I've set up oauth server using org.springframework.security.oauth:spring-security-oauth2:2.0.5.RELEASE lib.
And I can't use password grant to authenticate client with resource owner credentials.
I use RFC 6749 - 4.3. Resource Owner Password Credentials Grant - scenario.
Sending similar request:
POST /token HTTP/1.1
Host: server.example.com
Authorization: Basic czZCaGRSa3F0MzpnWDFmQmF0M2JW
Content-Type: application/x-www-form-urlencoded
grant_type=password&username=johndoe&password=A3ddj3w
I get
HTTP/1.1 405 Method Not Allowed
This endpoint is not mapped.
Is it spring oauth2 issue?
Related
I have service which works like a proxy, you can get web pages through it. For example via telnet
GET http://example.com HTTP/1.1
Host: example.com
But if I want download https page I should do the following
GET https://example.com HTTP/1.1
Host: example.com
Https-Header: true
And I want to write scala client for this service using apache http client, using service like a proxy host.
private val DefaultProxy = new HttpHost("service host", port)
private val DefaultClient =
HttpClientBuilder.create().
setProxy(DefaultProxy).
build()
I can successfully download http pages, but when I try to download https pages, apache client makes CONNECT request to the proxy, and it response with error, cause service can operate only with GET requests.
How can I make apache client work with https pages like with http, that's mean send GET request to proxy, not CONNECT?
To download an https webpage in the same way than an http one with telnet you need to establish the ssl/tls connection first:
openssl s_client -connect www.somesite:443
[watch the ssl certificate details scroll by]
GET /index.html HTTP/1.1
Host: www.somesite
Example from https://www.bearfruit.org/2008/04/17/telnet-for-testing-ssl-https-websites/
For scala maybe that can help you : https://github.com/scalaj/scalaj-http
HTTPS is HTTP over SSL/TLS so you need something to establish the SSL/TLS secure tunnel to the website, then you can send your HTTP request.
I find out a solution.
I write custom HttpRoutePlanner which always provide not secure route, and then Apache client work with https link like with http link, there is a HttpRoutePlanner code
private def routePlanner(proxy: HttpHost) = new HttpRoutePlanner() {
def determineRoute(target: HttpHost ,
request: HttpRequest,
context: HttpContext) = {
new HttpRoute(target, null, proxy, false)
}
}
I have a web service provided by jetty.
How can i filter URL with illegal characters?
I can not control some return information when the request URL has illegal characters.
actually, i want to return some specific info when the URL is invalid.
for example: i added a filter in my application to validate the URL, if illegal then i will return defined info.
but, I can not filter some URL like "%adsasd", it seem be handled by jetty.
curl -v -X PUT -u user:password 'http://myip.com:8080/%adsasd'
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8080 (#0)
* Server auth using Basic with user 'user'
> PUT /%adsasd HTTP/1.1
> Authorization: Basic YWRtaW46MTIzNDU2
> User-Agent: curl/7.35.0
> Accept: */*
> Host:127.0.0.1:8080
> < HTTP/1.1 400 Bad Request
< Content-Length: 0
* Server Jetty(9.0.6.v20130930) is not blacklisted
< Server: Jetty(9.0.6.v20130930) <
* Connection #0 to host 127.0.0.1 left intact
The error response from Jetty
HTTP/1.1 400 Bad Request
indicates that Jetty did detect that as a bad URL and rejected it.
As for how to customize this, that is really tricky, mainly due to how early in the processing of this specific request it occurs in.
This kind of error (400 Bad Request) occurs during the parsing of the raw incoming http request, well before the server container has even attempted to figure out what context to talk to.
There is no way to have a custom error handler in a specific webapp context handle this sort of fundamental http error. As the server has yet to figure out what context to even talk to.
There is also no way at the server side (even at a global level) to customize this error message.
If you want such a feature, please file a feature request.
I keep getting the following error in my Response data tab in jmeter:
org.apache.http.client.ClientProtocolException
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:909)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:481)
at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:298)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1105)
at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1094)
at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:429)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.http.ProtocolException: Transfer-encoding header already present
at org.apache.http.protocol.RequestContent.process(RequestContent.java:93)
at org.apache.http.protocol.ImmutableHttpProcessor.process(ImmutableHttpProcessor.java:109)
at org.apache.http.protocol.HttpRequestExecutor.preProcess(HttpRequestExecutor.java:176)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:518)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
... 9 more
My test script was created via the JMeter Proxy. The test is sending multipart data (a jpg image) to a REST API resource via a POST. The HTTP Header Manager auto created by the Recording Controller in JMeter has the following:
Transfer-Encoding : chunked
Accept : application/json
Accept-Encoding : gzip, deflate
Any idea why the Response is getting an error?
Request:
POST http://localhost:8080/email/v2/client/user/name/loadtest1#test.net/
POST data:
--oYtJU-XXTgMSkyaIrRBYNXw8AfMA2nMQSzJ20bJr--
Cookie Data:
JSESSIONID=b3bb843e-dafd-4cc5-8b0b-045c490736f8
Request Headers:
Connection: keep-alive
Transfer-Encoding: chunked
Accept: application/json
Accept-Encoding: gzip, deflate
Try removing from HTTP Header Manager the Transfer-Encoding header.
Can you show you Http Request in your Question ? and the Header Manager in it ?
