OAuth2 Authentication to Gmail throws SunCertPathBuilderException/SSLHandshakeException - gmail

In my app i authenticate to Gmail using the OAuth2Authenticator from this Google example to receive Emails via Imap.
The code works perfect, but the last days some users reported an error that occurs when they try to connect to Gmail.
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source) at java.security.cert.CertPathBuilder.build(Unknown Source)
Caused: sun.security.validator.ValidatorException: PKIX path building
failed at sun.security.validator.PKIXValidator.doBuild(Unknown
Source) at
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source) Caused: javax.net.ssl.SSLHandshakeException at
sun.security.ssl.Alerts.getSSLException(Unknown Source) at
sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) at
sun.security.ssl.Handshaker.fatalSE(Unknown Source) at
sun.security.ssl.Handshaker.fatalSE(Unknown Source) at
sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source) at
sun.security.ssl.Handshaker.process_record(Unknown Source) at
sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
The ImapSSLStore conncets to "imap.gmail.com" on port 993.
This does not happen to all users and occurs not before last week.
Is anybody observing this behaviour too?
Hints appreciated!

Looks like your system's X.509 configuration for verifying the SSL certificates is not treating the Google's certificate as a trusted one. This might have various reasons.

Related

Caused by: javax.mail.AuthenticationFailedException: failed to connect, no password specified? Spring Integration Imap adapter with Oauth2

I have tried below code.
#Bean
public IntegrationFlow mailListener() {
return IntegrationFlows.from(Mail.imapInboundAdapter("imap://[emailId]:[accesstoken]#imap.gmail.com/INBOX")
.shouldMarkMessagesAsRead(true).javaMailProperties(p -> p
.put("mail.imaps.ssl.enable", "true")
.put("mail.imaps.sasl.enable", "true")
.put("mail.imaps.sasl.mechanisms", "XOAUTH2")
.put("mail.imaps.auth.login.disable", "true")
.put("mail.imaps.auth.plain.disable", "true")
.put("mail.debug.auth", "true")
).shouldDeleteMessages(false).get(),
e -> e.poller(Pollers.fixedRate(5000).maxMessagesPerPoll(1)))
.<Message>handle((payload, header) -> logMail(payload))
.get();
}
I have referred Is Spring Integration Mail IMAP support OAuth2?
I get below exception
15:46:31.870 ERROR [task-scheduler-1][org.springframework.integration.handler.LoggingHandler] org.springframework.messaging.MessagingException: failure occurred while polling for mail; nested exception is javax.mail.AuthenticationFailedException: failed to connect, no password specified?
at org.springframework.integration.mail.MailReceivingMessageSource.doReceive(MailReceivingMessageSource.java:74)
at org.springframework.integration.endpoint.AbstractMessageSource.receive(AbstractMessageSource.java:184)
at org.springframework.integration.endpoint.SourcePollingChannelAdapter.receiveMessage(SourcePollingChannelAdapter.java:212)
at org.springframework.integration.endpoint.AbstractPollingEndpoint.doPoll(AbstractPollingEndpoint.java:407)
at org.springframework.integration.endpoint.AbstractPollingEndpoint.pollForMessage(AbstractPollingEndpoint.java:376)
at org.springframework.integration.endpoint.AbstractPollingEndpoint.lambda$null$3(AbstractPollingEndpoint.java:323)
at org.springframework.integration.util.ErrorHandlingTaskExecutor.lambda$execute$0(ErrorHandlingTaskExecutor.java:57)
at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:50)
at org.springframework.integration.util.ErrorHandlingTaskExecutor.execute(ErrorHandlingTaskExecutor.java:55)
at org.springframework.integration.endpoint.AbstractPollingEndpoint.lambda$createPoller$4(AbstractPollingEndpoint.java:320)
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:93)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(Unknown Source)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
First of all you don't show the whole stack trace. I believe there is some cause by for that MailReceivingMessageSource.doReceive(). Secondly it is not clear what is your accesstoken for this configuration since we can get it only at runtime when we call an OAuth REST endpoint for such a token. And only after that you can configure an IntegraitonFlow dynamically for already retrieved token. And finally there should be some DEBUG logs for Java Mail according your "mail.debug.auth", "true" config. Plus the mentioned SO question is marked as solved. So, you indeed do something what doesn't fit to the required model or is fully not related to the subject.
Try to check gmail settings if you have enabled the allow of conection for less secure applications. You should put it off to connect to gmail from outside

How to define local connection to Spark Thrift in Power BI

I am trying to configure the local connection to the Spark Thrift in Power BI. I am able to connect using Spark ODBC (localhost:10000 with mechanism User Name and Thrift transport SASL). But I would like to use Spark connector as it supports Direct Query.
I couldn't find how to define the connection string. Tried several things like localhost:10000/default/;transportMode=http;ssl=true;user=... but always get the error
ERROR TThreadPoolServer:297 - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: Invalid status 80
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:269)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.thrift.transport.TTransportException: Invalid status 80
at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:184)
at org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:125)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
... 4 more
Any hints would be appreciated!
Solved. As written here https://community.powerbi.com/t5/Desktop/Connect-Power-BI-to-Hadoop-Direct-query-HDFS-vs-Spark-vs-custom/td-p/374625
it just doesn't work in Power BI from Microsoft Store. It works in the app from the website.

