IBM Connections keeps doing the OAuth dance for gadgets - oauth-2.0

I've got an embedded experience gadget configured for the IBM Connections activity stream. It seems that the OAuth dance never succeeds, only returning me to the beginning of the OAuth dance (prompt for authorisation).
I see errors like this:
[2/25/14 7:17:45:197 EST] 000000c2 BasicOAuth2Me 3 JSONException parsing response
org.apache.commons.json.JSONException: Error occurred during input read.
Caused by: java.io.IOException: Unexpected character '<' on line 1, column 1
at org.apache.commons.json.internal.Tokenizer.next(Tokenizer.java:185)
at org.apache.commons.json.internal.Parser.parse(Parser.java:114)
at org.apache.commons.json.internal.Parser.parse(Parser.java:85)
at org.apache.commons.json.JSONObject.<init>(JSONObject.java:128)
at org.json.JSONObject.<init>(JSONObject.java:41)
...which may suggest that XML is returned from something instead of JSON.
I'm also seeing POST /connections/opensocial/gadgets/makeRequest HTTP/1.1
returning:
HTTP/1.1 200 OK
Date: Tue, 25 Feb 2014 12:54:12 GMT
Server: IBM_HTTP_Server
X-Powered-By: Servlet/3.0
X-LConn-Auth: true
X-UA-Compatible: IE=EmulateIE7
Cache-Control: no-cache
Expires: Tue, 25 Feb 2014 12:54:12 GMT
Pragma: no-cache
Content-Disposition: attachment;filename=p.txt
Content-Length: 1029
Content-Type: application/json;charset=UTF-8
Content-Language: en-US
throw 1; < 'invalid javascript' > {"http://appfusions.demos.ibm.com:2990/jira/rest/api/2/issue/DEMO-12/transitions?expand=transitions.fields":{"rc":200,"body":"","oauthApprovalUrl":"http://appfusions.demos.ibm.com:2990/jira/plugins/servlet/af/oauth/authorize?client_id=8821f0cfd9264c4ed08b00861016886c&realGadgetUri=http%3A%2F%2Fappfusions.demos.ibm.com%3A2990%2Fjira%2Frest%2Fgadgets%2F1.0%2Fg%2Fcom.appfusions.jira.connections.jira-immersive-for-connections%3Aconnections-gadgets%2Fgadgets%2Fjira-ee.xml&redirect_uri=https%3A%2F%2Fconnectionsww.demos.ibm.com%2Fconnections%2Fopensocial%2Fgadgets%2Foauth2callback&response_type=code&state=WIn_8DLhmOeRc8aIYomi0j2XGIAAd7Ke3j2E4y9SbXpD6aZcmU_sKbJpOh4CEuJKr1NLEEsm8xAB-gzYz9laubsztcW-I-YC8gfq67kGbW2wxYhFh6PCaqEZgAhzD7sfRGsj_bBLykeVpSCRZCI7h8pbO9UbtiBfKDKUDwyqm2t35GWi0DV3KcWZlnKso97-z8Xlzj5AysY5ifWux0nJwHCLJ70Fq4wV738SQ5ZDExqSQkaiGY-w7NlJRHRCVP0wJzIEWP2fsSkNMbN8ui4ULLD1kR0w4T_VlBYS1QXbjvXJ6XUwEc7xhusC2ixvDzhBjjLOmbrwqOdMQnFRrxilX--Q9mI","DataHash":"qgeopmcf02p09qc016cepu22fo"}}
Here's a full trace.log -- I'm currently logging to trace with these packages:
*=info:
com.ibm.social.pim.resource.*=all:
com.ibm.lconn.homepage.services.widget.*=all:
com.ibm.lconn.news.*=all:
com.ibm.lconn.events.*=all:
com.ibm.lotus.search.engine.*=all:
com.ibm.lotus.search.index.*=all:
com.ibm.lconn.mailin.*=all:
com.ibm.lotus.connections.core.notify.*=all:
com.ibm.lconn.scheduler.*=all:
org.apache.shindig.*=all
I'd love to know a good way of debugging that JSONException as well as more into on the makeRequest POST.
Any clues on how to debug further are greatly appreciated.
Update
I've updated the trace.log after Paul's logging suggestion and I'm now seeing exceptions while storing OAuth information:
[2/27/14 7:16:17:062 EST] 0000014e RetryConnecti 3 Exception caught during attempt
org.springframework.dao.DataIntegrityViolationException: SqlMapClient operation; SQL [];
--- The error occurred in resources/news/oauth/OAuth2TokenSQL.xml.
--- The error occurred while applying a parameter map.
--- Check the insert-OAUTH2_TOKEN-InlineParameterMap.
--- Check the statement (update failed).
--- Cause: com.ibm.db2.jcc.am.SqlIntegrityConstraintViolationException: Assignment of a NULL value to a NOT NULL column "TBSPACEID=5, TABLEID=14, COLNO=4" is not allowed.. SQLCODE=-407, SQLSTATE=23502, DRIVER=4.13.80; nested exception is com.ibatis.common.jdbc.exception.NestedSQLException:
--- The error occurred in resources/news/oauth/OAuth2TokenSQL.xml.
--- The error occurred while applying a parameter map.
--- Check the insert-OAUTH2_TOKEN-InlineParameterMap.
--- Check the statement (update failed).
--- Cause: com.ibm.db2.jcc.am.SqlIntegrityConstraintViolationException: Assignment of a NULL value to a NOT NULL column "TBSPACEID=5, TABLEID=14, COLNO=4" is not allowed.. SQLCODE=-407, SQLSTATE=23502, DRIVER=4.13.80
at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:228)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:72)
at org.springframework.orm.ibatis.SqlMapClientTemplate.execute(SqlMapClientTemplate.java:212)
at org.springframework.orm.ibatis.SqlMapClientTemplate.insert(SqlMapClientTemplate.java:397)
at com.ibm.lconn.news.data.dao.impl.ibatis.CrudDao.insert(CrudDao.java:394)
at com.ibm.lconn.news.data.dao.impl.ibatis.oauth.OAuth2TokenDao.insert(OAuth2TokenDao.java:61)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
The OAuth provider appears to be supplying OAuth tokens correctly from what I can see -- also in trace.log

