Request not hitting spring boot embeded server through tomcat and browser - api

Am trying to hit my rest API in spring boot with the embeded server configured through browser and postman, but the request doesn't hit the server and am getting 404-not found am pretty new to springboot , please help me in this as in what to check further so that i can test my rest API

This could be due to couple of reasons
Try the following
Ensure the port you are specifying is correct
Ensure the end point you are specifying exist
Ensure the request you are sending is of correct REST action type (GET,POST etc)
Ensure your controller class is available in the same package in which Application class (with #SpringBootAnnotation) exists, else you will have to use #ComponentScan to make sure your controller class is scanned and endpoints available to receive traffic
Most likely, above should help :) If not, you'll need to describe what is done in the application so far

Related

FLOWABLE: Authenticating flowable-task from another application via rest call

So, I am creating an application which will be using flowable.
We can say that once my application starts, it's gonna start a particular process deployed on flowable, proceed ahead accordingly.
So, in a way there will be lot of talking between flowable and other application, but for now suppose I just want to call flowable applications from POSTMAN (outside FLOWABLE).
I have used 3 modules: flowable-idm, flowable-modeler, flowable-task in my application.
Everything works fine when I am starting my deployed process from UI of flowable task, problems come when I want to start the processInstance using REST endpoint.
In flowable-task application, there is already a REST endpoint to start the process deployed: http://localhost:8080/flowable-task/app/rest/process-instances.
Now, if I call this from Swagger of flowable-task application, it works fine.
But it doesn't work when I try to call it from another application or POSTMAN for now (once POSTMAN call works, I can make the same arrangement in code), where I'm doing a basic auth and providing what's required in body.
Also, there is no error or exception displayed on console, I believe that is because of something catching that error or exception and not displaying anything.
However, to overcome the problem of starting process from POSTMAN, I can use REST endpoint http://localhost:9999/flowable-task/process-api/runtime/process-instances, but this is just a workaround, in future if I create new endpoints I would have to figure out a way to call those endpoints.
I saw this post and I guess this guy was also trying to achieve something similar but for flowable-modeler.
It's been suggested to make changes in SecurityConfiguration.java of flowable-task-conf module for my case, but I haven't done such changes before so not exactly sure where to start and how to proceed.
So, my question is how to talk to flowable-applications from outside flowable applications.
Edit:
Forum post about getting exception when imported flowable-rest module in workspace
The flowable-task UI Application is an example application that exposes non public REST API for the UI. However, the application also exposes the full REST API of Flowable.
There is also the flowable-rest application that has the Swagger doc and exposes the full REST API without a UI.
You would want to communicate with those REST endpoints.
The endpoints are under the following contexts:
process-api for the Process Engine
cmmn-api for the CMMN Engine
dmn-api for the DMN Engine
idm-api for the IDM Engine
form-api for the Form Engine
content-api for the Content Engine
For your example you would need to use POST to /process-api/runtime/process-instances for Starting a Process Instance

Possible proxy issue with WSO2 API Manager

Whenever I try to add the following endpoint, "http://ws.cdyne.com/phoneverify/phoneverify.asmx", during the Managed API setup process and press the Test button I get an error on the server. ERROR - APIProviderHostObject Error occurred while connecting to backend : "stackOverflow preventing me from showing this link", reason: Connect to ws.cdyne.com:80 timed out
When I try this exact same process on a machine outside of our proxy it works fine. I have gone into the axis2.xml file and added proxy information and even went as far as installing cntlm and setting the proxy to localhost - same error.
I can browse to the above link just fine on this machine.
My environment is Windows 10.
I assume you talk about clicking the Test button when providing Backend Endpoint in API publisher.
The way that Test button works at the moment (as far as I understand) is that it invokes HTTP HEAD method on the endpoint provided (because according to RFC 2616, "This method is often used for testing hypertext links for validity, accessibility, and recent modification.")
Then it checks response. If response is valid or 405 (method not allowed), then the URL is marked as Valid.
Thus sometimes, if backend is not properly following RFC, you might get otherwise working URLs declared as Invalid during the test because of that improper HEAD response evaluation. Obviously, this is just a check for your convenience and you can ignore the check if you know the endpoint works for the methods and resources you need it to work.
So my advice would be to try ignoring the Test and just finishing setting up and publishing the API.
P.S. I am checking it on WSO2 API Cloud but behavior is identical to downloadable API Manager.

How do I get Basic Authentication, GlassFish, REST, and a single page application to all work together with my own login form?