XPages 500 / 404 error

[edited 7/25/18]
I'm running into an issue at work with XPages that's making me pull my hair out.
I keep getting a 500 error followed by a 404 error seemingly at random and can't reproduce the error but it happens quite often.
I'm sure most people are running their XPages on the web so nobody runs into this but my application only runs in the notes client since the server is not web accessible for security reasons.
I would very much like to use XPages in the notes client only but I can't have this behavior happening on production databases.
I've tried including as much detail as I can think of below but let me know if I can clarify anything to help solve this issue.
Notes client and server both running v9
Server is not web accessible
Application will only be ran in XPiNC
The application will work sometimes then stops working for no apparent reason.
The issue happens on any database, even with a blank XPage so it's not code related.
Clean build has no affect.
If I simply open the application in designer it runs perfectly. I don't need to do a page preview or anything, just simply having the
application open in designer makes it work.
The latest time this happened the sequence of events was: Open application, did some work, waited a period of time (maybe
30min-1hr), try to navigate to another page, gives error 500, closed
app, reopened app, gives 404, waited another period of time (maybe
30min), reopened app, works fine. See below trace results for more
detail.
There have been other instances where the app just starts off with 500/404.
I tried using a keep session alive code running but has no effect.
I have other XPage applications on a different server that is web accessible and works perfectly on a web browser.
Issue has been happening since v8.5.2
Trace:
10:59:48.547 229 SEVERE com.ibm.designer.runtime.domino.adapter.LCDEnvironment doService
CLFAD0211E: Exception thrown
javax.servlet.ServletException: java.util.concurrent.ExecutionException: java.lang.StackOverflowError
at com.ibm.domino.xsp.module.nsf.NSFService.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(Unknown Source)
at com.ibm.domino.xsp.bridge.websrv.servlets.DispatcherServlet.service(Unknown Source)
at org.eclipse.equinox.http.registry.internal.ServletManager$ServletWrapper.service(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(Unknown Source)
at javax.servlet.http.HttpServlet.service(Unknown Source)
at com.ibm.pvc.webhttpservice.BridgeServlet.service(Unknown Source)
at com.ibm.pvc.internal.webcontainer.VirtualHost.handleRequest(Unknown Source)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(Unknown Source)
at com.ibm.wsspi.webcontainer.WebContainer.handleRequest(Unknown Source)
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(Unknown Source)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(Unknown Source)
at com.ibm.ws.http.HttpConnection.run(Unknown Source)
at com.ibm.ws.util.ThreadPool$Worker.run(Unknown Source)
___________
10:59:48.720 229 SEVERE CLFAD0256E: Dispatcher Servlet Problem - java.util.concurrent.ExecutionException: java.lang.StackOverflowError
javax.servlet.ServletException: java.util.concurrent.ExecutionException: java.lang.StackOverflowError
at com.ibm.domino.xsp.module.nsf.NSFService.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(Unknown Source)
at com.ibm.domino.xsp.bridge.websrv.servlets.DispatcherServlet.service(Unknown Source)
at org.eclipse.equinox.http.registry.internal.ServletManager$ServletWrapper.service(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(Unknown Source)
at javax.servlet.http.HttpServlet.service(Unknown Source)
at com.ibm.pvc.webhttpservice.BridgeServlet.service(Unknown Source)
at com.ibm.pvc.internal.webcontainer.VirtualHost.handleRequest(Unknown Source)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(Unknown Source)
at com.ibm.wsspi.webcontainer.WebContainer.handleRequest(Unknown Source)
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(Unknown Source)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(Unknown Source)
at com.ibm.ws.http.HttpConnection.run(Unknown Source)
at com.ibm.ws.util.ThreadPool$Worker.run(Unknown Source)
___________
11:00:30.327 226 SEVERE com.ibm.domino.xsp.bridge.websrv.servlets.DispatcherServlet service CLFAD0256E: Dispatcher Servlet Problem - Error opening the database 'server!!database.nsf'
com.ibm.designer.runtime.domino.adapter.util.PageNotFoundException: Error opening the database 'server!!database.nsf'
at com.ibm.domino.xsp.module.nsf.NSFService.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(Unknown Source)
at com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(Unknown Source)
at com.ibm.domino.xsp.bridge.websrv.servlets.DispatcherServlet.service(Unknown Source)
at org.eclipse.equinox.http.registry.internal.ServletManager$ServletWrapper.service(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ServletRegistration.handleRequest(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.processAlias(Unknown Source)
at org.eclipse.equinox.http.servlet.internal.ProxyServlet.service(Unknown Source)
at javax.servlet.http.HttpServlet.service(Unknown Source)
at com.ibm.pvc.webhttpservice.BridgeServlet.service(Unknown Source)
at com.ibm.pvc.internal.webcontainer.VirtualHost.handleRequest(Unknown Source)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(Unknown Source)
at com.ibm.wsspi.webcontainer.WebContainer.handleRequest(Unknown Source)
at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(Unknown Source)
at com.ibm.ws.http.HttpConnection.readAndHandleRequest(Unknown Source)
at com.ibm.ws.http.HttpConnection.run(Unknown Source)
at com.ibm.ws.util.ThreadPool$Worker.run(Unknown Source)
if this is a timeout issue, in xsp properties window there are options about application and session timeout. default is 30 minutes (even if blank)
you can set it a bigger value (i am using 300 minutes)

