HOAB

History of a bug

Springboot OAUTH & PKCS failed & log level of the filter

Rédigé par gorki Aucun commentaire

Problem :

When using Spring Oauth2 resource server, it checks the received token, to do so it must retrieve token validaty or get certificates to validate token. These two calls are usually made in HTTPS for obvious security reason.

When the certificate is not known by the Spring Oauth2 resource server JVM, it fails as SSL handshake can not complete. It fails. Without a single message :) 

Solution :

Put the following log level on : 

org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter: DEBUG

I see that the exception is propagate to authenticationFailureHandler I see that it should be handle by authenticationFailureHandler but somewhere in the chain, it's not traced… Could search deeper next time.

It will activate this log : 

            try {
                AuthenticationManager authenticationManager = this.authenticationManagerResolver.resolve(request);
                Authentication authenticationResult = authenticationManager.authenticate(authenticationRequest);
                ...
            } catch (AuthenticationException var11) {
                SecurityContextHolder.clearContext();
                if (debug) {// 134
                    this.logger.debug("Authentication request for failed!", var11);
                }
                this.authenticationFailureHandler.onAuthenticationFailure(request, response, var11);
            }

PHP Soapclient et connexion HTTPS via un proxy

Rédigé par gorki Aucun commentaire

Le problème :

En passant via mon proxy entreprise ou local (SQUID) mes requêtes SOAP recevaient les erreurs :

  • Parsing WSDL: Couldn't load from 'https://host/service?wsdl' : failed to load external entity 'https://host/service?wsdl'
  • Could not connect to host

Solution :

Trouver l'origine du problème, activer les traces :

$client = new SoapClient("http://www.webservicex.net/ConverPower.asmx?WSDL", array('trace' => 1));
echo "====== REQUEST HEADERS =====" . PHP_EOL;
var_dump($client->__getLastRequestHeaders());
echo "========= REQUEST ==========" . PHP_EOL;
var_dump($client->__getLastRequest());
echo "========= RESPONSE =========" . PHP_EOL;
var_dump($response);
array
(
    'trace' => 1
    'proxy_host' => 127.0.0.1
    'proxy_port' => 3128
)
// Attention ! vérifier que ces directives sont bien appelées (par exemple pas dans un fichier classe... sifflotements...)
ini_set('soap.wsdl_cache_enabled',0);
ini_set('soap.wsdl_cache_ttl',0)
$context = stream_context_create(array(
    'ssl' => array(
        'verify_peer' => false,
        'verify_peer_name' => false,
        'allow_self_signed' => true
    )
));

$client  = new SoapClient(null, array( 
    'location' => 'https://...',
    'uri' => '...', 
    'stream_context' => $context
));

 

 

Fil RSS des articles de ce mot clé