I'm using Glassfish 4 as a server with an AngularJS app as a client. Glassfish is exposing a REST API via JAX-RS (Jersey). I'm using Basic Authentication over an HTTPS connection. I have my own login form and am setting the Authorization header in my REST requests via JavaScript. My issue is that if I use normal web.xml based permissions (<auth-constraint> inside <security-constraint>), the responses come back with 401 with a WWW-Authenticate header (if the credentials are bad). This forces the browser to do the Basic Authentication dialog instead of my own and it appears there is no viable cross browser work around available on the browser side to stop it. So I need to somehow suppress the 401/WWW-Authenticate response.
I stopped using the web.xml based permissions, because it seems it is the Servlet level that is doing the 401 stuff. I was able to get Jersey authentication working with a filter and turning on the "RolesAllowedDynamicFeature" feature (in a matter similar to Glassfish #RolesAllowed with custom SecurityContext). That seems to work great and returns 403 for bad credentials (and thus no browser dialog). However, when I call my EJB's, they do not see the custom security context and the user I have set, so I get permission exceptions. If it matters: the EJB's are in a jar, the Jersey stuff is in a war, and both of them and bundled together in an ear. From what I can gather the only way to have the EJB's properly process credentials is to use the web.xml stuff.
I seemed to have painted myself into a corner and do not see how to make this work. Perhaps I can back out and return to using web.xml based permissions and somehow filter the servlet responses to not return 401/WWW-Authenticate? If so I could not find out how to do that. Or is there some way I can set EJB's security context? Or something else entirely? I wouldn't think using AngularJS with GlassFish and a REST API and Basic Authentication would be very unique, how does anyone do this?
Since posting this question I have found info on implementing a Servlet filter and using that to try to change the 401 response to a different status code. However, the filter never gains control if you have <auth-constraint> in your web.xml and the request is not authorized, so that did not help me. I still could not prevent the 401 responses.
But now I think I finally found the answer. I removed the <auth-constraint> tag from web.xml. I changed the Servlet filter to now extract the AUTHENTICATION_HEADER on its own and decode it (via javax.xml.bind.DatatypeConverter). Next I call HttpServletRequest.login (on the request object) with the decoded username and password. I catch the ServletException if the username/password combination is bad and use HttpServletResponse.sendError to send SC_FORBIDDEN. If I have a good login I call doFilter to continue on with processing of the request, and call HttpServletRequest.logout when it returns.
If I do this in combination with RolesAllowedDynamicFeature and annotations on the Jersey routines everything seems to work including calls to EJB's with their own security annotations.
Side note: before settling on HttpServletRequest.login I had tried to use HttpServletRequest.authenticate followed by checking the returned boolean, but when you gain control in that case the response has already been committed to be 401 and you cannot change it. I even tried passing a HttpServletResponseWrapper to authenticate to stop the commit from happening, but authenticate seems to get the response object through some other means, it seems to ignore the one you pass it (I even tried passed null and it didn't even notice).

I need a simple web server with a console

My problem is I am adding an Ajax client to an existing RPC web service. i have a PHP client that talks to it, a java jibx.POX client that talks to it, a pure java http client that i wrote that talks to it, everything. but when i try to put my jquery ajax client im working on at it, the server sees the connection, but doesn't receive any data. same on the response, the service sends its error response xml and the ajax client says nothing came back.
what i need to debug this is a simple web server. i want something that is a stand alone program. where i can enter a port number and a start button. point my ajax interface to it, and it displays in a text area all the information possible on the request. then i can point one of my other interfaces to the same port and compare the two and hopefully figure out why 4 interfaces work and 1 doesn't.
does that exist out there somewhere? maybe in one of your arsenals somewhere.
OOPS, never mind, i found one. TCPMon, its a java system a friend of mine emailed me a while ago. does exactly this.
thanks

Strategies to block an external webservice to simulate "down" during for a testing scenario?

I am working to integrate data from an external web service in the client side of my appliction. Someone asked me to test the condition when the service is unavailable or down. Anyone have any tips on how to block this site temporarily while we run the test to see how the service degrades?
For those curious we are testing against Virtual Earth, but Google Maps but this would apply to any equally complicated external service.
any thoughts and suggestions are welcome
Create some Mock-Webservice class or interface (and inject it). In there, you could test the response of your system to webservice failures and also what happens, if a web-service request take longer than expected or actually time-out.
DeveloperWorks article on mock testing: http://www.ibm.com/developerworks/library/j-mocktest.html
You need to be sure to test the most common failure modes for this:
DNS lookup fails
IP connection fails (once DNS lookup succeeds)
HTTP response other than 200
HTTP response incomplete or timeout
HTTP response 200 but RPC or document returned is invalid
Those are just a few common failure modes I could think of that will all manifest themselves with different behaviors that you may wish to have your application handle explicitly.
If you set up a computer between the caller and service that routes between them, you can simulate each of these failure modes distinctly and modify your application to handle them.
How about blocking the domain name(s) in question by putting a nonsense entry into the hosts file?