Tuesday, November 29, 2016

Change enum values by passing values

Following code can be used to change the enum return value as required by passing parameters.

import java.text.MessageFormat;

public enum Errors {
     USERNAME_NOT_FOUND("User not found"),
     USERNAME_EXISTS("Username {0} already exists."),
     USERNAME_CONTAINS_INVALID_CHARS("Username {0} contains invalid characters {1}.");

     private final String message;

     Errors(String message) {
          this.message = message;
     }

     @Override
     public String toString() {
          return message;
     }

     public String getMessage(Object... args) {
          return MessageFormat.format(message, args);
     }
      
     public static void main(String args[]) {

System.out.println(Errors.USERNAME_NOT_FOUND);          System.out.println(Errors.USERNAME_EXISTS.getMessage("username"));  System.out.println(Errors.USERNAME_CONTAINS_INVALID_CHARS.getMessage("us%ername", "%"));

     }
}


Wednesday, November 2, 2016

Run different main classes from one project in JAVA

You can use following command to run different classes from one project jar file. Suppose Runner1 and Runner2 are main classes. You want to run both in separately, then you can use the following commands.

java -cp App.jar foo.Runner1
java -cp App.jar foo.Runner2

Wednesday, August 3, 2016

Call Username/Password enabled web service in JAVA

In this case, web service is secured with username and password authentication using WS-Security. Following code is used to generated SOAP message header to create security token to call web service.

RetailerAppWS appWS = new RetailerAppWS();
        RetailerAppWSPortType retailerAppWSPortType = appWS.getRetailerAppWSHttpsSoap11Endpoint();
        BindingProvider bindingProvider = (BindingProvider) retailerAppWSPortType;
        @SuppressWarnings("rawtypes")
        List handlerChain = new ArrayList();
        handlerChain.add(new WSSecurityHeaderSOAPHandler("Retailer", "Retailer123"));
        bindingProvider.getBinding().setHandlerChain(handlerChain);

        PayBill payBill = new PayBill();
        payBill.setAmount(1.0);
        payBill.setPin("9834");
        payBill.setReceiver("1234567890");
        payBill.setUser("sujith");

        PayBillResponse pbr = retailerAppWSPortType.payBill(payBill);

In the above code, it is created a WSSecurityHeaderSOAPHandler to manipulate the SOAP message to add security token to SOAP header.

WSSecurityHeaderSOAPHandler is shown below. This code will re-generate the SOAP message.

public class WSSecurityHeaderSOAPHandler implements SOAPHandler {

    private static final String SOAP_ELEMENT_PASSWORD = "Password";
    private static final String SOAP_ELEMENT_NONCE = "Nonce";
    private static final String SOAP_ELEMENT_USERNAME = "Username";
    private static final String SOAP_ELEMENT_Created = "Created";
    private static final String SOAP_ELEMENT_Expires = "Expires";
    private static final String SOAP_ELEMENT_USERNAME_TOKEN = "UsernameToken";
    private static final String SOAP_ELEMENT_Timestamp_TOKEN = "Timestamp";
    private static final String SOAP_ELEMENT_SECURITY = "Security";
    private static final String NAMESPACE_SECURITY = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String PREFIX_SECURITY = "wsse";
    private static final String NAMESPACE_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    private static final String PREFIX_WSU = "wsu";
    private static final String NAMESPACE_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    private static final String ATTRIBUTE_TYPE = "Type";
    private static final String NAMESPACE_EncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    private static final String ATTRIBUTE_EncodingType = "EncodingType";
    private static final String ATTRIBUTE_MustUnderstand ="mustUnderstand";

    private String usernameText;
    private String passwordText;

    public WSSecurityHeaderSOAPHandler(String usernameText, String passwordText) {
        this.usernameText = usernameText;
        this.passwordText = passwordText;
    }

    public boolean handleMessage(SOAPMessageContext soapMessageContext) {

        Boolean outboundProperty = (Boolean) soapMessageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

        if (outboundProperty.booleanValue()) {

            try {
                SOAPEnvelope soapEnvelope = soapMessageContext.getMessage().getSOAPPart().getEnvelope();

                SOAPHeader header = soapEnvelope.getHeader();
                if (header == null) {
                    header = soapEnvelope.addHeader();
                }

                SOAPElement soapElementSecurityHeader = header.addChildElement(SOAP_ELEMENT_SECURITY, PREFIX_SECURITY,
                        NAMESPACE_SECURITY);
                soapElementSecurityHeader.addAttribute(soapEnvelope.createName(ATTRIBUTE_MustUnderstand), "1");
                soapElementSecurityHeader.addNamespaceDeclaration(PREFIX_WSU, NAMESPACE_WSU);

