I am developing a Java client which will create an application in WSO2 Identity Server through calling the OAuthAdminService. After some digging I found that registerOAuthApplicationData() method is the one used for creating an application in IS. Before calling the method, I have authenticated the admin user via login() method of AuthenticationAdminStub type. Even after such authentication the registerOAuthApplicationData() method make the IS console to print
[2016-04-26 13:08:52,577] WARN
{org.wso2.carbon.server.admin.module.handler.AuthenticationHandler} -
Illegal access attempt at [2016-04-26 13:08:52,0577] from IP address
127.0.0.1 while trying to authenticate access to service OAuthAdminService
and the application is not getting created in the IS database.
The code which I have tried goes as follows
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.ConfigurationContextFactory;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.authenticator.proxy.AuthenticationAdminStub;
import org.wso2.carbon.identity.oauth.OAuthAdminServicePortTypeProxy;
import org.wso2.carbon.identity.oauth.dto.xsd.OAuthConsumerAppDTO;
public class IdentityClientOne {
private final static String SERVER_URL = "https://localhost:9443/services/";
private final static String APP_ID = "myapp";
/**
* #param args
*/
public static void main(String[] args) {
AuthenticationAdminStub authstub = null;
ConfigurationContext configContext = null;
System.setProperty("javax.net.ssl.trustStore", "wso2carbon.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
try {
configContext = ConfigurationContextFactory.createConfigurationContextFromFileSystem(
"repo", "repo/conf/client.axis2.xml");
authstub = new AuthenticationAdminStub(configContext, SERVER_URL
+ "AuthenticationAdmin");
// Authenticates as a user having rights to add users.
if (authstub.login("admin", "admin", APP_ID)) {
System.out.println("admin authenticated");
OAuthConsumerAppDTO consumerApp = new OAuthConsumerAppDTO("Oauth-2.0",
"sample_app",
"",
"authorization_code implicit password client_credentials refresh_token urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm","","","");
OAuthAdminServicePortTypeProxy OAuthAdminProxy = new OAuthAdminServicePortTypeProxy();
OAuthAdminProxy.registerOAuthApplicationData(consumerApp);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
Please help what should be done right ?
You have to access the stub via the authenticated session.
Could you try below.
public class Test {
private final static String SERVER_URL = "https://localhost:9443/services/";
public static void main(String[] args) throws RemoteException, OAuthAdminServiceException {
OAuthAdminServiceStub stub = new OAuthAdminServiceStub(null, SERVER_URL + "OAuthAdminService");
ServiceClient client = stub._getServiceClient();
authenticate(client);
OAuthConsumerAppDTO consumerAppDTO = new OAuthConsumerAppDTO();
consumerAppDTO.setApplicationName("sample-app");
consumerAppDTO.setCallbackUrl("http://localhost:8080/playground2/oauth2client");
consumerAppDTO.setOAuthVersion("OAuth-2.0");
consumerAppDTO.setGrantTypes("authorization_code implicit password client_credentials refresh_token "
+ "urn:ietf:params:oauth:grant-type:saml2-bearer iwa:ntlm");
stub.registerOAuthApplicationData(consumerAppDTO);
}
public static void authenticate(ServiceClient client) {
Options option = client.getOptions();
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
auth.setUsername("admin");
auth.setPassword("admin");
auth.setPreemptiveAuthentication(true);
option.setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, auth);
option.setManageSession(true);
}
}
Related
I'm trying to execute aws device farm example code that we can get below site.
https://docs.aws.amazon.com/devicefarm/latest/testgrid/getting-started-local.html
// Import the AWS SDK for Java 2.x Device Farm client:
...
// in your tests ...
public class MyTests {
// ... When you set up your test suite
private static RemoteWebDriver driver;
#Before
void setUp() {
String myProjectARN = "...";
DeviceFarmClient client = DeviceFarmClient.builder().region(Region.US_WEST_2).build();
CreateTestGridUrlRequest request = CreateTestGridUrlRequest.builder()
.expiresInSeconds(300)
.projectArn(myProjectARN)
.build();
CreateTestGridUrlResponse response = client.createTest.GridUrl(request);
URL testGridUrl = new URL(response.url());
// You can now pass this URL into RemoteWebDriver.
