where i will populate a table which has links and each link is pointing to different case id, when click on that link, i need to validate that 3rd party url in my java method and need to allow the browser to open secured page.
any pointers on how to achieve this is very helpful.
Thanks.
Yes, this can be achieved with a simple serlvet.
Suppose to say that you have list of href links in a table
1. Upon clicking on each href link direct it to your servlet.
Ex: < a href="/yourServlet.do?thirdPartyURL=actual3rdPartyURL">actual3rdPartyURL < / a>
Validate this third party URL in your servlet code. If everything is okay
Then redirect it with the SendRedirect method.
Note: it is not a good practice to show the URL in the browser address bar.
as you mentioned that, you are the one who populating this URLs, Use a hashmap to store these URL's and map it with Case ID and redirect it. hope you got the complete info.
Please check the below example and let me know if you need more info
/**
*
*/
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{
PrintWriter out = response.getWriter();
/**
* Assume that this is the map you are getting from third party
* This map holds two value pairs
* Map<CaseID, URL>
*/
Map<String, String> lstURLS = new HashMap<String,String>();
lstURLS.put("CASEID1", "https://www.abc.com/abc1");
lstURLS.put("CASEID2", "https://www.def.com/def");
lstURLS.put("CASEID3", "https://www.egh.com/egh");
/**
* Assume that the request parameter caseID,
* will provide you the case id which was selected by the user
* from the provided table of URLS
*/
String userProvidedCaseID = request.getParameter("caseID");
System.out.println("MySerlvet | caseID | "+ userProvidedCaseID);
/**
* Retrieve the URL from the list of third party URL's
*/
if(null != userProvidedCaseID){
String thirdPartyURL = lstURLS.get("userProvidedCaseID");
if(null != thirdPartyURL){
response.sendRedirect(thirdPartyURL);
}else{
out.print("No Case ID found / Error message");
}
}else{
out.print("No Case ID found / Error message");
}
}
Related
Currently trying to create a slack slash command that triggers an AWS Lambda function. That part is simple enough and is integrated. The lambda function is then supposed to access a specific WAF, grab the IP Set List, and insert an IP address into this list. Essentially, adding a remote IP address to a whitelist, so that remote developers can work on the web development of a website from outside of the firewall.
The problem that I have been having is that I cannot seem to get the AWS - SDK to function properly (obviously my fault haha). I have tried using the SDK to implement my solution in both Java and NodeJS, but have run into two different problems.
JAVA IMPLEMENTATION
The main problem with this code is that after executing the code, nothing is added to my ACL whitelist inside of my WAF.
The code runs in Eclipse. All dependencies should be set up in the environment. Code is being run from the Eclipse environment itself, instead of being triggered from the aws lambda console. Run as so:
eclipse console screen shot. The code executes and interacts with the aws sdk. At first, I thought that my code lambda code was incaple of interacting with my AWS account unless the lambda code was deployed and triggered. However, I created some code with the java aws-sdk (in the same function) that creates an S3 bucket.
public class LambdaFunctionHandler implements RequestHandler<S3Event, Object> {
#Override
public String handleRequest(S3Event input, Context context) {
String return_object = "Hello, " + input + "!";
System.out.println("hello again");
try {
createWAF();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// TODO: implement your handler
return return_object;
}
public void createWAF() throws IOException {
AWSCredentials credentials = null; // real credentials are passed in non-example code
/*
* AWSWAF is an interface. To construct an waf object with access to waf service methods you must
* invoke the constructor of AWSWAF--Client
* pass the credentails as an argument in order to have access to specified AWS account
*/
AWSWAF waf = new AWSWAFClient(credentials);
/*
* When you want to create, update, or delete AWS WAF objects, get a change token and include the change
* token in the create, update, or delete request.
* Change tokens ensure that your application doesn't submit conflicting requests to AWS WAF.
*
*/
GetChangeTokenResult changeToken = null;
try {
System.out.println("change token is converted to PENDING status");
changeToken = waf.getChangeToken(new GetChangeTokenRequest());
System.out.println(changeToken.toString());
} catch (WAFInternalErrorException exception){
System.out.println("error when initializing ChangeToken param");
System.out.println(exception.getErrorMessage());
}
GetIPSetRequest request = new GetIPSetRequest();
request.setIPSetId(IPSetId);
System.out.println("before updating ip set");
System.out.println(waf.getIPSet(request));
try{
/*
* AWS updateIPSetResult() method states that to create and configure an IPSet, perform the following steps:
* 1. Submit a CreateIPSet request.
* 2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateIPSet
* request.
* 3. Submit an UpdateIPSet request to specify the IP addresses that you want AWS WAF to watch for.
*/
/*
* if IP list is already created inside of an ACL - WAF, do you really need to create a new IP set?