                SOAPElement soapElementUsernameToken = soapElementSecurityHeader.addChildElement(SOAP_ELEMENT_USERNAME_TOKEN, PREFIX_SECURITY);
                SOAPElement soapElementUsername = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_USERNAME, PREFIX_SECURITY);
                soapElementUsername.addTextNode(usernameText);

                SOAPElement soapElementPassword = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_PASSWORD, PREFIX_SECURITY);
                soapElementPassword.addAttribute(soapEnvelope.createName(ATTRIBUTE_TYPE), NAMESPACE_TYPE);
                soapElementPassword.addTextNode(passwordText);

                SOAPElement soapElementUserCreated = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_Created, PREFIX_WSU);
                long created = System.currentTimeMillis();

                TimeZone timeZone = TimeZone.getTimeZone("UTC");
                Calendar calendar = Calendar.getInstance(timeZone);
                SimpleDateFormat sdfu
                        = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US);
                sdfu.setTimeZone(timeZone);

                String dateu = sdfu.format(calendar.getTime());
                soapElementUserCreated.addTextNode(dateu);

                SOAPElement soapElementNonce = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_NONCE, PREFIX_SECURITY);
                soapElementNonce.addAttribute(soapEnvelope.createName(ATTRIBUTE_EncodingType), NAMESPACE_EncodingType);
                soapElementNonce.addTextNode(createNonce(created));

                SOAPElement soapElementTimestampToken = soapElementSecurityHeader.addChildElement(SOAP_ELEMENT_Timestamp_TOKEN, PREFIX_WSU);
                SOAPElement soapElementCreated = soapElementTimestampToken.addChildElement(SOAP_ELEMENT_Created, PREFIX_WSU);

                soapElementCreated.addTextNode(dateu);

                calendar.set(Calendar.MINUTE, calendar.get(Calendar.MINUTE) + 2);

                SimpleDateFormat sdf2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
                String date2 = sdf2.format(calendar.getTime());
                SOAPElement soapElementExpires = soapElementTimestampToken.addChildElement(SOAP_ELEMENT_Expires, PREFIX_WSU);
                soapElementExpires.addTextNode(date2);

            } catch (Exception e) {
                throw new RuntimeException("Error on wsSecurityHandler: " + e.getMessage());
            }

        }

        return true;
    }

    @Override
    public void close(MessageContext context) {
        // TODO Auto-generated method stub
    }

    @Override
    public boolean handleFault(SOAPMessageContext context) {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public Set getHeaders() {

        final QName securityHeader = new QName(
                NAMESPACE_SECURITY, SOAP_ELEMENT_SECURITY, PREFIX_SECURITY);

        final HashSet headers = new HashSet();
        headers.add(securityHeader);
        return headers;
    }

    public String createNonce(long value) throws Exception {
        java.security.SecureRandom random = java.security.SecureRandom.getInstance("SHA1PRNG");
        random.setSeed(value);
        byte[] nonceBytes = new byte[16];
        random.nextBytes(nonceBytes);
        String nonce = new String(org.apache.commons.codec.binary.Base64.encodeBase64(nonceBytes), "UTF-8");
        return nonce;
    }

}

NOTE :- Timestamp must be in UTC format. NONCE value must generated as above.

Call Username/Password enabled web service in JAVA

In this case, web service is secured with username and password authentication using WS-Security. Following code is used to generated SOAP message header to create security token to call web service.

RetailerAppWS appWS = new RetailerAppWS();
        RetailerAppWSPortType retailerAppWSPortType = appWS.getRetailerAppWSHttpsSoap11Endpoint();
        BindingProvider bindingProvider = (BindingProvider) retailerAppWSPortType;
        @SuppressWarnings("rawtypes")
        List handlerChain = new ArrayList();
        handlerChain.add(new WSSecurityHeaderSOAPHandler("Retailer", "Retailer123"));
        bindingProvider.getBinding().setHandlerChain(handlerChain);

        PayBill payBill = new PayBill();
        payBill.setAmount(1.0);
        payBill.setPin("9834");
        payBill.setReceiver("1234567890");
        payBill.setUser("sujith");

        PayBillResponse pbr = retailerAppWSPortType.payBill(payBill);

In the above code, it is created a WSSecurityHeaderSOAPHandler to manipulate the SOAP message to add security token to SOAP header.