WebDriver driver = new RemoteWebDriver(testGridUrl, DesiredCapabilities.firefox());
}
#After
void tearDown() {
// make sure to close your WebDriver:
driver.quit();
}
}
After executing above codes, the error was occurred and the message is like this.
java.net.UnknownHostException: devicefarm.us-westt-2.amazonaws.com
I guess the code can't resolve host because of proxy server.
How can i resolve this problem?
Thanks.
Can you please confirm which line throws java.net.UnknownHostException: devicefarm.us-westt-2.amazonaws.com. Is it client.createTest.GridUrl(request) or WebDriver driver = new RemoteWebDriver(testGridUrl, DesiredCapabilities.firefox());
If it is the client.createTest.GridUrl(request), then please follow Proxy Configuration mentioned at https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/section-client-configuration.html
My current setUp method is like this.
#Before
public void setUp() {
try {
ProxyConfiguration.Builder proxyConfig = ProxyConfiguration.builder();
proxyConfig.endpoint(new URI("<YOUR PROXY URL>"));
proxyConfig.username("<YOUR USER ID>");
proxyConfig.password("YOUR PASSWORD");
ApacheHttpClient.Builder httpClientBuilder =
ApacheHttpClient.builder()
.proxyConfiguration(proxyConfig.build());
String myARN = "<YOUR ARN>";
DeviceFarmClient client = DeviceFarmClient.builder()
.credentialsProvider(DefaultCredentialsProvider.create())
.region(Region.US_WEST_2)
.httpClientBuilder(httpClientBuilder)
.overrideConfiguration(ClientOverrideConfiguration.builder().build())
.build();
CreateTestGridUrlRequest request = CreateTestGridUrlRequest.builder()
.expiresInSeconds(300) // 5 minutes
.projectArn(myARN)
.build();
URL testGridUrl = null;
CreateTestGridUrlResponse response = client.createTestGridUrl(request);
testGridUrl = new URL(response.url());
driver = new RemoteWebDriver(testGridUrl, DesiredCapabilities.chrome());
} catch (Exception e) {
e.printStackTrace();
}
}
Thank you again.
My organization is running spring boot app on AWS ECS docker container which reads the credentials for Postgres sql from secrets manager in AWS during boot up. AS part of security complaince, we are rotating the secrets every 3 months. The spring boot app is loosing connection with the database and going down when the RDS credentials are rotated.we have to restart it in order to pick the new credentials to work properly. Is there any way I can read the credentials automatically once the credentials are rotated to avoid restarting the application manually?
After some research I found that the postgres database in AWS supports passwordless authentication using IAM roles. We can generate a token which is valid for 15 mins and can connect to database using that token. I prefer this way of connecting to database rather than using password for my database. More details about setting up password less authentication can be found here
Code example as below
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.services.rds.auth.GetIamAuthTokenRequest;
import com.amazonaws.services.rds.auth.RdsIamAuthTokenGenerator;
import org.apache.commons.lang3.StringUtils;
import org.apache.tomcat.jdbc.pool.ConnectionPool;
import org.apache.tomcat.jdbc.pool.PoolConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.net.URI;
import java.net.URISyntaxException;
import java.sql.SQLException;
import java.util.Properties;
public class RdsIamAuthDataSource extends org.apache.tomcat.jdbc.pool.DataSource {
private static final Logger LOGGER = LoggerFactory.getLogger(RdsIamAuthDataSource.class);
private static final int DEFAULT_PORT = 5432;
private static final String USESSL = "useSSL";
private static final String REQUIRE_SSL = "requireSSL";
private static final String BOOLEAN_TRUE = "true";
private static final String VERIFY_SERVER_CERTIFICATE = "verifyServerCertificate";
private static final String THREAD_NAME = "RdsIamAuthDataSourceTokenThread";
/**
* Constructor for RdsIamAuthDataSource.