I've installed tcpflow on the IBM Connections machine. Tracking the server side OAuth flow on the IBM Connections machine using...
root$ tcpflow -p -c -i eth0 port 2990 | grep -oE '(GET|POST|HEAD) .* HTTP/1.[01]|Host: .*' > cnx-outgoing-2990.log
I've found a 404 error on the OAuth provider when IBM Connections POSTs to the access_token URL -- will concentrate on that :)

Related

Artifactory Docker 404 after upgrade to 7.4.1

After an Artifactory upgrade to 7.4.1 from 6.10.4, I've made the necessary port changes and the UI works fine, but I'm seeing the following in the artifactory-service log when attempting to use docker login via the subdomain method:
Request /v2/ should be a repo request and does not match any repo key
The docker login command prompts for authentication but then returns:
Error response from daemon: login attempt to http://<local-docker-repo>.<artifactory-url>.com/v2/ failed with status: 404 Not Found
Artifactory is running in a Kubernetes cluster behind an nginx ingress controller, which has an ingress set up specifically to serve https://<local-docker-repo>.<artifactory-url>.com via the same backend as the Artifactory UI. It seems like some URL rewrite functionality is not working, I'm just not sure how I've misconfigured it as I had no problems in the previous version.
Curl results as follows:
curl -i -L -k http://docker-local.<artifactory-url>.com/v2/
HTTP/1.1 308 Permanent Redirect
Server: nginx/1.15.9
Date: Mon, 21 Sep 2020 00:25:32 GMT
Content-Type: text/html
Content-Length: 171
Connection: keep-alive
Location: https://docker-local.<artifactory-url>.com/v2/
X-JFrog-Override-Base-Url: ://docker-local.\<artifactory-url>.com:80
X-Forwarded-Port: 80
Host: docker-local.artifactory.<artifactory-url>.com
X-Forwarded-For: 10.60.1.1
HTTP/2 401
server: nginx/1.15.9
date: Mon, 21 Sep 2020 00:25:32 GMT
content-type: application/json;charset=ISO-8859-1
content-length: 91
www-authenticate: Basic realm="Artifactory Realm"
x-artifactory-id: ea0c76c54c1ef5de:45761df0:174ad9a6887:-8000
x-artifactory-node-id: artifactory-0
x-jfrog-override-base-url: ://docker-local.<artifactory-url>.com:443
x-forwarded-port: 443
host: docker-local.<artifactory-url>.com
x-forwarded-for: 10.60.x.x
strict-transport-security: max-age=15724800; includeSubDomains
{
"errors" : [ {
"status" : 401,
"message" : "Authentication is required"
} ]
Any help would be greatly appreciated!
Edit: As a workaround I've enabled Repository Path as the Docker access method, which works fine -- still not sure where subdomain is going wrong.
The issue was that the $repo variable in the nginx rewrite rules provided by Artifactory was not getting populated for some reason. Since we only have a single registry being used in the subdomain method, I updated the rewrite rule to provide the repo name which resolved the issue.
To illustrate:
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/$repo/$1/$2;
was changed to:
rewrite ^/(v1|v2)/(.*) /artifactory/api/docker/docker-local/$1/$2;

