I'm trying to get OAuth through SoundCloud set up, but I'm having tremendous trouble. My newest issue is this:
I have the user login through a popup window which is connected to SoundCloud. It gives me a back a code once the user logs in. This is all working; however, the next step is failing for me. Once I have the code, I run this snippet of Java code:
URI redir = new URI("http://localhost:9000/auth/soundcloudcapturetoken");
ApiWrapper api = new ApiWrapper(SC_CLIENT_ID, SC_CLIENT_SECRET, redir, null, Env.SANDBOX);
Token authToken = api.authorizationCode(code);
Java fails on the api.authorizationCode(code) line with this error:
SSLPeerUnverifiedException occured : peer not authenticated
I snooped around online, and stumbled upon this post: http://davidjb.com/blog/2012/02/java-http-request-fails-with-javax-net-ssl-sslpeerunverifiedexception-peer-not-authenticated
It suggested that I add the two mentioned certs to my java cacerts file(s). I added the two certificates to both my jdk and jre, but my app still fails with the same error. Is there something I am missing here?
As a side note, I am currently using this api to access SoundCloud: https://github.com/soundcloud/java-api-wrapper
SoundCloud dev here.
Are you trying to use the sandbox (i.e. connecting to https://api.sandbox-soundcloud.com) ? If so, I was trying to reproduce your issue and just realised that our certificate for that host expired, we are deploying a new certificate as we speak, really sorry about that.
Also, you can find help from SoundCloud engineers in our mailing list: http://bit.ly/yqcubH
Related
We have recently needed to change our SSL certificate on our server. Our consuming application has suddenly stopped working. I had presumed this was to do with Java's cacerts, and modified the program to import the new certificate to each client, the problem was not resolved.
When the application attempts to load the remote view (shown below) on the server, it simply loads a white page. I have tried loading the page through http:// and it seems to function, however the rest of the application (including the API) requires https, and subsequent calls to the API fail (images loaded through https are showing as broken within the app).
The website is functional, and when I access URL's being provided to the app, through my desktop browser they load without issue. The app is also functional when I run it in Debug mode, these issues only occur when I use the "Run" build mode.
I have tried creating a blank MAF application, hoping it was some caching issue, however this new app also cannot load the remote URI. I have done a clean build and have tested other remote URI's (they work). I feel as if there is an issue with Java somehow not accepting the new certificate. The first time I tried to load the website within Eclipse's browser, an error displayed along the lines of "certificate revocation information". I didn't pay much attention to this error and it provided the option to install the new certificate, after which the page loaded within eclipse's browser.
In Jdeveloper there is an option of Disabling the Application Transport Security as shown in the image.
Could you try disabling in your eclipse too, Kindly refer this doc https://wiki.eclipse.org/Jetty/Howto/Configure_SSL, this might do a little help :)
The issue seems to be due to the changed SSL certificate on your server.
Short answer:
There was no chain installed, I installed the provided ca-bundle file and updated the httpd.conf file to reflect the chain location and the app now works.
Long answer:
When our server dev installed the new certificate, he neglected to install the ca-bundle (certificate chain) provided by the CA. The site was working in a browser, I can only assume, because it has a more complete list of trusted CA's built in. My best guess is that MAF requires the chain to be installed and was failing some security test, or the chrome webview it uses did not have this CA on the trusted list.
I have started to write a webApp in Eclipse where ECMAScript6 on the client (testing mostly on chrome on Win7) communicates with the server side written in Java7 on Jetty+GAEplugin via xmlHttpRequest (1 get request, user edits data, 1 post requests ). if it gets more I will move to webSockets).
The client code does not know anything about logins and provides neither user name nor password because as I understand, the browser and the user handle that. On the server side I response with 401 if basic authentication is missing.
But when testing, the browser does not ask the user for any password and does not send a second request (FF the same effect). No errors. Chrome development console claims that my
response.addHeader("WWW-Authenticate","Basic realm=\"bus driver\"");
did not reach it.
A subset of my targeted user baser does not have a google account nor FB nor twitter. So OpenId nor OAuth are of no use for that subset. OAuth doc says: " The user signs in using her Google account, .." . Any way I try to search, directs me to ways to store user data, but I have problems with the communication between browser and servlet.
I have read that I should edit web.xml, but I cannot see how to plug my home-built authentication into that. Web.xml would be okay for me because there will be about 3 pages sharing the same (*3roles=9pages).
My software should be up to date. Oracle claims that I should stop using Java 7, but I cannot get local GAE to run on Java 8 ...
Just testing on FF and looking for stupid errors I may have made last night. FF claims: InvalidStateError: An aatempt was made to use an object that is not, or is no longer, usable. Hmm seems that there is at least something wrong with my XMLhttpRequest (it worked in chrome at least without authentication). I could test GET with authentication but without ECMAscript... Still my main question remains, where is the example with old school authentication on the new kid, the cloud?
