been facing this issue all day and its officially beyond me. Ive looked over google trying different interpretations of trying to work this but it keeps offering me the same issue.
I am trying to http get to an api that is outside my corporate network. Using Java I have accomplished this before on the same api using
Proxy proxy = new Proxy(Proxy.Type.HTTP, new
InetSocketAddress("proxy.example.com", portnumber));
HttpURLConnection con =
(HttpURLConnection) new URL(urlstring).openConnection(proxy);
I am now trying to get to the same api (urlstring) from an angular4 application.
within the service class i have:
let headers = new Headers({ 'Access-Control-Allow-Origin': '*' ,
'Authorization': 'BASE64AUTHENTICATION',
'Accept': 'application/json' });
let options = new RequestOptions({ headers: headers });
return this.http.get(urlstring, options ).map(res => res.json());
I just dont see anything like the Java Proxy that will allow me to wrap my get request with the corporate proxy server.
Currently I am getting 'Response for preflight has invalid HTTP status code 405' evry time I try to access the api. It seems to let me through far enough when I dont try using authentication headers but it is needed for this.
You should check your browser proxy configuration as your angular 4 app is running on that.
Related
Hi everyone i'm so hopeless so ask you guys.
I'm trying to do a simple HTTP request but with my proxies I get 407 error code.
I use Unirest and Java 8.
Unirest.config().proxy(host, port, usernameProxy, passwordProxy);
HttpResponse<JsonNode> response = Unirest.post(url).asJson();
String body = response.getBody().toString();
That's it, my url is private but i wrote it like this: "https://myurl.com/?param1=param¶m2....
It works proxyless but i'm stuck with proxies.
Thanks a lot
Seems like the proxy server expects for the proxy credentials within the Headers, which Unirest doesn't seem to propagate.
The header must specifically contain the "Proxy-Authorization" key in order to the handshake be even started.
String proxyCred= "user:password";
String baseCred= Base64.getEncoder().encodeToString(proxyCred.getBytes());
HttpHeaders headers = new HttpHeaders();
headers.add("Proxy-Authorization", "Basic " + baseCred); // the proxy server needs this
This solution uses the Basic mechanism; It may not work, as the proxy may expect another type of authentication. You'll know which one is by reading the Proxy-Authenticate header within the server's response.
If the communication is not secured (HTTP and not HTTPS), you could read the response by sniffing the packet with some tool such as WireShark. Once you locate the 407 packet, you could read inside the Proxy-Authenticate value and modify your authorization method according do it.
I am not able to do a POST request to the Composer rest server that is authenticated.
I have been trying out Hyperledger composer rest server with
authentication and multiuser enabled.
I have enabled Github based authentication by exporting
COMPOSER_PROVIDERS variable and multiuser mode with Wallet and
identities .
I authenticate the rest server in github and i am able to do rest
operations in the Composer Swagger explorer .
I am also able to do the rest operations in Postman by passing the
url with the access_token .
http://localhost:4200/api/Trader?access_token=xxxxxxxxxxx .This works
in Postman as well.
Problem is i am not able to do a post request to the composer-rest URL from java code even after passing the access token as param. I have tried with OKHttpClient,Apache HTTPClient, java.net client , CloseableHTTPClient .
All it gives me is
Server returned HTTP response code: 401
In all methods i get an "AUTHORIZATION FAILURE" error .
I dont know if i am missing anything , because i am able to do a rest operation from Postman . I take the code format from Postman itself and paste it in the Java code and it still doesnt work . I dont know what i am doing wrong ,
Suggestions , code snippets ?
THANKS !
since you managed to get this running from Postman then you're obviously missing something in your java code.
You probably have the URL correct, but might be missing a header, or a json type or something of the sorts.
Inspect your Postman request and replicate it exactly in your java code, everything, not just the URL.
Keep a log of your request and compare it against the Postman one, to see exactly what the difference is.
Try this code to retrieve cookies:
public void getCookieUsingCookieHandler() {
try {
// Instantiate CookieManager;
// make sure to set CookiePolicy
CookieManager manager = new CookieManager();
manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(manager);
// get content from URLConnection;
// cookies are set by web site
URL url = new URL("http://host.example.com");
URLConnection connection = url.openConnection();
connection.getContent();
// get cookies from underlying
// CookieStore
CookieStore cookieJar = manager.getCookieStore();
List <HttpCookie> cookies =
cookieJar.getCookies();
for (HttpCookie cookie : cookies) {
if (cookie.getName().equalsIgnoreCase("access_token")) {
System.out.println("CookieHandler retrieved cookie: " + cookie.getValue());
break;
}
}
} catch(Exception e) {
System.out.println("Unable to get cookie using CookieHandler");
e.printStackTrace();
}
}
You can refer it from here: https://docs.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/accessingCookies.html
I'm trying to read a JSON response from a RESTful webserver running on an IoT module (Advantech WISE-4012). According to the documentation, any GET request should be made in this form
GET /ai_value/slot_0/ch_0
Any Java implementation of GET requests (Java libraries, Apache etc.), anyway, append to the end of the request the protocol signature HTTP/1.1. E.g:
GET http://192.168.0.14/ai_value/slot_0/ch_0 HTTP/1.1
Because of this (probably) i'm getting Error 400 (Bad request) on every client i tried so far. The only working method i've discovered was sending a simple request through the address bar on Google Chrome browser (sometimes i get a response, sometimes a get a bad request error either). How can i write a java implementation of a GET request plain and simple as described by the documentation? How can i test a custom GET request without HTTP/1.1 at the end? Every chrome extension i tried (Advanced REST Client, Postman) add the protocol version at the end, so i haven't had the chance to verify if that's why i'm getting a bad request error.
