Strange issue with Vertx Http request - httpclient

I configured an HTTPS website on AWS, which allows visiting from a white list of IPs.
My local machine runs with a VPN connection, which is in the white list.
I could visit the website from web browser or by the java.net.http package with the below code:
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://mywebsite/route"))
.GET() // GET is default
.build();
HttpResponse<Void> response = client.send(request,
HttpResponse.BodyHandlers.discarding());
But if I replaced the code with a Vertx implementation from io.vertx.ext.web.client package, I got a 403 forbidden response from the same website.
WebClientOptions options = new WebClientOptions().setTryUseCompression(true).setTrustAll(true);
HttpRequest<Buffer> request = WebClient.create(vertx, options)
.getAbs("https://mywebsite/route")
.ssl(true).putHeaders(headers);
request.send(asyncResult -> {
if (asyncResult.succeeded()) {
HttpResponse response = asyncResult.result();
}
});
Does anyone have an idea why the Vertx implementation is rejected?

Finally got the root cause. I started a local server that accepts the testing request and forwards it to the server on AWS. The testing client sent the request to localhost and thus "Host=localhost:8080/..." is in the request header. In the Vert.X implementation, a new header entry "Host=localhost:443/..." is wrongly put into the request headers. I haven't debug the Vert.X implementation so I have no idea why it behaviors as this. But then the AWS firewall rejected the request with a rule that a request could not come from localhost.

Related

Getting connection timeout error while calling get access token Microsoft Graph API through REST POST call

I am trying to get access token from https://login.microsoftonline.com/{tenentname}/oauth2/v2.0/token endpoints though HttpClient post request. Applied required 4 parameters/headers with the same.
But I am getting connection timed out. Connection will be retried using another IP address (after trying with 7 different IP address) getting Shutdown connection error. Connection discarded.
Please find below code snippet.
HttpClientConnectionManager poolingConnManager = new PoolingHttpClientConnectionManager();
HttpPost post = new HttpPost("https://login.microsoftonline.com/{tenentname}/oauth2/v2.0/token");
List<NameValuePair> urlParameters = new ArrayList<>();
urlParameters.add(new BasicNameValuePair("grant_type", "client_credentials"));
urlParameters.add(new BasicNameValuePair("client_id", {id_value}));
urlParameters.add(new BasicNameValuePair("client_secret", {secret_value}));
urlParameters.add(new BasicNameValuePair("scope", "https://graph.microsoft.com/.default"));
post.setEntity(new UrlEncodedFormEntity(urlParameters));
post.setHeader("Content-type", "application/x-www-form-urlencoded");
ClosableHttpClinet httpClient = HttpClients.custom().setConnectionManager(poolingConnManager).build();
ClosableHttpResponse response = httpClinet.execute(post);
System.out.println(EntityUtils.toString(response.getEntity()));
Same its worked with Postman without any proxy setting, I am getting proper response in Postman.
Please assist on the same.
Instead of using HTTPClient, i tried with Microsoft Graph Client (you can download from NuGet) and it worked for me. So i would suggest you to follow the steps.
Install the SDK
Configure the GraphClient
Make the call.
Also with specific to ivy dependency, here's the related thread.

Why does the webflux client give a 404?

I'm trying to make a webflux client to connect to a remote websocket. There is an example websocket located at https://www.websocket.org/echo.html. I can have my browser make a wss request there simply by pressing "connect". In my browser developer toolbar I can then see that a succesful request is made to wss://echo.websocket.org/?encoding=text
This url is also mentioned in https://stackify.com/reactive-spring-5/ (the code there doesn't work because "input" is not defined).
However, when I try to access the same url from spring boot 2.0.0 with webflux, I get a 404:
#PostConstruct
public void run() throws URISyntaxException {
WebClient webClient = WebClient.create();
Flux<String> r =
webClient.get().uri("wss://echo.websocket.org/?encoding=text")
.retrieve()
.bodyToFlux(String.class)
.log();
r.subscribe(res -> System.out.println("ok: " + res), ex -> System.out.println(ex));
}
error:
org.springframework.web.reactive.function.client.WebClientResponseException: ClientResponse has erroneous status code: 404 Not Found
My best guess is that it somehow does not work with urls that start with "wss://". Can I change the code so that the request will be successful?
WebClient is not a WebSocket client, ReactorNettyWebSocketClient (mentioned in the article you linked) is a WebSocketClient. Please use this instead.

