I currently have an application I am working on that I am using in the cloud (Jelastic). I have added SSL certs to my Cloud environment and want to be able o now use https on certain pages. I have implemented the below methods of doing this:
Method 1:
grails.plugins.springsecurity.secureChannel.definition = [
'/login/**': 'REQUIRES_SECURE_CHANNEL'
]
Method 2:
grails.plugins.springsecurity.secureChannel.definition = [
'/login/**': 'REQUIRES_SECURE_CHANNEL'
]
grails.plugins.springsecurity.secureChannel.useHeaderCheckChannelSecurity = true
grails.plugins.springsecurity.secureChannel.secureHeaderName = 'X-Forwarded-Proto'
grails.plugins.springsecurity.secureChannel.secureHeaderValue = 'http'
grails.plugins.springsecurity.secureChannel.insecureHeaderName = 'X-Forwarded-Proto'
grails.plugins.springsecurity.secureChannel.insecureHeaderValue = 'https'
So for method 1 it partly works as when you go to the index page in HTTP and then try to go to the login page you will be shown an error message saying:
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
Method 2 however does not seem to work at all and when I go to the Login page on HTTP it does not redirect me as I would expect and just seems to work on HTTP which is strange.
This solution is hosted in Jelastic as I mention so not sure is that could be causing some issues, but any help offered would be great.
Thanks in advance
I used the following config for deploying on to prod server. Then it started on https. I am using jdk 1.8 and Tomcat 8.
grails.plugin.springsecurity.portMapper.httpPort = 80
grails.plugin.springsecurity.portMapper.httpsPort = 443
grails.plugin.springsecurity.secureChannel.secureHeaderName = 'X-FORWARDED-PROTO'
grails.plugin.springsecurity.secureChannel.secureHeaderValue = 'http'
grails.plugin.springsecurity.secureChannel.insecureHeaderName = 'X-FORWARDED-PROTO'
grails.plugin.springsecurity.secureChannel.insecureHeaderValue = 'https'
grails.plugin.springsecurity.auth.forceHttps = true
grails.plugin.springsecurity.secureChannel.definition = [
'/**': 'REQUIRES_SECURE_CHANNEL'
]
Related
So I am deploying an Angular 5 app with a Rails 5 back-end. I can get the data to flow properly between the two locally, but trying to connect to the deployed version of the API (which is on Heroku) I run into some authorization issue. The error is:
Failed to load https://my_api.herokuapp.com/data.json: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:4200' is therefore not allowed access.
The response had HTTP status code 404.
Cross-Origin Read Blocking (CORB) blocked cross-origin response <URL> with MIME type application/json.
See <URL> for more details.
Is this something I need to change within the Rails API or in Angular? The deployed Rails API is essentially the same as the local version so I'm not sure where the disconnect is coming from.
There are only two refrences to the API in Angular. I connect to it the same way that I do to the local server:
Angular, app-module.ts
providers: [Angular2TokenService, AuthService, AuthGuard,
// {provide: 'api', useValue: 'http://localhost:3000/'}
{provide: 'api', useValue: 'https://my_ api.herokuapp.com/data.json'}
]
Perhaps it's my use of Angular2TokenService?
Angular, environment.ts:
export const environment = {
production: false,
token_auth_config: {
// apiBase: 'http://localhost:3000'
apiBase: 'https://my_api.herokuapp.com/data.json'
}};
Thanks! Let me know of any suggestions you might have or if you need clarification.
It's issue with CORS(cross-origin-resource-sharing). You can handle it by adding callback in your API like below:
def cors_set_access_control_headers
headers['Access-Control-Allow-Origin'] = ENV['SERVER_URL'] || '*'
end
where SERVER_URL is your front-end server URL
Else you can use gem 'rack-cors' as suggested in comments by #Kedarnag Mukanahallipatna
I am working on a project whereby we have sites (developed with ruby on rails) hosted on an Ubuntu server using tomcat. We want these sites to make HTTP calls to a service developed using Nancy. We have this working locally whereby the service is hosted on a machine that we can call within our network. We cannot however get it working when live. Here is an example call:
def get_call(routePath)
started_at = Time.now
enc_url = URI.encode("#{settings.service_endpoint}#{routePath}")
uri = URI.parse(enc_url)
http = Net::HTTP.new(uri.host, uri.port)
req = Net::HTTP::Get.new(uri.request_uri)
resp = http.request(req)
logger.bench 'SERVICE - GET', started_at, routePath
return resp if response_ok?(resp)
end
When working locally the settings are as follows:
settings.service_endpoint = http://10.10.10.27:7820
routePath = /Customers
When we upload it to the server we use the following:
settings.service_endpoint = http://127.0.0.1:24099
routePath = /Customers
We currently get the following error:
SocketError at /register
initialize: name or service not know
with the following line being highlighted:
resp = http.request(req)
Are we completely wrong with the IP being called. Should it be 127.0.0.1, localhost. 10.10.10.27 or something entirely different? The strange thing is we can do a GET call via telnet in our Ubuntu server (telnet 127.0.0.1 24099) so that must mean the server can make the calls but the site hosted on the server cannot. Do we need to include a HTTP proxy (have read some reference to that but dont really know if its needed).