* #param props {#link PoolConfiguration}
*/
public RdsIamAuthDataSource(PoolConfiguration props) {
this.poolProperties = props;
}
#Override
public ConnectionPool createPool() throws SQLException {
if (pool == null) {
return createPoolImpl();
} else {
return pool;
}
}
protected ConnectionPool createPoolImpl() throws SQLException {
synchronized (this) {
return pool = new RdsIamAuthConnectionPool(poolProperties);
}
}
private class RdsIamAuthConnectionPool extends ConnectionPool implements Runnable {
private RdsIamAuthTokenGenerator rdsIamAuthTokenGenerator;
private String host;
private String region;
private int port;
private String username;
private Thread tokenThread;
/**
* Constructor for RdsIamAuthConnectionPool.
* #param prop {#link PoolConfiguration}
* #throws SQLException {#link SQLException}
*/
public RdsIamAuthConnectionPool(PoolConfiguration prop) throws SQLException {
super(prop);
}
#Override
protected void init(PoolConfiguration prop) throws SQLException {
try {
final URI uri = new URI(prop.getUrl().substring(5));
this.host = uri.getHost();
this.port = uri.getPort();
if (this.port < 0) {
this.port = DEFAULT_PORT;
}
this.region = StringUtils.split(this.host,'.')[2];
this.username = prop.getUsername();
this.rdsIamAuthTokenGenerator = RdsIamAuthTokenGenerator.builder()
.credentials(new DefaultAWSCredentialsProviderChain())
.region(this.region)
.build();
updatePassword(prop);
final Properties props = prop.getDbProperties();
props.setProperty(USESSL, BOOLEAN_TRUE);
props.setProperty(REQUIRE_SSL, BOOLEAN_TRUE);
props.setProperty(VERIFY_SERVER_CERTIFICATE, BOOLEAN_TRUE);
super.init(prop);
this.tokenThread = new Thread(this, THREAD_NAME);
this.tokenThread.setDaemon(true);
this.tokenThread.start();
} catch (URISyntaxException e) {
LOGGER.error("Database URL is not correct. Please verify", e);
throw new RuntimeException(e.getMessage());
}
}
/**
* Refresh the token every 12 minutes.
*/
#Override
public void run() {
try {
while (this.tokenThread != null) {
Thread.sleep(12 * 60 * 1000);
updatePassword(getPoolProperties());
}
} catch (InterruptedException e) {
LOGGER.error("Background token thread interrupted", e);
}
}
#Override
protected void close(boolean force) {
super.close(force);
final Thread thread = tokenThread;
if (thread != null) {
thread.interrupt();
}
}
private void updatePassword(PoolConfiguration props) {
final String token = rdsIamAuthTokenGenerator.getAuthToken(GetIamAuthTokenRequest.builder()
.hostname(host)
.port(port)
.userName(this.username)
.build());
LOGGER.info("Updated IAM token for connection pool");
props.setPassword(token);
}
}
}
Supply the following DataSource as a spring bean. That's it. Now your application will automatically refresh credentials every 12 minutes
#Bean
public DataSource dataSource() {
final PoolConfiguration props = new PoolProperties();
props.setUrl("jdbc:postgresql://myapp.us-east-2.rds.amazonaws.com/myschema?ssl=true");
props.setUsername("rdsadminuser");
props.setDriverClassName("org.somedatabase.Driver");
return new RdsIamAuthDataSource(props);
}
I'm using the developer-authenticated technique for implementing this class, as described here. So far, I've been able to implement this class and build a framework in which I check CognitoCachingCredentialsProvider.getCachedIdentityId() to see if a user has logged in (and therefore doesn't need to re-authenticate by entering an email and password). To do this, I'm using a series of static methods in a class called Util, since these only need to be instantiated once. This is what it looks like:
package com.pranskee.boxesapp;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ExecutionException;
import org.json.JSONException;
import org.json.JSONObject;
import android.content.Context;
import android.util.Log;
