Monday, July 25, 2016

HTTP Request/ Response capture in JAVA

Following properties can be used to enable console output of http requests and responses in JAVA. 

System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump",
"true");
    
System.setProperty("com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.dump",
"true");
    
System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump",
"true");
    
System.setProperty("com.sun.xml.internal.ws.transport.http.HttpAdapter.dump",

"true");

Friday, July 15, 2016

OAuth2.0 client Token creation, Resource access, Refresh token

OAuth2.0 is used to authenticate and authorize resource access in web. Following code snip can be used to generate access tokens, access protected resources and refresh resources.

Libraries
httpcore-4.2.4.jar
httpclient-4.2.5.jar

1. Generate access tokens

        String url = "authorization/token issuer URL";

        DefaultHttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost(url);

        // add header
        post.setHeader("User-Agent", USER_AGENT);
        post.setHeader("Content-Type", "application/x-www-form-urlencoded");
        post.setHeader("Cache-Control", "no-cache");

        List urlParameters = new ArrayList();
        urlParameters.add(new BasicNameValuePair("username", "username1"));
        urlParameters.add(new BasicNameValuePair("client_secret", "CQTYxzOUMCGGRt_MmKDKsWcFxrga"));
        urlParameters.add(new BasicNameValuePair("grant_type", "password"));
        urlParameters.add(new BasicNameValuePair("client_id", "OLBM3wf54GtT_R8HNbLztK63qHMa"));
        urlParameters.add(new BasicNameValuePair("password", "password1"));

        post.setEntity(new UrlEncodedFormEntity(urlParameters));

        HttpResponse response = client.execute(post);
        System.out.println("Response Code : "
                + response.getStatusLine());

        BufferedReader rd = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()));

        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null) {
            result.append(line);
        }
        System.out.println(result);

Above code will generate a "access_token" that can be used to access a protected resource in web.
Sample token is shown below.

{"token_type":"bearer","expires_in":2722,"refresh_token":"be3fe469bf5b62836e85ab73fa7c7935a","access_token":"6beb0a2a54d9wefad9401f6f8cecd1de"}

2. Access protected resource

above generated "access_token" is used here to access the resource.

        String url = "protected resource URI";

        DefaultHttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost(url);

        // add header
        post.setHeader("User-Agent", USER_AGENT);
        post.setHeader("Content-Type", "application/json");
        post.setHeader("Accept-Encoding", "UTF-8");
        post.setHeader("Authorization", "Bearer access_token");
        post.setHeader("Cache-Control", "no-cache");

        StringEntity params = new StringEntity("{ \"sessionID\":\"123456789\", \"requestHeader\": { \"requestTime\":\"2016/06/25 08:00:00\", \"userName\": \"Sujith\", \"token\":\"abc123qpd452\" } }");
        post.setEntity(params);

        HttpResponse response = client.execute(post);
        System.out.println("Response Code : "
                + response.getStatusLine());

        BufferedReader rd = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()));

        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null) {
            result.append(line);
        }
        System.out.println(result);

3. Refresh access token

Following code can be used to refresh the "access_token" generated above.

       String url = "authorization/token issuer URL";

        DefaultHttpClient client = new DefaultHttpClient();
        HttpPost post = new HttpPost(url);

        // add header
        post.setHeader("User-Agent", USER_AGENT);
        post.setHeader("Content-Type", "application/x-www-form-urlencoded");
        post.setHeader("Cache-Control", "no-cache");

        List urlParameters = new ArrayList();
        urlParameters.add(new BasicNameValuePair("username", "username1"));
        urlParameters.add(new BasicNameValuePair("client_secret", "CQTYxzOUMCGGRt_MmKDKsWcFxrga"));
        urlParameters.add(new BasicNameValuePair("grant_type", "refresh_token"));
        urlParameters.add(new BasicNameValuePair("client_id", "OLBM3wf54GtT_R8HNbLztK63qHMa"));
        urlParameters.add(new BasicNameValuePair("password", "password1"));
        urlParameters.add(new BasicNameValuePair("refresh_token","617ff4a46cb87eaaea113835d7c7e3"));

        post.setEntity(new UrlEncodedFormEntity(urlParameters));

        HttpResponse response = client.execute(post);
        System.out.println("Response Code : "
                + response.getStatusLine());

        BufferedReader rd = new BufferedReader(
                new InputStreamReader(response.getEntity().getContent()));

        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null) {
            result.append(line);
        }

        System.out.println(result);

Tuesday, July 5, 2016

Git ignore HTTPS verification

Following git commands ignore https verification.

git -c http.sslVerify=false clone https://github.com/spring-guides/gs-securing-web.git

In Git shell, type the above command to retrieve "gs-securing-web" web application clone.