In trying to get a Liberty container to work I'm encountering the following problem.
For a database connection I have an authData section like this in the server.xml:
<authData id="datasourceAuth" user="test" password="{xor}ABCD"/>
When I try to run the server with the password not encoded the database connection works as expected, but when the password is encoded I get this message: Connection refused (Connection refused). ERRORCODE=-4499, SQLSTATE=08001 DSRA0010E: SQL State = 08001, Error Code = -4,499
It looks like the password isn't being decoded when setting up the connection, but I don't understand why or if I am missing something in the configuration.
Encoding of data source passwords is supported in Liberty and ought to be working. I'll provide a more complete example aligning with the style of config you are using, as well as a reference to an official knowledge center doc with its own example
Use the securityUtility to encode the password,
securityUtility encode --encoding=xor test123
output:
{xor}KzosK25tbA==
Configure the value on authData and use the authData on a dataSource,
<authData id="datasourceAuth" user="test" password="{xor}KzosK25tbA=="/>
<dataSource id="testdb" jndiName="jdbc/testdb" containerAuthDataRef="datasourceAuth">
<jdbcDriver libraryRef="db2jcc"/>
<properties.db2.jcc databaseName="TESTDB" serverName="localhost" portNumber="50000"/>
</dataSource>
The authentication data applies when using a resource reference with container authentication.
I'd recommend going back and trying all of the steps again to rule out the possibility of a typo or copy/paste error. If it still doesn't work, then raise a case against OpenLiberty here,
https://github.com/OpenLiberty/open-liberty/issues/new/
Related
I want to setup libzmq plaintext authentication for my pub server. How can I do that??
The official doc is too simple. http://api.zeromq.org/4-1:zmq-plain. I set ZMQ_PLAIN_SERVER = 1, But I don't know how to set username and password to the socket.
In Java, I can use
public ZAuth configurePlain(String domain, String filename)
To specify an auth file, then I put usernames and passwords in it like the following:
username1=password1
username2=password2
...
I found czmq has a similar operation http://czmq.zeromq.org/czmq4-0:zauth which I failed to see
the equivalent in libzmq.
If the password contains #, ImapMailReceiver failed to return host correctly.
for example:
username: abc#gmail.com
password: abc#123
host: imap.gmail.com
Final URI string
imap://abc#gmail.com:abc#123#imap.gmail.com:993/INBOX
then, ImapMailReceiver identify host as 123#imap.gmail.com
I checked this thread but I use JavaConfig way to create ImapMailReceiver where as the thread is about XML config way.
Any way to walk around of this issue?
Thanks!
UPDATE
Final URI string with encoding
imap://abc%40gmail.com:abc%40123#imap.gmail.com:993/INBOX
in this case, I got AuthenticationException.
May be above information help you to understand the problem.
UPDATE 1
above was an issue from Gmail. One need to enable LESS SECURE APP security option in Gmail to fix Authentication related issue.
RFC 1738 says:
Within the user and password field, any ":", "#", or "/" must be encoded.
I expect you already know how URL encoding works. If you want a refresher, page 18 of the same document is a good place to start.
I encountered the same problem with an Office 365 account, where the user name is like 'your-user#your-company.com' and the host is 'outlook.office365.com'. Without encoding the user name, 'your-company.com' is used as the host, which leads to the following (a bit misleading) error:
javax.mail.AuthenticationFailedException: failed to connect, no password specified?
Activating debugging with mail.debug=true ...
mailProps.put("mail.debug", "true");
receiver.setJavaMailProperties(mailProps);
... gives us the parameters used for the connection to the mail server.
DEBUG IMAPS: protocolConnect returning false, host = your-company.com, user = your-user, password = <null>
To resolve the issue, I used URLEncoder.encode for the username and password, e.g.:
...
new StringBuilder("imaps://")
.append(URLEncoder.encode(mailSettings.getUser(), StandardCharsets.UTF_8.toString()))
.append(":")
.append(URLEncoder.encode(mailSettings.getPassword(), StandardCharsets.UTF_8.toString()))
...
How to specify a user id and password for Visual Studio Code with an authenticating proxy?
I've seen the Proxy Server Support on the main VS Code site, but this only mentions two settings ...