EDIT:
This is the response header from Advanced REST client
Connection: close
Content-Type: application/json
Server: WISE-4000/8.1.0020
While the source message is the following one:
GET /ai_value/slot_0/ch_0 HTTP/1.1
HOST: 192.168.0.14
The only mismatch between the documentation is the HTTP/1.1 signature as mentioned before. Adding the "accept: application/json" makes no difference either
After a bit of digging into the documentation, it looks like the default timeout (i.e. 720 seconds) is the one causing an issue. There doesn't seem to be any way to work it around (ideally, the system should reset the time after a successful request and we should only get 400 - or 403 ideally after 720 seconds of inactivity).
A couple of points I would like to recommend to the API developers for WISE-4012 (if they are in touch with you):
Add brief documentation for authentication and timeout (probably, more response codes and error messages with each error response)
Enable OAuth for API Access
As far as current implentation is conerned, I guess you need to do a basic auth and pass username/password with every request, Or add Authentication header with every API request to get successful response without any 400s.
Check if this helps.
HttpClient httpClient = HttpClients.createDefault();
URI reqUri = new URI(<uri>);
RequestBuilder requestBuilder = RequestBuilder.create("GET");
requestBuilder.setUri(reqUri);
requestBuilder.setHeader(<headerKey>, <headerValue>);
requestBuilder.setEntity(<entity_data>);
HttpUriRequest httpRequest = requestBuilder.build();
httpResponse = httpClient.execute(httpRequest);
I've been unable to make a "DELETE" request using the code below :
URLFetchService fetchService = URLFetchServiceFactory.getURLFetchService();
URL posturl = new URL("http://www.example.com/comment?token=xxx");
HTTPResponse response = fetchService.fetch(new HTTPRequest(posturl, HTTPMethod.DELETE));
int responseCode = response.getResponseCode();
This is for Google Appengine. The 'DELETE' request is for the facebook graph API. The above code gives me a status code 400 - Bad Request.
This is for face4j an open source java library that I've built for the facebook graph API.
This isn't really an App Engine problem; it just means that the destination webserver wouldn't accept your request.
If you're actually trying to send a DELETE to example.com, that's your problem. If that's supposed to be a scrubbed URL, you've omitted the detail that would facilitate troubleshooting.
As the title states, we're looking for a way to access a .NET 3.5 Web service that is behind a Windows integrated (NTLM) authentication.
We've searched the internets and this forum this entire week, and we've yet to find a solution to this problem.
We've tried, DefaultHttpConnections, different variations of HttpPost, HttpGet etc.
However we try to authenticate ourselves we run into these:
SSLHandshakeException
or
Authentication scheme ntlm not supported
Authentication error: Unable to respond to any of these challenges:
ntlm=WWW-Authenticate: NTLM, negotiate=WWW-Authenticate: Negotiate
The IIS authentication is set as follows:
The page we're trying to access is an .aspx in a subfolder to the default site, and we dont have previliges and neither is it safe to change the authentication to the default site.
I know many others out there in the internets has similar problems.
And also, the app we're developing is not supposed to use web-views.
Any constructive pointers about how to solve this will be highly appreciated. Thanks in advance.
UPDATE: We have now changed the service to perform both basic and ntlm authentication.
When we run the code below to a localhost test-server we get the proper response, the localhost does not have any sort of authentication mechanism. The response as follows:
<soap:Body>
<FooResponse xmlns="uri:FlexAPI">
<FooResult>
<typeFooBar>
<FooNumber>4545</FooNumber>
<BarNumber>1</BarNumber>
</typeFooBar>
</FooResult>
</FooResponse>
</soap:Body>
However, When we run the code below on our authenticated server we get this.
org.xmlpull.v1.XmlPullParserException: expected:
START_TAG {http://schemas.xmlsoap.org/soap/envelope/}Envelope
(position:START_TAG #2:44 in java.io.InputStreamReader#4054b398)
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
request.addProperty("Foo", Bar.getText().toString());
request.addProperty("Foo", Bar.getText().toString());
request.addProperty("Foo", Bar() );
request.addProperty("Foo", Bar.getText().toString());
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
envelope.dotNet = true;
envelope.setOutputSoapObject(request);
envelope.encodingStyle = "utf-8";
envelope.implicitTypes = false;
String myUrlz= "http://" + myUrl.getText().toString() +"/Foo/Bar.asmx";
HttpTransportBasicAuth auth = new HttpTransportBasicAuth(myUrlz, "Foo", "Bar");
auth.debug = true;
try
{
auth.call(SOAP_ACTION, envelope); // Fails on this line.
System.out.println("Dump" + auth.responseDump);
// all the other stuff.....
}
catch (FooException Bar)
{
// ¯\_(ツ)_/¯
}
So basically, we're recieveing html response instead of xml when accessing the protected service. And yes, the localhost service and the sharp service are exactly the same except for the authentication part.
The short answer is no, there is no out-of-the-box method for NTLM on android.
The long answer is that there have been successful attempts in hacking together your own solution using the Apache HttpClient. See the following links:
http://danhounshell.com/blog/android-using-ntlm-authentication-with-httpclient/
http://mrrask.wordpress.com/2009/08/21/android-authenticating-via-ntlm/
There is no way an Android device can have a valid NTLM token for a Windows domain it does not belong to.
The only option you have is to change the authentification mechanism on the server to something more appropriate. If you need to restrict access to the page, here are some options available to you:
Basic authentification (over http or over https)
form based authentification (over http or over https)
https with SSL certificate authentification (in Android app and server side)
public page with Oauth (over http or hhtps)
public page with OpenID (over http or hhtps)