Liberty Profile and Apache HttpClient 4.2.1 - ssl

Not sure if others have seen this, but I can't figure out what the deal is...
I am using Liberty Profile 8.5.5.1 with IBM JDK 7 pxi3270sr5-20130619_01(SR5)
I have a class that needs to make URL requests to another server (PHP based). So I wrote a HttpHelper class to call the apache HttpClient classes. If I invoke my helper from a plain java application I have no problem. When I run the exact same code within Liberty I get a ClassNotFound Error for javax.net.ssl.SSLSocket
Here is my code that calls the apache classes...
public class HttpClientHelper
{
static Logger LOGGER = Logger.getLogger(HttpClientHelper.class.getName());
static String cname = HttpClientHelper.class.getName();
static HttpClientHelper _instance = null;
static PoolingClientConnectionManager _cm = null;
private HttpClientHelper()
{
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(
new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));
_cm = new PoolingClientConnectionManager(schemeRegistry);
_cm.setMaxTotal(200);
_cm.setDefaultMaxPerRoute(20);
HttpHost shost = new HttpHost("joomla32.cal2.net", 80);
_cm.setMaxPerRoute(new HttpRoute(shost), 50);
}
protected static HttpClientHelper getInstance() {
if (_instance == null) {
_instance = new HttpClientHelper();
}
return _instance;
}
public static String getUrlBody(String url) {
String method = "getUrlBody(String url)";
LOGGER.entering(cname, method, url);
getInstance();
String val = null;
DefaultHttpClient httpclient = null;
try {
HttpContext context = new BasicHttpContext();
httpclient = new DefaultHttpClient(_cm);
HttpGet httpget = new HttpGet(url);
HttpResponse response = httpclient.execute(httpget, context);
HttpEntity entity = response.getEntity();
System.out.println(response.getStatusLine());
val = EntityUtils.toString(entity);
EntityUtils.consume(entity);
} catch (Exception e) {
LOGGER.logp(Level.WARNING, cname, method, e.getMessage(), url);
}catch(Error e){
LOGGER.logp(Level.INFO,cname,method,e.getMessage());
e.printStackTrace();
}
finally{
LOGGER.exiting(cname, method, val);
}
return val;
}
}
\
The Error gets thrown at the httpclient.execute(httpget,context);
I have tried adding the ssl updates to the IBM JDK but that didn't work.
ssl.SocketFactory.provider=com.ibm.jsse2.SSLSocketFactoryImpl
ssl.ServerSocketFactory.provider=com.ibm.jsse2.SSLServerSocketFactoryImpl
Any help would be appreciated

Figured it out...
My HttpClient Helper class was packaged in a bundle as part of a feature. The bundle didn't import javax.net.ssl so the class couldn't find it. Doh.

Related

How to use IBM MobileFirst java adapter to update existing entity?

The jax-rs resource method can get JSON which is part of document.
My issue is that I have to update existing object (entity). So I decided on creating jax-rs ContainerRequestFilter. This filter has to get existing object, replace its properties with new one and put it back to stream. Therefore I hope that I get entity completely in my resource method.
At first I has to get data for authenticated user. But 'securityContext.getAuthenticatedUser()' returns partially provided JSON data?
Is there any possibility to get authenticated user data in jax-rs filter (on ibm MobileFirst platform)?
There is the code of my filter:
#Provider
//#ManagedBean
public class UpdateFilter implements ContainerRequestFilter {
//ReaderInterceptor {
//#Inject
//ExistingObjectDao existingObjectDao;
#Context
AdapterSecurityContext securityContext;
#Override
#OAuthSecurity(scope = "protected") //doesn't work
public void filter(ContainerRequestContext context) throws IOException {
//context.getSecurityContext().getUserPrincipal() // is null
AuthenticatedUser user = securityContext.getAuthenticatedUser(); //is null
Map<String, String> authParams = (Map<String, String>) user.getAttributes().get("lotusCredentials");
InputStream inputStream = context.getEntityStream();
byte[] bytes = new byte[inputStream.available()];
inputStream.read(bytes);
String responseContent = new String(bytes);
String id = context.getUriInfo().getPathParameters().getFirst("id");
Object existingObject = null;
try {
existingObject = existingObjectDao.get(id, authParams);
} catch (Exception e) {
e.printStackTrace();
}
if (existingObject != null) {
ObjectMapper objectMapper = new ObjectMapper();
ObjectReader reader = objectMapper.readerForUpdating(existingObject );
JsonNode r = reader.readTree(responseContent);
responseContent = objectMapper.writer().writeValueAsString(r);
}
context.setEntityStream(new ByteArrayInputStream(responseContent.getBytes()));
}
}

How to add windows credentials to an apache camel route?

