I have created a WebService in NetBeans, and am using it in Android.
On the localhost it works fine, but when testing for deploying to server it gives an Exception:
"org.xmlpull.v1.xmlpullparserexception:expected START_TAG"
What am I doing wrong?
Well the exception seems to indicate that a start tag is missing - do you have the web service tags wrapped around your content?
Sometimes permissions can be different when testing locally rather than remotely. It can also be different depending on how you're testing it - for example, if you're testing in a web browser, missing tags can often be fixed automatically by the browser so that the page can be displayed - this isn't the case with some stricter XML parsing libraries.
If you could post some code, we might be able to help solve your actual problem rather than guessing what's wrong.
Related
I am trying to wrestle with SSO in weblogic version is 12.2.1.3. We have integrated it with OAM/OID, within a larger application comprising of Oracle Forms & Reports. In addition to Forms, we have various custom servlet-based applications that need to be called from Forms.
This is fine.
Because authentication happens within the Oracle world, through OAM login screen, up to now I didn't have to mess with the Access Management within my Java custom code, apart from getting the username from HTTP headers.
The bad thing is that sometimes we need our servlets to act as middle-man between Forms and Reports. E.g. I need to call various stuff with Reports (on server), transform them and send them back to the client. I know that this doesn't sound right design-wise. But still it's legacy code and we need to make this work - at least need to try..
Previously we used to get away with it passing cookies between requests. But in 11/12g OAM, I am gathering from here that the cookie needed for successful session validation (OAMAuthnCookie) is stripped from the request before reaching my servlet. This seems to happen indeed, basing on the header dumps i am doing, and tracing calls using F12 Developer Tools on the browser.
So.. I have gathered that I need to generate a new OAMAuthnCookie, or something that would create it and attach it to the new http call.. I just would like an expert or somebody who has dealt with this to verify that the following assumption is right - the only way to do this is using OAM SDK (a bit non-intuitive imho).
Another thing - many of the examples that I find about OAM SDK deal with login forms. I don't need to do user authentication, nor do I need to talk with OAM myself to verify if the resource is protected or not. I am dealing with an already authenticated request - need to just somehow get UserSession and user token from HttpServletRequest, in order to generate new OAMAuthnCookie so that my next request (using e.g. apache client) succeeds.. I used to assume that this wouldn't be hard to do, but am a bit stumped now.
Thank you for your attention.
Working with OAM SDK, as far as I cursively saw (at the time of writing this, we were using Weblogic 12c with Access Manager that behaves exactly as described in the documents that talk about OAM 11g - therefore I assume that's the version we are using too), involves
generating ObAccessClient.xml from OAM Console, to establish contact between the code you are working on (which will be called Access Client), and OAM
including JARs from the downloadable OAM SDK with your application
writing code in your application (e.g. in authentication filter, or servlet) to establish communication with OAM via its SDK to finally authenticate/authorize etc.
There is a good guide about how to write the code in Oracle documentation here.
I found also these articles very informative:
Oracle Access Management blog
Oracle A-team Best Practices blog
The code that I had in mind would ultimately generate a new authentication cookie that I would pass to the reports servlet for further authorization (since this cookie is stripped indeed from the request before reaching my application). The only way I found to generate such a cookie would involve changing a setting in OAM console to include another cookie (OAM_IDENTITY_ASSERTION) in the requests, according to another Oracle A-Team article.
In the process of the above investigation, I finally stumbled on this magic reply to a question in Oracle forums. According to it, there is a user setting in OAM console, that allows to switch off the default filtering of OAMAuthnCookie.
filterOAMAuthnCookie=false
In our case, this perfectly suited me. Indeed after the change, the cookie in question was finally reaching my application, with the result of me being able to pass it to subsequent requests to Oracle Reports, without using OAM SDK.
Hi I am new to SOAP web services and trying to create a client. I am following This tutorial but the problem which I am facing is Sometimes it generates the client stub in the form of .java files and sometimes it generates proper client with some .jsp pages like test.jsp, intput.jsp etc.
I have tried searching a lot on internet. Please let me know why it generates two different kind of clients though I am following the same process.
I have generated my client using wsimport but I just want to know, what is causing eclipse to generate two different clients at different times. may be some bug or some detail that I have missed.
The difference is most likely caused by selecting a different value in step 6 of the tutorial, when you select which kind of client should be generated: Move the Client slider to the Test Client position .
When you run the Eclipse WTP wizard, you get to choose which client you want to have. The JSPs that are generated are simply an input test form to test your web service.
I want to create little Java application which can interact with secured website.
We have Railway site (https://irctc.co.in)
I want to create a console application from which I can send the usename and password to site as web post method and the result can be converted into console format.
Instead of opening the site in web browser, i would like to make it simpler using console window by avoiding other web elements and ads etc..
is it possible to do in Java? Please guide me.
