Camel SFTP username has special character - apache-camel

I have to modify an existing camel SFTP project made in Camel (2.10.2). I am working with Camel for the first time and don't have any knowledge on this.
There are some URI's already configured in uri="sftp://username#hostname?password=XXX&option=value.." format which are working fine.
I have to add URI for new host in the same camel. The problem is username for new host name has # in it (eg: user#name).So new URI configuration does not work in existing format.
I tried to read some manuals and based on those, below are configurations tried so far :
uri="sftp://user#name#hostname?password=XXX&option=value.." -> It gave 'host must be specified and not empty' error.
uri="sftp://RAW(user#name)#hostname?password=XXX&option=value.." -> Not able to connect
uri="sftp://hostname?username=RAW(user#name)&password=XXX&option=value.." -> Not able to connect
uri="sftp://hostname?username=user#name&password=XXX&option=value.." -> Not able to connect
uri="sftp://hostname?username=user#name?password=XXX&option=value.." -> Not able to connect
uri="sftp://hostname?username=user#name?password=XXX&option=value..#amp;binary=true" -> Not able to connect
uri="sftp://hostname?username=RAW(user#name)?password=XXX&option=value..#amp;binary=true" -> Not able to connect
Its seems RAW(XXX) works in higher version of camel but not in 2.10.2. I have also verified connectivity with hostname and there is no issue with it.
Can somebody help with correct URI format that can work in camel 2.10.2.
Username: user#name, password: XXX, hostname: XXX.YYY.ZZ

Related

Camel sftp - For a passwordless login setup - I get Jsch exception: Auth fail

I'm trying to connect to an SFTP server for which I have passwordless authentication setup. I can connect to this server from the terminal. However, when I try to access the server using Springboot - Camel-SFTP, I get an exception:
2018-08-29 14:59:24,617 WARN org.apache.camel.component.file.remote.SftpConsumer : Error auto creating directory: incoming due Cannot connect to sftp://username#host.net:22. This exception is ignored.
org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://username#host.net:22
Caused by: com.jcraft.jsch.JSchException: Auth fail
at com.jcraft.jsch.Session.connect(Session.java:519)
at org.apache.camel.component.file.remote.SftpOperations.connect(SftpOperations.java:116)
... 33 common frames omitted
This is the endpoint for my route:
file-endpoint: sftp://username#host.net/incoming?streamDownload=true&noop=true&disconnect=true&stepwise=false&useList=false&fileName=abc.txt&ignoreFileNotFoundOrPermissionError=false&sendEmptyMessageWhenIdle=true&privateKeyPassphrase=XXX&preferredAuthentications=publickey&privateKeyFile=/Users/username/.ssh/id_rsa&scheduler=spring&scheduler.cron=0+0/1++++
Any help would be appreciated. Thanks!
From the filename, I'd assume an RSA key -- be sure that this is the case. I've had problems with JSch using an ed25519 key.
Additionally, in the SFPT route's that I've set up, I don't use "user#" in the URI; I just have
sftp://some.host/directory?username=someone?privateKeyFile=<>[..options..]
but I don't include a blank password attribute as indicated by fliot
Finally, you might try to check the destination server's sshd log; it may have something useful.
Simple answer : Add username and password, even if password may be empty.
Long answer:
I got several working routes with
username=something&password=&privateKeyPassphrase=XXX&preferredAuthentications=publickey&privateKeyFile=id_rsa
By the way, the path of your private key, make me anxious, by default, on linux, a local user is allowed to use local file as private ssh key, only the key is "chmod 400", or similar. Please, check your Karaf or Servicemix instance can correctly read this path.
Additionnaly, you can see the entire sFTP workout, with
log4j.logger.org.apache.camel.component.file.remote.SftpOperations = ON

Quickblox is not working with subdomain url

I have multiple URL for same domain , but its contain sub domain like following
admin.projectname.com
doctor.projectname.com
etc..
Here quickblox call not working with this URLs and giving following error:
NavigatorUserMediaError {
name: "PermissionDeniedError",
message: "Only secure origins are allowed.",
constraintName: ""
} app.js:577 4
I have refer quickblox and found some solution like quickblox only work with localhost and https SSL but I want to make it work with this type of URL.
It is already working with localhost but I want to start it with virtual domain of localhost.
Please help me out of this. let me know if any query.
You can't get access to UserMedia unless you're connected to a secure host. Your browser recognizes as secure host the ones with HTTPS or, for development, localhost.
If you need to develop with full domain names you either generate an SSL certificate (a free self-signed) for your environment or use an obscure flag like --unsafely-treat-insecure-origin-as-secure="admin.projectname.com".
See https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins section Testing a Powerful Feature.

