Invoking HTTPS webservice from flex - apache-flex

I have an https .net webservice. Invoking web methods using tools like soap UI works fine. I am unable to invoke the webmethod from flex. My WSDL loads up fine in flex.
On deployment my flex application and the webservice are on the same server. When use the machine url and access from within the server it works fine, but not when I use the https url for the flex application.
Eg - http://machinename/flex/flexApp.html works fine with https://publicname/wservice/ws.asmx but https://publicname/flex/flexapp.html fails to work.
I have the crossdomain policy in place with full access and also I have a valid SSL certificate on the server.
When I make the call from my local machine in debug mode I see the following in Fiddler-
The WSDL call goes fine and returns back correctly and the Protocol is shown as HTTPS where as the webmethod call following it shows the protocol as HTTP and returns back with the error -
I have been stuck on this for quite some time. Any help is greatly appreciated.
Thanks,
Nikhil.
Here is my Flex code that calls it:
//business delegate
public function BusinessDelegate(responder : IResponder):void
{
_responder = responder;
_service = ServiceLocator.getInstance().getService("sqlWebService");
_service.loadWSDL();
}
//Login User
public function Login(userId:String,password:String):void
{
var asyncToken:AsyncToken = _service.LoginUser(userId,password);
asyncToken.addResponder(_responder);
}
and the service locator has the following tag where I set the URL from outside as https://....
<mx:WebService
id="sqlWebService"
useProxy="false"
concurrency="multiple"
showBusyCursor="true"
wsdl="{Url}"/>

I finally was able to resolve this problem by replacing the code where I call the Flex WebService object with the specific generated classes for the webservice.
I generated classes for the webservice using Import WebService(WSDL) and was setting the url on the main class on run time as https://.....
and it works like a charm...and I see that in fiddler it shows me correctly going out as HTTPS instead of the HTTP.
Here is what helped me -
http://livedocs.adobe.com/flex/3/html/help.html?content=security2_15.html
Comment by nated.
Thanks Flextras.com for pointing me to right direction.
Resolved.

If using WCF service and WebService in Flex, use
service.svc?wsdl for HTTP and
service.svc/wsdl?wsdl for HTTPS,

Related

Spring Security OAuth2 Behind a Proxy Server

There seem to be many examples of Spring Security OAuth2, but most of them run on localhost at some specific set of ports. I was able to get my application working with ports specified for my AuthorizationServer and my ResourceServer. The next step I needed to take was move this application behind a proxy server, but the application stopped functioning. The main issues seem to be path related, but I'm struggling with lack of examples on how to accomplish the task of moving OAuth2 Spring behind a proxy server. I've focused on overriding the WhitelabelApprovalEndpoint, but I'm not sure if this is what is required.
I was able to create a controller that is nearly identical to the WhiteLabelApprovalEndpoint, but do not know how to adapt it to accommodate being behind a proxy.
#Controller
#SessionAttributes("authorizationRequest")
public class ApprovalEndpoint {
#RequestMapping("/oauth/confirm_access")
...
private static String TEMPLATE = "<html><body><h1>OAuth Approval</h1>"
+ "<p>Do you authorize '${authorizationRequest.clientId}' to access your protected resources?</p>"
+ "<form id='confirmationForm' name='confirmationForm' action='authorize' method='post'><input name='user_oauth_approval' value='true' type='hidden'/>%csrf%%scopes%<label><input name='authorize' value='Authorize' type='submit'/></label></form>"
+ "%denial%</body></html>";
...
The only change I made to the class was to update the form action string, making the path relative by replacing
action='${path}/oauth/authorize'
with
action='authorize'
This allows the POST to go to the correct URL
http://localhost/proxy/stuff/javaPath/oauth/authorize
instead of
http://javaPath/oauth/authorize
The latter doesn't map when submitted through Apache (the frontend proxy). But it would seem that this creates other problems in the Java application, because this results in the error
error="invalid_request", error_description="Cannot approve uninitialized authorization request."
I see that this exception is thrown in the AuthorizationEndpoint when the authorizationRequest is null. This looks like it should be handled by my custom class having SessionAttributes set properly, but updating the just the path that I'm POSTing to seems to break this.
May be you already solved it but posting the answer as it may help someone.
It is because authorize end point URL (domain + path(including proxy)) should be consistent. I mean either it should be 'localhost' or your proxy path but it should be consistent.
As OAuth uses session internally and later fetches it from the same path (when the POST happens) . So if the URL changes (POST) it wont get the session then it throws Cannot approve uninitialized authorization request.
For my case ,I was using the authorize end point as:
https://mydomain/myapp/oauth/authorize?grant_type=authorization_code&client_id=clientid&redirect_uri=http://localhost:8181&response_type=code
but in the properties I was having :
server:
session:
cookie:
path: /appProxy
context-path: /myapp
port: 8081
After successful authorization when POST is done on it tries to fetch the session from /appProxy/myapp instead of /myapp and resulting in Cannot approve uninitialized authorization request.
So to solve this, I can either remove Session.cookie.path property or run Oauth server on https://mydomain/appProxy/myapp/oauth/authorize to make it consistent.