import com.amazonaws.auth.AWSAbstractCognitoIdentityProvider;
import com.amazonaws.auth.CognitoCachingCredentialsProvider;
import com.amazonaws.mobileconnectors.cognito.*;
import com.amazonaws.regions.Regions;
public class Util {
private final static String TAG = "Util";
private static final String AWS_ACCOUNT_ID = {acct id};
private static final String COGNITO_POOL_ID = {pool id};
private static final String COGNITO_ROLE_AUTH = {auth arn};
private static final String COGNITO_ROLE_UNAUTH = {unauth arn}
private static CognitoCachingCredentialsProvider sCredProvider;
private static UserIdentityProvider sIdProvider;
private static CognitoSyncManager sSyncManager;
private Util() {
}
public static CognitoCachingCredentialsProvider getCredProvider(
Context context) {
if (sCredProvider == null) {
if (sIdProvider == null) {
CognitoCachingCredentialsProvider tmpProvider = new CognitoCachingCredentialsProvider(
context.getApplicationContext(), AWS_ACCOUNT_ID,
COGNITO_POOL_ID, COGNITO_ROLE_UNAUTH,
COGNITO_ROLE_AUTH, Regions.US_EAST_1);
if (tmpProvider.getCachedIdentityId() != null) {
sCredProvider = tmpProvider;
} else {
sCredProvider = null;
}
} else {
sCredProvider = new CognitoCachingCredentialsProvider(
context.getApplicationContext(), sIdProvider,
COGNITO_ROLE_UNAUTH, COGNITO_ROLE_AUTH);
}
}
return sCredProvider;
}
public static UserIdentityProvider getIdentityProvider(Context context,
String email, String pwd) {
if (sIdProvider == null) {
sIdProvider = new UserIdentityProvider(AWS_ACCOUNT_ID,
COGNITO_POOL_ID, context.getApplicationContext(), email,
pwd);
Map logins = new HashMap();
logins.put({Developer Provider Name}, sIdProvider.getToken());
sIdProvider.setLogins(logins);
}
return sIdProvider;
}
public static boolean isLoggedIn(Context context) {
if (getCredProvider(context) == null) {
return false;
}
return true;
}
private static CognitoSyncManager getSyncManager(Context context) {
if (sSyncManager == null) {
sSyncManager = new CognitoSyncManager(
context.getApplicationContext(), Regions.US_EAST_1,
sCredProvider);
}
return sSyncManager;
}
protected static class UserIdentityProvider extends
AWSAbstractCognitoIdentityProvider {
private Context context;
private String email;
private String password;
public UserIdentityProvider(String accountId, String identityPoolId,
Context c, String em, String pwd) {
super(accountId, identityPoolId);
context = c;
email = em;
password = pwd;
}
#Override
public String refresh() {
try {
ServerCommunicator server = new ServerCommunicator(context);
//this is a server call, which makes the call GetOpenIdTokenForDeveloperIdentityRequest after I authenticate the user and send AWS my user's token
String response = server.initUserLoginAsyncTask()
.execute(email, password).get();
JSONObject responseJSON = new JSONObject(response);
String identityId = responseJSON.getString("id");
String token = responseJSON.getString("token");
this.setToken(token);
this.setIdentityId(identityId);
update(identityId, token);
return token;
} catch (InterruptedException e) {
e.printStackTrace();
} catch (ExecutionException e) {
e.printStackTrace();
} catch (JSONException e) {
e.printStackTrace();
}
return null;
}
#Override
public String getProviderName() {
return {Developer Provider Name};
}
}
}
Now, I want to also implement a Logout. I think what I'd need to do is remove the cached Identity Id somehow, but I'm not sure what the best method would be to do that. Or, maybe it's not that at all, and I need to do something differently entirely. Either way, I just want to implement the intended behavior of allowing a user to select to "Log Out" of my app, which causes Cognito to forget that that ID was logged into the Identity Pool and invalidates any attempt to establish an Identity ID again without going through my authentication process again.
