I have code in the afterRenderReponse event in an xpage (xagent) to establish a connection with the Domino Data Service and return the result (json) to a scoped variable.
Anonymous access to the database containing the xpage is No Access, so the user will have to log in.
Problem is that when calling url.openConnection() in the code, the login form is returned. Meaning I have to authenticate again even if the requested url is at the same server/domain as the xpage calling it.
I know I can authenticate using basic authentication using:
conn.setRequestProperty("Authorization", "Basic " + authStringEnc) , but then I would have to know the username and password + base64 encode this.
My question is : Since the user is allready authenticated, is it possible to "pass along" these credentials to the java.net.HttpURLConnection object ? Is it possible to get a handle to the ltpatoken cookie and provide this ? Any other way ?
<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core" rendered="false">
<xp:this.afterRenderResponse><![CDATA[#{javascript:// Establish connection with Domino database collection resource
try{
var url = new java.net.URL("http://server/mydb.nsf/api/data");
var conn:java.net.HttpURLConnection = url.openConnection();
conn.setRequestProperty("Accept", "application/json");
if (conn.getResponseCode() == "200") {
// Get the response
var reader = new java.io.BufferedReader(new java.io.InputStreamReader(conn.getInputStream()));
var buffer = new java.lang.StringBuffer();
var line = "";
while ((line = reader.readLine()) != null) {
buffer.append(line);
}
reader.close();
// Create array from response
var jsonarray = eval('(' + buffer + ')');
// Get filenames and titles from Domino database collection resource
// On XPage, requestScope.status is bound to a multi-line text control
for (var i = 0; i < jsonarray.length; i++) {
requestScope.status += jsonarray [i].#filepath + " - " + jsonarray [i].#title + "\n";
}
} else { // if connection fails
requestScope.status = conn.getResponseCode() + " " + conn.getResponseMessage();
}
} catch(e){
_dump(e);
}
}]]></xp:this.afterRenderResponse>
</xp:view>
Any information would be greatly appreciated !
Thanks !
Best regards,
Petter Kjeilen
If the user is authenticated and you're using session authentication on the server, you can read the session cookies from the users and pass the same cookies along with subsequent (GET) requests.
Depending on how session authentication is configured on the Domino server, you're looking for the DomAuthSessionId or LTPAToken cookie. Have a look at the answer on this page for a sample on how to read the cookies and send them along with additional requests ("maintaining the session" section).
Don't use an HTTP URL Connection! Too much headache. Use the Apache HTTP Client. The classes are on the Domino server. Use this as a reference point how to use it.
Related
I am investigating how to possibly authenticate to a Kubernetes 1.13 cluster with OpenID Connect and Keycloak. I am new to this area.
This YouTube video ("Use Open ID Connect for Kubernetes API server") accomplishes part of what I want. An id token is initially obtained by making a HTTP request (with curl) to Keycloak citing grant type password. The resulting token is then subsequently used in further HTTP requests to the Kubernetes API. This works but has the disadvantage that clients directly handle users' permanent credentials.
Would it not be better if the token were issued by a secure web page that also required authentication via Keycloak (this time with grant type authorization code) and did nothing else but displaying a new token? Such tokens (transient credentials) could then e.g. be manually copied into kubeconfigs for further use?
Does Keycloak provide such interactive web pages (next to the REST endpoints for obtaining tokens programatically) or is this out of scope? If the second, are there other standard components for such tasks?
UPDATE This illustration from the Kubernetes documentation perhaps makes more clear what I am seeking. In step 1 a user should log into the Identity provider to obtain tokens which can then be configured into kubectl. Does Keycloak support this step, i.e. offer a web page where users could log in to obtain their tokens?
If I am able to understand your question ,so you want to get the accesstoken via Java code so here is code you can write and call
String obtainAccessToken = obtainAccessToken(username, password);
putRequest.addHeader("Authorization", "bearer " + obtainAccessToken);
putRequest.addHeader("content-type", MediaType.APPLICATION_JSON);
Here is the method you should call
public String obtainAccessToken(String UserName, String pwd)
{
AuthzClient authzClient = AuthzClient.create(configuration);
AccessTokenResponse accessTokenResponse = authzClient.obtainAccessToken(UserName, pwd);
String token = accessTokenResponse.getToken();
return token;
}
Here is the get realm method
public Response getAllRealms() {
ObjectMapper mapper = JacksonObjectMapperProvider.getObjectMapper();
CloseableHttpResponse response = null;
List<SureRealmRepresentation> realmList = new ArrayList<SureRealmRepresentation>();
int status;
try {
String urlGetAllRealms = URL + "/admin/realms";
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpGet getRequest = new HttpGet(urlGetAllRealms);
String obtainAccessToken = obtainAccessToken(username, password);
getRequest.addHeader("Authorization", "bearer " + obtainAccessToken);
getRequest.addHeader("content-type", MediaType.APPLICATION_JSON);
response = httpclient.execute(getRequest);
status = response.getStatusLine().getStatusCode();
String responseBody = EntityUtils.toString(response.getEntity());
if (status == 200) {
RealmRepresentation[] realmArray = mapper.readValue(responseBody, RealmRepresentation[].class);
}
catch (Exception e) {
if (e instanceof Exception) {
throw (Exception) e;
} else {
throw ErrorHandler.wrap(new Exception("EroorType : "+ e.toString()));
}
}
Jasper server allows you to view the list of users by executing this HTTP GET request-
http://localhost:8080/jasperserver/rest_v2/users/
when I execute this using the web browser, I get a pop up message "Authentication Required" asking for user name and password.
