I am writing a basic http proxy using the com.sun.net library that uses HTTP Server and right now my proxy is able to receive the information from the client, but once I have it, how do I pass it on to a different URL (the server) that I specify? I hard coded the client to only connect to my proxys IP so I need to create a new request that uses the same headers and body to pass on to the server.
All I have access to in my handle method is a
HttpExchange t
so that is what I have to use to make the new request.
Related
I am currently trying Java Jersey 2.23.2 for my restful service
When both of the web client and tomcat web service runs on the same device, The session was handled perfectly.
However, when the an external client (another website) that runs on a different machine, there will always be new session introduced after an API call instead of sticking to just one session.
Is there anyway I could let the external client to call the webservice just like the local client does?
I can assume that your remote client does not care about JSESSIONID cookie. When session created, server sends HTTP header Set-Cookie with it.
Client must take it and then send it back with each subsequent requests.
All browsers do it automatically.
But as long as your client is another service it needs to care about it.
I'm currently programming for Android 4.4 and I'm wanting to fill a web form with a username and password combination. This is obviously sensitive data, and I'm connecting to a HTTPS web page.
Is using the HTTP POST method sensible and encouraged for this or is there an alternate method I can use to do it?
HTTP Post vs HTTP GET
in GET method you send the parameters part of the url string
in POST method you send the parameters part of the post body
HTTP vs HTTPS
in HTTP you send the request as plain text, very readable by 3rd party applications
in HTTPS you encrypt the contents of the request, and thus the 3rd party applications would need some additional keys to decrypt it.
the question of sensitivity depends on who do you want to hide the information from?
if from the user, HTTP POST is enough, the average user does not try to read the contents of http requests.
if from hackers, then you'd need HTTPS
I have .war on the server which contains servlets. When I send an HTTP request through the browser, I am able to connect and retrieve files. Now, I want to do this programmtically in Java. In order to connect, I am first sending a get request that contains the user name and the password. Now assuming that I will stay logged in, I am sending another get request with its parameters to get the file, but I am unable to retrieve the file. Is there any way to do this? Currently, I use HttpClient and HttpGet to connect and execute the get requests.
Eventually what I am trying to do is to have an application, deployed on a server call a servlet on the same server but under a .war (i.e. implemented as another application) and retrieve a file. I have tried to call the servlet directly but also I have been able to figure that out.
When I call a web service that sits on a load balancer with jax-ws, it returns
The server sent HTTP status code 302: Moved Temporarily
and then fails, but when I use SoapUI it works fine.
Is there a way that I can configure the service to handle this correctly?
I generated the webservice code using wsimport and make the call as such
NotificationWebService service = new NotificationWebService(wsdlLocation, qName);
NotificationWebServiceSoap serviceSoap = service.getNotificationWebServiceSoap();
String xmlString = serviceSoap.getRSAPublicKeyXMLString();
I'm stuck and I haven't been able to find a solution anywhere so any help would be appreciated.
So after lots of investigation I finally figured out what the problem was. It was all down to redirecting from http to https. From articles I found on the web (can't remember the urls anymore), is that the libraries that the wsdl2java and wsimport stub generators use to do the webservice communication don't allow a http to https redirect follow due to security reasons.
So even though I was generating the stubs from a https wsdl location ie. https://wsdl.location.com?wsdl, when I ran the code to do a webservice call, it was trying to make the call to http://wsdl.location.com which resulted in a redirect request to https://wsdl.location.com, But the http library does not allow that. So it just forwards the 302 http code up as an exception.
Also, there are two web-service urls. One is a testing service which is normal http url and then there is a production server which is over https. So to work around this is all I did is configure the service on the fly to use the end-point I have specified (which is now the https address) by using the BindingProvider class. This also allows me to specify on the fly depending on which environment that is making to call, to use the test url or the production one ie.
NotificationWebService service = new NotificationWebService();
NotificationWebServiceSoap serviceSoap = service.getNotificationWebServiceSoap();
BindingProvider bindingProvider = (BindingProvider) serviceSoap;
bindingProvider.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://wsdl.location.com");
String xmlString = serviceSoap.getRSAPublicKeyXMLString();
So in short, if anyone encounters this problem. Make sure if the end point you need point to is on https, that you are making a direct https call and not a http call that will ask for an https redirect. You can check this by examining the serviceSoap while debugging. It will say to which url it is making the call.
I didn't look into or go with the option to configure wsdl2java and wsimport to generate the stubs and force the stubs to use the https call so that I could configure multiple url end-points for different environments.
Yes. You didn't say what you're using for the transport, but if it's something like HttpClient you need to set it up to follow redirects. You may need to fiddle with the auto-generated code, or alternatively, perhaps try a higher level abstraction, like Spring Web Services or CXF.
Reason is the redirection issue on web service call control gets transfered from HTTP to HTTPS. Edit your WSDL file you will find the below code:
original code:
soap:address location="http://www.google.com/Services/Services_xyz.asmx"
changed code:
soap:address location="https://www.google.com/Services/Services_xyz.asmx"
Just change the location attribute HTTP to HTTPS and generate the new stub using the changed WSDL file location.
I am developing a software which will be communicating with a server using HTTP (but it is not a web browser). Since the server part is not ready yet, I would like to debug my client software by sending HTTP messages to it. I know that I can send HTTP requests using Curl. But I am not sure if that is sufficient here.
I'm imagining an environment where I send a request from my application, check that it is correct using Wireshark and then reply to the request using some software. Using Curl, I think I would have open a listening port..?
I'd use a simple node.js server for this. You can write your own HTTP server in a few lines of code an simulate various return codes, response headers or response entities easily: http://nodejs.org/
PS: There are proxies that simply print out the HTTP messages. This might be helpful for you too, because you don't have to deal with WireShark anymore just for HTTP-level logging.
You can't do that with cURL. It is an http client, not a server.
The simplest way to do this is to actually implement a mock server application that just returns a static (i.e. hardcoded) message every time. You can do this using any server-side language you like (php, python, ruby, ...), or, you can even do it without a server side language, using just static files served by a webserver such as apache or nginx.
For example, if the server part (the API) would respond to /articles.json with something relevant (a JSON object containing some articles), you could put a file named articles.json that contains some hand-written data in your server's root. Then, your application would think it's calling an API when it's actually just downloading a static file.
You can use firebug addon of firefox browser to see content of HTTP request/response.
It does't require any server (but of course, if you dont have server which process requests from browser and send responses to browser, you 'll always see response "unable to connect").
If you still need to mock response, you can create simple server which is able to respond with mock responses, for example java servlet at tomcat server, with code like this:
public class MyMockServlet extends HttpServlet {
..
private String mockHeaders = "...";
private String mockResponse = "my response";
public void service(HttpRequest request, HttpResponse response){
setHeaderAndBodyInResponse(response);//your method
}
}