When I send email from my application using the default WildFly mail session, the auto-generated message ID gives away that my server is WildFly:
Message-ID: <524672585.11.1429091886393.JavaMail.wildfly#myserver.example.com>
For security reasons, I'd like to suppress or override the wildfly substring in the message ID.
Is there a configuration element or a system property to do that?
Answering my own question: The wildfly part of the message ID corresponds to the value of the user.name system property. My server happens to be running under a Linux user account named wildfly.
So one option would be to use a different user account. Alternatively, simply passing -Duser.name=foo to the WildFly start script is enough to change the message ID.
Upgrade to JavaMail 1.5.3. That official release has Bug 6496 -Message-Id leaks current user/hostname of the Java process marked as resolved.
Otherwise, the Message-ID computation uses the InternetAddress.getLocalAddress method which is including the username. You can set the mail.from session property to override including the O/S user name.
public static void main(String[] args) throws Exception {
Properties props = new Properties();
props.put("mail.from", "------#bar.baz");
Session s = Session.getInstance(props);
MimeMessage m = new MimeMessage(s);
m.addFrom(InternetAddress.parse("foo#bar.baz"));
m.setText("");
m.saveChanges();
m.writeTo(System.out);
}
Which will output something like:
From: foo#bar.baz
Message-ID: <1688376486.0.1429814480627.JavaMail.------#bar.baz>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
If you are using the default session you can just add 'mail.from' to the system properties.
Related
UPDATE
I found that if I add a trusted cert to SPOptions.ServiceCertificates and set SPOptions.AuthenticateRequestSigningBehavior = Sustainsys.Saml2.Configuration.SigningBehavior.IfIdpWantAuthnRequestsSigned; and set IdentityProvider.WantAuthnRequestsSigned = true, the signature element is included.
Original Question:
Having troubles connecting to an IDP with the following AuthnRequest:
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="idf299bf8aa08542d193e022cb047e5ecc" Version="2.0" IssueInstant="2019-07-23T00:10:13Z" Destination="https://example-idp.com" AssertionConsumerServiceURL="https://example-sp.com/Acs">
<saml2:Issuer>https://example-sp.com</saml2:Issuer>
</saml2p:AuthnRequest>
The IDP says: "SignatureStatus: NOT_PRESENT". I'm guessing that means that the authnrequest should have a <ds:Signature section? If so, how do I configure Sustainsys.Saml2.AspNetCore2 to include it?
The metadata xml I received from the idp contains a <ds:Signature section, but looking at the source code for Sustainsys.Saml2.AspNetCore2, it looks like that part of the metadata gets ignored when deserializing?
I'm not very familiar with the internals of SAML, so sorry if this is a silly question.
You'll want to generate a self-signed .pfx file that contains both your public cert and private key. We use azure key vault, but you could also use openssl. Lots of resources that explain how to generate one of those and load it into a c# X509Certificate2 instance.
Once you have an instance of X509Certificate2, set options.SPOptions.AuthenticateRequestSigningBehavior = Sustainsys.Saml2.Configuration.SigningBehavior.IfIdpWantAuthnRequestsSigned;
And set IdentityProvider.WantAuthnRequestsSigned = true.
And then add the X509Certificate2 instance like so: options.SPOptions.ServiceCertificates.Add(myX509Certificate2);
Then run your app and start the SAML SSO process. You can use hookbin or the like to see what it sends in the AuthnRequest for SAMLRequest. You can extract the xml from that by url decoding it and then base64 decoding it like so in javascript, for instance to confirm signature xml is set and correct: atob(decodeURIComponent(samlRequestValue))
Trying to enable user account and getting below error. If I go to directly to that windows machine after creating user (using java api) and update password (manually using UI on windows machine) like "password1" and then try to enable password using java it works fine.
Here is how I am setting password while creating user
BasicAttribute basicAttribute1=new BasicAttribute("userPassword","password1".getBytes(StandardCharsets.US_ASCII));
context.setAttribute(basicAttribute1);
Then trying to change useraccount control to 512 and getting
"errorMessage": "[LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\u0000]; nested exception is javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000052D: SvcErr: DSID-031A12D2, problem 5003 (WILL_NOT_PERFORM), data 0\n\u0000]; remaining name 'CN=SachinVTendulkar,OU=SDCWASD001,OU=Users,OU=Mycity,OU=Enterprise Support'"
Seems I am not setting password correctly while creating user with java - I am creating user with userAccountControl-514 and with password along with other attributes like names etc (first I want to create in disable mode)
Then when I just try to enable user, getting this problem. And for same user if I go to windows machine and update password and then try to enable with java it works fine - so that rule out other issues like ldaps etc.
