BinarySecurityToken modified with XML escape characters using Apache WSS4J / CXF - cxf

I'm using the action based approach to ws-security, as the WSDL I am interfacing to does not contain a security policy. Code for the interceptor and security is below.
I'm getting an error back from the server indicating my binary security token is not base 64 encoded. That was a head scratcher, since it appears to be, and indicates it is in the type description. Then I noticed some characters were being replaced with XML escape characters. If I brute force send a message where these characters are reverted, the server responds, so I suspect they are not gracefully converting these back upon receive.
How do I stop the header from getting escaped?
Here's the code I'm using to configure my client:
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean( );
factory.setServiceClass( Operations.class );
factory.setAddress( serviceUrl );
Map< String, Object > properties = Maps.newHashMap( );
properties.put( "mtom-enabled", "false" );
factory.setProperties( properties );
outProps.put( "cryptoProperties", sig_props );
outProps.put( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT );
outProps.put( WSHandlerConstants.USER, apiKeyPairAlias );
outProps.put( WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties" );
outProps.put( WSHandlerConstants.ENC_PROP_REF_ID, "cryptoProperties" );
outProps.put( WSHandlerConstants.SIG_KEY_ID, "DirectReference" );
outProps.put( WSHandlerConstants.ENC_KEY_ID, "DirectReference" );
outProps.put( WSHandlerConstants.SIGNATURE_USER, apiKeyPairAlias );
outProps.put( WSHandlerConstants.ENCRYPTION_USER, apiKeyPairAlias );
outProps.put( WSHandlerConstants.PW_CALLBACK_REF, new ClientPasswordHandler( ) );
outProps.put( WSHandlerConstants.STORE_BYTES_IN_ATTACHMENT, "true" );
outProps.put( WSHandlerConstants.USE_SINGLE_CERTIFICATE, "false" );
WSS4JOutInterceptor wssOut = new WSS4JOutInterceptor( outProps );
factory.getOutInterceptors( ).add( wssOut );
Map< String, Object > inProps = Maps.newHashMap( );
inProps.put( WSHandlerConstants.ACTION, WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.ENCRYPT );
inProps.put( "cryptoProperties", sig_props );
outProps.put( WSHandlerConstants.SIG_PROP_REF_ID, "cryptoProperties" );
outProps.put( WSHandlerConstants.ENC_PROP_REF_ID, "cryptoProperties" );
outProps.put( WSHandlerConstants.PW_CALLBACK_REF, new ClientPasswordHandler( ) );
WSS4JInInterceptor wssIn = new WSS4JInInterceptor( inProps );
factory.getInInterceptors( ).add( wssIn );

Related

Using XmlWriter to create large document from LINQ to SQL / LINQPad throws Out of Memory Exception

