I have a jar that must be imported in the client application and enable the client to call my https wsdl web service with the help of the imported jar.
I see that when https service must be called, it must be a valid cacert file in the security folder of < java_home > location.
However I cannot make it possible to install the cacert file into clients javahome security folder just by only importing the jar to client's application.
If you have an idea about how to achieve this, any help would be appriciated, thanks in advance.
EDIT [SOLVED]:
I have solved my problem by adding this method just before the service call
public static void trustStore() {
Properties systemProps = System.getProperties();
systemProps.put("javax.net.ssl.trustStore","jssecacerts");
System.setProperties(systemProps);
}
EDIT [SOLVED]: I have solved my problem by adding this method just before the service call
public static void trustStore() { Properties systemProps = System.getProperties();
systemProps.put("javax.net.ssl.trustStore","jssecacerts");
System.setProperties(systemProps); }
You have two choices:
Provide instructions or an installer to the user that uses the keytool to import your certificate
Add the option "-Djavax.net.ssl.trustStore=..." to the command that boots your client application.
Related
I am experimenting with Spring Cloud Config Server for encryption/decryption of config values.
For this, under Config Server project made following changes:
In bootstrap.properties
encrypt.key=abcdefghabcdefghabcdefghabcdefghabcdefghabcdefgh
I have also updated JCE using following command in my Ubuntu 18.04 machine:
sudo apt install oracle-java8-unlimited-jce-policy
But after issuing a POST request, I couldn't see anything in response.
Ideally, encrypted text of the request body should be coming as response.
Sample project: https://github.com/Omkar-Shetkar/pluralsight-springcloud-m2-git
What could be missing here ?
Thanks.
It is actually due CSRF, was getting 401-unauthorized response. Since Spring Boot 2.0, we can disable this in code.
Detailed answer is available here:
spring config server encrypt forbidden
Following above steps solved the issue.
Just putting out there, If someone is stuck with my silly mistake, even after doing all above things, if /encrypt endpoint is still not authorized.
Please check your security adaptor class. If you have overridden below method as well
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user")
.password(passwordEncoder().encode(userPassword))
.roles("USER")
.and()
.withUser("admin")
.password(passwordEncoder().encode(adminPassword))
.roles("USER", "ADMIN");
}
You need to provide these credentials, under Basic Auth option of Authorization tab
I have generated X.509 Certificates according to the description in https://www.playframework.com/documentation/2.5.x/ConfiguringHttps . But, i cannot configure play to use this as ssl certicate.
Can anybody provide me the actual procedure to point ssl certifate and use this certificate in play to make https.
Note:
I am using play only as a server and react page as client. So, please help me to figure out how i can configure ssl certificate in such scenario.
Thanks you!!!
I found the solution to my problem.
After i created keyStore.jks from https://www.playframework.com/documentation/2.5.x/ConfiguringHttps . Then, all i needed to do was to put following things in application.conf file:
Application.conf
play.crypto.secret="changethissosomethingsecret"
play.server.https.keyStore.path = "Path to your .jks file"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.password = "yourKeyStorePassword"
Then to start the application all i need to do in dev mode was sbt "start -Dhttps.port=9443".
UPDATE: Some context on the problem below. My goal is to handle requests for users where they supply a Kafka topic with each request. I use Message Hub deployed on Bluemix as Kafka provider. The requests will pass the broker URL, topic name, username, password and API key. Message Hub on Bluemix requires JAAS authentication and provides a login module with different LoginModule implementations. Some are based on CallbackHandlers, others on CredentialProviders.
I picked the one implemented in com.ibm.messagehub.login.MultiUserLoginModule. With that module I should only have to supply a custom credential provider like:
KafkaClient {
com.ibm.messagehub.login.MultiUserLoginModule required
credentialProvider="myApp.CustomCredentialProvider";
};
The challenges are in the class loader and how the CustomCredentialProvider can get the username/password from the request passed to the MultiUserLoginModule at runtime. What configuration do I have to use to get that working?
DETAILS: I have a web application running in WebSphere Liberty 8.5.5 and want to authenticate with a third-party service. That third-party service implements a JAAS LoginModule with a CredentialProvider. My web app extends the CredentialProvider with a CustomCredentialProvider to pass credentials.
What I don't understand is how the class loading is supposed to work. My server.xml defines:
The web application
<webApplication id="streaming-service" location="streaming-service.war" name="streaming-service"/>
The third-party login module
<jaasLoginModule className="com.ibm.messagehub.login.MultiUserLoginModule" controlFlag="REQUIRED" id="KafkaClient" libraryRef="messageHubLoginLib">
<options credentialProvider="myApp.CustomCredentialProvider" serviceName="kafka"/>
</jaasLoginModule>
The library that implements the third-party login module
<library id="messageHubLoginLib">
<fileset dir="${server.output.dir}" includes="messagehub.login-1.0.0.jar"/>
</library>
The login context
<jaasLoginContextEntry id="KafkaClient" loginModuleRef="KafkaClient" name="KafkaClient"/>
The result of the above configuration is a ClassNotFoundException for my CustomCredentialProvider:
Caused by: java.lang.RuntimeException: java.lang.ClassNotFoundException: myApp.CustomCredentialProvider
at com.ibm.messagehub.login.MultiUserLoginModule$MultiUserCallbackHandler.<clinit>(MultiUserLoginModule.java:80)
How do I have to change my configuration for the third-party JAAS login module to find myApp.CustomCredentialProvider implemented in my streaming-service web app?
