Grails: Difference in behavior between run-war and run-app - facebook

I am using the FB cookie and trying to decode it into json, the code looks similar to this
def value = cookie.value
String[] tokens = value.split('\\.')
String decodeToken = new String(Base64.decodeBase64(tokens[1].getBytes()),
'UTF-8')
def jsonValue = JSON.parse(decodeToken)
Where the cookie is the one that facebook creates when using the login plugin.
Now, when I run this using run-app, there are no issues. However, when running it using run-war, an exception is thrown when the JSON parser tries to create the JSON object from the String.
Caused by: org.codehaus.groovy.grails.web.json.JSONException: Expected a ',' or '}' at character 304 of {"algorithm":"HMAC-SHA256","code":"AQCvjV......."user_id":...50089"\00\00
Debugging it further, it seems the String that gets created from the decode call, is fine when run in the context of run-app. But when run-war is done, the last character of the String is not a '}' but some garbled character - and this is the one that causes the parser to throw an exception.
What could be a cause of this? What would be a good point to start debugging this further?
I have even tried to invoke getBytes() by using a specific encoding - but to no avail.

run-app runs a grails applications and allows the reloading from resources
run-war generates a war file and runs the war file, so no reloading of resources.
you could manually do grails war and then run it on a local instance of tomcat.

Related

While running recorded simulation in Gatling, I got file not found error

now I'm trying to conduct load test with gatling.
I have been trying create gatling's simulation script via gatling recorder and
it was going well.
but, when I executed that, I encountered file not found error below although there are files
(in this case /step1/0006_request.json is exist)
request_6: Failed to build request: Resource /step1/0006_request.json not found
there are many json files and that error occurred some of specific post requests.
every requests which is failed are composed following setting.
using request header 'headers_6' below
using RawFileBody method
(even if this is obvious thing because content-type is 'application/json')
I already have been using 12 hour over and I have to finish my task in a timely manner.
I'm so sorry about that I can't share my application which is target of this issue.
if anyone have any idea or kindly want to more detail please ask me.
val headers_6 = Map(
"Content-Type" -> "application/json",
"Origin" -> "applicationServerURL")
.exec(http("request_6")
.post("requestUrl")
.headers(headers_6)
.body(RawFileBody("/step1/0006_request.json"))
.resources(http("request_7")
additionally, I checked json files which were created by gatling recorder on 'resource' directory, them contains only one char 'X'.
this means Gatling recorder doesn't capture request json file's content?
env:
Gatling version gatling 3.5.1
Used Browser: FireFox
I just solved this issue.
this issue was caused by very simple fact.
firstly, I encountered error message below
request_6: Failed to build request: Resource /step1/0006_request.json not found
and I have to check the file paths although this script was auto created by gatling recorder(do not trust gatling tool).
The auto created file path was absolute path and start with ‘/’. And the script started to work once I remove the ‘/’.
I referred other post on stack overflow, and it was written that file path must be written with absolute path if you are using gatling version 3 or later version.
I hope my reply can be informative to someone who may be having same issue as me.
Using 'relative path'.
//As is
.exec(http("request_6")
.post("requestUrl")
.headers(headers_6)
.body(RawFileBody("/step1/0006_request.json"))
.resources(http("request_7")
//To be
.exec(http("request_6")
.post("requestUrl")
.headers(headers_6)
.body(RawFileBody("step1/0006_request.json"))
.resources(http("request_7")

Flask response setting is not working in Bluemix Flask Buildpack

I am trying deploying my flask application to the Bluemix where it is configured by Bluemix Python Flask BuildPack and it is not a custom build back.
#app.route('/run', methods=['GET','POST'])
def stockModuleRunner():
stockCode = request.args.get("stock_code","")
# Store the reference, in case you want to show things again in standard output
old_stdout = sys.stdout
# This variable will store everything that is sent to the standard output
result = StringIO()
sys.stdout = result
# Here we can call anything
# Here we can call anything we like, like external modules, and everything that they will send to standard output will be stored on "result"
r = Resilience.Resilience()
r.main(stockCode)
# Redirect again the std output to screen
sys.stdout = old_stdout
# Then, get the stdout like a string and process it!
result_string = result.getvalue()
print(result_string)
#r = Resilience.Resilience()
#r.main(stockCode)
resp = Response("<html><pre>"+result_string+"</pre></html>")
resp.headers['content-type'] = 'text/html; charset=utf-8'
return
I set the content type of my response as a text/html. But it didn't work in the Bluemix, while it worked in my local environment. In the Bluemix, it changed to text/xml automatically. I confirmed it through the network tab of chrome developer tool. I got the error like the followings. As per the result of a google search, I found out that it is a sort of xml parsing error. Do you have any idea of this problem?
This page contains the following errors:
error on line 1 at column 1: Document is empty
Below is a rendering of the page up to the first error.

