im are running two different servers on same instance with different port numbers, one is node(front-end) and another is tomcat(back-end).
Example:
http://localhost:4021 is node server (Angular2 web app),
http://localhost:8090 is tomcat server (Java)
Im able to get data from 8090 before login no issues with that, but when i login 2 cookies will be set into the browser through backend. Whenever we make any request for any data these 2 cookies has to be sent by the browser every time to the server in request headers but they are not being sent.
I tried by sending "withCredentials: true" in request options which did not worked.
let headersDefult = new Headers({'Content-Type':'application/json;charset=UTF-8'});
let requestOptions = new RequestOptions({ headers: headersDefult, withCredentials: true });
httpPOST(link, payload): Observable<any> {
let url = 'http://localhost:8090/';
let self = this;
return this.http.post(url, payload, requestOptions)
.map(this.extractData)
.catch(this.handleError);
}
Related
how it's going?
I have a RestApi built in Spring. There are some functional endpoints using GET and POST Methods. I tried add a https configuration as below:
#Configuration
public class ServerConfig {
#Bean
public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
#Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(getHttpConnector());
return tomcat;
}
private Connector getHttpConnector() {
Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("http");
connector.setPort(8080);
connector.setSecure(false);
connector.setRedirectPort(8081);
return connector;
}
}
Before I had like http://localhost:8080/api/candidates [GET] and after added this class, the url was redirecting to https, what is normal, so now I am redirecting to https://localhost:8081/api/candidates.
After that I have done this, when I try access the endpoint without HTTPS http://localhost:8080/api/candidates using GET I can retrieve all information, but when I try using POST to send some data I receive
Method not allowed but GET is working yet. Does anyone knows why?
I found this post, and it was exaclty what I was looking for. If you want see please check Spring Boot: redirect from HTTP to HTTPS results in 405 error for PUT method
A redirect is specifically to inform the client (e.g. web browser) to
do a GET request using a given URL, so the result of a redirect cannot
be a PUT, POST, DELETE, or any other HTTP method.
In this context, the main purpose of redirecting to HTTPS is to secure
the connection from snooping, i.e. ensure that no one can see
confidential information. This works well for a GET, since you haven't
sent confidential information yet1, assuming it is the response that
contains confidential information.
Redirecting a PUT or a POST to HTTPS is meaningless, since you already
sent the payload (the confidential data) over an unsecure connection.
Your client needs to be told to use HTTPS before it sends the data,
i.e. when it builds the PUT / POST request, it needs to be given an
HTTPS URL.
Fix the client code, e.g. the JavaScript code that generates the HTTP
PUT, so it uses HTTPS. Redirecting is too late, and entirely wrong.
It is actually a good thing that redirect of PUT failed, because it
forces you to correctly secure your web application. If it hadn't
failed, you'd mistakenly have thought that you web application was
secured by the redirect, when in fact it wasn't.
Redirecting GET requests is not the same as redirecting POST requests. Please read this. They state following:
Redirecting GET requests, which contain no data other then a query string, is a simple process. However, POST requests are more difficult to redirect because a browser responding to a 302 or 301 redirection converts an initial POST request to a GET request—a process that loses the original POST request data.
I am not able to do a POST request to the Composer rest server that is authenticated.
I have been trying out Hyperledger composer rest server with
authentication and multiuser enabled.
I have enabled Github based authentication by exporting
COMPOSER_PROVIDERS variable and multiuser mode with Wallet and
identities .
I authenticate the rest server in github and i am able to do rest
operations in the Composer Swagger explorer .
I am also able to do the rest operations in Postman by passing the
url with the access_token .
http://localhost:4200/api/Trader?access_token=xxxxxxxxxxx .This works
in Postman as well.
Problem is i am not able to do a post request to the composer-rest URL from java code even after passing the access token as param. I have tried with OKHttpClient,Apache HTTPClient, java.net client , CloseableHTTPClient .
All it gives me is
Server returned HTTP response code: 401
In all methods i get an "AUTHORIZATION FAILURE" error .