I see two ways to do that. The first one is to implement java app based on top of HTTP request-respond engine. In this way you do not have to make any changes in your web-site but processing HTTP responds could be complicated due to design features. The second one is to create simple front-end service on Rails for special cases and interact with in your console app. For message format you can use JSON for example. This way IMHO is more suitable. Both way suggests use of HTTP libs stack, Apache has it there http://projects.apache.org/projects/commons_httpclient.html
I'm working with JSF web applications. Since Java doesn't support a direct way to display a message box in web applications, I decided to try something new and thought that the methods which are used to display a message box in conventional desktop applications should be tried out. For the sake of simplicity, I have tried the following method in Java Servlet.
JOptionPane.showMessageDialog(null, "A message from Java Servlet.");
without expecting that it would work but it indeed worked and a message appeared on the web browser! I felt that I had found something new but also found that the Glassfish server in my NetBeans 6.9.1 had stopped working in two or three attempts. It turned off with no warning , no error and no exception at all!
The screen shot can be seen below.
Now, if the use of this method in Java web is illegal, it should not be allowed to use this method at all in Java web and some errors or exceptions should be raised when an attempt is made to do so. It should be a compile-time error and if it is so then, how did the message appear through Java Servlet on the web browser? and also, Why did the Glassfish server stop working?
I have no idea why Glassfish stopped, I guess that it's been caused by dangling Swing/AWT threads in the background. It has always been an extremely bad idea to manually spawn (unmanaged) threads in a lifelong running Java EE webapplication. Once the request finishes, you loses the control. You'd have to collect references to the threads in the session or application scope, preferably in a pool which get properly cleaned up on session or application destroy/shutdown.
But that message is actually not displayed by the webbowser, but by the webserver. This means that your intention will only work when both the webserver and webbrowser runs at physically the same machine. This does obviously not happen when you publish your website into a production environment on the world wide web which get visited by clients using physically different machines.
All the webbrowser retrieves and executes is just plain HTML/CSS/JavaScript. In JSF, you need JavaScript's alert(), confirm(), etc or just some absolutely positioned <div> in an overlay if you want a more fine grained control over the markup and look'n'feel and/or executing managed bean actions. The latter is available in flavor of a single JSF component by a lot of 3rd party component libraries, such as PrimeFaces with <p:dialog> and <p:confirmDialog> and RichFaces with <rich:popupPanel>.
If you really need to run Swing/AWT in a web application for some reason, then you should rather be creating an applet instead and ultimately embed it in your web page by HTML <applet> or <object> tag. This will be downloaded from the server to the client and executed in the client's environment.
I am working on a project where we'd like to pull content from one of our legacy applications, BUT, we'd like to avoid showing the "waiting for www.somehostname.com/someproduct/..." to the user.
We can easily add another domain that points to the same server, but we still have the problem of the someproduct context root in the url. Simply changing the context root is not an option since there are hundreds of hard coded bits in the legacy app that refer to the existing context root.
What I'd like to do is be able to send a request to a different context root (Say /foo/bar.do), and have it actually go to /someproduct/bar.do, (but without a redirect, so the browser still shows /foo/bar.do).
I've found a few URL rewriting options that do something similar, but so far they seem to all be restricted to catching/forwarding requests only to/from the same context root.
Is there any project out there that handles this type of thing? We are using weblogic 10.3 (on legacy app it is weblogic 8). Ideally we could host this as part of the new app, but if we had to, we could also add something to the old app.
Or, is there some completely different solution that would work better that we haven't though of?
Update: I should mention that we already originally suggested using apace with mod_rewrite or something similar, but management/hosting are giving the thumbs down to this solution. :/
Update 2 More information:
The places where the user is able to see the old url / context root have to do with pages/workflows that are loaded from the old app into an iframe in the new app.
So there is really nothing special about the communication between the two apps that client could see, it's plain old HTTPS handled by the browser.
I think you should be able to do this using a fairly simple custom servlet.
At a high level, you'd:
Map the servlet to a mapping like /foo/*
In the servlet's implementation, simply take the request's pathInfo, and use that to make a request to the legacy site (using HttpUrlConnection or the Apache Commons equivalent).
Pipe the response to the client (some processing may be necessary to handle the headers).
Why not front weblogic with Apache.
This is a very standard setup and will bring lots of other advantages also. URL rewriting in apache is extremely well supported and the documentation is excellent.
Don't be put off by the setup it's fairly simple and you can run apache on the same box if necessary.
Using Restlet would allow you to do this. The Redirector object can be used. See here and here for example.
If you instead serve out a JSP page you can use the tag to do the request server side.
Then the user will not even know that the resource was external.
http://java.sun.com/products/jsp/syntax/1.2/syntaxref1214.html
a bit more context for the API the client is working against would help here to give a solution that could work. Are you trying to provide a complete new API totally different from the legacy Java EE app? What artifact is serving the API (Servlet, EJB, REST service)?
If you have the API provided by a different enterprise application then I suppose you simply use a Pojo class to work as a gateway to the legacy app wich of cause can then be reachable via another context root than the new service app. This solution would assume you know all legacy API methods and can map them to the calls for the new API.
For a generic solution where you don't have to worry about what methods are called. I am curious if the proxy approach could really work. Would the user credentials also be served correctly to the legacy system by URL re-writing? Would you have to switch to a different user for the legacy calls instead of using the origin caller? Is that possible with URL re-writing. Not sure if that could work in a secure context.
Maybe you can provide a bit more information here.