Retrofit POST request sending email field with %40 instead of # - retrofit

I am trying to figure out a way to stop Retrofit from encoding the email address that I pass to make a POST request. Here is my POST interface
#POST("/security/oauth/token")
#FormUrlEncoded
void getAccessToken(#Field("client_id") String clientId,
#Field("client_secret") String clientSecret,
#Field("username") String username,
#Field("password") String password,
#Field("grant_type") String grantType, Callback<AccessToken> cb);
When I make the request, Retrofit sends these fields as
client_id=test&client_secret=cajcckkcaaa&username=androidtest12%40gmail.com&password=Password23&grant_type=password
The culprit here is the email address, which is being changed from androidtest12#gmail.com to androidtest12%40gmail.com causing server error.
Thanks in advance for help.

You need to set encodeValue = false for your username field for this to work because it is being encoded. They have this documented over at the Retrofit Javadoc. An example is below using your data.
#POST("/security/oauth/token")
#FormUrlEncoded
void getAccessToken(#Field("client_id") String clientId,
#Field("client_secret") String clientSecret,
#Field(encodeValue = false, value = "username") String username,
#Field("password") String password,
#Field("grant_type") String grantType, Callback<AccessToken> cb);

For Retrofit 2 you should use #Query with encoded = true like this:
public interface ValidateEmailApi {
#GET("/api/email")
Call<Void> validateEmail(#Query(encoded = true, value = "email") #NonNull String email);
}

Related

Spring security using LDAP and group membership

I am using spring security to verify if the user has passed in valid username and password.
I also want to validate if the user is a part of a particular group.
Though, the credentials verification is working, the group membership verification is not.
Do I need to configure ldapAuthoritiesPopulator?
Though, the credentials verification is working, the group membership verification is not.
I am assuming group membership is combination of ldap base and userDn.
Here is a code to help you.
public class LDAPDetail{
private String url; //your LDAP url
private Long timeout; // some timeout to connect LDAP
private String domain; // domain of user
private String userContainer; // typically value for OU=**,dc=**,dc=**
// You should be getting value for _domain_ and _userContainer_ from user's LDAP detail
}
public void validateUserDetails(){
LdapDetail ldapDetail = //gets user's value which you want to validate.
LdapTemplate ldapTemplate = build(ldapDetail, "username", "password");
AndFilter filter = new AndFilter();
filter.and(new EqualsFilter("objectclass", "person")).and(new EqualsFilter("cn", userName));
ldapTemplate.authenticate(LdapUtils.emptyLdapName(), filter.toString(), "password")
}
public static LdapTemplate build(LdapDetail ldapDetail, String userName, String password) {
LdapContextSource ldapContextSource = new LdapContextSource();
ldapContextSource.setBase(ldapDetail.getUserContainer());
ldapContextSource.setUrl(ldapDetail.getUrl());
ldapContextSource.setAnonymousReadOnly(true);
ldapContextSource.setCacheEnvironmentProperties(false);
ldapContextSource.setUserDn(ldapDetail.getDomain());
ldapContextSource.setBaseEnvironmentProperties(buildContextFor(ldapDetail, userName, password));
LdapTemplate ldapTemplate = new LdapTemplate(ldapContextSource);
ldapTemplate.setContextSource(ldapContextSource);
return ldapTemplate;
}
public static Map<String, Object> buildContextFor(LdapDetail ldapDetail, String userName, String password) {
Map<String, Object> env = new HashMap<>();
env.put(Context.REFERRAL, "throw");
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
env.put("java.naming.factory.url.pkgs",
"org.jboss.naming:org.jnp.interfaces:org.jboss.naming:org.jnp.interfaces");
env.put("com.sun.jndi.ldap.connect.timeout", String.valueOf(ldapDetail.getTimeout()));
env.put(Context.PROVIDER_URL, ldapDetail.getUrl());
env.put("ldap.domain", ldapDetail.getDomain());
env.put(Context.SECURITY_PRINCIPAL, userName);
env.put(Context.SECURITY_CREDENTIALS, password);
return env;
}