I dont know if i am missing anything , because i am able to do a rest operation from Postman . I take the code format from Postman itself and paste it in the Java code and it still doesnt work . I dont know what i am doing wrong ,
Suggestions , code snippets ?
THANKS !
since you managed to get this running from Postman then you're obviously missing something in your java code.
You probably have the URL correct, but might be missing a header, or a json type or something of the sorts.
Inspect your Postman request and replicate it exactly in your java code, everything, not just the URL.
Keep a log of your request and compare it against the Postman one, to see exactly what the difference is.
Try this code to retrieve cookies:
public void getCookieUsingCookieHandler() {
try {
// Instantiate CookieManager;
// make sure to set CookiePolicy
CookieManager manager = new CookieManager();
manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(manager);
// get content from URLConnection;
// cookies are set by web site
URL url = new URL("http://host.example.com");
URLConnection connection = url.openConnection();
connection.getContent();
// get cookies from underlying
// CookieStore
CookieStore cookieJar = manager.getCookieStore();
List <HttpCookie> cookies =
cookieJar.getCookies();
for (HttpCookie cookie : cookies) {
if (cookie.getName().equalsIgnoreCase("access_token")) {
System.out.println("CookieHandler retrieved cookie: " + cookie.getValue());
break;
}
}
} catch(Exception e) {
System.out.println("Unable to get cookie using CookieHandler");
e.printStackTrace();
}
}
You can refer it from here: https://docs.oracle.com/javase/tutorial/deployment/doingMoreWithRIA/accessingCookies.html
I am building a website using Angular 5 as frontend, and JAX-RS with Jersey as backend. The website requires the user to login using their email and password, which is sent to the API with POST. I then want the client to receive a cookie, but this is where I'm having trouble. The API sends a response with a cookie (I can see the cookie when I test it in Postman), but in Google Chrome it looks like no cookie is received, and no header is named 'Set-Cookie'.
My method that sends the cookie from the backend:
#GET
#Path("cookie")
public Response getCookies(){
NewCookie cookie1 = new NewCookie("cookie1", "test");
return Response.ok().cookie(cookie1)
.build();
}
I'm using a CORS-filter where I set AllowCredentials to true. What have I missed?
been facing this issue all day and its officially beyond me. Ive looked over google trying different interpretations of trying to work this but it keeps offering me the same issue.
I am trying to http get to an api that is outside my corporate network. Using Java I have accomplished this before on the same api using
Proxy proxy = new Proxy(Proxy.Type.HTTP, new
InetSocketAddress("proxy.example.com", portnumber));
HttpURLConnection con =
(HttpURLConnection) new URL(urlstring).openConnection(proxy);
I am now trying to get to the same api (urlstring) from an angular4 application.
within the service class i have:
let headers = new Headers({ 'Access-Control-Allow-Origin': '*' ,
'Authorization': 'BASE64AUTHENTICATION',
'Accept': 'application/json' });
let options = new RequestOptions({ headers: headers });
return this.http.get(urlstring, options ).map(res => res.json());
I just dont see anything like the Java Proxy that will allow me to wrap my get request with the corporate proxy server.
Currently I am getting 'Response for preflight has invalid HTTP status code 405' evry time I try to access the api. It seems to let me through far enough when I dont try using authentication headers but it is needed for this.
You should check your browser proxy configuration as your angular 4 app is running on that.
Does anyone can help me to get a solution for authenticate with a backend server ? I am logging in in my platform with a google account and I post the id_token (using ajax).
var msg = $.ajax({type: "POST", url: "controller/action", data: token, async: false}).responseText;
if (msg=="ok"){
window.location = "controller/action";
}
else {
window.location = "controller/action";
}
Now, I want to authenticate the token in order to save user information (name, image,email) in database.
I see this https://developers.google.com/identity/sign-in/web/backend-auth. Is there a way to use it?
Send get Request in any RestClient and replace xyz with your token:-
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=xyz
Once you get Response in restclient then simply assemble this get request in your convenient language. Get request in grails see this
hope it helps you