"http.proxy": "http://10.203.0.1:5187/"
"http.proxyStrictSSL": false
I've set these, but still no luck, e.g. I can't install extensions ... can't even get a list of them
I suspect it's our proxy, as it needs a user id and password :-(
So how can you set these values?
Set credentials inside the proxy url:
http://username:password#10.203.0.1:5187/
WARNING: Setting your password in plaintext in a file can easily lead to your account being compromised. Further it might violate your companies data security guidelines. https://cwe.mitre.org/data/definitions/256.html
If you don't want to store your credentials in the settings file, fiddler can be used to proxy the call to the proxy. Furthermore, I believe the above only works for proxy servers using basic authentication, the following should work for NTLM.
VSCode Open Settings File:
%APPDATA%\Code\User\settings.json
add the following:
{
"http.proxy": "http://127.0.0.1:8888",
"http.proxyStrictSSL": false
}
Fiddler Confirm fiddler settings:
Fiddler Ensure Fiddler set to automatically authenticate:
VSCode Extensions should now be online:
Update
This is now no longer required following implementation of PR #22369 which was implemented in version 1.15 Proxy server authentication.
In my case I still needed to add:
"http.proxyStrictSSL": false
My favorite response here is David Martin's suggestion of using Fiddler. But in case that is not something you want to undertake, below is how to set your credentials for the proxy.
To specify DOMAIN + username + password: (It will likely not work with a slash, so use %5C in the place of the slash as shown below)
// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://DOMAIN%5Cusername:password#proxy_name_or_ip:port",
"https.proxy": "http://DOMAIN%5Cusername:password#proxy_name_or_ip:port",
// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,
To specify just username + password:
// The proxy setting to use. If not set will be taken from the http_proxy and https_proxy environment variables
"http.proxy": "http://username:password#proxy_name_or_ip:port",
"https.proxy": "http://username:password#proxy_name_or_ip:port",
// Whether the proxy server certificate should be verified against the list of supplied CAs.
"http.proxyStrictSSL": false,
The venerable CNTLM could help you. You give it your credentials, tell it about the upstream proxy, run it on your local machine, then point VS to the proxy at http://localhost:3128.
http://cntlm.sourceforge.net/
It's a handy solution for any application that doesn't support authenticated proxies.
I really like the solution David Martin posted (further below) using Fiddler, however I wanted to figure out how to use http.proxyAuthorization and here is my solution considering you are OK to have credentials saved in base64 encoded format in the settings.json file.
WARNING: Saving credentials in base64 encoded format is certainly better than plain text, however consider base64 encoding as obfuscation not an encryption and the account can still be compromised - use at your own risk. Consider modifying the ACL of the settings file to reduce read access to it.
Step 1: Encode your credentials using the code below:
var s = #"DOMAIN\user:pass";
var bytes = System.Text.Encoding.UTF8.GetBytes(s);
Console.WriteLine(Convert.ToBase64String(bytes));
RE9NQUlOXHVzZXI6cGFzcw==
Step 2: Update VS Code settings by adding http.proxyAuthorization using the base64 encoded value from above:
{
"https.proxy": "https://internal-proxy.corp.net:8080",
"http.proxyAuthorization": "Authorization: Basic RE9NQUlOXHVzZXI6cGFzcw=="
}
Step 3: Secure the settings.json by updating it's ACL
Since you have stored credentials in the file to increase the security you can modify the ACL of the settings file by removing the local administrators group - make sure only you can read this file. I used the following PowerShell script to remove the local admin group for example:
#Requires -Version 5.1
# PowerShell 5.1 min version required for the code below
$settings = "$env:appdata\Code\$env:username\settings.json"
$acl = (Get-Item $settings).GetAccessControl('Access')
$acl.SetAccessRuleProtection($true,$true) # removes the ACL inheritance
$accesToRemove = $acl.Access | ?{ $_.IsInherited -eq $false -and $_.IdentityReference -eq 'BUILTIN\Administrators' }
$acl.RemoveAccessRule($accesToRemove)
Set-Acl -AclObject $acl $settings
Please take ref to this article.
https://taeguk.co.uk/blog/working-in-visual-studio-behind-the-firewall/
Let’s assume my NTLM login is DOMAIN\User Name and my password is P#ssword!
The format for the credentials needs to be DOMAIN\User Name:P#ssword!, but you need to URL Encode the user name and password.
A simple online URL encoded can translate your username and password to: DOMAIN%5CUser%20Name and P%40ssword!.