Basic Authentication with Resteasy client

I'm trying to perform an basic auth to the login-module which runs on my jboss using REST. I already found an StackOverflow topic which explains how to authenticate with credentials.
RESTEasy client framework authentication credentials
This does not work. Analysing the established connection with Wireshark I was not able to see an HTTP package with Authorization: Basic. After more research I found this article, http://docs.jboss.org/resteasy/docs/2.3.3.Final/userguide/html/RESTEasy_Client_Framework.html which describes how to append basic auth to ApacheHttpClient4Executor from resteasy.
// Configure HttpClient to authenticate preemptively
// by prepopulating the authentication data cache.
// 1. Create AuthCache instance
AuthCache authCache = new BasicAuthCache();
// 2. Generate BASIC scheme object and add it to the local auth cache
BasicScheme basicAuth = new BasicScheme();
authCache.put("com.bluemonkeydiamond.sippycups", basicAuth);
// 3. Add AuthCache to the execution context
BasicHttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.AUTH_CACHE, authCache);
// 4. Create client executor and proxy
httpClient = new DefaultHttpClient();
ApacheHttpClient4Executor executor = new ApacheHttpClient4Executor(httpClient, localContext);
client = ProxyFactory.create(BookStoreService.class, url, executor);
But this does not work either. There is no description how to append username and passwort for basic auth to the construct. Why is that information not associated with any class from httpcomponent?
One can use org.jboss.resteasy.client.jaxrs.BasicAuthentication which is packaged with resteasy-client 3.x and is meant specifically for basic authentication.
Client client = ClientBuilder.newClient();
ResteasyWebTarget resteasyWebTarget = (ResteasyWebTarget)client.target("http://mywebservice/rest/api");
resteasyWebTarget.register(new BasicAuthentication("username", "passwd"));
You can add a raw authorization header to your REST client by invoking .header(HttpHeaders.AUTHORIZATION, authHeader) in your client configuration.
The credentials must be packed in authorization header in the format of "user:pass", encoded as base64 byte array and then appended to the string "Basic " which identifies basic auth.
This is the whole snippet (inspired by this post on baeldung)
String auth = userName + ":" + password;
byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(Charset.forName("ISO-8859-1")));
String authHeader = "Basic " + new String(encodedAuth);
authToken = restClient.target(restApiUrl + loginPath)
.request()
.accept(MediaType.TEXT_PLAIN)
.header(HttpHeaders.AUTHORIZATION, authHeader)
.get(String.class);
This worked for me in a Resteasy client. For information, when testing this with wget I had to use the --auth-no-challenge flag.
Consider the solution from Adam Bien:
You can attach an ClientRequestFilter to the RESTEasy Client, which adds the Authorization header to the request:
public class Authenticator implements ClientRequestFilter {
private final String user;
private final String password;
public Authenticator(String user, String password) {
this.user = user;
this.password = password;
}
public void filter(ClientRequestContext requestContext) throws IOException {
MultivaluedMap<String, Object> headers = requestContext.getHeaders();
final String basicAuthentication = getBasicAuthentication();
headers.add("Authorization", basicAuthentication);
}
private String getBasicAuthentication() {
String token = this.user + ":" + this.password;
try {
return "Basic " +
DatatypeConverter.printBase64Binary(token.getBytes("UTF-8"));
} catch (UnsupportedEncodingException ex) {
throw new IllegalStateException("Cannot encode with UTF-8", ex);
}
}
}
Client client = ClientBuilder.newClient()
.register(new Authenticator(user, password));
I recently upgraded to resteasy-client:4.0.0.Final to deal with some Jackson upgrade issues, and I noticed that setting headers seem to work differently (I was getting 401: Authorization Errors for every authenticated request that previously worked). I also couldn't find much documentation, (the 4.0.0.Final release is only a month old and has some dependency issues, if my experience is representative of the broader case).
The code previously injected headers into the ClientRequestContext:
public AddAuthHeadersRequestFilter(String username, String password) {
this.username = username;
this.password = password;
}
#Override
public void filter(ClientRequestContext requestContext) throws IOException {
String token = username + ":" + password;
String base64Token = Base64.encodeString(token);
requestContext.getHeaders().add("Authorization", "Basic " + base64Token);
}
}
then we set the filter on the ResteasyClient like so:
ResteasyClient client = new ResteasyClientBuilder()
.sslContext(buildSSLContext())
.hostnameVerifier(buildHostVerifier())
.build();
client.register(new AddAuthHeadersRequestFilter(user, pass));
However, this appears not to set the HeaderDelegate, which is where headers are retrieved in 4.x(?) and possibly earlier versions.
The trick was to register that filter on the ResteasyWebTarget instead of the client in the 4.0.0.Final version (you may notice the clientBuilder works a little differently now too).
ResteasyClient client = (ResteasyClient)ResteasyClientBuilder.newBuilder()
.sslContext(buildSSLContext())
.hostnameVerifier(buildHostVerifier())
.build();
ResteasyWebTarget target = client.target(url);
target.register(new AddAuthHeadersRequestFilter(user, pass));

