I am writing a simple Java client that goes to a workspace server to retrieve some data. Workspace server does not allow public connections and the authentication mechanism is "SAS Token Authentication".
When I attempt to connect to the server, I get an error for invalid credentials. The same set of credentials work just fine when I attempt to connect to SAS Metadata server in Java code. I have full access to the workspace in questions in SAS EG.
SAS institute (I filed a support track) says that my connection needs to be SAS Metaserver aware, in other words I should have an active connection with SAS Metadata server and then connect with the same credentials to a workspace server of choice. The workspace server in turn will validate credentials against a list of active connections on Metadataserver.
I can do the first part no problem, I get a connection with metadata server going, but when I attempt to connect to a workspace server while maintaining connection with metadata, my connection is denied saying username/password are incorrect.
I have used this sample code where I deleted methods for creating data tables/columns on metadata and instead put another method that starts a workspace factory with the same credentials after initiating a successful connection with metadata server, but before closing it. http://support.sas.com/documentation/cdl/en/omaref/63063/HTML/default/viewer.htm#p0zlnmq1vv8xgbn1hshp4rmw2btd.htm
I had posted this on LinkedIn where some suggestions were around token authentication, that I don't need to send a second set of credentials and I should obtain a token from metadata, use that to connect. The only reference to a token object that I found is on here: http://support.sas.com/rnd/javadoc/93/Foundation/com/sas/services/user/UserContextInterface.html#SHAREDRESOURCEKEY_ENVIRONMENT
Any general suggestions? Have I got something conceptually wrong here? Does anyone have a working sample of connecting to workplace server which uses SAS Token Authentication?
Regards,
Vasilij
Related
We have a splunk instance which is exposed to internet via say https://splunk.mycompany.com
When we access the above URL browser says connection is secure meaning all certificates are ok.
Now splunk REST API service is running on port 8089. So to access splunk REST API we have to hit
https://splunk.mycompany.com:8089
Whenever we are hitting the above URL we are getting certificate issues and browser is saying "your connection is not private"
Error is: NET::ERR_CERT_AUTHORITY_INVALID
As I am still accessing the same hostname via https (and a new port) it should establish a secure connection. But why it's failing to validate certificate authority?
Edit: I have been told by the splunk team to take ther certificate of https://splunk.mycompany.com and install in the java keystore in the machine from where the REST API call is being made. They also told this is working for otheres. My question why it is even needed?
You should enable SSL on port 8089 via server.conf file.
Have a look at the Splunk Documentation here: https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigTLSCertsS2S
I am writing an HTTPS proxy in play framework, yet every time I try to run it on a website that has ssl encryption I am getting this error in my server:
akka.actor.ActorSystemImpl(play-dev-mode) Illegal request, responding with status '400 Bad Request': CONNECT requests are not suppo
rted: Rejecting CONNECT request to '//any.website:443'
The proxy works well on HTTP, yet HTTPS is the problem. I tried changing my application.conf to have a port destined to work on HTTPS, but when I try to run it with the keystore i setup using the keytool command I am getting the following error in my browser:
Secure Connection Failed
The connection to the server was reset while the page was loading.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Any workaround to allow HTTPS on a play framework proxy server?
I'm hosting mysql server on a Digital Ocean droplet, and I am trying to figure out how to grant a Spring Boot web application access to the droplet, so that it can connect to the database. I configured the droplet so that it can only be reached via an ssh tunnel (i.e.: I disabled password authentication), but the database server itself can be connected with a username and password.
I know how to connect to the database using Connector/J, configuring datasources, and so forth. However, the extra security layer of Digital Ocean is new to me, and I'm not sure how to approach this problem.
EDIT: When I run the application and try to hit an endpoint, I get the following error:
The error occurred while executing a query
### Cause: org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is java.sql.SQLException: null, message from server: "Host '<my network hostname>' is not allowed to connect to this MySQL server"] with root cause
So, I was mistaken in thinking that the authentication issue was with the Digital Ocean droplet. As the error message (see question above) indicates, the Spring Boot application was able to get to the remote mysql server, and the authentication issue occurred there. It turns out that the mysql user I was attempting to connect with could only be used on localhost.
