When I have a .fo document that contains a reference to an image using https, it doesn't render and I get an error in fop output. For example:
<?xml version="1.0" encoding="utf-8"?>
<fo:root xmlns:fo="http://www.w3.org/1999/XSL/Format">
<fo:layout-master-set>
<fo:simple-page-master page-width="8.5in" page-height="11in" master-name="BodyPage">
<fo:region-body margin-top=".5in" margin-right=".5in" margin-bottom=".5in" margin-left=".5in"/>
<fo:region-before region-name="header" extent=".5in" display-align="after"/>
<fo:region-after region-name="footer" extent=".5in" display-align="before"/>
</fo:simple-page-master>
</fo:layout-master-set>
<fo:page-sequence master-reference="BodyPage">
<fo:flow flow-name="xsl-region-body">
<fo:block space-before="1pc">
<fo:external-graphic src="url(https://ichef.bbci.co.uk/images/ic/960x540/p01br4cp.jpg)" overflow="hidden" content-width="scale-to-fit" content-height="scale-to-fit" width="100%" scaling="uniform"/>
</fo:block>
</fo:flow>
</fo:page-sequence>
</fo:root>
produces this error:
SEVERE: Image not found. URI: https://ichef.bbci.co.uk/images/ic/960x540/p01br4cp.jpg. (See position 13:202)
But simply modifying the url to be just http works fine. It is not a network issue as curl on the https url works just fine (via TLS 1.2). How do I get secure resources to load in my PDFs?
Aha! My command line contained -Djava.ext.dirs= which is known to break the RSA step in the SSL setup (see RSA Premaster secret error). Using -Dfop.home= does not cause the issue.
Related
I'm trying to add a network-security-config which restricts connections to servers signed by a set of CAs that I've bundled in the app (actually in a library used by the app).
I have an existing setup that works where the CAs are loaded into the trust store.
Now that I added a network-security-config and try to test it, it doesn't seem to work.
Here is what I tried to do:
AndroidManifest.xml:
<application
...
android:networkSecurityConfig="#xml/network_security_configuration"
...
network-security-configuration.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</debug-overrides>
</network-security-config>
What I would expect with this new config is that connections are not allowed to servers that are signed by self-signed CAs such as the ones I have bundled. But when I run the app the connections work fine, so the network-security-configuration does not seem to work...
What I ultimately would like to do is to add my CAs to the trust-anchors:
<certificates src="#raw/my_ca" />
My setup,
App:
Android App Gradle Plugin 7.0
Targeting API 30
Library:
Android App Gradle Plugin 7.0
Targeting API 30
Phone:
Samsung Galaxy S20
Android 11 (=API 30)
Why is the network-security-configuration not applied?
I am trying to get the web services for SOA to work. I am doing what oracle says, but i am still getting error 500 with the following error:
WatchData: MESSAGE = [ServletContext#1374343816[app:biwssoa module:biservices path:null spec-version:3.1 version:12.1.3]] Root cause of ServletException.
javax.servlet.ServletException: Failed to contact BI Presentation Server due to: Could not access the session service.
at oracle.bi.ws.activeobjects.inspection.BiWsilServlet.doInspectionAction(BiWsilServlet.java:183)
at oracle.bi.ws.activeobjects.inspection.BiWsilServlet.doGet(BiWsilServlet.java:137)
I added wsil.browsing credential and used the weblogic login in the enterprise manager. Didnt work.