I'm trying to export data in a LINQPad script and keep receiving Out of Memory exception. I feel like the script is doing all 'streamable' actions so not sure why I'm getting this.
The main loop of the code looks like the following. A few notes:
1) The first query returns around 60K rows profileDB.Profiles.Where(p => p.Group.gName == groupName).Select( d => d.pAuthID )
2) The second query for each pAuthID returns rows in a the database where one field is a Xml blob of data stored in a string field. It is not that big...< 500K for sure. Each pAuthID row could have as many as 50 rows of FolderItems. The query is profileDB.FolderItems.Where(f => f.Profile.pAuthID == p && ( folderTypes[0] == "*" || folderTypes.Contains(f.fiEntryType) ) ).OrderBy(f => f.fiEntryDate)
3) I only write a single line to the result pane when the processing starts.
4) The script runs for a long time, throwing exception when the output file is around 600-700MB. Huge I know, but it is a requirement that we dump out all the data into Xml.
5) The WriteFolderItems function/loop will be pasted below the main loop.
6) I call XmlWriter.Flush after each xDataDef element.
using (var xw = XmlWriter.Create(fileName, new XmlWriterSettings { Indent = false } ) )
{
xw.WriteStartElement( "xDataDefs" );
foreach( var p in profileDB.Profiles.Where(p => p.Group.gName == groupName).Select( d => d.pAuthID ) )
{
if ( totalRows == 0 ) // first one...
{
string.Format( "Writing results to {0}...", fileName ).Dump( "Progress" );
}
totalRows++;
var folderItems = profileDB.FolderItems.Where(f => f.Profile.pAuthID == p && ( folderTypes[0] == "*" || folderTypes.Contains(f.fiEntryType) ) ).OrderBy(f => f.fiEntryDate);
if ( folderItems.Any() )
{
xw.WriteStartElement("xDataDef");
xw.WriteAttributeString("id-auth", p);
xw.WriteStartElement("FolderItems");
WriteFolderItems(profileDB, datalockerConnectionString, xw, folderItems, documentsDirectory, calcDocumentFolder, exportFileData);
xw.WriteEndElement();
xw.WriteEndElement();
xw.Flush();
}
}
xw.WriteEndElement();
}
WriteFolderItems has looping code as well that looks like the following. A few notes:
1) I'd expect the foreach( var f in folderItems ) to be streaming
2) For some of the FolderItem rows that are Xml blobs of cached documents, I need to run ~ 1-5 queries against the database to get some additional information to stick into the Xml export: var docInfo = profileDB.Documents.Where( d => d.docfiKey == f.fiKey && d.docFilename == fileName ).FirstOrDefault();
3) I call XmlWriter.Flush after each FolderItem row.
public void WriteFolderItems( BTR.Evolution.Data.DataContexts.Legacy.xDS.DataContext profileDB, string datalockerConnectionString, XmlWriter xw, IEnumerable<BTR.Evolution.Data.DataContexts.Legacy.xDS.FolderItem> folderItems, string documentsOutputDirectory, string calcDocumentFolder, bool exportFileData )
{
foreach( var f in folderItems )
{
// The Xml blob string
var calculation = XElement.Parse( f.fiItem );
// If it contains 'cached-document' elements, need to download the actual document from DataLocker database
foreach( var document in calculation.Elements( "Data" ).Elements( "TabDef" ).Elements( "cache-documents" ).Elements( "cached-document" ) )
{
var fileName = (string)document.Attribute( "name" );
// Get author/token to be used during import
var docInfo = profileDB.Documents.Where( d => d.docfiKey == f.fiKey && d.docFilename == fileName ).FirstOrDefault();
if ( docInfo != null )
{
document.Add( new XElement( "author", docInfo.docUploadAuthID ) );
document.Add( new XElement( "token", docInfo.docDataLockerToken ) );
}
// Export associated document from DataLocker connection...XmlWriter is not affected, simply saves document to local hard drive
if ( exportFileData && DataLockerExtensions.ByConnection( datalockerConnectionString ).Exists( calcDocumentFolder, (string)document.Attribute( "name" ), null ) )
{
using ( var fs = new FileStream( Path.Combine( documentsOutputDirectory, fileName.Replace( "/", "__" ) ), FileMode.Create ) )
{
string contentType;
using ( var ds = DataLockerExtensions.ByConnection( datalockerConnectionString ).Get( calcDocumentFolder, (string)document.Attribute( "name" ), null, out contentType ) )
{
ds.CopyTo( fs );
}
}
}
}
// Write the calculation to the XwlWriter
xw.WriteStartElement( "FolderItem" );
xw.WriteElementString( "Key", f.fiKey.ToString() );
xw.WriteElementString( "EntryDate", XmlConvert.ToString( f.fiEntryDate.Value, XmlDateTimeSerializationMode.Local ) );
xw.WriteElementString( "ItemType", f.fiEntryType );
xw.WriteElementString( "Author", f.fiAuthor );
xw.WriteElementString( "Comment", f.fiComment );
xw.WriteStartElement( "Item" );
calculation.WriteTo( xw );
xw.WriteEndElement();
xw.WriteEndElement();
xw.Flush();
}
}
Make sure you disable Change Tracking, or the EF or L2S Change Tracker will retain references to each of the loaded entities.

