Here is a requirement where i want to mention explicitly that to communicate with other outside system use TLSV1.2 and not the default TLSV1.0
How i could override or implement this requirement
<int-ws:outbound-gateway id="someID"
request-channel="clientRequest" reply-channel="clientReply"
uri="some.com" reply-timeout="1000" marshaller="clientMarshaller"
unmarshaller="clientMarshaller" message-sender="messageSender" >
</int-ws:outbound-gateway>
Looks like you are on the Java 7 and seems for me this should help you:
-Dhttps.protocols=TLSv1.2
More info, please here.
Related
Using spring XML, just like we create queues, binding etc as below
<rabbit:queue name="TestQueue" />
<rabbit:topic-exchange name="TestExchange">
<rabbit:bindings>
<rabbit:binding queue="TestQueue" pattern="Test.Key" />
</rabbit:bindings>
</rabbit:topic-exchange>
Can we also create shovels?
Please let me know. i want to create dynamic shovels automatically. Not manually through management plugin.
Can we also create shovels?
No; Spring-AMQP provisioning is limited to what you can do over the AMQP protocol (exchanges, queues, bindings).
RabbitMQ provides a REST API which can be used for other provisioning.
They provide a Java binding for the API.
My problem is I don't know how i set StompSubProtocolHandler at XML
I try and know normal websocket set
<websocket:handlers allowed-origins="*">
<websocket:mapping path="/raphaServerHandler.do" handler="raphaServerHandler"/>
</websocket:handlers>
But I need to know setting StompSubProtocolHandler at XML!
It is done automatically by the:
<websocket:message-broker application-destination-prefix="/app">
<websocket:stomp-endpoint path="/foo" />
<websocket:simple-broker prefix="/topic" />
</websocket:message-broker>
<xsd:documentation><![CDATA[
Configures broker-backed messaging over WebSocket using a higher-level messaging sub-protocol.
Registers a SimpleUrlHandlerMapping and maps paths to registered Controllers.
A StompSubProtocolHandler is registered to handle various versions of the STOMP protocol.
See EnableWebSocketMessageBroker javadoc for information on code-based alternatives to enabling broker-backed messaging.
]]></xsd:documentation>
http://docs.spring.io/spring/docs/current/spring-framework-reference/html/websocket.html#websocket-stomp-enable
Prefer to progmatically configure spring security oauth for sake of consistency. The documentation covers xml but doesn't seem to mention progmatic configuration.
Whats the Java equivalent of the xml (extract from the sample project) configuration?
<oauth:consumer resource-details-service-ref="resourceDetails" oauth-failure-page="/oauth_error.jsp">
<oauth:url pattern="/google/**" resources="google"/>
<oauth:url pattern="/login/**" resources="none"/>
</oauth:consumer>
<oauth:resource-details-service id="resourceDetails">
<oauth:resource id="google" key="anonymous" secret="anonymous"
request-token-url="https://www.google.com/accounts/OAuthGetRequestToken"
user-authorization-url="https://www.google.com/accounts/OAuthAuthorizeToken"
access-token-url="https://www.google.com/accounts/OAuthGetAccessToken"
request-token-method="GET"
access-token-method="GET">
<oauth:addtionalParameter name="scope" value="https://picasaweb.google.com/data/"/>
<oauth:addtionalParameter name="xoauth_displayname" value="Tonr Example Application"/>
</oauth:resource>
</oauth:resource-details-service>
There is no Java DSL for configuring OAuth1.0a. You can create bean definitions manually, or use the XML. Note that for Google APIs you can use OAuth2 (which does have a Java DSL). If anyone is interested in contributing a Java DSL there is already a pull request with a big refactoring of the OAuth1.0a pieces, so it might be good to start from there.
I try to implement one JAXRS endpoint with https protocol. I followed the instructions of http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Configuringendpoints here.
I have declared a jaxrs:server endpoint in my XML file which depends on the httpj:engine-factory.