I need to authenticate myself when I want to access a REST api.
I have created a simple example with apache's WinHttpClients which works and also accepts a self signed crt which is used by that site.
These are my dependencies
dependencies {
compile 'org.apache.httpcomponents:httpclient:4.5.+'
compile 'org.apache.httpcomponents:httpclient-win:4.5.+'
testCompile group: 'junit', name: 'junit', version: '4.11'
}
And this is the working code (authorization works, acceptance of crt works)
public class Application {
public static void main(String[] args) throws IOException {
if (WinHttpClients.isWinAuthAvailable()) {
PoolingHttpClientConnectionManager httpClientConnectionManager = new PoolingHttpClientConnectionManager(
buildSSLSocketFactory());
HttpClientBuilder clientBuilder = WinHttpClients.custom().useSystemProperties();
clientBuilder.setConnectionManager(httpClientConnectionManager);
CloseableHttpClient httpClient = clientBuilder.build();
HttpHost httpHost = new HttpHost("server.evilcorp.com", 443, "https");
HttpGet httpGet = new HttpGet(
"/evilwebapi/streams/endpointalpha/data");
httpGet.setHeader("accept", "application/json");
CloseableHttpResponse httpResponse = httpClient.execute(httpHost, httpGet);
String content = EntityUtils.toString(httpResponse.getEntity());
System.out.println(content); // returns expected json result
}
}
private static Registry<ConnectionSocketFactory> buildSSLSocketFactory() {
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(buildSSLContext(), NoopHostnameVerifier.INSTANCE);
return RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslSocketFactory)
.build();
}
private static SSLContext buildSSLContext() {
SSLContext sslContext = null;
try {
sslContext = new SSLContextBuilder().loadTrustMaterial(null, (TrustStrategy) (arg0, arg1) -> true).build();
} catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException e) {
System.out.println("Failed to initialize SSL handling.\n" + e);
}
return sslContext;
}
}
When I try to access the same site through apache camel I get a 401 status.
I tried to configure camel's httpComponent in various ways but so far I can't make authentication work. This is the current camel setup.
These are my dependencies:
dependencies {
compile 'org.apache.camel:camel-core:2.18.+'
compile 'org.apache.camel:camel-sql:2.18.+'
compile 'org.apache.camel:camel-http4:2.18.+'
compile 'org.apache.camel:camel-jetty:2.18.+'
compile 'org.apache.camel:camel-jackson:2.18.+'
compile 'org.apache.camel:camel-guava-eventbus:2.18.+'
compile 'org.apache.camel:camel-quartz2:2.18.+'
compile 'com.fasterxml.jackson.core:jackson-core:2.7.+'
compile 'org.apache.httpcomponents:httpclient:4.5.+'
compile 'org.apache.httpcomponents:httpclient-win:4.5.+'
testRuntime files('src/test/resources')
runtime files('src/main/resources')
}
And this is the RouteBuilder which does not work (authorization doesm't works, statusCode: 401)
context = new DefaultCamelContext(registry);
PropertiesComponent pc = new PropertiesComponent();
pc.setLocation("classpath:model.properties");
context.addComponent("properties", pc);
try {
context.addRoutes(new RouteBuilder() {
public void configure() {
HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
httpComponent.setHttpClientConfigurer(new WinHttpClientConfigurer());
httpComponent.setClientConnectionManager(new PoolingHttpClientConnectionManager(WinHttpClientConfigurer.buildSSLSocketFactory()));
httpComponent.setHttpConfiguration(buildHttpConfiguration());
getContext().getProperties().put("CamelJacksonEnableTypeConverter", "true");
getContext().getProperties().put("CamelJacksonTypeConverterToPojo", "true");
from("quartz2://pipull?cron=0+0/1+*+1/1+*+?+*")
.setHeader(Exchange.HTTP_QUERY,
simple("start='${header.start}'&end='${header.end}'"))
.multicast().parallelProcessing()
.to("direct:model");
from("direct:model")
.setHeader("contractRef", simple("${properties:model.name}"))
.to("https4://server.evilcorp.com/evilwebapi/streams/endpointalpha/data")
.to("direct:transform");
from("direct:transform").unmarshal()
.json(JsonLibrary.Jackson, Model.class)
.bean(ProcessorImpl.class)
.to("guava-eventbus:botBus");
}
private HttpConfiguration buildHttpConfiguration() {
WindowsCredentialsProvider credentialsProvider = new WindowsCredentialsProvider(
new SystemDefaultCredentialsProvider());
Credentials credentials = credentialsProvider.getCredentials(new AuthScope(null, -1, null, AuthSchemes.NTLM));
HttpConfiguration httpConfiguration = new HttpConfiguration();
httpConfiguration.setAuthMethod(AuthSchemes.NTLM);
httpConfiguration.setAuthUsername(credentials.getUserPrincipal().getName());
return httpConfiguration;
}
});
context.start();
} catch (Exception e) {
isRunning.set(false);
throw new RuntimeException(e);
}
I have resolved the problem through subtyping HttpComponent and adding that to the camel context.
public class WinHttpComponent extends HttpComponent {
private static final Logger LOG = LoggerFactory.getLogger(WinHttpComponent.class);
public WinHttpComponent() {
this(HttpEndpoint.class);
}
public WinHttpComponent(Class<? extends HttpEndpoint> endpointClass) {
super(endpointClass);
}
#Override protected Endpoint createEndpoint(String uri, String remaining, Map<String, Object> parameters) throws Exception {
// copy-paste everything from super method
// replace this
// HttpClientBuilder clientBuilder = HttpClientBuilder.create();
// with this
HttpClientBuilder clientBuilder = WinHttpClients.custom().useSystemProperties();
// copy-paste everything from super method
}
}
context = new DefaultCamelContext(registry);
context.addComponent("https4", new WinHttpComponent());
try {
context.addRoutes(new RouteBuilder() {
public void configure() {
HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
// connection manager which accepts self-signed cert
httpComponent.setClientConnectionManager(new PoolingHttpClientConnectionManager(
NoopSslVerifierHttpClientConfigurer.buildSSLSocketFactory()));
...
...
...
}
}