Impossible to access http://mvnrepository.com/

I am suddenly getting this error in Jenkins:
= Check pre-requisite
Checking global pre-requisite
- aws is reachable in PATH [ OK ]
DEBUG : wget --spider -S -qO- http://mvnrepository.com/
HTTP/1.1 308 Permanent Redirect
Content-Length: 0
Date: Tue, 02 Oct 2018 04:49:58 GMT
Location: https://mvnrepository.com/
Server: nginx/1.10.1
Connection: keep-alive
X-RBT-SCAR: 88888:59701061:1000 ADL
HTTP/1.1 308 Permanent Redirect
Content-Length: 0
Date: Tue, 02 Oct 2018 04:49:58 GMT
Location: https://mvnrepository.com/
Server: nginx/1.10.1
Connection: keep-alive
X-RBT-SCAR: 10.195.254.60:59701066:1000 ADL
- http://mvnrepository.com/ is reached [FAILED]
Impossible to access http://mvnrepository.com/ (wget error code 8 : Server issued an error response )
# Error detected
###############################################################################
End of Checks. Status =
- No warning detected
- Error detected while executing checks. Unless -ignore-checks flag is on, those will block the installation process and prevent we move further until those are solved.
########################################################################
# Error : Prerequiste check ./project_files/bin/check_prerequisite is not ok. Stopping the operation.
########################################################################
Looks like that site has stopped supporting HTTP and are telling you to use HTTPS instead. In the redirect information, you can see
Location: https://mvnrepository.com/
So, use HTTPS and you should be fine. More specifically, use
wget --spider -S -qO- https://mvnrepository.com/

'204 No Content' no data found in influxdb

Successfully installed influxdb on windows and everything is working as expected locally. But having trouble posting data from outside using http api.
I am able to connect to admin panel locally through
http://localhost:8083/
I am using below command for posting data from a remote server:
curl -i -XPOST 'http://172.29.6.195:8086/write?db=telegraf' --data-binary 'test_load,host=njxap1dbadm01 value=13.64'
I am getting below success message:
HTTP/1.1 204 No Content
Request-Id: d3b58c0c-f620-11e5-80a1-000000000000
X-Influxdb-Version: unknown
Date: Wed, 30 Mar 2016 02:40:55 GMT
log on server side:
[http] 2016/03/29 22:40:55 172.29.18.10 - - [29/Mar/2016:22:40:55
-0400] POST /write?db=telegraf HTTP/1.1 204 0 - curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.16.2.3 Basic ECC
zlib/1.2.3 libidn/1.18 libssh2/1.4.2
d3b58c0c-f620-11e5-80a1-000000000000 0
Even though I got the sucess message on client side some how the data is not getting saved on the database.
I checked for the data from admin panel and returning no data.Checked with curl get also no results.
I have retention policy of 1day for my database.
Please help me resolve with the issue of why the data is not getting saved to database.
I'm trying to reproduce this, but I'm not able to with the latest version on InfluxDB.
~$ curl -i -XPOST 'http://localhost:8086/write?db=telegraf' --data-binary 'test_load,host=njxap1dbadm01 value=13.64'
HTTP/1.1 204 No Content
Request-Id: 38fcfb17-fac3-11e5-8004-000000000000
X-Influxdb-Version: unknown
Date: Tue, 05 Apr 2016 00:13:28 GMT
Logs:
[http] 2016/04/04 17:13:28 ::1 - - [04/Apr/2016:17:13:28 -0700] POST /write?db=telegraf HTTP/1.1 204 0 - curl/7.43.0 38fcfb17-fac3-11e5-8004-000000000000 3.776752ms
Querying:
> use telegraf
Using database telegraf
> show series
key
test_load,host=njxap1dbadm01
> select * from test_load
name: test_load
---------------
time host value
1459815208633910164 njxap1dbadm01 13.64
Do you know what version of InfluxDB you are using?

Neo4J Community Edition Calling Home?