What is the proper way to handle the pixel buffer returned by GetDIBits()?

I have been trying to make a SDL program that has the capability of taking a screenshot of the entire screen, and in this case, displaying a live feed of my whole monitor screen. I have succeeded to the extent that I have been able to retrieve a image using GDI functions, but I have no idea how to properly handle the data output in my buffer after the GetDIBits() function returns. My image so far has been way off the expected output. The colors are messed up in all the formats I've currently tried which has been most of the 32-bit and 24-bit pixel formats available for SDL textures. My win32 code might also have a bug, I'm not completely sure since the image displayed is incorrect.
Here is how I get a screenshot :
void WINAPI get_screenshot( app_data * app )
{
HDC desktop = GetDC( NULL );
int width = GetDeviceCaps( desktop, HORZRES );
int height = GetDeviceCaps( desktop, VERTRES );
HDC desktop_copy = CreateCompatibleDC( 0 );
HGDIOBJ old = NULL;
HBITMAP screenshot = CreateCompatibleBitmap( desktop_copy, app->viewport.w, app->viewport.h );
BITMAPINFOHEADER screenshot_header = { 0 };
screenshot_header.biSize = sizeof( BITMAPINFOHEADER );
screenshot_header.biWidth = app->viewport.w;
screenshot_header.biHeight = -app->viewport.h;
screenshot_header.biPlanes = 1;
screenshot_header.biBitCount = 32;
screenshot_header.biCompression = BI_RGB;
if ( !screenshot )
{
ReleaseDC( NULL, desktop );
DeleteDC( desktop_copy );
DeleteObject( screenshot );
free_app_data( app );
win_error( "Creating Bitmap", true );
}
SetStretchBltMode( desktop_copy, HALFTONE );
SetBrushOrgEx( desktop_copy, 0, 0, NULL );
old = SelectObject( desktop_copy, screenshot );
if ( !StretchBlt( desktop_copy, 0, 0, app->viewport.w, app->viewport.h, desktop, 0, 0, width, height, SRCCOPY ) )
{
ReleaseDC( NULL, desktop );
DeleteDC( desktop_copy );
DeleteObject( screenshot );
free_app_data( app );
win_error( "Stretching Screenshot to Window Size", true );
}
if ( !GetDIBits( desktop_copy, screenshot, 0, app->viewport.h, app->pixels, ( BITMAPINFO * )&screenshot_header, DIB_RGB_COLORS ) )
{
ReleaseDC( NULL, desktop );
DeleteDC( desktop_copy );
DeleteObject( screenshot );
free_app_data( app );
win_error( "Getting Window RGB Values", true );
}
SelectObject( desktop_copy, old );
DeleteObject( screenshot );
ReleaseDC( NULL, desktop );
DeleteDC( desktop_copy );
return;
}
I feel most of the code that calls my DLL functions is self explanatory or isn't critical for this post, but I'll be happy to provide pseudo code or pure win32 API code if necessary.
The code that creates the SDL texture and buffer is :
app->frame = SDL_CreateTexture(
app->renderer,
SDL_PIXELFORMAT_ABGR8888,
SDL_TEXTUREACCESS_STREAMING,
app->viewport.w,
app->viewport.h
);
if ( !app->frame )
{
free_app_data( app );
SDL_errorexit( "Creating texture", 1, TRUE );
}
app->pixels = ( Uint32 * )create_array( NULL, ( app->viewport.w * app->viewport.h ), sizeof( Uint32 ), zero_array );
if ( !app->pixels )
{
free_app_data( app );
std_error( "Creating pixel buffer", TRUE );
}
Again, I'm using my DLL function create_array() in this case, but I think you should be able to tell what it does.
The resulting image is this :
Feel free to add better methods or pure SDL methods of doing this. I have tried GetPixel(), and it returns correct values. It has a high overhead for multiple calls though.
The code for capturing and drawing the screen to your form:
HDC hdcScreen, hdcForm;
hdcScreen = GetDC(NULL);
hdcForm = GetWindowDC(hwnd); //hwnd is form handle
StretchBlt(hdcForm, 0, 0, formW, formH, hdcScreen , 0, 0, screenW, screenH, SRCCOPY );
ReleaseDC(hwnd, hdcForm);
ReleaseDC(NULL, hdcScreen);
Its that simple.
valter