Then i tried adding wss_username_token_policy.xml to
/app/oracle/fmw12213/user_projects/domains/bi/config/fmwconfig/biinstances/coreapplication/
with the following content:
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients>
<webservice-client>
<port-info>
<policy-references>
<policy-reference uri="oracle/log_policy" category="management"/>
<policy-reference uri="oracle/wss_username_token_client_policy" category="security"/>
</policy-references>
</port-info>
</webservice-client>
</oracle-webservice-clients>
And editing my ActionFrameworkConfig.xml in
/app/oracle/fmw12213/user_projects/domains/bi/config/fmwconfig/biconfig/actions/
from this:
<?xml version="1.0" encoding="UTF-8"?>
<obi-action-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="afconfig.xsd">
<aliases/>
<registries/>
<content-types>
<content-type>
<typename>webservices</typename>
<displayname>Web Services and BPEL Processes</displayname>
<actionType>WebServiceActionType</actionType>
</content-type>
<content-type>
<typename>misc</typename>
<displayname>Mixed Services</displayname>
<actionType>URLActionType</actionType>
</content-type>
</content-types>
<accounts/>
<policies/>
</obi-action-config>
to this:
<?xml version="1.0" encoding="UTF-8"?>
<obi-action-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="afconfig.xsd">
<aliases/>
<registries>
<registry>
<id>reg1b</id>
<name>BI EE Web Services for SOA</name>
<content-type>webservices</content-type>
<provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class>
<description/>
<location>
<path>http://localhost:7033/biservices/inspection?wsil</path>
</location>
<service-access>
<account>wsil.browsing</account>
<policy>wss_username_token_policy</policy>
<propagateIdentity>false</propagateIdentity>
</service-access>
</registry>
<regestries>
<content-types>
<content-type>
<typename>webservices</typename>
<displayname>Web Services and BPEL Processes</displayname>
<actionType>WebServiceActionType</actionType>
</content-type>
<content-type>
<typename>misc</typename>
<displayname>Mixed Services</displayname>
<actionType>URLActionType</actionType>
</content-type>
</content-types>
<accounts>
<account>
<name>wsil.browsing</name>
<description>Account for BI WS for SOA</description>
<adminonly>false</adminonly>
<credentialkey>weblogic</credentialkey>
</account>
</accounts>
<policies>
<policy>
<name>wss_username_token_policy</name>
<policyfile>wss_username_token_policy.xml</policyfile>
</policy>
</policies>
</obi-action-config>
Then i restarted bi server using domain_home/bitools/bin/stop.sh and start.sh. But its not working :(
Make sure that you have your biservicesconfig.xml in
/app/oracle/fmw12213/user_projects/domains/bi/config/fmwconfig/biinstances/coreapplication/
points to the same host:port as the file in ActionFrameworkConfig.xml. Also has the ending /analytics-ws/saw.dll
For me, that looked like this:
<server>http://localhost:7033/analytics-ws/saw.dll</server>
Hey Some Days ago am working with charles nd its working properly but now i am unable to use it, it shows me unknown. I tried with 2 android (android pie) & 1 android emulator (android lollipop including root). I tried with all network security config below:
1) Given on Charles Official website
<network-security-config>
<debug-overrides>
<trust-anchors>
<!-- Trust user added CAs while debuggable only -->
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
2) From other sources
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config>
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<debug-overrides>
<trust-anchors>
<certificates src="user" />
</trust-anchors>
</debug-overrides>
</network-security-config>
I was using 2nd network security config when its working properly. Is there any solution or alternative method to inspect the responses and websockets inside the app.
I am using java.net.Socket for socket communication.I have tried the solution for network-security-config.xml file which allow localhost for socket communication.
My code snippet is below :
Socket socket = new Socket("192.168.1.1", "5000");
And my network-security-config.xml file is below :
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">http://192.168.1.1:5000</domain>
</domain-config>
I have also tried with below snippet
1) Replace <domain includeSubdomains="true">http://192.168.1.1:5000</domain> to <domain includeSubdomains="true">http://localhost:5000</domain>
2) Replace <domain includeSubdomains="true">http://192.168.1.1:5000</domain> to <domain includeSubdomains="true">localhost</domain>
But none of the above solution works. May Be I missed something.
If any one have experience for this problem. Please provide solution.
Thanks for your help.
I have recently upgraded from Geoserver 2.11.0 to 2.13.1 and have found my external graphics for point layers are not displaying (they revert to a default grey symbol).
Is there anything wrong in my code, or has anything changed between 2.11 and 2.13 which might be causing problems? Inaccessibility problems for Geoserver to online resources?
An example of my xml is below:
<?xml version="1.0" encoding="UTF-8"?>
<StyledLayerDescriptor xmlns="http://www.opengis.net/sld" xmlns:ogc="http://www.opengis.net/ogc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="1.1.0" xmlns:xlink="http://www.w3.org/1999/xlink" xsi:schemaLocation="http://www.opengis.net/sld http://schemas.opengis.net/sld/1.1.0/StyledLayerDescriptor.xsd" xmlns:se="http://www.opengis.net/se">
<NamedLayer>
<se:Name>cctv_cameras</se:Name>
<UserStyle>
<se:Name>cctv_cameras</se:Name>
<se:FeatureTypeStyle>
<se:Rule>
<se:Name>Single symbol</se:Name>
<se:PointSymbolizer>
<se:Graphic>
<se:ExternalGraphic>
<se:OnlineResource xlink:type="simple" xlink:href="http://maps.runnymede.gov.uk/website/maps/png/community/cctv_cameras.png"/>
<se:Format>image/png</se:Format>
</se:ExternalGraphic>
</se:Graphic>
</se:PointSymbolizer>
</se:Rule>
</se:FeatureTypeStyle>
</UserStyle>
</NamedLayer>
</StyledLayerDescriptor>
Works fine on my local machine with 2.13.0, but does fail with 2.13.1, I've filed a bug.