Could not find default endpoint element that references contract 'Service' error in consuming web Services in asp.net mvc

I have a problem when calling web Services in ASP.net MVC , I do the following
add the web service by add service reference to solution, and I include the service.cs file to the solution also, but when I try to create object in home controller , I have the following error
Could not find default endpoint element that references contract 'Service' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.
can any one help me please
thanks
There's a couple things going on here. First, you're using SVCUTIL to generate a proxy and configuration settings for a non-WCF service - .asmx is legacy. I was able to generate a proxy and config settings, but to overcome the error you got you need to call one of the overloaded versions of WeatherHttpClient.
I'm not 100% sure, but this is what I think based on what I observed.
The reason is because there are two endpoints defined in the configuration file (one for SOAP 1.1 and one for SOAP 1.2), and since both endpoints are named there is no default endpoint to choose from.
When I used var x = new WeatherHttpClient(new BasicHttpBinding("WeatherSoap"), new EndpointAddress("http://wsf.cdyne.com/WeatherWS/Weather.asmx")); I was able to create the proxy just fine.
However, when I called GetCityForecastByZip I got the following error:
Server did not recognize the value of HTTP Header SOAPAction: http://ws.cdyne.com/WeatherWS/WeatherHttpGet/GetCityForecastByZIPRequest.
So then I used WSDL.exe to generate the proxy a la .ASMX style. I included that in my project, and the following code returned a result (after including a reference to System.Web.Services - I was using a console app):
var x = new Weather();
ForecastReturn result = x.GetCityForecastByZip("91504");`
I would suggest for simplicity using WSDL.exe to generate the proxy for your service, as it seems to be simpler.
I will also add that I've done very little MVC, but I don't think this is an MVC issue. I hope this helps you.

Servlet's RequestDispatcher.forward() method does not work

I have a Java Application which connects to a servlet using HttpURLConnection. The application embeds the parameters it wants to pass to the servlet in the url while connecting to it.Thus the servlet can access and process these parameters using its doGet(). I am through with this part (I can access the parameters and dispay them in the servlet).
Next what I want to do is pass these parameters from the servlet to a JSP. I'm using request.setAttribute() to do it. But even after RequestDispatcherObj.forward(request, response), the JSP doesn't open. I've even tried response.sendRedirect(url).
However if I run the servlet independently, both the above methods(forward() and sendRedirect()) work fine and the JSP page opens.
I wonder what am I doing wrong.
Thanks in advance for your help.
CODE:
Java App
serverAddress = new URL("http://localhost:8080/WebApp/ServletPath"+"?message1"+"="+message);
(HttpURLConnection)serverAddress.openConnection();
connection.setRequestMethod("GET");
connection.setRequestProperty("Accept-Charset", charset);
connection.setReadTimeout(10000);
connection.connect();
Servlet
message = request.getParameter("message1");//working
request.setAttribute("message1", message);//to be read in the jsp
url="/index.jsp";
RequestDispatcher dispatcher=getServletContext().getRequestDispatcher(url);
dispatcher.forward(request, response);//Works when servlet is run independently but not when the servlet is called from the App
}
HttpURLConnection is not used to change what the browser connects to and displays. It's used to create a HTTP connection in the Java application itself.
When a Java program connects to a URL and reads the response, the browser doesn't know about it, and won't magically display anything. By connecting to a URL in your Java app, you do the same thing as what the browser does, but in your own program. So you might read the response from the connection, and display what the webapp has sent.

call my web services from other app with javascript?

I got .asmx a web service on my app. I need to call a method from an other app to get statistics from my app. I need it to return XML. the call to the webmethod is done with javascript soap.
EDIT
I got the web service working. I can execute code and return a string but it stops there. When I try to pass parameters into the method it wont work and when I try to return a string[] or any other type it wont work either. any ideas? Is there something I need to do passing in parameters?
I think you could do two things.
One: enable [ScriptService] attribute on web method. This allows you to call the webservice
with javascript.
Example
Two: enable http-post/http-get webservice calls
How to enable

How do I get the host domain name in ASP .NET without using HttpContext.Current.Request?

I've got an ASP .Net application running on IIS7. I'm using the current url that the site is running under to set some static properties on a class in my application. To do this, I'm getting the domain name using this (insde the class's static constructor):
var host = HttpContext.Current.Request.Url.Host;
And it works fine on my dev machine (windows XP / Cassini). However, when I deploy to IIS7, I get an exception: "Request is not available in this context".
I'm guessing this is because I'm using this code in the static constructor of an object, which is getting executed in IIS before any requests come in; and Cassini doesn't trigger the static constructor until a request happens. Now, I didn't originally like the idea of pulling the domain name from the Request for this very reason, but it was the only place I found it =)
So, does anyone know of another place that I can get the host domain name? I'm assuming that ASP .Net has got to be aware of it at some level independent of HttpRequests, I just don't know how to access it.
The reason that the domain is in the request is...that's what's being asked for. For example these are a few stackexchange sites from http://www.stackexchangesites.com/:
http://community.ecoanswers.com
http://www.appqanda.com
http://www.irosetta.com/
If you ping them, you'll see they all point to the same IP/Web Server and be served by the same app (or multiple apps in this case, but the example holds if it was one big one)...but the application doesn't know which one until a host header comes in with the request asking the server for that site. Each request may be to a different domain...so the application doesn't know it.
If however it doesn't change, you could store it as an appSetting in the web.config.
Use global.asax or write a HttpModule and subscribe to start request events. You will have the request passed into your event handler.
Use this instead:
HttpRuntime.AppDomainAppVirtualPath
Or if you want the physical path:
HttpRuntime.AppDomainAppPath
For further reading:
http://weblogs.asp.net/reganschroder/archive/2008/07/25/iis7-integrated-mode-request-is-not-available-in-this-context-exception-in-application-start.aspx

Resources