We Keep Coding

Proxy returns "HTTP/1.1 407 Proxy Authorization Required" in production but works in local

Getting error while calling a api in production but works in local.
Used same proxy as in local 10.235.88.30 and port 8080
calling through jersey client:-
com.sun.jersey.api.client.Client client = new Client(
new URLConnectionClientHandler(new HttpURLConnectionFactory() {
#Override
public HttpURLConnection getHttpURLConnection(final URL url) throws IOException {
Proxy proxy;
proxy = new Proxy(Proxy.Type.HTTP,
new InetSocketAddress("10.235.88.30", 8080));
return (HttpURLConnection) url.openConnection(proxy);
}
}), new DefaultClientConfig());
Should return response but getting proxy error.
com.sun.jersey.api.client.ClientHandlerException: java.io.IOException: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authorization Required"

Java Proxy Burp

I want to configure Burp as a proxy for my java code, to see requests and responses.
Burp works fine as a proxy between a web browser, but it doesn't for java application.
I've added to my code such lines:
WebClient client = new WebClient();
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8081");
client.getOptions().setCssEnabled(false);
client.getOptions().setJavaScriptEnabled(false);
client.getCookieManager().setCookiesEnabled(true);
URL url = new URL("https://www.google.com");
WebRequest request = new WebRequest(url, HttpMethod.GET);
Page page = client.getPage(request);
And configured Burp to listen on 8081 port.
Should I do anything else?

Where it is working for plain Java as
System.setProperty("http.proxyHost", "127.0.0.1");
System.setProperty("http.proxyPort", "8081");
URL url = new URL("http://example.com");
HttpURLConnection con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.getHeaderFields()
.forEach((key, value) -> System.out.printf("%s: %s%n", key, value));
con.disconnect();
you need to configure the proxy differently for htmlunit. One possible way would be to set it with webClientOptions.setProxyConfig(proxyConfig)
WebClient client = new WebClient();
ProxyConfig proxyConfig = new ProxyConfig("127.0.0.1", 8081);
WebClientOptions options = client.getOptions();
options.setProxyConfig(proxyConfig);
URL url = new URL("http://example.com");
WebRequest request = new WebRequest(url, HttpMethod.GET);
Page page = client.getPage(request);
page.getWebResponse().getResponseHeaders().forEach(System.out::println);
client.close();

Call rest API from java rest API

I have a java rest API hosted on JBoss which call another rest webservice:
#GET
#Path("/testDeployment")
#Produces(MediaType.TEXT_PLAIN)
public String testDeployment() {
URL url = new URL(restURL);
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("GET");
conn.setRequestProperty("Authorization", "Bearer "+sessionId);
System.out.println("sessionId>>>> "+sessionId);
System.out.println("restURL>>>> "+restURL);
BufferedReader br = new BufferedReader(new InputStreamReader(
(conn.getInputStream())));
System.out.println("Output from Server .... \n");
while ((output = br.readLine()) != null) {
System.out.println(output);
response += output;
}
conn.disconnect();
}
But I am getting error
Server returned HTTP response code: 401 for URL: https://cs5.salesforce.com/services/apexrest/event/search?type=init
13:16:08,738 ERROR [stderr] (default task-26) java.io.IOException: Server returned HTTP response code: 401 for URL: https://cs5.salesforce.com/services/apexrest/event/search?type=init
13:16:08,747 ERROR [stderr] (default task-26) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1840)

The following is the extract from the definition of Http Status Code Definitions, which might help you to solve the problem:
401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication"

what ever URL you are hitting is Authorized, so have to use authorization in header then you will get output as
1. if you are using jersey then use syntax as below:-
try{
Client client = Client.create();
WebResource webResource = client.resource("http://localhost:8085/getStepsCount");
webResource.setProperty("Content-Type", "application/json;charset=UTF-8");
String authorization = "PASTE_KEY_HERE";
webResource.setProperty("Authorization", authorization);
MultivaluedMap<String, String> queryParams = new MultivaluedMapImpl();
queryParams.add("json", js);
String jsonString = webResource.get(String.class);}catch (Exception e){System.out.println (e.getMessage());}
and if you are using Spring Rest Controller then use this one.......
#RequestMapping(value = "/getStepsUsingPostRequest", method = RequestMethod.POST)
public ResponseEntity<Object> getDiscountUsingPost(
#RequestBody MemberStepsDto memberStepsDto) {
try{
final String uri = "http://localhost:8085/getStepsCount";
RestTemplate restTemplate = new RestTemplate();
System.out.println("starting.......");
String json = "{\"memberId\": \""+memberStepsDto.getMemberId()+"\",\"startDate\": \""+memberStepsDto.getStartDate()+"\",\"endDate\": \""+memberStepsDto.getEndDate()+"\"}";
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<String>(json,headers);
String answer = restTemplate.postForObject(uri, entity, String.class);
System.out.println("String : " + answer);
}
catch(Exception ex){
ex.printStackTrace();
}
return new ResponseEntity<Object>(new String("Fetched Successfully"),HttpStatus.OK);
}

I did add the Authorization Header :
conn.setRequestProperty("Authorization", "Bearer "+sessionId);
But it looks like the header needed to be formatted, I updated the line to:
conn.setRequestProperty("Authorization", String.format("Bearer %s", sessionId));
And it worked, I guess over the web it needs to be formatted and for a java application the above code works well

can we use jersey client for Apache CXF webservice?