Logcat is empty. I have seen the logs getting filled in TomCat or for Android. I may have to dig into this.
I'm using the code here to get authentication information from a Kerberos token. In there I've configured the domainUsername and domainUserPassword and just ran it as specified in the readme.md.
Then, from a browser that is in the AD domain, I connect to http://server:8080/spnego and I see on the opened page my username#domain. The page should also contain the SID of the AD groups to which my user belongs.
Looking at the server logs, I see:
org.jaaslounge.decoding.DecodingException: Malformed PAC logon info.
at org.jaaslounge.decoding.pac.PacLogonInfo.<init>(PacLogonInfo.java:209)
at org.jaaslounge.decoding.pac.Pac.<init>(Pac.java:45)
at org.jaaslounge.decoding.kerberos.KerberosPacAuthData.<init>(KerberosPacAuthData.java:13)
at org.jaaslounge.decoding.kerberos.KerberosAuthData.parse(KerberosAuthData.java:21)
at org.jaaslounge.decoding.kerberos.KerberosRelevantAuthData.<init>(KerberosRelevantAuthData.java:41)
at org.jaaslounge.decoding.kerberos.KerberosAuthData.parse(KerberosAuthData.java:18)
at org.jaaslounge.decoding.kerberos.KerberosEncData.<init>(KerberosEncData.java:136)
at org.jaaslounge.decoding.kerberos.KerberosTicket.<init>(KerberosTicket.java:103)
at org.jaaslounge.decoding.kerberos.KerberosApRequest.<init>(KerberosApRequest.java:62)
at org.jaaslounge.decoding.kerberos.KerberosToken.<init>(KerberosToken.java:52)
at com.example.ManualSpnegoNegotiateServlet.attemptNegotiation(ManualSpnegoNegotiateServlet.java:271)
Line 271 is the following
KerberosToken token = new KerberosToken(kerberosTokenData, keys);
That error message is too vague. I've no idea how to continue and I get the same error from different clients.
Does anyone have any tip about this?
I've figured this one out myself. It turns out that the message "Malformed PAC logon info" is actually correct. The code failed when it was trying to get the "Resource groups data".
Initially I thought that the PAC_LOGON_INFO structure has changed since the last jaaslounge implementation was written (somewhere in 2010). I thought that because the MS-PAC specification does not mention it at all.
Actually, the problem is coming from a completely different place: the KDC. It's running on a Win Server 2012, version in which Microsoft added by default resource SID Compression.
There you have it, if you turn off resource SID Compression on the KDC, everything will start working (no need to touch anything else, i.e. the version of jaaslounge or to patch hava with an unlimited JCE policy).
I'm new to this. I generated Certificate Signing Request as in here. Then I used that certificate file which is in .p12 format to establish a connection to Apple push notification server via java-apns. Here is the code that I have used.
ApnsService service =
APNS.newService()
.withCert("/home/ApplePush/apple.p12", "abc")
.withProductionDestination()
.build();
service.testConnection();
But when I run this code it gives me following esception.
"Exception in thread "main" com.notnoop.exceptions.NetworkIOException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".
What is the wrong I have done?
Hi I have had the exact same problem. Like you, I have followed raywenderlinch tutorial and used java-apns library in the backend to communicate with APNS. The certificates thing in the tutorial are focused for php and they are doing something with .pem files which is not needed for java-apns invocation.
I was feeding java-apns with the first .p12 certificate that you create at the beginning of the tutorial. And that was my mistake. What you need to do is generate the .p12 from the certificate generated by apple (aps_developer_identity.cer). Double-click on it and in the keystore manager mac app export as .p12 use some password and try to connect with java-apns using this .p12 and password.
Of course everything related to provisioning portal explained in the ray tutorial must be done correctly.
Thats what has solved my sslHandShakeException. I dont know if you are having the exact same problem but hope it is and this information could help you.
This can happen if you use the wrong cert, i.e. the one under "Certificates" in the provisioning portal as opposed to the one that you request specifically for a given app's notifications. Under "App IDs"-> (the specific app you want) -> Configure, check "Enable for Apple Push Notification service", then click the "Configure" button for either Dev or Prod. This will take you through the process of requesting a certificate for this specific app's push notifications.
I'm trying to use restFB on Google App Engine, when I try and get info about the current User, I get an error,
javax.net.ssl.SSLHandshakeException: Could not verify SSL certificate for: https://graph.facebook.com/me?format=json
Below is the code I am using,
FacebookClient facebookClient = new DefaultFacebookClient();
User user = facebookClient.fetchObject("me", User.class);
What do I need to do to get this working on the development server?
This is fixed in release 1.5.0 If you update to the new SDK it should run fine.
As a workaround you can use doNotValidateCertificate() to ignore certificate validation. It may put your app at risk, however.