We Keep Coding

Invalid Redirect: You are using a sensitive scope. URI must use https:// as the scheme

when I log into my app, I get a message
If you’re the app developer, make sure that these request details
comply with Google policies. redirect_uri:
http://XXXXXX/login/oauth2/code/google
I tried to add this to the Authorized redirect URIs in my google cloud
but I get an error
Invalid Redirect: You are using a sensitive scope. URI must use
https:// as the scheme
also if I add a url with
https://
then I still get a message when I log into the app
If you’re the app developer, make sure that these request details
comply with Google policies. redirect_uri:
http://XXXXXXX/login/oauth2/code/google
my technology stack:
java
spring
vaadin
properties file:
server.port=${PORT:8080}
spring.security.oauth2.client.registration.google.client-id=xxxxxx.apps.googleusercontent.com
spring.security.oauth2.client.registration.google.client-secret=xxxxxx
spring.security.oauth2.client.registration.google.scope=openid,email,profile,\
https://www.googleapis.com/auth/spreadsheets,\
https://www.googleapis.com/auth/spreadsheets.readonly,\
https://www.googleapis.com/auth/drive.file,\
https://www.googleapis.com/auth/drive,\
https://www.googleapis.com/auth/script.scriptapp
spring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token
spring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/auth?prompt=consent&access_type=offline
spring.security.oauth2.client.provider.google.user-info-uri=https://www.googleapis.com/oauth2/v3/userinfo
the code that gets Credential:
public void initCredential(OAuth2AuthorizedClientService authorizedClientService, Authentication authentication ) {
OAuth2AuthorizedClient authorizedClient = authorizedClientService.loadAuthorizedClient(
"google",
authentication.getName());
credential = new GoogleCredential.Builder()
.setClientSecrets(CLIENT_ID,CLIENT_SECRET)
.setJsonFactory(GsonFactory.getDefaultInstance())
.setTransport(GoogleNetHttpTransport.newTrustedTransport())
.build()
.setAccessToken(authorizedClient.getAccessToken().getTokenValue())
.setRefreshToken(authorizedClient.getRefreshToken().getTokenValue());
}
also Oauth2 configuration:
#EnableWebSecurity
#Configuration
public class WebSecurityConfig extends VaadinWebSecurityConfigurerAdapter {
private static final String LOGIN_URL = "/login";
#Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.oauth2Login()
.loginPage(LOGIN_URL).permitAll();
}
#Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
web.ignoring().antMatchers(
"/VAADIN/**",
"/favicon.ico",
"/robots.txt",
"/manifest.webmanifest",
"/sw.js",
"/offline-page.html",
"/frontend/**",
"/webjars/**",
"/frontend-es5/**", "/frontend-es6/**")
.antMatchers(HttpMethod.POST, "/notifications");
}
}
as I understand it, I need to configure the use of the https protocol in the configuration, but I don't understand a little where I can configure it
it is also worth noting that the application works locally, but when deploying it to AWS and trying to login via oauth 2, I get the message

As stated in the message You are using a sensitive scope. URI must use https:// as the scheme
Just configuring it in Google cloud console has no effect on how your application runs. It just says that this redirect uri will be supported.
Your app when it is run is still running with http and not as https. I am going to assume that you are still in development and running this locally and you have not configured our app yet to run https.
Fix your ide.

How to setup standalone wiremock server under an application path

I am trying to setup wiremock under an application path.
I have wiremock dockerized and running under some path https://local.wiremock/ and that works fine, so I can access the admin like this https://local.wiremock/__admin/docs
However when I deploy to aws it needs to be under a path like this:
https://aws-server.wiremock/simulator/__admin/docs
And the addition of the application path /simulator breaks everything.
So I want to set it up locally so that it runs under:
https://local.wiremock/simulator/__admin/docs
I have been going through documentation and there's nothing there for standalone server configuration.
There is a mappedUnder xml field that could be useful but it cannot be set via docker.
Any ideas how to achieve that?

I think you could do this by adding a Request Wrapper. The idea behind the Request Wrapper is that it intercepts the request and allows you to modify it before sending the request on. I think your solution would look something like...
public static class removeSimulatorPath extends StubRequestFilter {
#Override
public RequestFilterAction filter(Request request) {
Request wrappedRequest = RequestWrapper.create()
// lambda to replace the current URL with one without `/simulator`
.transformAbsoluteUrl(url -> url.replace("/simulator", "")
.wrap(request);
return RequestFilterAction.continueWith(wrappedRequest);
}
#Override
public String getName() {
return "remove-simulator-path";
}
}