Note: I already tried to generate a streaming-service.jar and add it directly to the messageHubLoginLib. That resolves the ClassNotFoundException but the CustomCredentialProvider class is loaded completely outside the context of my running web application and still gives me no access my credentials.
You were nearly there with the separate streaming-service.jar. Here are all the steps that are needed.
Identify the classes (from your app) that need to be visible to the login module.
Put all those classes into your messageHubLoginLib (e.g. in a separate streaming-service.jar)
DELETE those classes from your app.
Configure the app with a class loader child element that references the login module library using a commonLibraryRef attribute:
<webApplication id="streaming-service" location="streaming-service.war" name="streaming-service">
<classloader commonLibraryRef="messageHubLoginLib" />
</webApplication>
Generate a streaming-service.jar and add it directly to the messageHubLoginLib should be the right way to do. In this case, you have a jar file that is share-able between your JAAS login module and Web App.
However, you said "CustomCredentialProvider class is loaded completely outside the context of my running web application and still gives me no access my credentials". It sounds like you trying to store the credential in the CustomCredentialProvider class for uses between the login module and web app.
The CustomCredentialProvider class should be independent between the login module and web app. When request come in and try to access the web app, the server trigger the login module for authentication. If it passed, the access to the web app will be successfully.
I don't see you posted. May be you are missing the following configuration?
<jaasLoginContextEntry id="system.WEB_INBOUND" name="system.WEB_INBOUND" loginModuleRef="KafkaClient,hashtable,certificate,token" />
Can you place the MultiUserLoginModule and CustomCredentialProvider jar file in the ${server.config.dir}/lib/global directory and change the libraryRef point to global directory in your server.xml file as following:
<jaasLoginModule className="com.ibm.messagehub.login.MultiUserLoginModule" controlFlag="REQUIRED" id="KafkaClient" libraryRef="global">
<options credentialProvider="myApp.CustomCredentialProvider" serviceName="kafka"/>
</jaasLoginModule>
I have a static xml file in the public folder which I want to access by firing
WS.url(myFileUrl)
from my tests. Any idea?
The problem is that if you want to access a static file via URL you need to have a real server running and servicing the requests. So you can add the server and specify the port as follows:
"run in a server" in new WithServer(port = 3333)) {
await(WS.url("http://localhost:3333").get).status must equalTo(OK)
}
I am attempting to upload a file using SFTP. I have an identity file set up and referenced correctly. When my flow gets to the SFTP it pauses execution and prompts for Kerberos username and Kerberos password. I do not need to enter anything for these and just pressing enter will allow execution to continue and will correctly upload my file. Doing research on this, it appears to be a Java1.7 bug and is referenced here: https://www.mulesoft.org/jira/browse/MULE-6864. In that Jira task they mention "Setting "PreferredAuthentications" property to "publickey,password,keyboard-interactive" in the SftpClient solves the problem." So where do I set this property? It isn't part of the connector. I tried adding it as an attribute directly in the XML but that didn't work either.
I am developing in Anypoint Studio July 2014, deploying to Mule 3.5.0EE.
The preferred authorization method can be added to a connector, but not the endpoint, such as:
<sftp:connector name="sftpConnector" validateConnections="true"
doc:name="mySftp" keepFileOnError="true"
preferredAuthenticationMethods="publickey,password,keyboard-interactive">
</sftp:connector>
Then reference the connector in your SFTP endpoint.
This however is not an available option in the connector until Mule 3.5, so a solution such as Steve's must be used if an earlier version is in use. It is not set via the GUI, rather should be put directly into the XML.
The answer was in the same Jira entry listed above. I needed to create a java class to do the configuration. Just add the following class to your project:
package com.mycompany.utils;
import org.apache.log4j.Logger;
import org.mule.api.MuleEventContext;
import org.mule.api.lifecycle.Callable;
import com.jcraft.jsch.JSch;
public class SftpFix implements Callable{
private static final Logger LOG = Logger.getLogger("com.mycompany");
static
{ // A bug fix for MULE-6864, where Java 7 causes an issue SSH'ing to a Linux box with Kerberos enabled.
LOG.info("Applying patch to JSch for MULE-6864");
JSch.setConfig("PreferredAuthentications", "publickey,password,keyboard-interactive");
}
#Override
public Object onCall(MuleEventContext eventContext){
return eventContext.getMessage().getPayload();
}
}