Alfresco CMIS unauthorized

im doing an integration of Liferay and alfresco, my goal is to use alfresco 5.2 to store content created in Liferay DXP.
To do that ,i have added this line to portal-ext.porperties
dl.store.impl=com.liferay.portal.store.cmis.CMISStore
and added the config file com.liferay.portal.store.cmis.configuration.CMISStoreConfiguration.cfg with this content:
repositoryUrl=http://localhost:8080/alfresco/api/-default-/public/cmis/versions/1.1/atom
credentialsUsername=admin credentialsPassword=password
systemRootDir=Liferay
Everything worked fine but suddenly im getting this error while rebooting liferay:
21:19:37,536 ERROR [localhost-startStop-1][com_liferay_portal_store_cmis:97] [com.liferay.portal.store.cmis.CMISStore(1549)] The activate method has thrown an exception
org.apache.chemistry.opencmis.commons.exceptions.CmisUnauthorizedException: Unauthorized
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.convertStatusCode(AbstractAtomPubService.java:477)
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.read(AbstractAtomPubService.java:645)
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.AbstractAtomPubService.getRepositoriesInternal(AbstractAtomPubService.java:808)
at org.apache.chemistry.opencmis.client.bindings.spi.atompub.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:65)
at org.apache.chemistry.opencmis.client.bindings.impl.RepositoryServiceImpl.getRepositoryInfos(RepositoryServiceImpl.java:90)
at org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:135)
at org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl.getRepositories(SessionFactoryImpl.java:112)
at com.liferay.portal.store.cmis.CMISStore.createSession(CMISStore.java:591)
at com.liferay.portal.store.cmis.CMISStore.activate(CMISStore.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.felix.scr.impl.inject.BaseMethod.invokeMethod(BaseMethod.java:224)
at org.apache.felix.scr.impl.inject.BaseMethod.access$500(BaseMethod.java:39)
at org.apache.felix.scr.impl.inject.BaseMethod$Resolved.invoke(BaseMethod.java:617)
at org.apache.felix.scr.impl.inject.BaseMethod.invoke(BaseMethod.java:501)
at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:302)
at org.apache.felix.scr.impl.inject.ActivateMethod.invoke(ActivateMethod.java:294)
at org.apache.felix.scr.impl.manager.SingleComponentManager.createImplementationObject(SingleComponentManager.java:297)
at org.apache.felix.scr.impl.manager.SingleComponentManager.createComponent(SingleComponentManager.java:108)
at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:906)
at org.apache.felix.scr.impl.manager.SingleComponentManager.getServiceInternal(SingleComponentManager.java:879)
at org.apache.felix.scr.impl.manager.SingleComponentManager.getService(SingleComponentManager.java:823)
at org.eclipse.osgi.internal.serviceregistry.ServiceFactoryUse$1.run(ServiceFactoryUse.java:212)
at java.security.AccessController.doPrivileged(Native Method)
What does unauthorized mean in this context?

JBoss - configuring server.xml Connector

I've configured HTTP Connector in server.xml adding some ssl features. I tryied to set my keyAlias to which is the name of the alias for certain certificate (not the private key of the keystore). Then, when I start JBoss I get something like:
[2012-04-12 17:01:37,236 ERROR [org.apache.coyote.http11.Http11Protocol] Error
initializing endpoint
java.io.IOException: Alias name <somealias> do not indetify a key entry
I'm new to ssl configuration and web security core concepts as well. Thanks for your patience.
Edit: complete stacktrace follows:
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:412)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:135)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:497)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:514)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1146)
at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:601)
at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:638)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
at $Proxy46.handleNotification(Unknown Source)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:662)
It looks like you are not importing your keys properties. I'd recommend you review your steps against these two documents
http://docs.jboss.org/jbossweb/3.0.x/ssl-howto.html
A shorter version is here
http://www.agentbob.info/agentbob/79-AB.html

Resources