* CreateIPSetRequest createipsetrequest = new CreateIPSetRequest();
* createipsetrequest.setName("NewIPSet");
* createipsetrequest.setChangeToken(changeToken.toString());
* CreateIPSetResult createipset = waf.createIPSet(createipsetrequest);
*/
/*
* Must pass a list of parameters to our updateIPSet() call, which includes:
* 1. a changeToken with empty parameters
* 2. the id of the ip set that we want to update
* 3. a collection of IPSetUpdates, which includes
* A) set action -- INSERT IN THIS CASE
* B) set type -- IPV4
* C) value -- ip address we want to update (arbitrary in this case)
*/
UpdateIPSetRequest updateParams = new UpdateIPSetRequest();
updateParams.setChangeToken(changeToken.toString());
updateParams.setIPSetId(IPSetId); // param exists - redacted in here
Collection<IPSetUpdate> ipToAdd = new ArrayList<IPSetUpdate>();
IPSetUpdate howToUpdateIPList = new IPSetUpdate();
howToUpdateIPList.setAction(ChangeAction.INSERT);
IPSetDescriptor ipsetdescriptor = new IPSetDescriptor();
ipsetdescriptor.setType(IPSetDescriptorType.IPV4);
ipsetdescriptor.setValue("192.0.2.44/32");
howToUpdateIPList.setIPSetDescriptor(ipsetdescriptor);
ipToAdd.add(howToUpdateIPList);
updateParams.setUpdates(ipToAdd);
System.out.println("Result: ");
UpdateIPSetResult result = waf.updateIPSet(updateParams);
System.out.println(result);
} catch (WAFStaleDataException | WAFInternalErrorException e) {
//exception handling done here
}
System.out.println("after updating ip set");
request.setIPSetId(IPSetId);
System.out.println(waf.getIPSet(request));
}
I will add the NodeJS questions to a separate thread. Thank you for reading this far. I appreciate your time, and any help you can offer.
I'm making a little script in java to check iPhone IMEI numbers.
There is this site from Apple :
https://appleonlinefra.mpxltd.co.uk/search.aspx
You have to enter an IMEI number. If this number is OK, it drives you to this page :
https://appleonlinefra.mpxltd.co.uk/Inspection.aspx
Else, you stay on /search.aspx page
I want to open the search page, enter an IMEI, submit, and check if the URL has changed. In my code there is a working IMEI number.
Here is my java code :
HtmlPage page = webClient.getPage("https://appleonlinefra.mpxltd.co.uk/search.aspx");
HtmlTextInput imei_input = (HtmlTextInput)page.getElementById("ctl00_ContentPlaceHolder1_txtIMEIVal");
imei_input.setValueAttribute("012534008614194");
//HtmlAnchor check_imei = page.getAnchorByText("Rechercher");
//Tried with both ways of getting the anchor, none works
HtmlAnchor anchor1 = (HtmlAnchor)page.getElementById("ctl00_ContentPlaceHolder1_imeiValidate");
page = anchor1.click();
System.out.println(page.getUrl());
I can't find out where it comes from, since i often use HTMLUnit for this and i never had this issue. Maybe because of the little loading time after submiting ?
Thank you in advance
You can do this by using a connection wrapper that HTMLUnit provides
Here is an example
new WebConnectionWrapper(webClient) {
public WebResponse getResponse(WebRequest request) throws IOException {
WebResponse response = super.getResponse(request);
if (request.getUrl().toExternalForm().contains("Inspection.aspx")) {
String content = response.getContentAsString("UTF-8");
WebResponseData data = new WebResponseData(content.getBytes("UTF-8"), response.getStatusCode(),
response.getStatusMessage(), response.getResponseHeaders());
response = new WebResponse(data, request, response.getLoadTime());
}
return response;
}
};
With the connection wrapper above, you can check for any request and response that is passing through HTMLUnit
I have tried to get the posts from Tumblr using the tag.
http://api.tumblr.com/v2/tagged?tag=hadoop&api_key=*****
I can write HTTP client and can get the json and parse accordingly. But i want to know information like any supported tumblr java api to access this.
I tried with com.tumblr.jumblr.JumblrClient but i didnot found any method which supports this requirement. Can any one suggest me in this.
If I look at the JumblrClient.java in github I can see a method:
/**
* Tagged posts
* #param tag the tag to search
* #param options the options for the call (or null)
* #return a list of posts
*/
public List<Post> tagged(String tag, Map<String, ?> options) {
if (options == null) {
options = Collections.emptyMap();
}
Map<String, Object> soptions = JumblrClient.safeOptionMap(options);
soptions.put("api_key", apiKey);
soptions.put("tag", tag);
return requestBuilder.get("/tagged", soptions).getTaggedPosts();
}
https://github.com/tumblr/jumblr/blob/master/src/main/java/com/tumblr/jumblr/JumblrClient.java
https://github.com/tumblr/jumblr#tagged
Based on documentation it should be exactly what you need. It actually builds the same request you have mentioned in your question.
EDIT:
Based on the Tumblr API documentation it is not possible to ask for more than 20 posts.
limit - The number of results to return: 1–20, inclusive
https://www.tumblr.com/docs/en/api/v2#tagged-method
I Found It..
public List<Post> fetchPostsByTag(JumblrClient client, String tagName, long timestamp) {
if (client == null || tagName == null || tagName.isEmpty()) {
return null;
}
Map<String, String> options = new HashMap<String, String>();
if (timestamp != 0) {
options.put("before", timestamp + "");
}
List<Post> posts = client.tagged(tagName, options);
return posts;
}
This code is worked for me .. now i am getting more than 20 posts using tag.
