How to generate a certificate with fiddler? - fiddler

Fiddler gaves me a message box with the following message:
The server [<LINK>] Requests a client certificate.
Please save a client certificate using the filename:
C:\Users\<username>\Documents\Fiddler2\ClientCertificate.cer
i have already tried using this FiddlerScript (that i found on internet)
static function OnBeforeRequest(oSession: Session) {
oSession["https-Client-Certificate"]= "C:\\Yourcerfilelocation.cer";
}
But i get the following message error:
Compiler error on line: 1
Valid only in a class definition
i want to know how can i save the certificate as this .cer file for Fiddler to use it, without getting errors

FiddlerScript handlers definitions should be put in a class - this is how extensibility point is designed.
For example, the default FiddlerScript definition (the one installed with Fiddler and visible in the FiddlerScript tab) has the following structure:
import System;
import System.Windows.Forms;
import Fiddler;
// ...
class Handlers
{
// ...
static function OnPeekAtResponseHeaders(oSession: Session) {
// ...
}
}
// ...
If you put the OnBeforeRequest handler in the Handlers class, e.g. next to the OnPeekAtResponseHeaders, this should clear the syntax error, and the handler will be executed.

Related

Keycloak: Add custom extension io.undertow.servlet.ServletExtension

I wanted to add a custom servlet extension to Keycloak which would install a http handler that gets invoked on every request sent to Keycloak and sets up some logging MDC context that our custom SPI code can use for logging the incoming request traces correctly.
Following the docs here I created a custom extension class:
public class UndertowHandlerExtension implements ServletExtension {
#Override
public void handleDeployment(DeploymentInfo deploymentInfo, ServletContext servletContext) {
deploymentInfo.addInnerHandlerChainWrapper(TraceIdCapturingHandler::new);
}
}
And have defined my custom http handler TraceIdCapturingHandler in the same JAR file. I also added a file to META-INF/services/io.undertow.servlet.ServletExtension and set the fully qualified reference to the extension class. I also updated my deployments jboss-deployment-structure.xml and added the following 2 entries as dependencies:
<module name="io.undertow.servlet" />
<module name="javax.servlet.api" />
However, when my deployment is created the extension is not being invoked and my filter is not executing. Is there something I am missing in terms of how to configure Wildfly for Keycloak so that my extension and handler are installed and used correctly?
EDIT:
After doing a bit of digging I realized I was headed down the wrong path. Looked at this repository and I think I need a custom RealResourceProvider as shown here which in turn can install my filter by obtaining an instance of ResteasyProviderFactory and invoking getContainerRequestFilterRegistry().registerSingleton().
Will try this out and report back.
Please see the edit above for my question. I was able to implement a RealmResourceProviderFactory instance that initialized the filters I needed on startup in the init() method:
#Override
public void init(Config.Scope scope) {
log.info("Initializing");
initializeKeycloakFilters();
}
private void initializeKeycloakFilters() {
ResteasyProviderFactory providerFactory = ResteasyProviderFactory.getInstance();
TraceIdCapturingFilter filter = new TraceIdCapturingFilter();
providerFactory.getContainerRequestFilterRegistry().registerSingleton(filter);
}

How to Pass object to REST Get Method

I am using Jersey Rest implementation. There are one Rest Services Called HelloWorld. See the below code.
Please consider this code as reference not as compiled code.
#Path("helloWorld")
public class HelloWorld{
#Path("test")
#Produces(...)
#Consum(...)
#GET
public Response test(Person person){
System.out.println(person);
}
}
I am using Jersey client to sent the request.
Here My question is apart from POST method is there any way to send the object to GET method directly. Instead of QueryString.
Please let me if there is any way to do so.
Thanks
So the problem shouldn't be with the server. I did a few tests on different servers (not weblogic as I don't use it) and all of them seem to have no problems accepting a body in the GET request. The problem seem to be with the client. To test I used the following code
ClientBuilder.newClient()
.target("http://localhost:8080/api/get-body")
.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true)
.request()
.method(HttpMethod.GET, Entity.text("Hello World"));
The SUPPRESS_HTTP_COMPLIANCE_VALIDATION allows us to pass a body to the request. If we didn't use this, then we would get an error.
The problem with this code, is that even though we set this override property, the client completely overrides the GET method and automatically makes it a POST method, so I would get back a 405 Method Not Allowed.
The solution I came up with is to just allow the client to set a header, e.g. X-GET-BODY-OVERRIDE, and then use a #PreMatching filter on the server side to check for this header. If the header is present, then just change the method to a GET
#Provider
#PreMatching
public class GetWithBodyFilter implements ContainerRequestFilter {
#Override
public void filter(ContainerRequestContext request) throws IOException {
String getOverride = request.getHeaderString("X-GET-BODY-OVERRIDE");
if (getOverride != null && "true".equalsIgnoreCase(getOverride)) {
request.setMethod(HttpMethod.GET);
}
}
}
Then just register the filter with the server side. On the client, you would simply need to add the header
ClientBuilder.newClient()
.target("http://localhost:8080/api/get-body")
.property(ClientProperties.SUPPRESS_HTTP_COMPLIANCE_VALIDATION, true)
.request()
.header("X-GET-BODY-OVERRIDE", "True")
.method(HttpMethod.GET, Entity.text("Hello World"));
This solution is good because it takes into account more than just the Jersey client, in regards with being able to send a body in the GET request.