Solr result filter for user specific data

I'd like to manipulate the result of a solr server search. I don't think it's possible on the Server side filter, because the information is only available on the client side at runtime.
I tried following:
private void filterKernSortiment ( SolrDocumentList docsList )
{
List<SolrDocument> filteredItems = new ArrayList<SolrDocument>();
Iterator<SolrDocument> iter = docsList.iterator();
while ( iter.hasNext() )
{
SolrDocument doc = iter.next();
String artnr = doc.getFieldValue( "artnr" ).toString();
String lfnt = doc.getFieldValue( "lfnt" ).toString();
if ( ! user.isForUserInStock( artnr, lfnt ) )
{
filteredItems.add( doc );
}
}
log.debug( "filteredItems=" + filteredItems.size() );
Iterator<SolrDocument> iterFilter = filteredItems.iterator();
while ( iterFilter.hasNext() )
{
SolrDocument doc = iterFilter.next();
docsList.remove( doc );
}
}
The SolrDocumentList is filtered correctly, but the getFacetField function gives the result of the unfiltered SolrDocumentList.
Do I have to manipulate the FacetField Lists too or do you know a a better solution for the problem?

Grails 1.3.7 Map to sql server 2k8 Date Column

We have a legacy grails app running 1.3.7 and having trouble mapping to a mssql server 2k8 table with a date data type.
I've got it mapped with sqlType:'date' it still get the following error when it tries to load the entity ERROR util.JDBCExceptionReporter - Can't convert '2013-07-24' to Timestamp.
Added a custom Dialect extending the SQLServerDialect with the following no difference
registerColumnType( Types.DATE, "date" );
Grails 1.3.7 comes bundles with hibernate 3.3.1 GA. I think there is no SQLServer2008Dialect in this version of Hibernate, only a `SQLServerDialect̀ which is good for 2k and 2k5 versions
You'll have to borrow this class from a later version, as explained in this blog post
I reproduce the class here for archive sakes (from robert-reiz.com)
import org.hibernate.Hibernate;
import org.hibernate.cfg.Environment;
import org.hibernate.dialect.SQLServerDialect;
import org.hibernate.dialect.function.*;
import org.hibernate.type.StandardBasicTypes;
import java.sql.Types;
public class SqlServer2008Dialect extends SQLServerDialect {
public SqlServer2008Dialect(){
super();
registerColumnType( Types.DATE, "date" );
registerColumnType( Types.TIME, "time" );
registerColumnType( Types.TIMESTAMP, "datetime2" );
registerFunction( "current_timestamp", new NoArgSQLFunction("current_timestamp", Hibernate.TIMESTAMP,false) );
registerColumnType( Types.BIT, "tinyint" ); //Sybase BIT type does not support null values
registerColumnType( Types.BIGINT, "bigint" );//changed
registerColumnType( Types.SMALLINT, "smallint" );
registerColumnType( Types.TINYINT, "tinyint" );
registerColumnType( Types.INTEGER, "int" );
registerColumnType( Types.CHAR, "char(1)" );
registerColumnType( Types.VARCHAR, "varchar($l)" );
registerColumnType( Types.FLOAT, "float" );
registerColumnType( Types.DOUBLE, "double precision" );
registerColumnType( Types.VARBINARY, "varbinary($l)" );
registerColumnType( Types.NUMERIC, "numeric($p,$s)" );
registerColumnType( Types.BLOB, "image" );
registerColumnType( Types.CLOB, "text" );
registerColumnType( Types.ROWID, "bigint");
registerFunction( "ascii", new StandardSQLFunction("ascii", StandardBasicTypes.INTEGER));
registerFunction( "char", new StandardSQLFunction("char", StandardBasicTypes.CHARACTER));
registerFunction( "len", new StandardSQLFunction("len", StandardBasicTypes.LONG) );
registerFunction( "lower", new StandardSQLFunction("lower") );
registerFunction( "upper", new StandardSQLFunction("upper") );
registerFunction( "str", new StandardSQLFunction("str", StandardBasicTypes.STRING) );
registerFunction( "ltrim", new StandardSQLFunction("ltrim") );
registerFunction( "rtrim", new StandardSQLFunction("rtrim") );