HTTP Requests in Glass GDK

I am implementing a GDK application and need to do in my application some HTTP Post requests. Do I send the HTTP requests the same way as on android phone or there is some other way of doing it? (I have tried the code that I am using on my phone and it's not working for glass.)
thanks for your help in advance.
You can make any post request like in smartphones, but ensure you make the requests using an AsyncTask.
For example:
private class SendPostTask extends AsyncTask<Void, Void, Void> {
#Override
protected Void doInBackground(Void... params) {
// Make your request POST here. Example:
myRequestPost();
return null;
}
protected void onPostExecute(Void result) {
// Do something when finished.
}
}
And you can call that asynctask anywhere with:
new SendPostTask().execute();
And example of myRequestPost() may be:
private int myRequestPost() {
int resultCode = 0;
String url = "http://your-url-here";
HttpClient client = new DefaultHttpClient();
HttpPost post = new HttpPost(url);
// add headers you want, example:
// post.setHeader("Authorization", "YOUR-TOKEN");
List<NameValuePair> urlParameters = new ArrayList<NameValuePair>();
nameValuePairs.add(new BasicNameValuePair("id", "111111"));
nameValuePairs.add(new BasicNameValuePair("otherField", "your-other-data"));
try {
post.setEntity(new UrlEncodedFormEntity(urlParameters));
HttpResponse response = client.execute(post);
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Post parameters : " + post.getEntity());
System.out.println("Response Code : " +
response.getStatusLine().getStatusCode());
resultCode = response.getStatusLine().getStatusCode();
BufferedReader rd = new BufferedReader(
new InputStreamReader(response.getEntity().getContent()));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = rd.readLine()) != null) {
result.append(line);
}
System.out.println(result.toString());
} catch (Exception e) {
Log.e("POST", e.getMessage());
}
return resultCode;
}