Force ASP .Net Web API to block HTTP requests with Error (403)

I would like to configure my project to not allow http requests with the following restrictions:
It must be a global restriction for all APIs (via web.config, script in the installer, etc.)
It must be hard coded(not pressing "Require SSL" on the APP in the IIS)
No "redirect"- just return error (403)
my ideal option would be to configure "Require SSL" by a script which runs in the installer.
This can be accomplished by writing a simple ActionFilter that inspects the request and responds when the scheme is not set to ssl. A very minimal implementation may look something like:
public class RequireHttpsAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
}
}
}
To make this apply everywhere, you'll likely want to register it as a global filter in the WebAPI configuration when your application is bootstrapping. That would look something like:
public static class WebApiConfig
{
public static void Register(HttpConfiguration config)
{
config.Filters.Add(new RequireHttpsAttribute());
// ... More configuration ...
}
}
If you search the web a bit, you can find many examples of similar filters with more robust logic that may better meet your needs.

Using SOAPUI as a kind of gateway

I want to ask you if it is possible in SOAPUI to alter a mock response, and link it to the real web service operation in which the MockService is based on.
I need to do that because within SOAPUI I can reach to external webservices; BUT for security/configuration reasons, I can’t access to this external webservices inside my local code in my Eclipse (I have tried several proxy configurations in my Eclipse without success).
What I want to do is to pass the request that reach to the mock service to the original web service and return the response without manipulation.
You can create a mockService in SOAPUI to redirect your request to a 3rd party service as follows:
First creat a mockService in your project: right click on your project > New SOAP MockService
Then creat a mockOperation on it: right click on your MockService > New MockOperation
Inside your mockOperation there is a request created, open it an put for example the follow code as a response: ${myResponse}. This name is bind to a variable which will fill then with a script.
Finally open your mockOperation and use the follow script to hit your 3rd party service redirecting the original request:
final HttpURLConnection connection = 'http://yourService:8080'.toURL().openConnection()
connection.setDoOutput(true)
// copy the headers
mockRequest.getRequestHeaders().each { name, value ->
connection.setRequestProperty(name,value.toString())
}
// write the request
connection.outputStream.withWriter { Writer writer ->
writer << mockRequest.requestContent
}
// get the response
String response = connection.inputStream.withReader { Reader reader -> reader.text }
// set the response in your variable
requestContext.myResponse = response
Hope this helps,
I finally did it turning 'Dispatch' to SCRIPT and adding this script:
// import all the namespaces to trim the lines of codes
import com.eviware.soapui.impl.wsdl.WsdlProject
import com.eviware.soapui.impl.wsdl.WsdlInterface
import com.eviware.soapui.impl.wsdl.WsdlRequest
import com.eviware.soapui.impl.wsdl.WsdlSubmitContext
import com.eviware.soapui.impl.wsdl.WsdlSubmit
import com.eviware.soapui.model.iface.Response
import com.eviware.soapui.model.mock.MockResponse
// get reference to project
WsdlProject project = (WsdlProject)mockOperation.mockService.project
// get reference to request
WsdlRequest request = (WsdlRequest)project.interfaces["TheRealWebService"].operations["TheRealOperation"].getRequestByName("TheRealRequest")
// set request content from incoming mockRequest
request.setRequestContent(mockRequest.getRequestContent())
// submit request asynchronously
WsdlSubmit submit=request.submit( new WsdlSubmitContext( request ), false )
// wait for the response
Response response = submit.getResponse();
// get reference to MockResponse
MockResponse mockResponse=mockOperation.getMockResponseByName("Response1")
// set the mock response content from response received by the request.
mockResponse.setResponseContent(response.getContentAsString())

How to do error handling in web application written in Perl (CGI.pm)?

When writing / maintaining web application written in Perl using CGI.pm, how should I handle errors (exceptions)? Webapp in question can be deployed as plain CGI app, as FastCGI app (using CGI::Fast), and as mod_perl app using ModPerl::Registry handler.
I mean here handling errors like page not found, or configuration forbids given action, or some external command used in the app failed (like e.g. cannot connect to the database).
Edit: added 2010-12-14.
The example code flow could look like this:
sub run {
...
run_request();
...
}
sub run_request {
...
$actions{$cgi->param('a')}->();
...
}
sub action_foo {
foo_body()
}
sub foo_body {
check_something()
or handle_error(some description);
}
I mean here that error might have be to be thrown / handled in some nested call, and not only in the action handler / route handler.
Pass the appropriate status code to the header method as per Creating A Standard HTTP Header