Logs when I create user for reference:
log of creating user : creating new user : JohnSmith , in DN : CN=JohnSmith,OU=SDCWASD001,OU=Users,OU=MyCity,OU=Enterprise Support , with context: org.springf.ldap.core.DirContextAdapter: dn=CN=JohnSmith,OU=SDCWASD001,OU=Users,OU=MyCity,OU=Enterprise Support {mail=adsadsa51#test.com, Description=Test account, CN=JohnSmith, objectclass[0]=top, objectclass[1]=Person, objectclass[2]=organizationalPerson, objectclass[3]=user, userPassword=summer01, sAMAccountName=adsadsa51, userPrincipalName=adsadsa51#test.com, givenName=John, displayName=JohnSmith, name=JOHNSMITH, physicalDeliveryOfficeName=0, sn=Smith, userAccountControl=514}
Then to enable user, I do following and getting that error (I do this in seperate call)
ModificationItem[] mods=new ModificationItem[1];
mods[0]=new ModificationItem(DirContext.REPLACE_ATTRIBUTE,new BasicAttribute("userAccountControl",Integer.toString(512)));
ldapTemplate.modifyAttributes(dn, mods);
Try setting the unicodePwd value on the account. Something like:
final byte[] quotedPasswordBytes = ('"'+password+'"').getBytes("UTF-16LE");
container.put(new BasicAttribute("unicodePwd", quotedPasswordBytes));
Resolution is to use SSL for password attribute updates.
Can you be more specific about what this entails?
I want to get the ID of the Inbound message in my implemented service end point which has following parameters available:
Custom JAXB Request
#Context HttpServletRequest
e.g. From below inbound message i want to retrieve ID: 1 in my service endpoint.
INFO: Inbound Message
ID: 1
Address:
Encoding: ISO-8859-1
Http-Method: POST
Content-Type: application/xml
Headers:
Payload:
Can anyone please tell me if there is a way to get that ID ?
You can get the current CXF Message using PhaseInterceptorChain.getCurrentMessage(). The logging ID used by the logging interceptors is stored in the Message Map, and can be retrieved with its key, e.g.
String loggingId = (String) PhaseInterceptorChain.getCurrentMessage().get(LoggingMessage.ID_KEY);
As the title says, I'm trying to create a GAE + GWT project using Objectify but I can't even get it off the ground. I'm sure I'm missing something simple but doesn't seem to be working.
Here is what I've done so far:
Create a new project and added guava-17.0.jar, guava-gwt-17.0.jar, objectify-5.0.3.jar, and objectify-gwt-1.1jar to my WEB-INF\lib folder. These are all the latest versions of these jars.
Run the application. Send a simple RPC command, server responds, and client successfully receives response (onSuccess() is called).
Add the line <inherits name="com.googlecode.objectify.Objectify" /> to my gwt.xml file per Objectify-GWT's website which is supposed to enable Objectify in GWT.
Run the application. The application starts, same RPC command is sent, server receives and responds, but the client says the command was a failure (onFailure() is called).
I am using the boiler-plate code that is pre-populated when first create a new web application. For reference, here is the RPC command:
private void sendNameToServer() {
// First, we validate the input.
errorLabel.setText("");
String textToServer = nameField.getText();
if (!FieldVerifier.isValidName(textToServer)) {
errorLabel.setText("Please enter at least four characters");
return;
}
// Then, we send the input to the server.