httpcomponents's ssl connection results in socket is closed

I am trying to get some data from webserver which works fine with http.
But when I try https(ssl connection), I get the exceptions like below.
I get the http status code 200 and response content length 2230 which is correct.
java.net.SocketException: Socket is closed
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1483)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:92)
at org.apache.http.impl.io.AbstractSessionInputBuffer.fillBuffer(AbstractSessionInputBuffer.java:166)
at org.apache.http.impl.io.SocketInputBuffer.fillBuffer(SocketInputBuffer.java:90)
at org.apache.http.impl.io.AbstractSessionInputBuffer.read(AbstractSessionInputBuffer.java:183)
at org.apache.http.impl.io.ContentLengthInputStream.read(ContentLengthInputStream.java:144)
at org.apache.http.conn.EofSensorInputStream.read(EofSensorInputStream.java:121)
My code is like below with apache httpcomponents httpclient(4.2.5) library.
try {
HttpPost httppost = new HttpPost(uri);
HttpHost targetHost = new HttpHost(HOST_NAME, HOST_PORT, PROTOCOL);
InputStreamEntity reqEntity = new InputStreamEntity(new ByteArrayInputStream(request), -1);
String contentType = TSPConstants.CONST_TSA_CONTENT_TYPE_TSREQUEST;
reqEntity.setContentType(contentType);
reqEntity.setChunked(true);
// It may be more appropriate to use FileEntity class in this particular
// instance but we are using a more generic InputStreamEntity to demonstrate
// the capability to stream out data from any arbitrary source
//
// FileEntity entity = new FileEntity(file, "binary/octet-stream");
httppost.setEntity(reqEntity);
//Authentication
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(targetHost.getHostName(), targetHost.getPort()),
new UsernamePasswordCredentials(id, password));
// Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// Generate BASIC scheme object and add it to the local
// auth cache
BasicScheme basicAuth = new BasicScheme();
authCache.put(targetHost, basicAuth);
// Add AuthCache to the execution context
BasicHttpContext httpContext = new BasicHttpContext();
httpContext.setAttribute(ClientContext.AUTH_CACHE, authCache);
httpContext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
//SSL
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException { }
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme sch = new Scheme("https", HOST_PORT, ssf);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
System.out.println("executing request " + httppost.getRequestLine());
httpclient.execute(httppost, httpContext);
HttpResponse response = send(request);
HttpEntity resEntity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (resEntity != null) {
System.out.println("Response content length: " + resEntity.getContentLength());
System.out.println("Chunked?: " + resEntity.isChunked());
}
EntityUtils.consume(resEntity);
resEntity.getContent()
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
Basically the answer gave #Avner in the comment.
The problem (for me) was, that the response was closed before the entity was read.
I did something like this, which was wrong:
HttpEntity entity = null;
try (CloseableHttpResponse response = client.execute(request)) {
entity = response.getEntity();
}
read(entity);
The following worked:
try (CloseableHttpResponse response = client.execute(request)) {
HttpEntity entity = response.getEntity();
read(entity);
}
The maybe not so obvious part: The try-with-resources block in the first example closed the stream, before it was read.