Apex Web Service Authentication for .Net CF client

We are developing a barcode application to run on our mobile computers running Windows Mobile 5.0 Pocket PC and it needs to get it's data from our Oracle database.
Apex is already set up but how can I create a secure Web Service using Apex's native Authentication? How to set "HTTPS only"?
Update
I can call the ...?wsdl link in the browser now, looks fine. It's also registered in the project as a WebReferance.
But when I run the following code:
CONTAR_USUARIOSService service = new CONTAR_USUARIOSService();
System.Net.NetworkCredential pocket = new System.Net.NetworkCredential("pocket", "000");
service.Credentials = pocket;
double resultado = service.CONTAR_USUARIOS();
I get this error:
System.Net.WebException was unhandled
Message="WebException"
StackTrace:
at System.Web.Services.Protocols.SoapHttpClientProtocol.doInvoke(String methodName, Object[] parameters, WebClientAsyncResult asyncResult)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
at Supernorte.Recebimento.ContarUsuariosWebReference.CONTAR_USUARIOSService.CONTAR_USUARIOS()
at Supernorte.Recebimento.Login..ctor()
at Supernorte.Recebimento.MainForm.mostrarLogin()
at Supernorte.Recebimento.MainForm..ctor()
at Supernorte.Recebimento.Program.Main()
I get an "Unauthorized" error.

If you get your Oracle inputs and outputs routed through your web service (which I am still personally struggling with), you might be able to access your information that way.
Add the web reference.
It will ask for the URL where your Web Service has been uploaded. I'm guessing this can be a website you own off site, but I use our internal server.
You can see I have a default web page where I load up the available services that I've stuck out there. 1Mainframe.svc` was going to be my "Big Service", but then I realized that I needed to do a lot more than make that once call, so I created the next one, "Erp Service".
Anyway, after I select the ErpService.svc, I'm given this, where I changed the default Web Reference Name to ErpService1. I've personally found that if I need to edit or modify the service, the XML config files get all messed up, so I just delete Service1 and add Service2.
I add a new class called ErpClass1.cs
Add a reference to my Web Service using the namespace for my project, and start coding!
using System;
using System.Linq;
using System.Collections.Generic;
using System.Text;
using AcpMobile5.ErpService1;
namespace AcpMobile5 {
class ErpClass1 {
private ErpService m_erpService;
public ErpClass1() {
m_erpService = new ErpService();
}
public void Query(string woNumber) {
m_erpService.Query(woNumber);
}
public string PartNumber() {
return m_erpService.CoilPartNo();
}
}
}
Obviously, this does not solve everything for you. The Web Service that you use to access your Oracle database still needs to be written, and that's no simple task.
However, I hope it helps point you along the right direction.
This is all done using Visual Studio 2008 for Mobile 5.0.

So, I didn't use Apex as I intended. Instead I enabled Oracle XML DB Native Web Services.
After some hard times with authentication [mostly caused by typing the wrong password ): ] I got this code working:
MyWebService service = new MyWebService();
service.Credentials = new MyWebService("MY_ORACLE_USER", "*******");
double result = service.MY_LOGIN_FUNCTION(this.userName);

Unable to load WSDL file error in flex while making a call to a web service

I am trying to call a webservice from my Flex application and this is the code:
<mx:WebService id="myWebService"
wsdl="http://172.16.111.103:22222/cics/services/PRESENT1?wsdl">
<mx:operation name="PRESENT1Operation"
result="resultHandler(event)"
fault="faultHandler(event)">
</mx:operation>
</mx:WebService>
//Function to send customer id to the wsdl request
private function searchDetails():void{
myWebService.PRESENT1Operation.send(cusNo.text);
cusDetails.visible=true;
}
The webservice is up and running. I have a separate Java application to test the webservice, And I am able to execute it properly. I am able to request the webservice and get response.
But If I try to call the webservice through the Flex application, I get the following error.
[RPC Fault faultString="HTTP request error" faultCode="Server.Error.Request" faultDetail="Unable to load WSDL. If currently online, please verify the URI and/or format of the WSDL (http://172.16.111.103:22222/cics/services/PRESENT1?WSDL)"]
at mx.rpc.wsdl::WSDLLoader/faultHandler()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\wsdl\WSDLLoader.as:98]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::dispatchRpcEvent()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\AbstractInvoker.as:170]
at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal::faultHandler()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\AbstractInvoker.as:225]
at mx.rpc::Responder/fault()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\Responder.as:53]
at mx.rpc::AsyncRequest/fault()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\rpc\AsyncRequest.as:103]
at DirectHTTPMessageResponder/errorHandler()[C:\autobuild\3.2.0\frameworks\projects\rpc\src\mx\messaging\channels\DirectHTTPChannel.as:362]
at flash.events::EventDispatcher/dispatchEventFunction()
at flash.events::EventDispatcher/dispatchEvent()
at flash.net::URLLoader/redirectEvent()
Please some one help me with this.