Diacritic Letters are mistreated by Rest Client

I'm using rest:0.8 to connect my main Grails project to another Grails project that serves as a report generator using this line of code:
Map<String, String> adminConfigService = [
webURL: "http://192.168.20.21:8080/oracle-report-service/generate",
...
]
Map params = [
...
name: "Iñigo",
...
]
withHttp(uri: adminConfigService.webURL) {
html = get(query: params)
}
And then the receiving REST client will process that data. Running the two projects in my local machine works fine. Although when I deploy the war file of the report generator to our tomcat server, it converts the letter "ñ" to "├â┬æ", so the name "Iñigo" is treated as "I├â┬æigo".
Since the Report Generator project works fine when run on my local machine, does that means I need to change some conf files on my Tomcat Server? What setting file do I need to change?
It seems like encoding issue.
Check Config.groovy:
grails.converters.encoding = "UTF-8"
Check file's encoding of controllers and services where you use rest:0.8.
Check URIEncoding in tomcat's server.xml (must be UTF-8).
Also try to set useBodyEncodingForURI="true" (in connector, like URIEncoding parameter).
Do you save this data to the database? If that so, check your DataSource.groovy url parameter:
url = "jdbc:mysql://127.0.0.1:3306/dbname?characterEncoding=utf8"
Also check encoding and collation of you table and fields in the database.

How to get started with ESAPI out of a servlet container

Could anyone give some considerations to get started using the ESAPI on a no-web context?
I came with this little test that validates a string with DefaultValidator.isValidCreditCard, but I got some web-container dependency errors.
The following method is consumed from a Junit Test:
#Override
public ValidationErrorList creditCard(String value) {
this.value = value;
ValidationErrorList errorList = new ValidationErrorList();
try {
isValid = validator.isValidCreditCard(null, value, false, errorList);
}catch(Exception ie){
System.out.println(">>> CCValidator: [ " + value + "] " + ie.getMessage());
messages = (ArrayList) errorList.errors();
}
return messages;
}
This is the error that I get (relevant part) of course I'm not running in a container:
Attempting to load ESAPI.properties via file I/O.
Attempting to load ESAPI.properties as resource file via file I/O.
Found in 'org.owasp.esapi.resources' directory: C:\foundation\validation\providers\esapi\ESAPI.properties
Loaded 'ESAPI.properties' properties file
Attempting to load validation.properties via file I/O.
Attempting to load validation.properties as resource file via file I/O.
Found in 'org.owasp.esapi.resources' directory: C:\foundation\validation\providers\esapi\validation.properties
Loaded 'validation.properties' properties file
SecurityConfiguration for Encoder.AllowMixedEncoding not found in ESAPI.properties. Using default: false
SecurityConfiguration for Encoder.AllowMixedEncoding not found in ESAPI.properties. Using default: false
javax/servlet/ServletRequest
java.lang.NoClassDefFoundError: javax/servlet/ServletRequest
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.owasp.esapi.util.ObjFactory.make(ObjFactory.java:74)
at org.owasp.esapi.ESAPI.httpUtilities(ESAPI.java:121)
at org.owasp.esapi.ESAPI.currentRequest(ESAPI.java:70)
at org.owasp.esapi.reference.Log4JLogger.log(Log4JLogger.java:434)
...
Calls to ESAPI..xxxMethods() also raise dependency errors.
Any advice to get started will be appreciate.
Best,
jose
ESAPI has a servlet filter API that requires javax.servlet.ServletRequest to be on the classpath. ESAPI is owned by OWASP --> "Open Web Application Security Project." Therefore, ESAPI is designed with web applications in mind.
If you're not writing a web application, then its either a console application or a rich client application. If you don't expect to use it to connect to the outside world, then the main secure practices you really need to worry about are ensuring that you always use safely parameterized queries, and that any data passed into your application from a source that IS connected to the outside world is properly escaped. For that, the only thing you need is OWASP's encoder project.

Communicating with DB through SSH in GWT app (using RPC)

I am trying to write a GWT back-end using the RPC model for java servlets.
Is it possible to ssh tunnel within an RPC in order to communicate with a remote sql database?
The code I try to execute is below, using Jsch. The error occurs on "session.connect();"
String host="xxxxx.xxx.edu";
String user="username";
String password="password";
Session session= null;
try{
//Set StrictHostKeyChecking property to no to avoid UnknownHostKey issue
java.util.Properties config = new java.util.Properties();
config.put("StrictHostKeyChecking", "no");
JSch jsch = new JSch();
session=jsch.getSession(user, host, 22);
session.setPassword(password);
session.setConfig(config);
session.connect();
}
The runtime error I get on the 'session.connect()' line is as follows: (scroll right to see whole error)
com.jcraft.jsch.JSchException: java.security.AccessControlException: access denied (java.net.SocketPermission xxxxx.xxx.edu resolve)
at com.jcraft.jsch.Util.createSocket(Util.java:341)
at com.jcraft.jsch.Session.connect(Session.java:194)
at com.jcraft.jsch.Session.connect(Session.java:162)
at com.front.server.GameServiceImpl.createGame(GameServiceImpl.java:39)
The frustrating part about this is that I copied/pasted the exact same code into a simple java program and it works. So I know the code is correct; obviously the jetty server which GWT creates for local testing has a problem executing the code. What else can I do / what should I be doing in this situation with GWT? Shouldn't the back-end of a GWT application have the capacity to ssh??
I suggest you try running your gwt app with a different web container (Tomcat, JBoss). You can still make use of debugging functionality by running the hosted mode with the -noserver flag.
See here