how can return json using response.senderror

In my app,I use springMVC and tomcat,my controller return object,but when something wrong,I only want return some string message with content tye json,so I use response.error, but it not work,the return is a html.
my controller:
#RequestMapping(value = "{id}/{name}" ,method=RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
public #ResponseBody UserBean login(#PathVariable String id,#PathVariable("name") String userName,
#RequestHeader(value = "User-Agent") String user_agen,
#CookieValue(required = false) Cookie userId,
HttpServletRequest request,HttpServletResponse response,#RequestBody UserBean entity
) throws IOException {
System.out.println("dsdsd");
System.out.print(userName);
response.setContentType( MediaType.APPLICATION_JSON_VALUE);
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "somethind wrong");
return null;
According to the Javadoc for the HttpServletReponse#sendError method:
Sends an error response to the client using the specified status. The
server defaults to creating the response to look like an
HTML-formatted server error page containing the specified message,
setting the content type to "text/html", leaving cookies and other
headers unmodified...
So sendError will generate an HTML error page using the message that you supplied and will override the content type to text/html.
Since the client end is expecting a JSON response, you may be better to manually set the response code and the message yourself using fields on your UserBean - assuming it can support it. That will then be serialized to a JSON response that your clientside Javascript can evaluate.
#RequestMapping(value = "{id}/{name}" ,method=RequestMethod.POST,produces = MediaType.APPLICATION_JSON_VALUE)
public #ResponseBody UserBean login(#PathVariable String id,#PathVariable("name") String userName,
#RequestHeader(value = "User-Agent") String user_agen,
#CookieValue(required = false) Cookie userId,
HttpServletRequest request,HttpServletResponse response,#RequestBody UserBean entity
) throws IOException {
System.out.println("dsdsd");
System.out.print(userName);
response.setContentType( MediaType.APPLICATION_JSON_VALUE);
response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
UserBean userBean = new UserBean();
userBean.setError("something wrong"); // For the message
return userBean;
There is also the option of using the Tomcat property org.apache.coyote. USE_CUSTOM_STATUS_MSG_IN_HEADER which will place the message into a custom response header. See this post and the Tomcat docs for more info.

Request email from OAuthWebSecurity.RegisterMicrosoftClient

I am trying to integrate oauth authentication from an MVC 4 project to Microsoft (Live service). The followings lines in AuthConfig.cs have been uncommented:
OAuthWebSecurity.RegisterMicrosoftClient(
clientId: "XXX",
clientSecret: "XXX");
And, the app has been set up at https://manage.dev.live.com
Later, when OAuthWebSecurity.VerifyAuthentication is called, I get back the success status, but the email field is not in the returned data.
How can I request an email to be returned from VerifyAuthentication call issued again Microsoft account?
Thanks.
First, you should implement a 'MicrosoftScopedClient' class which implements 'IAuthenticationClient ' interface, and that should implement two methods of interface which is;
public class MicrosoftScopedClient : IAuthenticationClient
{
//Define following three keys in Web.Config file and use it in code, it will maintain code consistency.
private string clientId;
private string clientSecret;
private string scope;
private const string baseUrl = "https://login.live.com/oauth20_authorize.srf";
private const string tokenUrl = "https://login.live.com/oauth20_token.srf";
public void RequestAuthentication(HttpContextBase context, Uri returnUrl)
{
//Getting values of clientId, clientSecret and scope from Web.Config file
clientId=System.Configuration.ConfigurationManager.AppSettings["msClientId"].ToString();
clientSecret=System.Configuration.ConfigurationManager.AppSettings["msClientSecret"].ToString();
scope=System.Configuration.ConfigurationManager.AppSettings["msScope"].ToString();
string url = baseUrl + "?client_id=" + clientId + "&redirect_uri=" + HttpUtility.UrlEncode(returnUrl.ToString()) + "&scope=" + HttpUtility.UrlEncode(scope) + "&response_type=code";
//this will authenticate the user and register(only if user visited first time).
context.Response.Redirect(url);
}
public AuthenticationResult VerifyAuthentication(HttpContextBase context)
{
string code = context.Request.QueryString["code"];
string rawUrl = context.Request.Url.ToString();
//removing code portion
rawUrl = Regex.Replace(rawUrl, "&code=[^&]*", "");
IDictionary<string, string> userData = GetUserData(code, rawUrl);
if (userData == null)
return new AuthenticationResult(false, ProviderName, null, null, null);
string id = userData["id"];
string username = userData["email"]; // here you'll get email id of user
userData.Remove("id");
userData.Remove("email");
AuthenticationResult result = new AuthenticationResult(true, ProviderName, id, username, userData);
return result;
}
}
////// Finally you need to register all stuffs in AuthConfig.cs and interact with Microsoft through our application.
OAuthWebSecurity.RegisterClient(new MicrosoftScopedClient(System.Configuration.ConfigurationManager.AppSettings["msClientId"].ToString(),
System.Configuration.ConfigurationManager.AppSettings["msClientSecret"].ToString(),
"wl.basic wl.emails"
)
, "Microsoft", null);

how to return list in asp.net to a json post

So in my web service i get the data from textboxes search it in database and create letter objects.Then add those objects to a list.my question is how do i return the list to my web page and create divs. for example if service finds 5 letters how i do i return them and create 5 different divs with their data.Thanks in advance
public Letter(string lid, string companyname, string personname, string email, string fax, string phone, string industryname, string teamname, string sender, string statusname, string description, string date)
{
LID = lid;
CompanyName = companyname;
PersonName = personname;
Email = email;
Fax = fax;
Phone = phone;
IndustryName = industryname;
TeamName = teamname;
Sender = sender;
StatusName = statusname;
Description = description;
Date = date;
}
You just need to decorate your web services with ScriptService attribute and it will return response in raw json format. For more info check it out here and you also want to check out this.
Once you get Json response, you can do something like this to render the output as per your requirement. It's not exactly what you're looking for but it will give you an idea how to proceed further.
In .net 3.5 you can create json by using the System.Web.Script.Serialization.JavaScriptSerializer otherwise you have to do it manually or by a 3rd party component.

Resources