htmlunit 2.11 doesn't work with https - https

We are using HtmlUnit Version 2.11 i.e. the latest version
If we pass a url with https protocol to webClient.getPage it thows the following exception and fails to work
#Test
public void TC001_VerifyHomePageLaunch() throws Exception {
final WebClient webClient = new WebClient(BrowserVersion.FIREFOX_10);
final HtmlPage page = webClient.getPage("https://localhost/abc/test.jsp");
webClient.closeAllWindows();
}
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Please help us with the steps on how to get rid of this error and go ahead with actual testing.
We don't have certificates installed as this is a test machine.

Try the following setting with your WebClient:
webClient.setUseInsecureSSL(true)
Documenation states:
If set to true, the client will accept connections to any host, regardless of whether they have valid certificates or not. This is especially useful when you are trying to connect to a server with expired or corrupt certificates.
Link to source.

Related

Spring Boot Custom Exception showing most peculiar Behavior

Note - I have already set the flag server.error.include-message=always in application.properties
I have made a custom exception which should give a message to client when raised. However, that does not seem to be working whenever error code is 401/403. In that case I only receive a 401/403 status code with no response body at all, like below.
As soon as I change the status code to anything else, I start getting proper response body, like this.
BadCredentialsException.java
#ResponseStatus(value = HttpStatus.UNAUTHORIZED)
public class BadCredentialsException extends RuntimeException{
// Runtime exception just needs this, I guess :/
private static final long serialVersionUID = 1;
public BadCredentialsException(String message){
super(message);
}
}
See First antMatchers, that's where the concerned endpoint is.
SecurityConfiguration.java
#Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable().
authorizeRequests().
antMatchers(HttpMethod.POST, "/api/v2/user/login/**").permitAll().
antMatchers(HttpMethod.POST, "/api/v2/user/", "/api/v2/user", "/api/v2/user/change-role/**").hasAuthority("ROOT").
antMatchers(HttpMethod.GET, "/api/v2/user/", "/api/v2/user").hasAuthority("ROOT").
antMatchers(HttpMethod.POST, "/api/v1/customers/", "/api/v1/customers").hasAnyAuthority("ADMIN", "ROOT").
antMatchers(HttpMethod.GET, "/api/v1/customers/", "/api/v1/customers").hasAnyAuthority("EMPLOYEE", "ADMIN", "ROOT").
anyRequest().
authenticated().
and().
httpBasic();
}
My Thoughts and Observations
-> I can see my message in the terminal, that means the exception is definitely being raised. I have also tried logging something out in the BadCredentialsException file to see if its being raised or not, and yes it seems to be working.
-> There is a possibility that spring security might be deleting the response body on such status codes, although that's only a wild guess. I am going to try and disable spring security for a bit and see if I receive proper response body or not.
UPDATE - I have modified the post so that only currently relevant questions are being shown.
I'm not sure if I understood your post correctly.
But anyways, I advice you to use CURL or other http testing tool such as SoapUi to test the authentication.
Because I guess Postman caches the Cookies returned by the request.
A correct authentication attempt returns the header "Set-Cookie: JSESSIONID=SESSION ID".
Postman sends that cookie in the next requests, thats why the authentication still works after you change the password.
Only if you change the username the cookie is not sent.
Using CURL or SoapUi will prevent that from happen.
Regarding the body being returned or not, I guess the only way to control the response body using spring security is customizing the BasicAuthenticationEntryPoint.

Spring Webflux, Server Sent Events & Firefox

I'm trying to get server sent events to work with Mozilla Firefox. Given a Spring Boot webservice like
#GetMapping(path = "/timestamps", produces = MediaType.TEXT_EVENT_STREAM_VALUE)
public Flux<String> timestamps() {
return Flux.interval(Duration.ofSeconds(1))
.map(sequence -> LocalTime.now().toString());
}
which works fine using Chrome browser or Edge (always latest versions). I can see an unfinished request in the network analyzer tab and every second a new timestamp is displayed.
However, when I use Firefox (84.0.2 or older), the request is also shown in the network tab but no response headers or streaming data is shown.
When I terminate the Spring backend, Firefox pops up a dialog to save a file with the contents of the request, which fails, because the backend is already terminated.
It seems to me that there is some kind of flush() missing on the backend side.
Can anyone confirm or deny such behaviour with FF, Spring Webflux & SSE?
The issue is solved. It was Sophos Antivirus Web Safety, which scanned and blocked http traffic. Switching to https - so Sophos cannot scan anymore - or disabling Web Safety solved the issue.

HTTP Request's response shows error like 401"Unauthorized" for "HttpClient4" Implementation

I am new to Jmeter. I want load testing for my web url. Web application is on Intranet.In My Http Request, I send request for the URL Home Page with Implementation as "HttpClient4". Method is "GET". Then View Result Tree shows error like "401 - Unauthorized: Access is denied due to invalid credentials" in the Response.
However, when I send same request with Implementation as "JAVA" then it works perfectly. I got correct response from the server without providing any credential details. I am using Jmeter version 3.2
Can anyone tell me how can I test same application with "HttpClient4" Implementation ?
There were several changes improving/fixing HttpClient4
I encourage you to try the latest version, JMeter 5.0, to check if the issue reproduce, and if it's reproducible open an issue to JMeter with more details
Bug 62529 - Updated to httpclient-4.5.6
Since JMeter 5.0, when using default HC4 Implementation, JMeter will reset HTTP state (SSL State + Connections) on each thread group iteration. If you don't want this behaviour, set httpclient.reset_state_on_thread_group_iteration=false
Bug 58757 - HTTP Request : Updated deprecated methods of HttpComponents to last APIs of httpclient-4.5.X.
Bug 60015 - Multipart/form-data works only for POST using HTTPClient4 while it should for PUT, DELETE, …

502 error on Websockets requests in private Cloud9 workspace

Pointing our websocket client at our production servers works fine, but gets a 502 error when connecting to the dev environment on Cloud9.
Tried connecting to:
https://host.c9users.io:443
http://host.c9users.io:8080
http://host.c9users.io:80
There is a problem with private workspaces where the websockets request will be presented with the login screen and return a 502. An easy way to fix this:
Go to ‘Share’ and make your application public (your code is still private)…
Alternatively one of the support folks gave me this suggestion, although I never tried it:
If you have to initiate this with a GET request, try doing the following to the headers in the call:
remove Mozilla and AppleWebKit strings from user-agent
add Headless or PhantomJS to user-agent
add cookie c9.live.user.click-through = ok
add origin, postman-token, or x-request-id header to the request

CRM dynamics web api (400) Bad Request

I have a crm dynamics plugin that makes a web api call but I am getting the following error:
The remote server returned an error: (400) Bad Request
I am using the following code
using (WebClient client = new WebClient())
{
string URI = "http://myserver/api/myaction";
string myParameters = string.Format("param1={0}", param1);
using (WebClient wc = new WebClient())
{
wc.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
string HtmlResult = wc.UploadString(URI, myParameters);
}
}
When I profile and debug this with the Plugin Registration tool the web api call returns a valid result and does not error.
Any ideas what is causing this infuriating issue?
UPDATE:
The plugin is running in sandbox mode and is on premise.
We have tried using async HttpClient but this requires the referencing of additional dlls which causes it own issues (adding the dlls to the GAC/ ILMerge) hence trying to get a working solution with WebClient initially which requires no additional dll referencing.
The issue turned out to be caused by an IIS binding issue.

Resources