WSSecurityHeaderSOAPHandler is shown below. This code will re-generate the SOAP message.

public class WSSecurityHeaderSOAPHandler implements SOAPHandler {

    private static final String SOAP_ELEMENT_PASSWORD = "Password";
    private static final String SOAP_ELEMENT_NONCE = "Nonce";
    private static final String SOAP_ELEMENT_USERNAME = "Username";
    private static final String SOAP_ELEMENT_Created = "Created";
    private static final String SOAP_ELEMENT_Expires = "Expires";
    private static final String SOAP_ELEMENT_USERNAME_TOKEN = "UsernameToken";
    private static final String SOAP_ELEMENT_Timestamp_TOKEN = "Timestamp";
    private static final String SOAP_ELEMENT_SECURITY = "Security";
    private static final String NAMESPACE_SECURITY = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String PREFIX_SECURITY = "wsse";
    private static final String NAMESPACE_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    private static final String PREFIX_WSU = "wsu";
    private static final String NAMESPACE_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    private static final String ATTRIBUTE_TYPE = "Type";
    private static final String NAMESPACE_EncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    private static final String ATTRIBUTE_EncodingType = "EncodingType";
    private static final String ATTRIBUTE_MustUnderstand ="mustUnderstand";

    private String usernameText;
    private String passwordText;

    public WSSecurityHeaderSOAPHandler(String usernameText, String passwordText) {
        this.usernameText = usernameText;
        this.passwordText = passwordText;
    }

    public boolean handleMessage(SOAPMessageContext soapMessageContext) {

        Boolean outboundProperty = (Boolean) soapMessageContext.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);

        if (outboundProperty.booleanValue()) {

            try {
                SOAPEnvelope soapEnvelope = soapMessageContext.getMessage().getSOAPPart().getEnvelope();

                SOAPHeader header = soapEnvelope.getHeader();
                if (header == null) {
                    header = soapEnvelope.addHeader();
                }

                SOAPElement soapElementSecurityHeader = header.addChildElement(SOAP_ELEMENT_SECURITY, PREFIX_SECURITY,
                        NAMESPACE_SECURITY);
                soapElementSecurityHeader.addAttribute(soapEnvelope.createName(ATTRIBUTE_MustUnderstand), "1");
                soapElementSecurityHeader.addNamespaceDeclaration(PREFIX_WSU, NAMESPACE_WSU);

                SOAPElement soapElementUsernameToken = soapElementSecurityHeader.addChildElement(SOAP_ELEMENT_USERNAME_TOKEN, PREFIX_SECURITY);
                SOAPElement soapElementUsername = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_USERNAME, PREFIX_SECURITY);
                soapElementUsername.addTextNode(usernameText);

                SOAPElement soapElementPassword = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_PASSWORD, PREFIX_SECURITY);
                soapElementPassword.addAttribute(soapEnvelope.createName(ATTRIBUTE_TYPE), NAMESPACE_TYPE);
                soapElementPassword.addTextNode(passwordText);

                SOAPElement soapElementUserCreated = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_Created, PREFIX_WSU);
                long created = System.currentTimeMillis();

                TimeZone timeZone = TimeZone.getTimeZone("UTC");
                Calendar calendar = Calendar.getInstance(timeZone);
                SimpleDateFormat sdfu
                        = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'", Locale.US);
                sdfu.setTimeZone(timeZone);

                String dateu = sdfu.format(calendar.getTime());
                soapElementUserCreated.addTextNode(dateu);

                SOAPElement soapElementNonce = soapElementUsernameToken.addChildElement(SOAP_ELEMENT_NONCE, PREFIX_SECURITY);
                soapElementNonce.addAttribute(soapEnvelope.createName(ATTRIBUTE_EncodingType), NAMESPACE_EncodingType);
                soapElementNonce.addTextNode(createNonce(created));

                SOAPElement soapElementTimestampToken = soapElementSecurityHeader.addChildElement(SOAP_ELEMENT_Timestamp_TOKEN, PREFIX_WSU);
                SOAPElement soapElementCreated = soapElementTimestampToken.addChildElement(SOAP_ELEMENT_Created, PREFIX_WSU);

                soapElementCreated.addTextNode(dateu);

                calendar.set(Calendar.MINUTE, calendar.get(Calendar.MINUTE) + 2);

                SimpleDateFormat sdf2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
                String date2 = sdf2.format(calendar.getTime());
                SOAPElement soapElementExpires = soapElementTimestampToken.addChildElement(SOAP_ELEMENT_Expires, PREFIX_WSU);
                soapElementExpires.addTextNode(date2);

            } catch (Exception e) {
                throw new RuntimeException("Error on wsSecurityHandler: " + e.getMessage());
            }

        }

        return true;
    }

    @Override
    public void close(MessageContext context) {
        // TODO Auto-generated method stub
    }

    @Override
    public boolean handleFault(SOAPMessageContext context) {
        // TODO Auto-generated method stub
        return true;
    }

    @Override
    public Set getHeaders() {

        final QName securityHeader = new QName(
                NAMESPACE_SECURITY, SOAP_ELEMENT_SECURITY, PREFIX_SECURITY);

        final HashSet headers = new HashSet();
        headers.add(securityHeader);
        return headers;
    }

    public String createNonce(long value) throws Exception {
        java.security.SecureRandom random = java.security.SecureRandom.getInstance("SHA1PRNG");
        random.setSeed(value);
        byte[] nonceBytes = new byte[16];
        random.nextBytes(nonceBytes);
        String nonce = new String(org.apache.commons.codec.binary.Base64.encodeBase64(nonceBytes), "UTF-8");
        return nonce;
    }

}

NOTE :- Timestamp must be in UTC format. NONCE value must generated as above.