registerFunction( "reverse", new StandardSQLFunction("reverse") );
registerFunction( "space", new StandardSQLFunction("space", StandardBasicTypes.STRING));
registerFunction( "user", new NoArgSQLFunction("user", StandardBasicTypes.STRING) );
registerFunction( "current_timestamp", new NoArgSQLFunction("getdate", StandardBasicTypes.TIMESTAMP) );
registerFunction( "current_time", new NoArgSQLFunction("getdate", StandardBasicTypes. TIME) );
registerFunction( "current_date", new NoArgSQLFunction("getdate", StandardBasicTypes. DATE) );
registerFunction( "getdate", new NoArgSQLFunction("getdate", StandardBasicTypes. TIMESTAMP) );
registerFunction( "getutcdate", new NoArgSQLFunction("getutcdate", StandardBasicTypes. TIMESTAMP) );
registerFunction( "day", new StandardSQLFunction("day", StandardBasicTypes.INTEGER) );
registerFunction( "month", new StandardSQLFunction("month", StandardBasicTypes.INTEGER) );
registerFunction( "year", new StandardSQLFunction("year", StandardBasicTypes.INTEGER) ) ;
registerFunction( "datename", new StandardSQLFunction("datename", StandardBasicTypes. STRING) );
registerFunction( "abs", new StandardSQLFunction("abs") );
registerFunction( "sign", new StandardSQLFunction("sign", StandardBasicTypes.INTEGER) ) ;
registerFunction( "acos", new StandardSQLFunction("acos", StandardBasicTypes.DOUBLE) );
registerFunction( "asin", new StandardSQLFunction("asin", StandardBasicTypes.DOUBLE) );
registerFunction( "atan", new StandardSQLFunction("atan", StandardBasicTypes.DOUBLE) );
registerFunction( "cos", new StandardSQLFunction("cos", StandardBasicTypes.DOUBLE) );
registerFunction( "cot", new StandardSQLFunction("cot", StandardBasicTypes.DOUBLE) );
registerFunction( "exp", new StandardSQLFunction("exp", StandardBasicTypes.DOUBLE) );
registerFunction( "log", new StandardSQLFunction( "log", StandardBasicTypes.DOUBLE) );
registerFunction( "log10", new StandardSQLFunction("log10", StandardBasicTypes.DOUBLE) );
registerFunction( "sin", new StandardSQLFunction("sin", StandardBasicTypes.DOUBLE) );
registerFunction( "sqrt", new StandardSQLFunction("sqrt", StandardBasicTypes.DOUBLE) );
registerFunction( "tan", new StandardSQLFunction("tan", StandardBasicTypes.DOUBLE) );
registerFunction( "pi", new NoArgSQLFunction("pi", StandardBasicTypes.DOUBLE) );
registerFunction( "square", new StandardSQLFunction("square") );
registerFunction( "rand", new StandardSQLFunction("rand", StandardBasicTypes.FLOAT) );
registerFunction("radians", new StandardSQLFunction("radians", StandardBasicTypes. DOUBLE) );
registerFunction("degrees", new StandardSQLFunction("degrees", StandardBasicTypes. DOUBLE) );
registerFunction( "round", new StandardSQLFunction("round") );
registerFunction( "ceiling", new StandardSQLFunction("ceiling") );
registerFunction( "floor", new StandardSQLFunction("floor") );
registerFunction( "isnull", new StandardSQLFunction("isnull") );
registerFunction( "concat", new VarArgsSQLFunction( StandardBasicTypes.STRING, "( ","+",")" ) );
registerFunction( "length", new StandardSQLFunction( "len", StandardBasicTypes.INTEGER ) );
registerFunction( "trim", new SQLFunctionTemplate( StandardBasicTypes.STRING, "ltrim( rtrim(?1))") );
registerFunction( "locate", new CharIndexFunction() );
getDefaultProperties().setProperty(Environment.STATEMENT_BATCH_SIZE, NO_BATCH);
}
}
You'll have to add
dialect = org.hibernate.dialect.SqlServer2008Dialect
in the ̀Datasource.groovy` config file and make this class available to your classpath
WARNING : in the blog post, the base version for Hibernate is 3.6.4 and the code above use a SQLServer2005Dialect class that doesn't exist in the 3.3.1 GA version. I've modified the code above to take this into account (I used SQLServerDialect) while assuming that these class were compatibles. I didn't check this.

