I am using java classes AppsForYourDomainService UserService
from package com.google.gdata.client and could not figure out how to configure http client log.
any ideas?
There's an excellent article detailing how to do this at:
https://developers.google.com/gdata/articles/debugging_client_libs#java
Related
I have already configured Keycloak role based access control with my java API project and it is deployed with Wildfly and runs without any errors. Since I have tested and confirmed the responses with Postman, I needed to use Swagger in-order to generate API documensts.
Using Swagger Inspector I created an API definition and exported that via SwaggerHUB to use it in SwaggerUI which I run locally. With web-origins and all the necessary steps configured in Keycloak and with authentication parameters set in Swagger script, I get the below error..
"
Access to fetch at (api request) from origin (swagger ui path) has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
"
I have noticed that if I bypass Keycloak, this works. What might be the best solution to overcome this issue?
I was able to resolve my issue referring this answer. I too added "enable-cors": true in keycloak.json in my Java back-end server which was Wildfly and tested the same implementation in server environment successfully.
I have an JAX-RS application running on IBM Websphere Liberty Profile.
Also I have included SWAGGER 1.5.3.
The application compiles fine and generates swagger files in webapp directory. But when I try to access it via URL, it says NO API FOUND and the spinner keep spinning.
There are no errors registered on browser console neither any errors in server console.
I do not know whats wrong with it, without any errors its hard to debug.
Where can I see the detailed errors/exceptions.
WebSphere Liberty has native support for Swagger v2 using the apiDiscovery-1.0 feature. If you enable that you should see your APIs in https://host:https_port/ibm/api/docs.
By the way, there's support for the newer OpenAPI v3 spec, via the Microprofile OpenAPI programming model. You can use Liberty's mpOpenAPI-1.0 feature for that.
I have REST based services deployed in WebLogic Application Server 12 which uses Spring Security for authentication using BASIC Auth. Previously I found out that WebLogic has a bug where it intercept a call if request has Authorization header in it.
I found a very helpful link which solves this issue by disabling <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials> this in config.xml of WebLogic. Now if I access my service via POSTMan it works great and Spring handles the security.
After this I write some automated test which uses Apache Common HttpClient library to call my service, but I am continuously getting 401 Unauthorised from WebLogic. My client code is as follows;
httpClient = new HttpClient();
httpClient.getState().setCredentials(
new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
new UsernamePasswordCredentials(
getTestUsername(config.getUsername()),
getTestPassword(config.getPassword()))
);
I tried putting auth pref to Basic, adding Authorization header to my request even setting auth to Preemptoive to true everything it still the same.
One thing I am sure is that Weblogic is intercepting my call from Java Standalone client somehow! because in Response Headers i get 'realm: weblogic' which is incorrect as it should be 'realm: Spring Security Application', more strangely I am able to access the same URL from POSTMan with the same security credentials. Am I missing anything?
Yes, I confirm that Weblogic intercepts your call.
You have to enforce the <enforce-valid-basic-auth-credentials> tag to false in your weblogic config.xml file.
Please take a look at Error adding enforce-valid-basic-auth-credentials to config.xml and http://www.dba-oracle.com/t_weblogic_bypass_basic_authentication.htm
Where can I find an basic applicationContext.xml configuration of an OAuth2 Client for Authorization Code grant type using spring-security-oauth2 version 2.0.x ?
There's a sample in the integration tests: https://github.com/spring-projects/spring-security-oauth/blob/master/tests/xml/client/src/main/resources/context.xml. The old 1.0.* XML should work with 2.0.* as well, so just look at the tonr2 sample in the 1.0.x branch.
I'm working on an OAuth server implementation based on the jersey-oauth 1.16 contrib in GlassFish 3.1.2 container and I'm getting this exception when trying to connect to it via Scribe client API:
AuthFilter.filter:
com.sun.jersey.oauth.signature.UnsupportedSignatureMethodException: HMAC-SHA1
for com.sun.jersey.oauth.server.OAuthServerRequest#13a50796
https://wikis.oracle.com/display/Jersey/OAuth states "It supports the signature methods outlined in OAuth Core 1.0 specification: HMAC-SHA1, RSA-SHA1, and PLAINTEXT" so I'm confused.
Do I have some misconfiguration issue?
Any suggestion/pointer/idea would be welcome.
Thanks!
Should this happen to anyone else, I thought I would share how I resolved this issue.
GlassFish 3.1.2 seems to still be stuck to an old version of Jersey 1.11. I guess there's some sort of incompatibility between Jersey 1.11 and the oauth contrib 1.16.
http://jersey.java.net/nonav/documentation/latest/glassfish.html describes how Jersey may be updated in the GlassFish container.
It's a bit tricky to do, but I've now Jersey 1.17 and it's working like a charm. :)
Unfortunately, I cannot add comments yet, but I just wanted to point out that the latest Jersey libraries for GlassFish can be found in this location. I was able to follow the instructions and make OAuth+Jersey work with Glassfish v3. Thanks, TheArchitect!