while working on our Neo4J graph application And setting debug logging for the root logger I came across the following statistics like message:
[DEBUG] HttpURLConnection: sun.net.www.MessageHeader#537f294a7 pairs: {GET /?totalmem=12758278144+propids=0+os.arch=amd64+edition=community+dist=unknown+source=maven+numprocs=4+mac=005056c00008+revision=2.1.5:2.1-maint:529/45c3cc04946c2b0e243e48c8252e40cb85931744+tags=spring,sdn,web+os.version=6.3+reg=unreg+relids=0+v=2.1.5+heapsize=47775896+os.name=Windows_8.1+id=641ca9a78ddc53ae+labelids=3+nodeids=0+p=-1 HTTP/1.1: null}{Cache-Control: no-cache}{Pragma: no-cache}{User-Agent: Java/1.8.0_51}{Host: 52.0.233.188}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Connection: keep-alive}
[DEBUG] HttpURLConnection: sun.net.www.MessageHeader#167dbd419 pairs: {null: HTTP/1.1 200 OK}{Server: nginx/1.6.2}{Date: Sun, 30 Aug 2015 10:05:40 GMT}{Content-Type: text/html}{Content-Length: 164}{Last-Modified: Fri, 01 Jun 2012 09:48:29 GMT}{Connection: keep-alive}{ETag: "4fc88fed-a4"}{Accept-Ranges: bytes}
I'm more than a little surprised because I haven't configured anything in Neo4j that tells it to share my machine configuration with some web server on the internets.
By the way, I know it is neo4j due to the version number (2.1.5) and community edition keywords, and the ip number 52.0.233.188 which resolves to an amazon aws dns entry but identifies itself as udc.neo4j.org.
I've discovered that this is a by-default-on Usage Data Collector service that Neo4j documents here:
http://neo4j.com/docs/stable/usage-data-collector.html
It contains details about how to disable it also.. Having said that, I really don't like this kind of stuff getting more and more prevalent in software nowadays.
UPDATE 1:
I've tried to disable the udc by following the steps described (http://neo4j.com/docs/stable/usage-data-collector.html#_how_to_disable_udc), but the UDC is still contacted. This is running from my Eclipse IDE, haven't tested yet with packaged fat jar:
[DEBUG] HttpURLConnection: sun.net.www.MessageHeader#32bc2cb97 pairs: {GET /?totalmem=42932072448+propids=1323+os.arch=amd64+edition=community+dist=unknown+source=maven+numprocs=24+mac=005056c00008+revision=2.1.8:2.1-maint:687/5c83ce3a5ddf33259593f719153ce71a6fe89fc7+tags=spring,sdn,web+os.version=6.3+reg=unreg+relids=810+v=2.1.8+heapsize=156271600+os.name=Windows_8.1+id=b599d44d76a45a87+labelids=10+nodeids=409+p=-1 HTTP/1.1: null}{Cache-Control: no-cache}{Pragma: no-cache}{User-Agent: Java/1.8.0_51}{Host: 52.0.233.188}{Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2}{Connection: keep-alive}
[DEBUG] HttpURLConnection: sun.net.www.MessageHeader#77bea48a9 pairs: {null: HTTP/1.1 200 OK}{Server: nginx/1.6.2}{Date: Mon, 31 Aug 2015 11:05:30 GMT}{Content-Type: text/html}{Content-Length: 164}{Last-Modified: Fri, 01 Jun 2012 09:48:29 GMT}{Connection: keep-alive}{ETag: "4fc88fed-a4"}{Accept-Ranges: bytes}

spring security - sessionid url rewriting with tomcat 7

we've fought with following problem using spring security 1.2.1, grails 1.3.7 and tomcat 7.0.22. on our dev machines we had no problems during login in our app. i think the grails tomcat plugin uses a 6.x verion of tomcat. we defined following test cace for the login process:
delete all cookies
login
as you can see a very simple test case :-). the result of the test looks as follows: the user was successfully authenticated, but after login gets redirected to the access denied page. the session was created, because the user was able to perform other permitted actions and the log shows a successful authentification (enabeld spring secured log on debug level). so why does the redirect to the access denied page happen?
tocmat 7.x assumes that no cookies are activated and adds the sessionid to the redirect url and addtionally set the cookie via "set cookie" http header. that's the point where the spring security plugin is confused.
http response of j_spring_security_check
HTTP/1.1 302 Moved Temporarily
Connection: Keep-Alive
Content-Length: 0
Date: Fri, 14 Oct 2011 06:41:59 GMT
**Location: https://myserver/main;jsessionid=8341CD832CAF4569A95BBF436395744E**
Server: Apache-Coyote/1.1
**Set-Cookie: JSESSIONID=8341CD832CAF4569A95BBF436395744E;** Path=/etsweb/; HttpOnly
followed by a http get https://myserver/main;jsessionid=8341CD832CAF4569A95BBF436395744E
http response
HTTP/1.1 302 Moved Temporarily
Connection: Keep-Alive
Content-Length: 0
Date: Fri, 14 Oct 2011 06:41:59 GMT
Location: https://myserver/login/denied
Server: Apache-Coyote/1.1
the solution was to disable url rewriting by setting following tag in web.xml file
<session-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
I don't know whether this is a spring sec bug or a thinking bug.
Also, make sure wild card in your security settings is using IS_AUTHENTICATED_ANONYMOUSLY, and not ROLE_ANONYMOUS.
'/**': ['IS_AUTHENTICATED_ANONYMOUSLY']

Resources