Apologies if its obvious but we have never tried anything like this before so its all very perplexing. Any further information required just let me know.
We changed the service_endpoint to localhost and it worked. Not sure if this is because it didnt like "http://" or some other reason. Any explanation as to why this is the case would be much appreciated, just so we know. Thanks!
I'm using spring security 1.2.7.3, and I want to secure URLs with http method, in other words I want something like this in my config.groovy:
grails.plugins.springsecurity.interceptUrlMap = [
'/api/person/**': ['ROLE_ADMIN'], //IF HTTP "POST"
'/api/person/**': ['IS_AUTHENTICATED_ANONYMOUSLY'], //IF HTTP "GET"
}
Is it possible? I know that there are of course other ways to achieve this but I prefer to solve the problem in this way.
p.s. this question has already been asked here before.
I tested out the following and it seemed to work quite well:
grails.plugin.springsecurity.securityConfigType = SecurityConfigType.InterceptUrlMap
grails.plugin.springsecurity.interceptUrlMap = [
'/myFirst/**': ["request.getMethod().equals('GET') || hasRole('ROLE_ADMIN')"],
'/mySecond/**': ["permitAll"]
]
I based the usage of request.getMethod() on the documentation found at the link below and took a little liberty in using an || expression.
http://grails-plugins.github.io/grails-spring-security-core/guide/requestMappings.html
In your example you supplied two entries for 'api/person/**', but that unfortunately won't work because each entry would have the same key for the interceptUrlMap. Combine what you want for options with || and &&.
I am working on rails environment. I am using Net::HTTP module for calling an external API and getting the response. This is working fine in my local host. But in staging it throwing an Net::HTTPBadResponse error. My staging is SSL enabled. This is the difference. Providing the code snippet and error below.
parameters = {'VirtualNumber' => '09845xxxxxx','Number[]' => "09878xxxxxx" }
x = Net::HTTP.post_form(URI.parse("https://example.com"), parameters)
Error:
Net::HTTPBadResponse (wrong status line: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
The successful result will be in XML format. Can any one help me to solve this.
Thank You,
Regards
The issue was calling the API from ssl enabled site. So while calling the API we need to enable the ssl. And along with that need to provide basic authentication.
parameters = {'VirtualNumber' => '09845xxxxxx','Number[]' => "09878xxxxxx" }
url = URI.parse("https://example.com")
request = Net::HTTP::Post.new(url.path)
request.basic_auth "user", "pass"
request.set_form_data(parameters)
sock = Net::HTTP.new(url.host, url.port)
if url.scheme == 'https'
sock.use_ssl = true
end
response = sock.start {|http| http.request(request) }
My code is like
encodestring = "test#gmail.com:test"
enc = Base64.encode64(encodestring)
auth = "Basic #{enc}"
https = Net::HTTP.new('localhost', 443)
https.use_ssl = true
path = '/user/test'
query_string = "#{auth}"
https.verify_mode = OpenSSL::SSL::VERIFY_NONE # don't display warnings
resp = https.post(path,query_string)
here test is a method inside user_controller.rb file.If i am making simple http request its working fine but while making https request it is giving exception "SocketError (initialize: name or service not known)".Please help me to make it a valid https call. thanks in advance.
The examples I've seen have taken a host name as the first argument to HTTP.new, rather than a URL. Try this:
https = Net::HTTP.new('localhost', 443)
It's not clear whether you actually want to connect to port 443 or 3001 - you obviously can't connect to both. If you want 3001, replace the 443 above.