Piece all this info into a single string like so: http://DOMAIN%5CUser%20Name:P%40ssword!#proxy-cluster.fqdn.local:8881
Then add this into your User Settings in File, Preferences against the "http.proxy" value:
// Place your settings in this file to overwrite the default settings
{
"http.proxy": "http://DOMAIN%5CUser%20Name:P%40ssword!#proxy-cluster.fqdn.local:8881"
}
"http.proxy": "http://DOMAIN//USER:PASSWORD#wsg.test.com:8080".
Do not forget to add the port.
Use the below command and replace the username,password and ip address of you proxy:port
PS C:\Users\rathakrishnan> npm config set proxy http://username:password#172.18.10.27:3128
PS C:\Users\rathakrishnan> npm install -g #angular/cli
in Visual Studio Code (my version is 1.32.3) you write a request, i.e.
### my request
GET https://defdomain.prefix.com/app/resource
Authorization: bXl1c2VyOnVzZXIyMkBwYXNzd29yZA==
Wherefore the Authorization header is of type "Basic base64encoded" and consists of
myuser:user22#password (username:usercredentials) base64 encoded. Thats all.
In the production server with Beego I get
must have one register DataBase alias named default
I know the db connection credentials work in the server but whenever I do restful request I get this error and the Beego server crashes.
Is there a reason why this is happening?
Below is the code inside main.go init function:
orm.RegisterDriver("postgres", orm.DR_Postgres)
orm.RegisterDataBase("default", "postgres",
fmt.Sprintf("postgres://%s:%s#%s/%s?port=%i",
pgUser, pgPass, pgHost, pgDb, pgPort))
Can you provide a sample of your code?
Based on the error message you have provided, you may not have registered a database with alias default using orm.RegisterDataBase. Here's an example which I have taken from the documentation:
// param 1: Database alias. ORM will use it to switch database.
// param 2: driverName
// param 3: connection string
orm.RegisterDataBase("default", "mysql", "root:root#/orm_test?charset=utf8")
In beego, it is common to register the driver and the database in init of main.go (example).
I'm trying to teach myself .Net MVC 3, and am following this tutorial: http://www.asp.net/mvc/tutorials/getting-started-with-aspnet-mvc3/cs/intro-to-aspnet-mvc-3 and have reached the step where you create the controller for the Model you created earlier (http://www.asp.net/mvc/tutorials/getting-started-with-aspnet-mvc3/cs/accessing-your-model's-data-from-a-controller).
When I try to create the controller, I get the "The provider did not return a ProviderManifestToken string" error. A bit of googling leads me to believe this is due to an error with my connection string.
The thing is I'm not running SQL Server locally, so I can't copy the example connectionString. Here's what I've got now:
connectionString="Data Source=1.2.3.4\MSSQLSERVER;Initial Catalog=myDBname;Integrated Security=False;User ID=myUsername;Password=myPassword"
I've tried using SSMS to log on to the database using the username and password, and it works, so the problem is not with the user itself.
Any ideas?
If you are using SQL Azure, this error can be caused if the Azure Database Firewall is not set up to allow your IP Address. Make sure check to make sure you are authorizing the IP Address. This error doesn't necessarily point you in that direction.
I had same problem and solved it by following method.
Just Check the db instance's Object name, it might be like:
private Model_ db = new Model_();
If so, then replace it with MovieDBContext like:
private MovieDBContext db = new MovieDBContext();
(or what you set the Class name in Model/Movies.cs like
public class MovieDBContext : DbContext
{
public DbSet < Movie> Movies { get; set; }
)
I had the same problem until I came across this answer
DB Connection string in Web.config to use attached .mdf database won't work
"If you have the *.mdf placed in App_Data folder, using this format works:"
<connectionStrings>
<add name="ConnectionName"
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|DatabaseName.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
I also used the tutorial, but I had database file *.mdf otherwise than in the tutorial *.sdf.
Maybe this solution will be helpful.
I figured it out: turns out that "\MSSQLSERVER" isn't needed in my case. I'm not sure if it's because I'm connecting by IP or if it's specific to my server setup, but removing it solved the problem.
I found my answer here:
"There are two web.config files in ASP.NET MVC3 applications. One is
in the root where connection strings should be placed and the other is
under Views folder, where connections should not be placed. Guess
where I had my connection!"