting an error Connection Refused: Connect at java.net.PlainSocketImpl.socketConnect(NativeMethod) at...........
It seems like if the permisions work for FileZilla, they should work for commons.net also. Does this sound right?
From the serverside everything should be ok. When you can log in with one client the other client should be ok as well.
I cannot tell however if the server for example uses something like passive mode and your library doesn't support that feature.
Are you sure that you are connecting to the same port and the server is not using sftp, etc?