So, I created a new mysql user and tied it to my local machine's public IP address, and that solved the issue. For details on how to accomplish this, please read the following answer:
Host 'xxx.xx.xxx.xxx' is not allowed to connect to this MySQL server
I have created a java web servlet using app engine, the servlet makes requests to a database. I have tested the servlet locally using a local database and it worked perfectly, i then proceeded to test the servlet locally but istead accessed the Cloud SQL database, this also worked perfectly.
My problem arises after i deploy the servlet. Once deployed all database requests return the following:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure
The last packet sent successfully to the server was 0 milliseconds ago. The driver has not
received any packets from the server.
I checked within the cloud console, and my app was properly added to the cloud SQL Authorized App Engine Applications under the Access Control tab.
Has anyone had similar problems with deployed app engine servlets? Any solutions or advice out there? I would appreciate any and all help!!!
UPDATE:
The above error was generated using the following code to access the db
Class.forName("com.mysql.jdbc.Driver");
Url = "jdbc:mysql://<ip-address-cloudsql>:3306/<dbname>";
Connection con = DriverManager.getConnection (Url,"root",<password>);
the same error was acheived using this code, note that it is very similar to the code shown in the example here https://developers.google.com/appengine/docs/java/cloud-sql/
Class.forName("com.mysql.jdbc.GoogleDriver");
Url = "jdbc:google:mysql://<appID:instanceID>/<dbname>?
user=root&password=<password>";
Connection con = DriverManager.getConnection (Url);
I followed the formatting tips show in this stackoverflow post when it came to setting the url using appid and instance id:
com.mysql.jdbc.exceptions.jdbc4.CommunicationsException:
Using this code resulted in the following different error:
java.sql.SQLException: Access denied for user 'root'#'localhost' (using password: YES)
I'm assuming it says localhost because my cloudsql database is set to follow the app engine servlet. Also, know that both of these methods worked fine when running the servlet locally and accessing the cloud sql database.
any thoughts? i don't know what else to try:[
When connecting to Cloud SQL from an authorized App Engine application, the password is not required (actually it will fail if you try to connect with password).
Change your connection string to jdbc:google:mysql://<appID:instanceID>/<dbname>?
user=root omitting the &password=<password> part
If you have Authorized App Engine Applications you app engine on the access control settings you do not need a password since it is local so just make you password= ""; However if you are using something remote for example phpmyadmin that is run from another host, your command line or a GCE VM that runs through a TCP , SSH or HTML you will need to have a password ="something"; where something is set by you in your access control.
To everyone from Google who are looking as to why you might be getting "com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure" on a connection.
Make sure your IP is allowed if you are calling from a test server.
I was testing at a friends house, and this unhelpful error kept showing up.
When connecting to Google Cloud Sql you should be careful:
-To close your opened connections
-To use Exponential backoff algorithm when trying to create new connection.
For more information see: https://cloud.google.com/sql/faq
If you're using application.properties in Spring Boot app, then just put the below line into application.properties:
spring.datasource.url: jdbc:mysql://google/<dbname>?cloudSqlInstance=<InstanceName>&socketFactory=com.google.cloud.sql.mysql.SocketFactory&user=****&password=****
I'm writing a job that will connect to a client's FTP/S server over my SOCKS5 proxy and I'm utilizing the Apache Commons Net package. The issue is that my SOCKS proxy is configured to not require authentication but I am still getting the following exception:
java.net.SocketException: SOCKS : authentication failed
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:443)
at java.net.Socket.connect(Socket.java:519)
I've tried setting the java.net.socks.username and password properties to empty strings but I still get it. Is there a way I can tell the code to not use authentication? Digging into the underlying source i almost think it's querying the proxy server for the authentication requirement, but I'm not sure.
Alright so the issue was that my SOCKS proxy was set up to ask for authentication but to also accept connections that did not authenticate. We use Dante and while programs like Filezilla are smart enough to iterate through all of the acceptable authentication methods, it seems like the java.net package only goes off the first method supplied. Since my authentication configuration in my sockd.conf file was as follows:
method: username none
user.notprivileged: nobody
java.net was demanding a username and password. I simply flipped the methods to "none username" and both Filezilla and java.net correctly pass through the proxy. It's a bit of an IT solution but whatever gets the code to work, right?