What is the status of the following parameters of the http request which is failing:
Use multipart/form-data for HTTP POST
Browser-compatible headers
You don't have any HTTP Header Manager instances elsewhere in you test plan, do you? As if yes it may interfere as HTTP Header Manager's scope isn't limited to one sampler only when it is not added as a child.
Your post request details doesn't look like file upload request. Take a look into Upload and Download Scenarios with Apache JMeter guide to see whether you missed anything important.
Never run load generator and application under test on the same machine. Even when developing or debugging your test.
I am getting this Error is java.io.IOException: Server returned HTTP response code: 500 for URL: exception while invoking the web service url that i have.
I am calling a .NET based web service through a framework built in java and getting:
Headers returned from the server:
Content-Length:736
Content-Type:text/xml; charset=utf-8
Server:Microsoft-IIS/7.0
X-Powered-By:ASP.NET
Date:Thu, 12 May 2011 08:51:45 GMT
java.io.IOException: Server returned HTTP response code: 500 for URL: "http://hcd
cd-bt01.hcch.com/HCCExceptionLogService/service.svc?wsdl"
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:1170)
at com.splwg.mpl.senders.http.HTTPSender.sendResponse(HTTPSender.java:34
5)
at com.splwg.mpl.sending.NewSenderManager.sendResponse(NewSenderManager.
java:191)
at com.splwg.mpl.sending.SameThreadSendingManager.callSender(SameThreadS
endingManager.java:63)
at com.splwg.mpl.stagingtable.download.OutboundMessageSender.handleRouti
ngs(OutboundMessageSender.java:361)
at com.splwg.mpl.stagingtable.download.OutboundMessageSender.sendRespons
e(OutboundMessageSender.java:95)
at com.splwg.mpl.sending.NewSenderManager.sendResponse(NewSenderManager.
java:191)
at com.splwg.mpl.sending.SameThreadSendingManager.processDestination(Sam
eThreadSendingManager.java:293)
at com.splwg.mpl.sending.SameThreadSendingManager.sendResponse(SameThrea
dSendingManager.java:252)
at com.splwg.mpl.sending.SameThreadSendingManager.doSend(SameThreadSendi
ngManager.java:208)
at com.splwg.mpl.server.async.ExecSendRequestProcessor.ProcessRequest(Ex
ecSendRequestProcessor.java:61)
at com.splwg.mpl.server.async.RequestProcessingThreadAdapter.run(Request
ProcessingThreadAdapter.java:46)
at com.splwg.mpl.server.PooledThread.run(PooledThread.java:91)
at java.lang.Thread.run(Thread.java:595)
The wsdl url which i am invoking is http://hcdcdbt01.hcch.com/HCCExceptionLogService/service.svc?wsdl
I have used SOAP UI 3.6.1 tool for testing this wsdl which is giving me the right result.
Headers that i have used are:
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://tempuri.org/IExceptionLogService/LogException"
POST
Host:hcdcd-bt01.hcch.com
http://hcdcd-bt01.hcch.com/HCCExceptionLogService/service.svc
SOAP UI HEADERS:
POST http://hcdcd-bt01.hcch.com/HCCExceptionLogService/service.svc HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: text/xml;charset=UTF-8
SOAPAction: "http://tempuri.org/IExceptionLogService/LogException"
User-Agent: Jakarta Commons-HttpClient/3.1
Host: hcdcd-bt01.hcch.com
Content-Length: 763
Can any body tell me what went wrong ?
It is a server error response, presumably on an internal service as the given address doesn't reside on the internet AFAIK.
You must get the server logs to establish what it does not like about your request.
Since the server sent the response code 500 - internal server error - I think you'll have to debug it on the server side, not the client side.
You should check the output of the server log.
I have Axis2 created web service client. This service uses both SSL and WS-Security so I use rampart. I think that my client sends correct query, but I got exception:
org.apache.axis2.AxisFault: Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security
at org.apache.axis2.engine.AxisEngine.checkMustUnderstand(AxisEngine.java:97)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:364)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at pl.firstdata.www.wdx.business.card.CardServiceStub.getBalance(CardServiceStub.java:1570)
at pl.firstdata.www.wdx.business.card.wdx_client.main(wdx_client.java:164)
Is there any way to see "bare" query and response with HTTP headers?
While this service use SSL I think I cannot use HTTP monitor, and this should be done by axis2 after "applying" WS-Security but before SSL. I can enable such logging on my emulator (without SSL) and it seems like that:
POST /webservices/emu/get_info.hdb HTTP/1.1
Content-Type: text/xml; charset=UTF-8
SOAPAction: ""
User-Agent: Axis2
Host: 127.0.0.1:8765
Content-Length: 4585
<?xml version='1.0' encoding='UTF-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><xenc:EncryptedKey Id="EncKeyId-0D71FF61F3796881F812803190645315"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference><wsse:KeyIdentifier ...
...
Use the tcpmon tool for this.
Please note that in most Linux based installations, this will most probably be built for you. Once you've done with the building process, you can find the executable at ${AXIS2C_HOME}/bin/tools on Linux, or at %AXIS2C_HOME%\bin\tools on MS Windows.
I use stunel with tcpmon. Steps:
my axis2 app do normal HTTP query; this query is send to tcpmon
tcpmon logs it and sends query to stunel
stunel adds SSL and sends endcrypted query to destination server
stunel receives encrypted response, decrypts it and sends back to tcpmon
tcpmon logs decrypted response and sends it to my axis2 app