ASP double hop request in kerberos delegation scenario

Please help!
I need my asp application to request remote systems with credentials of impersonated user. But always get 401 Unauthorized errors.
I made all configurations from here: https://support.microsoft.com/en-us/help/810572/how-to-configure-an-asp-net-application-for-a-delegation-scenario
Kerberos is configured and working in my app and my test remote app(i see kerberos tickets in fiddler). Delegation, spns and everything is configured.
Thats my code usnig System.Net.Http.httpclient:
HttpClientHandler handler = new HttpClientHandler()
{
UseDefaultCredentials = true,
PreAuthenticate = true
};
using (HttpClient client = new HttpClient(handler))
{
client.DefaultRequestHeaders.Accept.Clear();
var method = new HttpMethod("GET");
var request = new HttpRequestMessage(method, "http://testdelegationapp.avp.ru/");
var response = client.SendAsync(request).Result;
}
In fact http request is made by Apppool account (I get 401 error when restricting access to Apppool account in remote app IIS)
Here: How to get HttpClient to pass credentials along with the request?
is claimed that HttpClient cant pass security token to another thread, and its better to use synchronous methods of System.Net.WebClient
Code using webclient:
var wi = (WindowsIdentity)HttpContext.User.Identity;
var wic = wi.Impersonate();
try
{
string URI = "http://testdelegationapp.avp.ru/";
using (WebClient wc = new WebClient())
{
wc.UseDefaultCredentials = true;
string response = wc.DownloadString(URI);
}
}
finally
{
wic.Undo();
}
Result is even worse, the same 401 error, but in fiddler i can see that webclient using NTLM ticket to get to remote app!
Configuring of flowing tokens throw threads from here :Unable to authenticate to ASP.NET Web Api service with HttpClient
doesnt help either. SecurityContext.IsWindowsIdentityFlowSuppressed() is false.
WindowsIdentity.GetCurrent().Name and Thread.CurrentPrincipal.Identity.Name shows impersonated user as it should be.
All that time problem was in chrome browser, by default it prohobits kerberos delegation. You shoud add the following to registry:
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome ;
string: AuthNegotiateDelegateWhitelist ;
value: *.avp.ru
So, now my working configuration is
HttpClient for web requests.
ASP impersonation ON in IIS if you want to execute all your app under
delegated credentials. If you want method specific delegation, then use:
var wi = (WindowsIdentity)HttpContext.User.Identity;
var wic = wi.Impersonate();
wic.Undo();
HttpClient executes request in another thread , so in aspnet_config.config we need following changes:
<legacyImpersonationPolicy enabled="false"/>
<alwaysFlowImpersonationPolicy enabled="true"/>
You can find aspnet_config.config in:
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet.config

POST request succeeds on box, but fails in jenkins

I have an integration test which connects to salesforce, and gets back an authentication token.
public AuthenticationResponse getAuthenticationResponse()
{
MultiValueMap<String, String> map = new LinkedMultiValueMap<String, String>();
map.add("client_id", consumerKey);
map.add("client_secret", consumerSecret);
map.add("grant_type", GRANT_TYPE);
map.add("username", username);
map.add("password", password);
return new RestTemplate().postForObject(LOGIN_URI, map, AuthenticationResponse.class);
}
^ That's the code the test runs.
public void testConnect(){
AuthenticationResponse response = dataDotComClient.getAuthenticationResponse();
assertNotNull(response);
assertNotNull(response.getAccess_token());
}
^ And that's the test itself.
This works fine from my, and other desktops. However, it never works in jenkins, always returning a 400 status code with no real error message behind it. Is there something I have to do in Jenkins to allow post requests to external sites?
http 400 means
Bad Request - Invalid URL"
OR
"HTTP Error 400. The request hostname is invalid."
Please make sure that your destination host is reachable from jenkins machine.
Try to login to jenkins machine and run the curl/telnet command to check the connectivity.

Outgoing http requests not showing in Fiddler from java spring mvc web app

Hi I'm sending some http requests from a java spring mvc web app and when I have fiddler open I don't see any outgoing responses.
Using this code to send to an address similar to: http:///getstuff?stuff="whatever"
HttpGet httpget = new HttpGet(url);
log.info("Executing request " + httpget.getURI());
// Create a response handler...
ResponseHandler<String> responseHandler = new BasicResponseHandler();
responseBody = httpclient.execute(httpget, responseHandler);
Does anybody know why these outgoing calls are not showing up in fiddler?
Did you remember to configure your JVM to proxy its HTTP requests? http://fiddler2.com/documentation/Configure-Fiddler/Tasks/ConfigureJavaApp