On entering a valid user name and password, I get the list of users in xml format like this -
<users>
<user>
<externallyDefined>false</externallyDefined>
<fullName>John Smith</fullName>
<username>John</username>
</user>
<user>
<externallyDefined>false</externallyDefined>
<fullName>alicia</fullName>
<username>alicia</username>
</user>
</users>
I want to execute this HTTP GET request from C#. But when I do I get this error - "Server responded with error - (401) Unauthorised request"
Here's my C# code -
public void getUsers()
{
var query = new Uri(string.Concat("http://localhost:8080/jasperserver/rest_v2/users/"));
var request = WebRequest.Create(query);
request.Credentials = new NetworkCredential("jasper", "jasper");
request.Method = "GET";
request.ContentType = "urlencoded";
HttpWebResponse httpResponse = (HttpWebResponse)request.GetResponse();
Stream resStream = httpResponse.GetResponseStream();
}
How can I fix this?
Jasper Rest based services uses the SOAP based Basic Http Authentication. You can try something like below to enforce the basic authentication from C# web request.
public void SetBasicAuthHeader(WebRequest request, String userName, String userPassword)
{
string authInfo = userName + ":" + userPassword;
authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
request.Headers["Authorization"] = "Basic " + authInfo;
}
Usage:
var request = WebRequest.Create("http://localhost:8080/jasperserver/rest_v2/users");
SetBasicAuthHeader(request, "jasper", "jasper");
var response = request.GetResponse();
I realize this might come across as a very basic question, but I just downloaded Xamarin three days ago, and I've been stuck on the same issue for two days without finding a solution.
Here is what I am trying to do:
Get user input, call API, parse JSON and pass data to another controller, and change views.
Here is what I have been able to do so far: I get the user input, I call the API, I parse the response back, write the token to a file, and I want to pass the remaining data to the second controller.
This is the code I am trying:
var verifyCode = Storyboard.InstantiateViewController("verify") as VerifyCodeController;
if (verifyCode != null)
{
this.NavigationController.PushViewController(verifyCode, true);
}
My storyboard setup:
Navigation controller -> routesTo -> FirstController
I have another UI Controller View set up with the following properties set:
storyboardid: verify
restorationid: verify
and I am trying to push that controller view onto the navigation controller.
Right now this line is erroring out:
var verifyCode = Storyboard.InstantiateViewController("verify") as VerifyCodeController;
giving me this error, which I don't know what it means: Could not find an existing managed instance for this object, nor was it possible to create a new managed instance.
Am I way off in my approach?
p.s: I cannot use the ctrl drag thing like the tutorial suggests because I have an asynchronous call. And I cannot under no circumstances make it synchronous. So all the page transition has to be manual.
EDIT
to anyone requesting more code or more info:
partial void registerButton_TouchUpInside (UIButton sender)
{
phone = registrationNumber.Text;
string url = url;
HttpWebRequest request = (HttpWebRequest)WebRequest.Create (url);
request.Method = "GET";
Console.WriteLine("Getting response...");
using (HttpWebResponse response = request.GetResponse() as HttpWebResponse)
{
if (response.StatusCode != HttpStatusCode.OK)
{
Console.Out.WriteLine("Error fetching data. Server returned status code: {0}", response.StatusCode);
}
using (StreamReader reader = new StreamReader(response.GetResponseStream()))
{
string content = reader.ReadToEnd();
if (string.IsNullOrWhiteSpace(content))
{
//Console.WriteLine(text);
Console.Out.WriteLine("Response contained empty body...");
}
else
{
var json = JObject.Parse (content);
var token = json["token"];
var regCode = json["regCode"];
var aURL = Environment.GetFolderPath (Environment.SpecialFolder.MyDocuments);
var filename = Path.Combine (aURL, "app.json");
File.WriteAllText(filename, "{token: '"+token+"'}");
// transition to main view. THIS IS WHERE EVERYTHING GETS MESSED UP
var verifyCode = Storyboard.InstantiateViewController("verify") as VerifyCodeController;
if (verifyCode != null)
{
this.NavigationController.PushViewController(verifyCode, true);
}
}
}
}
}
Here is all the info for every view in my storyboard:
1- Navigation controller:
- App starts there
- The root is the register pager, which is the page we are currently working on.