Logout would be a two steps process, first you need to logout from the Identity Provider that authenticated your user (Amazon, Google, Facebook or your own) Instructions on how to do this are specific to your provider.
From the CognitoIdentity side, you need to tell the CredentialsProvider to clear all state and cache associated with your identity. Using Android SDK, you can call clear() on the CredentialsProvider (see http://docs.aws.amazon.com/AWSAndroidSDK/latest/javadoc/com/amazonaws/auth/CognitoCredentialsProvider.html)
Getting Error while consuming webservices in java through SOAP approach. Plz suggest, i am stuck in this for last 10 days. I am using this server for webservices "http://www.webservicex.net/globalweather.asmx"
Error:
Exception in thread "main" [SOAPException: faultCode=SOAP-ENV:Client; msg=Error
opening socket: Connection timed out: connect;
targetException=java.lang.IllegalArgumentException: Error opening
socket: Connection timed out: connect]
at org.apache.soap.transport.http.SOAPHTTPConnection.se(SOAPHTTPConnection.java:324)
at org.apache.soap.rpc.Call.invoke(Call.java:205)
at com.check.ClientNet.main(ClientNet.java:47)
My java code is :
package com.check;
import java.net.*;
import java.util.*;
import org.apache.soap.*;
import org.apache.soap.encoding.SOAPMappingRegistry;
import org.apache.soap.rpc.*;
import org.apache.soap.encoding.soapenc.StringDeserializer;
import org.apache.soap.util.xml.QName;
import com.check.ProxyAuthenticator;
public class ClientNet {
public static void main (String[] args)
throws Exception {
Properties properties = System.getProperties();
properties.put("http.proxyHost", "10.136.236.30");
properties.put("http.proxyPort", "8080");
properties.put("http.proxyUser", "bnkishore");
properties.put("http.proxyPassword","XXXX");
Properties newprops = new Properties(properties);
System.setProperties(newprops);
String username = System.getProperty("http.proxyUser");
String password = System.getProperty("http.proxyPassword");
if (username != null && !username.equals("")) {
Authenticator.setDefault(new ProxyAuthenticator(username, password));
}
System.out.println("\n\nCalling the SOAP Server:\n\n");
//http://www.webservicex.net/globalweather.asmx
URL url = new URL ("http://www.webservicex.net/globalweather.asmx");
String CountryName = "India";
Call call = new Call();
SOAPMappingRegistry soapMappingRegistry = new SOAPMappingRegistry();
soapMappingRegistry.mapTypes(Constants.NS_URI_SOAP_ENC, new QName("http://www.webserviceX.NET", "globalweather"),null,null, new StringDeserializer());
call.setTargetObjectURI("http://www.webserviceX.NET");
call.setMethodName("GetCitiesByCountry");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
Vector<Parameter> params = new Vector<Parameter>();
params.addElement(new Parameter("CountryName", String.class, CountryName, null));
call.setParams (params);
System.out.print("The SOAP Server says: ");
Response resp = call.invoke(url, " ");
if (resp.generatedFault()) {
Fault fault = resp.getFault();
System.out.println("\nOuch, the call failed: ");
System.out.println(" Fault Code = " + fault.getFaultCode());
System.out.println(" Fault String = " + fault.getFaultString());
} else {
Parameter result = resp.getReturnValue();
System.out.print(result.getValue());
System.out.println();
}
}
}
And ProxyAuthencator code is :
package com.check;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
public class ProxyAuthenticator extends Authenticator {
private String userName, passWord;
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(userName,passWord.toCharArray());
}
public ProxyAuthenticator(String userName, String password) {
this.userName = userName;
this.passWord = password;
getPasswordAuthentication();
}
}
Thanks.