Monday, July 25, 2016

HTTP Request/ Response capture in JAVA

Following properties can be used to enable console output of http requests and responses in JAVA. 

System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump",
"true");
    
System.setProperty("com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump",
"true");
    
System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump",
"true");
    
System.setProperty("com.sun.xml.internal.ws.transport.http.HttpAdapter.dump",

"true");

Friday, July 15, 2016

OAuth2.0 client Token creation, Resource access, Refresh token

OAuth2.0 is used to authenticate and authorize resource access in web. Following code snip can be used to generate access tokens, access protected resources and refresh resources.

Libraries
httpcore-4.2.4.jar
httpclient-4.2.5.jar

1. Generate access tokens

        String url = "authorization/token issuer URL";

        DefaultHttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost(url);

        // add header
        post.setHeader("User-Agent", USER_AGENT);
        post.setHeader("Content-Type", "application/x-www-form-urlencoded");
        post.setHeader("Cache-Control", "no-cache");

        List urlParameters = new ArrayList();
        urlParameters.add(new BasicNameValuePair("username", "username1"));
        urlParameters.add(new BasicNameValuePair("client_secret", "CQTYxzOUMCGGRt_MmKDKsWcFxrga"));
        urlParameters.add(new BasicNameValuePair("grant_type", "password"));
        urlParameters.add(new BasicNameValuePair("client_id", "OLBM3wf54GtT_R8HNbLztK63qHMa"));
        urlParameters.add(new BasicNameValuePair("password", "password1"));

        post.setEntity(new UrlEncodedFormEntity(urlParameters));

        HttpResponse response = client.execute(post);
        System.out.println("Response Code : "
                + response.getStatusLine());

        BufferedReader rd = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()));

        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null) {
            result.append(line);
        }
        System.out.println(result);

Above code will generate a "access_token" that can be used to access a protected resource in web.
Sample token is shown below.

{"token_type":"bearer","expires_in":2722,"refresh_token":"be3fe469bf5b62836e85ab73fa7c7935a","access_token":"6beb0a2a54d9wefad9401f6f8cecd1de"}

2. Access protected resource

above generated "access_token" is used here to access the resource.

        String url = "protected resource URI";

        DefaultHttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost(url);

        // add header
        post.setHeader("User-Agent", USER_AGENT);
        post.setHeader("Content-Type", "application/json");
        post.setHeader("Accept-Encoding", "UTF-8");
        post.setHeader("Authorization", "Bearer access_token");
        post.setHeader("Cache-Control", "no-cache");

        StringEntity params = new StringEntity("{ \"sessionID\":\"123456789\", \"requestHeader\": { \"requestTime\":\"2016/06/25 08:00:00\", \"userName\": \"Sujith\", \"token\":\"abc123qpd452\" } }");
        post.setEntity(params);

        HttpResponse response = client.execute(post);
        System.out.println("Response Code : "
                + response.getStatusLine());

        BufferedReader rd = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()));

        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null) {
            result.append(line);
        }
        System.out.println(result);

3. Refresh access token

Following code can be used to refresh the "access_token" generated above.

       String url = "authorization/token issuer URL";

        DefaultHttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost(url);

        // add header
        post.setHeader("User-Agent", USER_AGENT);
        post.setHeader("Content-Type", "application/x-www-form-urlencoded");
        post.setHeader("Cache-Control", "no-cache");

        List urlParameters = new ArrayList();
        urlParameters.add(new BasicNameValuePair("username", "username1"));
        urlParameters.add(new BasicNameValuePair("client_secret", "CQTYxzOUMCGGRt_MmKDKsWcFxrga"));
        urlParameters.add(new BasicNameValuePair("grant_type", "refresh_token"));
        urlParameters.add(new BasicNameValuePair("client_id", "OLBM3wf54GtT_R8HNbLztK63qHMa"));
        urlParameters.add(new BasicNameValuePair("password", "password1"));
        urlParameters.add(new BasicNameValuePair("refresh_token","617ff4a46cb87eaaea113835d7c7e3"));

        post.setEntity(new UrlEncodedFormEntity(urlParameters));

        HttpResponse response = client.execute(post);
        System.out.println("Response Code : "
                + response.getStatusLine());

        BufferedReader rd = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()));

        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null) {
            result.append(line);
        }

        System.out.println(result);

Tuesday, July 5, 2016

Git ignore HTTPS verification

Following git commands ignore https verification.

git -c http.sslVerify=false clone https://github.com/spring-guides/gs-securing-web.git

In Git shell, type the above command to retrieve "gs-securing-web" web application clone.