A log file tells me that my service is started and that it is running, but if I try to connect to it, the Firefox web browser tells me "Error: Data Transfer Interrupted" (German: "Fehler: Datenübertragung unterbrochen"). The web service (or JAXRS or CXF) doesn't throw an error message. Opera just says that it cannot connect to the server. Wireshark tells me that the client tries to reconnect to the server a few times and then the client (web browser) seems to give up.
My configuration looks like this:
<httpj:engine-factory id="httpsSettings" bus="cxf">
<httpj:engine port="8545">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="...">
<sec:keyStore type="PKCS12" password="..." file="..."/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="..." file="..."/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="true" required="false"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
<jaxrs:server id="cdmiSSLService" address="https://localhost:8545/"
depends-on="httpsSettings" beanNames="...">
<jaxrs:inInterceptors>
<ref bean="..."/>
</jaxrs:inInterceptors>
<jaxrs:providers>
<ref bean="..."/>
...
</jaxrs:providers>
<jaxrs:serviceBeans>
<ref bean="..."/>
...
</jaxrs:serviceBeans>
</jaxrs:server>
I should add that I had only one JAXRS endpoint configured at this time, and if I change the JAXRS endpoint configuration to http protocol, everything works fine and I can connect to the web service without any problems.
Can someone please help me what I can do here? I know that isn't much information, but it doesn't give me more information at the moment. Please bear with me, it's the first time that I implement it in that way. I'm a beginner here. It's a Maven multi-module project which uses the Spring Framework. The configuration needs to be via jaxrs:server.
Many thanks in advance!
Problem is solved. Please don't answer anymore. It helped me to test the with the jks files http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/config/ and the configuration of http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/jax_rs/basic_https/src/main/resources/ServerConfig.xml.
I am hoping that someone will help me out with a really frustrating problem I have.
Currently I am trying to get Spring Security 3.0 Web App to authenticate with an AD LDS instance but I keep getting this error 'Bad Credentials'. Unfortunately I dont have anything more to go on at the moment.
Below is a copy of the Security configuration being used:
<authentication-manager alias="ldapAuthenicationManager">
<ldap-authentication-provider user-dn-pattern="CN={0},OU=Users,O=JLP,C=UK" >
</ldap-authentication-provider> </authentication-manager>
<ldap-server url="ldap://servner ip/o=JLP,c=UK" manager-dn="CN=Manager,O=JLP,C=UK" manager-password="manager" />
I suspect the problem is caused by the <Ldap server> tag and that the manager-dn is not configured correctly. The DN of the Manager is copied directly from AD LDS - have I not provided enough information? Or does the password need to encrypted\hashed?
Has anyone done anything like this with LDS - how did you work around this problem?
Applogies that this is so vague, but this is as much information as I have to go on. Does any one have any suggestions of things to look at or for solutions?
All help is gratefully recieved!
Cheers
Mo
I am not sure if things would be significantly different for LDS but can you try upgrading to spring security 3.1 as it has a specialized Authenticator for AD.
It does not need manager account as it tries to bind using the username/password being authenticated. Also the configuration is minimal (No DN, search pattern, etc to be provided)
<security:authentication-manager>
<security:authentication-provider ref="activeDirectoryAuthenticationProvider"/>
</security:authentication-manager>
<bean id="activeDirectoryAuthenticationProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="${activedirectory.domain}" />
<constructor-arg value="${activedirectory.server}" />
<property name="convertSubErrorCodesToExceptions" value="true"/>
</bean>
where domain = example.com (from your example, jlp.uk) and server = ldap://ip
I remember that I came across with the same issue and the solution was to set the value of manager-dn
to manageruser#yourdomain
e.g.
<ldap-server url="ldap://servner ip/o=JLP,c=UK" manager-dn="morrislgn#example.com" manager-password="manager" />
Thanks for your answers they were very helpful.
Also found that the user account you are using for the manager-dn needs to be added to the reader role within LDS to allow it to search.
If you add the user role to the Administrators group you can connect but not search.
Cheers for your help
Slight necromancy here, but for those who stumble across this via Google, the most helpful tool I found regarding configuring my LDAP connection was to install Apache Directory Studio LDAP browser. It was via this tool that I was able to get verbose enough error messages to discover what was wrong with my LDAP configuration, and how to correct it.