The application is unable to load as the application starts before the other modules can be loaded
I hope this might be useful
var wsdlFile :String = <>
var request:URLRequest = new URLRequest(wsdlFile);
var loader:URLLoader = new URLLoader();
loader.load(request);
You can get the complete path by typing in the URL append it with ?wsdl

Login failed when a web service tries to communicate with SharePoint 2007

I created a very simple webservice in ASP.NET 2.0 to query a list in SharePoint 2007 like this:
namespace WebService1
{
/// <summary>
/// Summary description for Service1
/// </summary>
[WebService(Namespace = "http://tempuri.org/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[System.ComponentModel.ToolboxItem(false)]
// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
// [System.Web.Script.Services.ScriptService]
public class Service1 : System.Web.Services.WebService
{
[WebMethod]
public string HelloWorld()
{
return "Hello World";
}
[WebMethod]
public string ShowSPMyList()
{
string username = this.User.Identity.Name;
return GetList();
}
private string GetList()
{
string resutl = "";
SPSite siteCollection = new SPSite("http://localhost:89");
using (SPWeb web = siteCollection.OpenWeb())
{
SPList mylist = web.Lists["MySPList"];
SPQuery query = new SPQuery();
query.Query = "<Where><Eq><FieldRef Name=\"AssignedTo\"/><Value Type=\"Text\">Ramprasad</Value></Eq></Where>";
SPListItemCollection items = mylist.GetItems(query);
foreach (SPListItem item in items)
{
resutl = resutl + SPEncode.HtmlEncode(item["Title"].ToString());
}
}
return resutl;
}
}
}
This web service runs well when tested using the built-in server of Visual Studio 2008. The username indicates exactly my domain account (domain\myusername).
However when I create a virtual folder to host and launch this web service (still located in the same machine with SP2007), I got the following error when invoking ShowSPMyList() method, at the line to execute OpenWeb(). These are the details of the error:
System.Data.SqlClient.SqlException: Cannot open database "WSS_Content_8887ac57951146a290ca134778ddc3f8" requested by the login. The login failed.
Login failed for user 'NT AUTHORITY\NETWORK SERVICE'.
Does anyone have any idea why this error happens? Why does the web service run fine inside Visual Studio 2008, but not when running stand-alone? I checked and in both cases, the username variable has the same value (domain\myusername).
Thank you very much.
Thank you very much for the replies. I'll look into the documents to see how i can change the settings related to the application pool as suggested.
I want to make clear that i wanted to build a webservice to run outside of sharepoint (but can be deployed on the same server with sharepoint).
Is there any way i can programmatically pass the credentials (another domain account instead of 'NT AUTHORITY\NETWORK SERVICE' by default) to sharepoint when invoking OpenWeb method? I believe if i'm able to do that then i can walkaround the security issue above.

When you create your own custom virtual folder and set it inside the IIS, it's highly possible that the user account who run the application pool of that particular IIS virtual directory is currently set to NT authority\Network Service.
You can check carefully, by looking closely of what is the actual application pool that run that particular IIS virtual directory.
From there, you can go to the "Application Pool" folder and right click, choose Properties. Select the "Identity" tab, and it will show you who is the user account that currently running the application pool.
Alternatively, you can refer to the SharePoint SDK, something similar to ExtractCrmAuthenticationToken in dynamics CRM to extract the Authentication Token ticket.
Or alternatively you can use Network Credential to embed your own custom user id and password.
Hope this helps,
hadi teo

I fully agree with Hadi, if this is something you want to just quickly test, for a proof of concept, you can change the credentials under what the Application pool runs, to a user that has permissions. Or you could use Identity Impersonate setting in your config file.
However resist the temptiation to do this in a production enviroment, use the proper authentication. It will come back, to bite you.
If you need to set this up for production, there is a couple of areas that you want to look at, duplicate SPN's, and deligation probably the most common areas that is not configured correctly. Your error however points to impersanation not happening.

Also make sure you are deploying the web service to its own web site that does not already run SharePoint. If you want the web service to run on the same web site as SharePoint read Creating a Custom Web Service.
You can check what application pool identity SharePoint is using by following the same instructions that Hadi writes, but for an app pool running SharePoint. Make sure to only change the application pool used by your web service and not SharePoint or else other permission errors could occur within SP. (There should be no reason but if you are interested in changing the app pool identity used by SharePoint follow these instructions.)

On solution would be to "impersonate" as the SharePoint System account using the following code:
SPSecurity.RunWithElevatedPrivileges(delegate()
{
// also dispose SPSite
using (SPSite siteCollection = new SPSite("http://localhost:89"))
{
using (SPWeb web = siteCollection.OpenWeb())
{
// ...
}
}
});