Thanks Reins for support.
I'm using ROME to generate a feed from data in my database.
In all the samples I found, the Servlet extracts all the data from the database, and sends it as a feed.
Now, if the database contains thousands of entries, how many entries should I send?
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
try {
SyndFeed feed = getFeed(request);
String feedType = request.getParameter("type");
feedType = feedType != null ? feedType : defaultType;
feed.setFeedType(feedType);
response.setContentType("application/xml; charset=UTF-8");
SyndFeedOutput output = new SyndFeedOutput();
output.output(feed, response.getWriter());
} catch (FeedException ex) {
String msg = "Could not generate feed";
log(msg, ex);
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, msg);
}
}
protected SyndFeed getFeed(HttpServletRequest request) {
// **** Here I query the database for posts, but I don't know how many
// I should fetch or where should I stop? ***
List<Post> posts = getPosts();
SyndFeed feed = new SyndFeedImpl();
feed.setTitle("My feed");
feed.setLink("http://myurl");
feed.setDescription("my desc");
// create the feeds.Each tutorial will be a feed entry
List<SyndEntry> entries = new ArrayList<SyndEntry>();
for (Post post : posts) {
SyndEntry entry = new SyndEntryImpl();
SyndContent description;
String title = post.getTitle();
String link = post.getLink();
entry.setTitle(title);
entry.setLink(link);
// Create the description of the feed entry
description = new SyndContentImpl();
description.setType("text/plain");
description.setValue(post.getDesc());
entry.setDescription(description);
entries.add(entry);
}
feed.setEntries(entries);
return feed;
}
There really isn't a single way to do this that all rss clients will support, but i would recommend checking out rfc 5005 appendix B, you'll at least have a referenxe to give to clients. https://www.rfc-editor.org/rfc/rfc5005#appendix-B
so long as your default query always shows the latest (page length you define) items, sorted descending, all clients will appear correct. Clients that need to be able to page can implement this standard.
I suggest a paging system. the user makes a request for page 0 to take 30 items. then the user makes a request for page 1 to take the next 30 items. first request: items 0->29, second request: items 30->59. to model this have a integer variable called skip keep track of what position to start at, for instance:
int skip = page * numItems; // first request: 0 * 30 (starts at 0), sec request: 1 * 30 (starts at 30)
So you will skip so many items and take only the value of numItems. Then the client requests for however many feed items the client wants at once.
This question already has answers here:
How do I keep a user logged into my site for months?
(2 answers)
Closed 5 years ago.
I have a login screen and i am authenticating users by checking credentials from database. But how can i implement Remember me check box? Like in gmail remember me(stay signed in) is present. I am using sign.jsp and Auth servlet (doPost) and oracle 10g ee for authentication.
You can use cookies for this purpose.
In your servlet response handler (doPost, doGet etc.) create a cookie in the following way -
if(remember_me_is_checked)
{
Cookie c = new Cookie("userid", userId.toString());
c.setMaxAge(24*60*60);
response.addCookie(c); // response is an instance of type HttpServletReponse
}
To read them, you can use something like this -
Cookie[] cookies = request.getCookies(); // request is an instance of type
//HttpServletRequest
boolean foundCookie = false;
for(int i = 0; i < cookies.length; i++)
{
Cookie c = cookies[i];
if (c.getName().equals("userid"))
{
string userId= c.getValue();
foundCookie = true;
}
}
Here is the official documentation for the Cookie class.
You can use cookies to help with your implementation. Something like this .
String userIdendificationKey="UserName";
Cookie cookie = new Cookie ("userIdendificationKey",userIdendificationKey);
// Set the age of the cokkie
cookie.setMaxAge(365 * 24 * 60 * 60);
//Then add the cookies to the response
response.addCookie(cookie);
and then check against the particular value later .
I don't know whether it is secure or not,but this is what i did.
In login.jsp head tag
<script type="text/javascript">
var isLoggedIn = "${isLoggedIn}";
if(isLoggedIn === true)
window.location.href="Home.jsp";
</script>
in body tag i added a check box for Remember Me as below
<input type="checkbox" id="RememberMe" name="rememberMe">
<label for="RememberMe">Remember Me</label>
In servlet doPost method i added the code below
if(userdetails are verified)
{
if(request.getParameter("rememberMe")!=null){
request.getSession().setAttribute("isLoggedIn", true);
}
RequestDispatcher rs = request.getRequestDispatcher("Home.jsp");
rs.forward(request, response);
}
else
{
RequestDispatcher rs = request.getRequestDispatcher("fail.jsp");
rs.include(request, response);
}
using this it will ask for the credentials at first time login,and it will store the login info in session parameters,if you try to access the site second time it will automatically goes to "Home.jsp" instead of "login.jsp"
please comment whether this method is good practice,any other modifications can be done.
Suggestions are welcome.
Take a look at Spring SecurityIt
It is a powerful and highly customizable authentication and access-control framework.
You can also check the code from Rose India, this will be more helpful to you.