How can I access the number of errors that my App Engine app is returning per hour/day/week?

Is there an API that my Google App Engine app can call when signed in as the as the app admin that would return information on the number of errors (404, 500, etc.) my app is returning?
I'd like to setup a simple cron job in my application to count the number of errors that my app is returning every few minutes and send me an email if the error rate becomes unexpectedly high. I'd like to avoid having to scrape the information from the Appspot dashboard or run another process outside of my app.
The closest thing to what you need is probably LogService API
Note that it isn't available for Java runtime (yet, I assume).
This only works on the cloud and is GAE-friendly.
You will need jsoup.
package some.package
import java.util.HashMap;
import java.util.Map;
import org.jsoup.Connection;
import org.jsoup.Connection.Method;
import org.jsoup.Connection.Response;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class AppEngineScraperUtil
{
private static final Logger logger = LoggerFactory.getLogger( AppEngineScraperUtil.class );
/**
* #param appId
* in the form of {#code appId}
* #return dashboard in html
*/
public static String fetchDashboard( String appId )
{
return jsoupWay( appId );
}
private static String jsoupWay( String appId )
{
try
{
Connection conn = createGetConn( "https://appengine.google.com" );
Response result = conn.execute();
Document doc = result.parse();
// parse inputs
Elements elements = doc.select( "#dsh, [name=GALX], #service, #continue, #ltmpl" );
Map<String, String> formFields = new HashMap<String, String>();
// build form
for ( Element element: elements )
formFields.put( element.attr( "name" ), element.val() );
formFields.put( "Email", "xxx" );
formFields.put( "Passwd", "xxx" );
String formAction = doc.select( "form" ).first().attr( "action" );
// parse cookies
Map<String, String> cookies = result.cookies();
// build post
conn = createPostConn( formAction );
conn.cookies( cookies );
conn.data( formFields );
conn.header( "Content-Type", "application/x-www-form-urlencoded" );
result = conn.execute();
doc = result.parse();
// get dashboard
conn = createGetConn( "https://appengine.google.com/dashboard?&app_id=" + appId );
conn.cookies( result.cookies() );
result = conn.execute();
// return html
doc = result.parse();
return doc.toString();
}
catch ( Exception e )
{
logger.error( "Error retrieving dashboard.", e );
}
return null;
}
private static Connection createPostConn( String url )
{
Connection conn = Jsoup.connect( url );
conn.method( Method.POST );
return conn;
}
private static Connection createGetConn( String url )
{
Connection conn = Jsoup.connect( url );
conn.method( Method.GET );
return conn;
}
}

Resources