sendButton.setEnabled(false);
textToServerLabel.setText(textToServer);
serverResponseLabel.setText("");
greetingService.greetServer(textToServer,
new AsyncCallback<String>() {
public void onFailure(Throwable caught) {
// Show the RPC error message to the user
dialogBox
.setText("Remote Procedure Call - Failure");
serverResponseLabel
.addStyleName("serverResponseLabelError");
serverResponseLabel.setHTML(SERVER_ERROR);
dialogBox.center();
closeButton.setFocus(true);
}
public void onSuccess(String result) {
dialogBox.setText("Remote Procedure Call");
serverResponseLabel
.removeStyleName("serverResponseLabelError");
serverResponseLabel.setHTML(result);
dialogBox.center();
closeButton.setFocus(true);
}
});
}
This is the error I receive after I try to make the RPC call:
[DEBUG] [my_app] - Validating units:
[INFO] [my_app] - Module my_app has been loaded
[ERROR] [my_app] - Errors in 'com/google/gwt/dev/jjs/SourceOrigin.java'
[ERROR] [my_app] - Line 77: The method synchronizedMap(new LinkedHashMap<SourceOrigin,SourceOrigin>(){}) is undefined for the type Collections
[ERROR] [my_app] - Errors in 'com/google/gwt/dev/util/StringInterner.java'
[ERROR] [my_app] - Line 29: No source code is available for type com.google.gwt.thirdparty.guava.common.collect.Interner<E>; did you forget to inherit a required module?
[ERROR] [my_app] - Line 29: No source code is available for type com.google.gwt.thirdparty.guava.common.collect.Interners; did you forget to inherit a required module?
To me it looks like Objectify is interfering with GWT. I know they're supposed to work together so not sure what I'm doing wrong. Any advice would be appreciated.
Use objectify-gwt 1.2. It's possible that 1.1 has some issues from merging a bad PR.
You can see a sample application that uses objectify-gwt to pass a GeoPt back and forth from the client here: https://github.com/stickfigure/objectify-gwt-test
You should use objectify on the server side before trying to do this kind of stuff. Objectify is a server side peristence technology. Call it in your server code
add try catch in your service methods and print the stack trace of the exception on your server console, if you receive onFailure() on GWT that means there is a failure on the server side. You have to find what is that failure.
Now the second part is an advice:
<inherits name="com.googlecode.objectify.Objectify" />
Is a weired line for me. GWT doesn't have to know about your persistence layer.
Unless it's a revolutionary concept, I would recommend you d'ont use this type of technology that removes your hand from the controle of your db access...
Here are my email related dev_appserver options:
--smtp_host=smtp.gmail.com --smtp_port=25 --smtp_user=me#mydomain.com --smtp_password="password"
Now, this still doesn't work and every time Google release a new dev_appserver I have to edit api/mail_stub.py to get things to work locally as per this S/O answer.
However, even this workaround has now stopped working. I get the following exception:
SMTPSenderRefused: (555, '5.5.2 Syntax error. mw9sm14633203wib.0 - gsmtp', <email.header.Header instance at 0x10c9c9248>)
Does anyone smarter than me know how to fix it?
UPDATE
I was able to get email to send on dev_appserver by using email addresses (eg. for sender and recipient) in their 'plain' format of a simple string (name#domain.com) rather than using the angle bracket style (Name <name#domain.com>). This is not a problem in production: recipients and sender email addresses can use angle brackets in the mail.send_mail call. I raised a ticket about this divergent behaviour between dev_appserver and production: https://code.google.com/p/googleappengine/issues/detail?id=10211&thanks=10211&ts=1383140754
Looks like it's because the 'sender' is now stored as a "email.header.Header" instance in the dev server instead of a string (since SDK 1.8.3 I think).
From my testing, when a 'From' string like "Name " is passed into smtplib.SMTP.sendmail, it parses the string to find the part within angle brackets, if any, to use as the SMTP sender, giving "". However, if this parameter is an "email.header.Header", then is just converts to string and uses it without further parsing, giving ">", thus causing the problem we're seeing.
Here's the patch I just posted on the issue tracker to google/appengine/api/mail_stub.py to convert this parameter back to a string (works for me):
--- google/appengine/api/mail_stub-orig.py 2014-12-12 20:04:53.612070031 +0000
+++ google/appengine/api/mail_stub.py 2014-12-12 20:05:07.532294605 +0000
## -215,7 +215,7 ##
tos = [mime_message[to] for to in ['To', 'Cc', 'Bcc'] if mime_message[to]]
- smtp.sendmail(mime_message['From'], tos, mime_message.as_string())
+ smtp.sendmail(str(mime_message['From']), tos, mime_message.as_string())
finally:
smtp.quit()
Another alternative is to patch the SMTP server that you use for testing the app engine mail functionality in your dev environment (instead of patching mail_stub.py).
For example, I'm using subethasmtp Wiser and was able to work around this issue by patching org.subethamail.smtp.util.EmailUtils.extractEmailAddress to accept nested angle brackets (details posted here).