Solr 4 with basic authentication

I am trying to connect to solr using solrj. My solr instance runs in jetty and is protected with basic authentication. I found these links that contain relevant information.
http://grokbase.com/t/lucene/solr-user/1288xjjbwx/http-basic-authentication-with-httpsolrserver
Preemptive Basic authentication with Apache HttpClient 4
However, I still get the following exception:
Caused by: org.apache.http.client.ClientProtocolException
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:822)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at org.apache.solr.client.solrj.impl.HttpSolrServer.request(HttpSolrServer.java:352)
... 5 more
Caused by: org.apache.http.client.NonRepeatableRequestException: Cannot retry request with a non-repeatable request entity.
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:625)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:464)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
... 8 more
I have also attached a snippet of the code I am using.
public static void main(String[] args) throws SolrServerException, IOException {
HttpSolrServer server = new HttpSolrServer("http://localhost:8983/solr/");
DefaultHttpClient m_client =(DefaultHttpClient)server.getHttpClient();
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(USERNAME, PASSWORD);
m_client.addRequestInterceptor(new PreemptiveAuthInterceptor(),0);
(((DefaultHttpClient)m_client).getCredentialsProvider()).setCredentials(new AuthScope("localhost",8983), credentials);
SolrInputDocument document = new SolrInputDocument();
document.addField("id",123213);
server.add(document);
server.commit();
}
}
class PreemptiveAuthInterceptor implements HttpRequestInterceptor {
public void process(final HttpRequest request, final HttpContext context) throws HttpException, IOException {
AuthState authState = (AuthState) context.getAttribute(ClientContext.TARGET_AUTH_STATE);
// If no auth scheme avaialble yet, try to initialize it
// preemptively
if (authState.getAuthScheme() == null) {
AuthScheme authScheme = (AuthScheme) context.getAttribute("preemptive-auth");
CredentialsProvider credsProvider = (CredentialsProvider) context.getAttribute(ClientContext.CREDS_PROVIDER);
HttpHost targetHost = (HttpHost) context.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
if (authScheme != null) {
Credentials creds = credsProvider.getCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()));
if (creds == null) {
throw new HttpException("No credentials for preemptive authentication");
}
authState.setAuthScheme(authScheme);
authState.setCredentials(creds);
}
}
}
Can anyone point me in the right direction? Thanks !!
i had the same problem when implementing partial documents update. i solved the problem by implementing PreemptiveAuthInterceptor. see below code
PoolingClientConnectionManager cxMgr = new PoolingClientConnectionManager(
SchemeRegistryFactory.createDefault());
cxMgr.setMaxTotal(100);
cxMgr.setDefaultMaxPerRoute(20);
DefaultHttpClient httpclient = new DefaultHttpClient(cxMgr);
httpclient.addRequestInterceptor(
new PreemptiveAuthInterceptor(), 0);
httpclient.getCredentialsProvider().setCredentials(
AuthScope.ANY,
new UsernamePasswordCredentials(solrDto.getUsername(),
solrDto.getPassword()));
HttpSolrServer solrServerInstance = new HttpSolrServer(solrDto.getUrl(),
httpclient);
solrServerInstance.setRequestWriter(new BinaryRequestWriter());
solrServerInstance.setAllowCompression(true);
You also need:
private class PreemptiveAuthInterceptor implements HttpRequestInterceptor {
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
AuthState authState = (AuthState) context
.getAttribute(ClientContext.TARGET_AUTH_STATE);
// If no auth scheme avaialble yet, try to initialize it
// preemptively
if (authState.getAuthScheme() == null) {
CredentialsProvider credsProvider = (CredentialsProvider) context
.getAttribute(ClientContext.CREDS_PROVIDER);
HttpHost targetHost = (HttpHost) context
.getAttribute(ExecutionContext.HTTP_TARGET_HOST);
Credentials creds = credsProvider.getCredentials(new AuthScope(
targetHost.getHostName(), targetHost.getPort()));
if (creds == null)
throw new HttpException(
"No credentials for preemptive authentication");
authState.setAuthScheme(new BasicScheme());
authState.setCredentials(creds);
}
}
}
According to the Solr Security - SolrJ section on Solr Wiki you should be able to do the following:
public static void main(String[] args) throws SolrServerException, IOException {
HttpSolrServer server = new HttpSolrServer("http://localhost:8983/solr/");
HttpClientUtil.setBasicAuth(server.getHttpClient(), USERNAME, PASSWORD);
SolrInputDocument document = new SolrInputDocument();
document.addField("id",123213);
server.add(document);
server.commit();
}
You need to add the JAR solr-solrj-4.0.0.jar for HttpClientUtil.
Then use the below code:
HttpSolrServer solrServer = new HttpSolrServer("http://localhost:8080/solr/"+url);
HttpClientUtil.setBasicAuth((DefaultHttpClient) solrServer.getHttpClient(), "USERNAME", "PASSWORD");
That worked for me on Jdk 1.6 and tomcat 6