There is a timeout, that means you client is not reaching the server. Check connectivity. For dealing with a proxy, additionally to your ProxyAuthenticator you need to add few system properties: proxySet, proxyHost and proxyPort. If you are using maven, you can do it in this way:
mvn jetty:run -DproxySet=true -DproxyHost=proxy.indra.es -DproxyPort=8080
Since it' apparently not possible to authenticate with LDAP on my BlackBerry App, I'm trying to use a kind of workaround. Instead of authenticate directly on the LDAP Server, I want to use a Web Service in between. So it looks like this
App --calls--> Web Service --calls--> LDAP Server
So the Web Service should take the username and password given from the Application and send it to the LDAP Server. If its possible to sign in, the Web Service gets a TRUE as response and forward it to the App.
That's how it should work. But at the moment, when I call the Web Service from the App, I get following error:
SoapFault - faultcode: 'S:Server' faultstring:
'java.lang.NullPointerException' faultactor: 'null' detail:
org.kxml2.kdom.Node#21e05a11
Seems like a Server problem but I don't know where :(
Well, that's the Web Service I'm using:
import javax.ejb.Stateless;
import javax.jws.WebService;
import com.novell.ldap.LDAPConnection;
import com.novell.ldap.LDAPException;
#Stateless
#WebService()
public class ldapServiceBean implements ldapService {
#Override
public String error() {
// TODO Auto-generated method stub
return null;
}
#Override
public boolean ldapLogin(String username, String password) {
int ldapPort = LDAPConnection.DEFAULT_PORT;
int ldapVersion = LDAPConnection.LDAP_V3;
String ldapHost = "dc1.somehost ";
String loginDN =
"CN="+username+",OU=employee,OU=user,DC=somehost";
byte[] passwordBytes = password.getBytes();
LDAPConnection lc = new LDAPConnection();
try {
// connect to the server
lc.connect( ldapHost, ldapPort );
// authenticate to the server
lc.bind( ldapVersion, loginDN, passwordBytes );
System.out.println("Bind successful");
return true;
}
catch( LDAPException e ) {
if ( e.getResultCode() == LDAPException.NO_SUCH_OBJECT ) {
System.err.println( "Error: No such entry" );
} else if ( e.getResultCode() ==
LDAPException.NO_SUCH_ATTRIBUTE ) {
System.err.println( "Error: No such attribute" );
} else {
System.err.println( "Error: " + e.toString() );
}
}
return false;
}
And that's the method calling the Web Service
private static final String SOAP_ACTION = "";
private static final String METHOD_NAME = "ldapLogin";
private static final String NAMESPACE = "http://ldapproxy.somehost/";
private static final String URL = "http://myIP:8080/LDAPProxy/ldapServiceBeanService";
...
public boolean login(String username, String password) {
SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME);
//SoapObject
request.addProperty("username", username);
request.addProperty("password", password);
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
//envelope.dotNet = true;
//envelope.bodyOut = request;
envelope.setOutputSoapObject(request);
HttpTransport httpTransport = new HttpTransport(URL);
try
{
httpTransport.call(SOAP_ACTION, envelope);
System.out.println("request: " + httpTransport.requestDump);
resultsRequestSOAP = (SoapObject) envelope.getResponse();
return true;
}catch(SoapFault sF){
String error = sF.toString();
Dialog.alert(error);
}
catch (Exception aE)
{
Dialog.alert("Connection failed");
aE.printStackTrace ();
}
return false;
}
What I found out so far:
It seems that the webservice don't receives the username and password property. As I print them I get:
`CN=null, OU=employee, OU=...`
Like I've read at this post Web service recieves null parameters from application using ksoap method it seems ksoap have a problem with colons. I changed my NAMESPACE but without any success. Maybe I need to change my URL too. But how would I do this while I still need to use localhost ?
As always when doing LDAP bind testing this way, recall that the standard requires that a bind of a username, no password, is a successful Anonymous bind, so therefore you MUST validate for this case (empty password) on login attempts.