We have a REST service using apache CXF. Can we use Jersey client to call this service.
Is there any mistake?

The idea of a web service is to allow communication between hetrogenous systems. So no matter what framework is used to create the web service, you should be able to call it using any client, provided both client and server conforms to the JAX-RS specifications. So in your case you should be able to call a REST services developed using Apache CFX using the jersey client. As both the frameworks follows the JAX-RS spec.

Like said above, you can use even simple Http client to consume the REST service. With HTTP, you can easily perform GET, PUT, POST, DELETE
Example of simple http client for your reference
URL url = null;
try {
url = new URL(urlStr);
} catch (MalformedURLException e) {
throw new Exception("Malformed URL", e);
}
HttpURLConnection con = null;
try {
if (user != null && pass != null)
Authenticator.setDefault(new Authenticator() {
#Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(user, pass
.toCharArray());
}
});
// end of authentication test
SSLUtilities.trustAllHostnames();
SSLUtilities.trustAllHttpsCertificates();
con = (HttpURLConnection) url.openConnection();
con.setRequestMethod("GET");
con.setAllowUserInteraction(true);
con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
con.setRequestProperty("Content-Type", ConTypeGet);
s_logger.debug("Execute GET request Content-Type: "
+ con.getRequestProperty("Content-Type"));
s_logger.debug("URL:" + url);
con.connect();

Using HTTP Basic-Auth with Google App Engine URLFetch service

How can I specify the username and password for making Basic-Auth requests with App Engine's URLFetch service (in Java)?
It seems I can set HTTP headers:
URL url = new URL("http://www.example.com/comment");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestProperty("X-MyApp-Version", "2.7.3");
What are the appropriate headers for Basic-Auth?

This is a basic auth header over http:
Authorization: Basic base64 encoded(username:password)
eg:
GET /private/index.html HTTP/1.0
Host: myhost.com
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
You will need to do this:
URL url = new URL("http://www.example.com/comment");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestProperty("Authorization",
"Basic "+codec.encodeBase64String(("username:password").getBytes());
And to do that you will want to get a base64 codec api, like the Apache Commons Codec

For those interested in doing this in Python (as I was), the code looks like this:
result = urlfetch.fetch("http://www.example.com/comment",
headers={"Authorization":
"Basic %s" % base64.b64encode("username:pass")})

You set up an Authenticator before you call openConnection() like this,
Authenticator.setDefault(new Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password.toCharArray());
}
});
Since there is only one global default authenticator, this doesn't really work well when you have multiple users doing the URLFetch in multiple threads. I would use Apache HttpClient if that's the case.
EDIT: I was wrong. App Engine doesn't allow Authenticator. Even if it's allowed, we would have the multi-thread issue with a global authenticator instance. Even though you can't create threads, your requests may still get served in different threads. So we just add the header manually using this function,
import com.google.appengine.repackaged.com.google.common.util.Base64;
/**
* Preemptively set the Authorization header to use Basic Auth.
* #param connection The HTTP connection
* #param username Username
* #param password Password
*/
public static void setBasicAuth(HttpURLConnection connection,
String username, String password) {
StringBuilder buf = new StringBuilder(username);
buf.append(':');
buf.append(password);
byte[] bytes = null;
try {
bytes = buf.toString().getBytes("ISO-8859-1");
} catch (java.io.UnsupportedEncodingException uee) {
assert false;
}
String header = "Basic " + Base64.encode(bytes);
connection.setRequestProperty("Authorization", header);
}

Using HttpURLConnection gave me some problems (for some reason the server I was trying to connect to didn't accept auth credentials), and finally I realized that it's actually much easier to do using GAE's low-level URLFetch API (com.google.appengine.api.urlfetch) like so:
URL fetchurl = new URL(url);
String nameAndPassword = credentials.get("name")+":"+credentials.get("password");
String authorizationString = "Basic " + Base64.encode(nameAndPassword.getBytes());
HTTPRequest request = new HTTPRequest(fetchurl);
request.addHeader(new HTTPHeader("Authorization", authorizationString));
HTTPResponse response = URLFetchServiceFactory.getURLFetchService().fetch(request);
System.out.println(new String(response.getContent()));
This worked.

There is a wrapper on Apache HttpClient for App Engine
please go through the post http://esxx.blogspot.com/2009/06/using-apaches-httpclient-on-google-app.html
http://peterkenji.blogspot.com/2009/08/using-apache-httpclient-4-with-google.html

Note on the first answer: setRequestProperty should get the property name without the colon ("Authorization" rather than "Authorization:").