SOAP UI not able to talk to Salesforce whereas browser can

I am not able to connect to https://test.salesforce.com/services/oauth2/token form SoapUI (ver 5.2.1). I have tried the PRO version and other older versions (4.6.xx) as well.
I can access the website from the web-browser. The GET to this URL gives me the response where as SOAPUI says HttpHostConnectException connection to https://test.salesforce.com/ refused.
I have checked that there is direct connection available from my PC to this address. I have tried adding https.proxyHost and https.proxyPort settings in soapui.vmoptions and sopaui.bat but of no use.
I have also tried playing around with Preemptive Authentication settings in SOAPUI without success
My organization has firewall which has white listed this address. I have also confirmed that firewall settings does allow to connect thru non standard clients (such as ApacheHttpClient).
If I use a Java Program using URLConnection using the proxy, it works.
At this point it seems to me that SOAPUI is not honoring the proxy settings.
Please share if anyone has similar experience and how did they resolve it.
Regards
Ash

Connecting to an LDAP server via a Corporate Proxy

I'm using the OpenLDAP API in C to connect to an external LDAP server and retrieve certain information. However, the software needs to run behind a HTTP CONNECT corporate proxy.
OpenLDAP doesn't expose the underlying socket calls, so is there a way to use the OpenLDAP API to specify a proxy to go through?
LDAP* lp;
int res = ldap_initialize(&lp, "ldap://some-server.com:389");
... /* Can I specify a proxy server somehow here? */
ldap_sasl_bind_s(m_connection, "", LDAP_SASL_SIMPLE, &cred, NULL, NULL, NULL);
I looked through the manual and did some Googling and found LDAP_OPT_URI which is an option code that can be passed to ldap_set_option, along with a URI. The manual describes the purpose of this option as :
"Sets/gets a comma- or space-separated list of URIs to be contacted by
the library when trying to establish a connection."
That description seems a bit vague to me, but I thought it might sound like this could allow me to set a proxy URL. However, I tried it and it has no effect anyway.
So, does OpenLDAP provide some way to connect via a proxy?

Redirect Loop Problem for Web Policy Agent?

I followed the installation guide for an Apache Web Policy Agent, but it always results in an endless redirect loop between web and application server. Firefox says "The page isn't redirecting properly" and Chrome thinks that "This webpage has a redirect loop". The setup is an Apache 2 on port 80 with a small demo app and a Web Policy Agent, and a Tomcat 7 server on port 8080 with an OpenAM server (the former OpenSSO from Sun):
App URL http://hostname.example.com:80/ (App and Agent, running on Apache 2.2.16)
OpenAM Server URL http://hostname.example.com:8080/openam (running on Tomcat 7.0.12)
The Live HTTP Header Firefox plugin shows that the policy agent and the OpenAM server (i.e. the Apache and Tomcat servers) redirect to each other, although the server sets the SSO Token Cookie correctly. The name of the SSO Token Cookie has the default value "iPlanetDirectoryPro". Any idea how to solve the problem?
After a whole week I finally figured it out, with the help of Stackoverflow and the OpenAM Mailing list. There were two main problems: missing log files and missing cookie domains. Installing the OpenAM server and the Web Policy Agent is difficult, there are a lot of log files and many different configuration options. If you select the wrong options, it won't work. It is impossible to make it work without knowing what is going on, which can only be determined by a suitable log file.
Missing Log for Web Policy Agent : The log level must be set in the "Java properties" files. There are two "Java Properties" files for the Web Policy Agent, OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties. The log and debug level which is named com.sun.identity.agents.config.debug.level can and must be defined in both (!) files, and it should be set to the high level, all:4 or all:5. The format is important. Even if you do this, the AgentConfiguration.properties file is only used when the agent is not working in centralized config mode. The profile must be set to "local".
Missing Cookie Domain: Do not forget to enter the right Cookie Domain during the setup of the OpenAM server in the beginning, or add it afterwards if it is missing. On the OpenAM server, go to Configuration > System > Platform and change the Cookie Domain Value to your domain (for instace .example.com) if it is missing. Otherwise the browser will lose your cookie during the redirect process. Somehow I had an empty entry for the cookie domain at the OpenAM server, I guess a forgot a dot (example.com instead of .example.com) so that it was invalid (or something like that).
This troubleshooting site was helpful to locate the problem.
#0x4a6f4672, Your post was absolutely helpful . Some more to add to your answer. The following changes is what i had to do in the config to make it running, at-least getting it running it for alfresco.
com.sun.identity.agents.config.user.mapping.mode=USER_ID(Dont use HTTP_HEADER)
com.sun.identity.agents.config.user.attribute.name=uid
com.sun.identity.agents.config.user.principal=true(Dont use false)
com.sun.identity.agents.config.user.token=SsoUserHeader(Keep it as per what is specified in you application- in my case alfresco)
Now you are not running the Agent in centralised mode but in local mode the setting which is specified for profile attribute can be only set via property file so add the following.
com.sun.identity.agents.config.profile.attribute.fetch.mode=HTTP_HEADER
com.sun.identity.agents.config.profile.attribute.mapping[uid]=SsoUserHeader(whatever you want the header to come in browser as)
As told by 0x4a6f4672, it is difficult to debug and unless you are in local mode , so switch to local mode immediately and start tracing the logs and make the property changes accordingly.

Resources