2- The register view.
- The root page
- class RegisterController
- No storyboard id
- No restoration id
3- The validate view
- Not connected to the navigation controller initially, but I want it to be connected eventually. Do I have to connect it either way? Through a segue?
- class VerifyCodeController
- storyboard id : verify
- restoration id : verify
If you guys need more information I'm willing to post more. I just think I posted everything relevant.
I encouraged my company to use ServiceStack for one of the software projects. I am loving servicestack framework by all means. I came accross a problem that I couldn't figure out by myself.
In a web application i am using ServiceStack c# Jsonclient from a login page to authenticate. When i get authenticated c# client hold the ss-id cookies in it. So when i use same c# client for service calls i can access the session within my services.
But there is a autocomplete feature which calls a service by Jquery AJAX call the client there (browser) is not authenticated and browser does not hold ss-id cookie also.
My question is when i authenticate with c# client on code-behind. How can i store session cookies on browser (Is that needed?) so when i call service from javascript client i can access session in my services also.
Thanks for the response.
My question is when i authenticate with c# client on code-behind. How can i store session cookies on browser (Is that needed?)
So, your browser needs to have a session cookie to let ServiceStack know that it has been successfully authenticated. The browser knows nothing about what is happening with your C# clients. I'm not sure how you are posting your authentication data (username/password/etc) but if it is through a browser and you're handing the data off to a C# client you could do something like below. This is wihin MVC but the point is to get the session cookie out of the client and into the response to the browser.
public ActionResult Login()
{
var client = new JsonServiceClient("http://localhost");
var response = client.Post(new Auth() {UserName = "TestUser", Password = "Password"} );
var ssId = "";
foreach(Cookie c in client.CookieContainer.GetCookies(new Uri("http://localhost")))
{
if (c.Name == "ss-id")
{
ssId = c.Value;
}
}
var cookie = new HttpCookie("ss-id", ssId);
this.ControllerContext.HttpContext.Response.SetCookie(cookie);
return new EmptyResult();
}
If you are using MVC this would be a better way. However, I'm not sure your reasoning for using C# clients and how your are receiving the authentication data and your ability to get into the Response to the browser.
Setting both "ss-id" and "ss-pid" cookies works for me when authenticating the browser as well as the .NET client.
A somewhat rewritten part of my logon controller:
[HttpPost]
public ActionResult Logon(Auth auth)
{
using (var client = new ServiceStack.ServiceClient.Web.JsonServiceClient("://ServicestackUrl/"))
{
auth.provider = "credentials";
auth.RememberMe = true;
client.UserName = auth.UserName;
client.Password = auth.Password;
var authResponse = new AuthResponse();
try
{
authResponse = client.Send(auth);
}
catch (WebException ex)
{
throw ex;
}
foreach (Cookie c in client.CookieContainer.GetCookies(new Uri(client.BaseUri)))
{
if (c.Name == "ss-id" || c.Name == "ss-pid")
{
Response.SetCookie(new HttpCookie("ss-id", c.Value));
}
}
//Log the user on with forms authentication
string encryptedTicket = FormsAuthentication.Encrypt(
new FormsAuthenticationTicket(
1,
authResponse.UserName,
DateTime.Now,
DateTime.Now.AddMinutes(FormsAuthentication.Timeout.Minutes),
false,
""
)
);
Response.Cookies.Add(
new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)
);
}
//Do a redirect or something
return Redirect(GetRedirectUrl);
}
I have a site collection in which Document Id feature is activated.
Documents are archived to this site collection from another site (in which Document Id is activated as well) and the only information I have about the moved file is the document id which is same between the source and the destination.
I need to download the file using web request, but my code gives '401 Unauthorised Exception'.
My code is as below:
string url = "http://<site collection>/_layouts/DocIdRedir.aspx?ID=<doc id>";
HttpWebRequest request = HttpWebRequest.Create(url) as HttpWebRequest;
request.Method = "Get";
request.PreAuthenticate = true;
var credential= new NetworkCredential(username, password, domainname);
request.Credentials = credential;
HttpWebResponse response = request.GetResponse() as HttpWebResponse;
I need to give some sort of authentication, but could not figure it out.
Any help would be greatly appreciated.
Thanks and Regards
Arjabh
Try running your code inside of a
SPSecurity.RunWithElevatedPrivileges(delegate()
{
//code goes here
});
block