I have application that need to call Rest service, to do authentication process. The service and my application are in a same server. I used Spring RestTemplate to call it. When it tested in localhost, it works perfectly. But when I deploy it to the cloud server (in this case, Jelastic) I get this error:
I/O error on GET request for "[my_rest_service_address]":Connection refused; nested exception is java.net.ConnectException: Connection refused
All the code is follow this doc : http://docs.spring.io/spring/docs/3.0.x/javadoc-api/org/springframework/web/client/RestTemplate.html. Only the url that changed to my rest url.
Is it happened because jelastic server blocked outbound request? But, both the service and my application are in the same server, why it still blocked?
Please explain to me, what is the problem? Thanks
The http 401 code means that the user that made the request is not authenticated. It can be the user of your webapp or the user used for the rest call.
It can for example that different credentials are used in prod and test, different security schemes in each environment, etc.
Related
I am trying to setup SSO using Azure AD. Our aplication is a spring boot application deployed on Amazon ECS.
For this I have refered https://dummybot.medium.com/saml-integration-with-spring-boot-spring-security-microsoft-azure-ad-b9610bdb78b9, which uses Spring Security SAML2 with Spring Boot.
In our case the application exposes the port 8080 from docker container and doesn't have its own SSL configuration. We are using Amazon ELB as load balancer in which the SSL is configured and through the load balancer we can access the application https://our-domain.com
When testing application locally I am able to login successfully when https://localhost:8443/saml/sso is added as a reply Url in Azure AD.
When I add only the https://our-domain.com/saml/sso as reply URL and try logging in while executing application locally, I get this error:
correct http protocol and port in AD request
which is expected as we dont have https://localhost:8080/.. as white listed reply URL in Azure AD now.
But what I noticed here in the error message is https://localhost:8080/... doesn't match the reply URL, which is correct, but there is no change in HTTP protocol or port 8080 which I am trying to access.
But, When I try to access the application deployed on AWS ECS using https://our-domain.com, I am successfully redirected to login page, but there I get this error.
incorrect http protocol and port in AD request
Where I can see HTTP protocol has been changed from https to http and the port is passed in the request as 8443.
I could see only in our AWS ELB which has configuration for SSL certificate and has a HTTPS listener 8443, and I am suspecting it is due to this the incorrect reply URL is passed by the Spring Security in the Azure AD Authentication request.
Amazon ELB configuration
I have tried to find solution for this and found an issue reported in Spring-Security-Saml project at https://github.com/spring-projects/spring-security-saml/issues/447, which talks about SAMLContextProviderLB as the context provider bean.
More details in Spring-Security SAML Extension documentation: https://docs.spring.io/spring-security-saml/docs/1.0.x/reference/htmlsingle/#configuration-load-balancing
Although it is mentioned in the documentation for latest version of Spring-Security SAML Extension, I cant find this class, but it is available in older 1.0.x version of extension. Hence I am not able to use it.
Can someone please provide any pointers to fix this issue..
Thanks
I deployed my API in AWS using Elastic Beanstalk and when I try to make one https request postman or browser i got Connection Refused. If i use http it works well. I've changed the security group, restarted the instances, checked the logs ( got no errors) and nothing.
custom security group
inbound rules
details
also VPC details
I have two REST Services (developed using Spring Boot), one for Authentication and one that returns Data. The Data service validates a token against the Authentication service when data i requested. The validation is done by the Data service sending a request to the Authentication service containing an ID like this https://name.com/auth/key?id=[ID]. I have tested the validation by having the Authentication service deployed as a WAR-file on a Tomcat server https://name.com/auth/ and having the Data service running local on my computer. This setup worked fine. Now I have deployed the Data service as WAR-file to the same Tomcat server https://name.com/data/. The issue now is that the Data service is not able to connect to the Authentication service giving the following error message
HTTP Status 500 - I/O error on GET request for "https://name.com/auth/key": Connection refused (Connection refused); nested exception is java.net.ConnectException: Connection refused (Connection refused)
Why is the connection refused when both WAR-files are running on the same Tomcat server?
The issue was by using the internal IP addresses rather then the external.
Hi I'm develping a web app in Java for a local bank and they have a SOAP Web Service that my app consumes. The app is deployed on GlassFish 3.1.2 and the web service was generated on .Net (I don't know the specifics, I'm new to the project) and everything is connected through a peer to peer VPN.
Now the issue I have is when I try to log in I get an EJBException:
javax.faces.el.EvaluationException: javax.ejb.EJBException
Caused by: com.sun.xml.ws.fault.ServerSOAPFaultException: Client received SOAP Fault from server: Server was unable to process request. ---> Changes to this object and its sub-objects have been disabled (Exception from HRESULT: 0x8011042A) Please see the server log to find more detail regarding exact cause of the failure.
Now I'm trying to determine what exactly is the problem with the web service, or even better what should the guys at the bank check to determine what's wrong.
If anyone knows or has some ideas on what we should check please let me know. Thanks
Seems to be server problem. Send them exactly time stamp of request and all the request details, and they will probably guide you to the problem
I am connecting to a WCF web service with a Java client I am constructing. Someone else has already successfully built WCF clients to connect to this service. The WSDL available via HTTP provides Message Level Security. The WSDL available via HTTPS uses both TLS and Message Level Security. I understand that using TLS on top of Message Level Security is basically dual-encrypting, but that is a key requirement.
Since I can connect to the HTTP service correctly, I believe I have all the trust store and key store issues resolved.
I am connecting to the service using Metro 2.1.1. I have built the client in both Eclipse and Netbeans. I fetch the WSDL from the HTTP site, and using wsimport (with the -extensions flag) I build and execute the clients successfully.
When I fetch the WSDL using the HTTPS site I can again build both clients successfully. But when I execute them - I get the following error:
Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: An error occurred when verifying security for the message.
at com.sun.xml.ws.fault.SOAP12Fault.getProtocolException(SOAP12Fault.java:225)
at com.sun.xml.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:122)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:119)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:89)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:140)
at $Proxy43.request(Unknown Source)
The only difference between the two WSDLs (the one fetched via HTTP and the other via HTTPS) is the reference in the WSDL to HTTPS:// vs. HTTP://.
I do not have easy access to the WCF service logs - normally there is a 3-6 hour delay between when I request a set of logs and when I can view them.
My question is has anyone encountered a similar circumstance - and is there something I am blatantly missing here? Is there something in a NetMon or Wireshark trace I can look for to see that the issue is? I have been struggling with this for days - any help would be most appreciated.
If you have access to the service configuration try disabling security context on the endpoint you're using:
<message establishSecurityContext="False" clientCredentialType="UserName"/>
You can read more about security context token (SCT):
Security Context Token
Message security knobs
Java client for WCF service with wsHttpBinding over SSL