CSS

Wednesday, August 25, 2021

403 Response to My Developer Box

So I had a perfectly working setup. I could call my machine's end point no problem. When I had a outside service use the service as a callback they got 403 Unauthorized. 

 It looks like it was my ISP. I'm guessing this since the call never hit my Apache server. 

 How I fixed it. 

 tldr; I created an Apache Server in AWS and proyied through there. I have a AWS enviornment which includes a Windows RRAS VPN. I connect to AWS through the VPN. 

I am just going to give an overview of what I did.  I expect you to know about Windows VPN and Linux.

  Steps 

 since I am using Windows RRAS VPN I can NAT all http calls to my machine.

Go to your domain server and go to the Dial-up and set a static IP address for yourself.

Go to Routing and Remote Access Manager on the VPN server.


Under Services and Port Tab choose HTTP  set the destination IP to the one you choose for yourself.

Make sure your VPN server is in a security group that allows http access.

In AWS \create a micro instance using your favorite Linux.

ssh into your machine

Install Apache

enable mod proxy

sudo a2nenmod proxy


Since you are NATed througj the VPN server you need to setup a proxy to it


ProxyPass "/"  "http://10.0.0.204/"

<Location "/.well-known/">

    ProxyPass "!"

</Location>


Make sure you exclude the .well-known directory so you can get an SSL Cert from Letsencypt.


Have fun





Posted by at No comments:
Labels: , , , ,

Thursday, March 5, 2020

A poor mans CNAME using /etc/hosts

I did not want to set dnsmasq to setup a couple of CNAMEs. So I wrote the following little script to do the work. I run it at boot using root's crontab @reboot
 
You need to put a placeholder in /etc/hosts.
127.0.0.1 search.me
The bash script
lookup=search.me
ip=`dig google.com +short | grep '^[.0-9]*$'`
sed -i -r "s/([0-9]{1,3}\.){3}[0-9]{1,3}\s+$lookup/$ip $lookup/g"  /etc/hosts
Posted by at No comments:

Tuesday, January 30, 2018

Programatically get files protected by a CAS SSO Server

My company uses Apereo CAS as a single sign on server.  It also protects our files from being download unless a user is logged in.  I have a number of background tasks that run that need to make some HTTP calls to one of our systems to pages that are protected by CAS

Whats the answer?

I decided to go with Basic Authentication.  You cannot use the proxy mechanism since you don;t have a logged in user.

Enable Basic Authentication on Server

You will need to rebuild your CAS overlay war. Add the following dependency to your pom.xml file.

<dependency>
  <groupid>org.apereo.cas</groupid>
  <artifactid>cas-server-support-basic</artifactid>
  <version>${cas.version}</version>
</dependency>

Java Utility Class

This class sets up a Apache Http Client.  It is also used to set the headers on the request.  I found that preemptively sending the Basic Authentication headers was the way to get it to work.

package org.yfu.security;

import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

import org.apache.http.HttpHeaders;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.CookieStore;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.AbstractHttpMessage;

public class CasBasicAuthUtil {
 
 private String username;
 private String password;
 
 

 public CasBasicAuthUtil(String username, String password) {
  super();
  this.username = username;
  this.password = password;
 }

 public HttpClient getHttpClient() throws ClientProtocolException, IOException, 
                  NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
  // Create a local instance of cookie store
  CookieStore cookieStore = new BasicCookieStore();
   SSLContextBuilder builder = new SSLContextBuilder();
      builder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
      SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
              builder.build());
      CredentialsProvider provider = new BasicCredentialsProvider();
      UsernamePasswordCredentials credentials
       = new UsernamePasswordCredentials(username, password);
      provider.setCredentials(AuthScope.ANY, credentials);
      CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(
              sslsf)
        .setDefaultCredentialsProvider(provider)
        .setDefaultCookieStore(cookieStore).build();
  
  

  
  return httpclient;
  
  
  
 }
 
 public void addHeaders(AbstractHttpMessage request) {
  String auth = username + ":" + password;
  byte[] encodedAuth = Base64.getEncoder().encode(
    auth.getBytes(Charset.forName("ISO-8859-1")));
  String authHeader = "Basic " + new String(encodedAuth);
  request.setHeader(HttpHeaders.AUTHORIZATION, authHeader);

 }
 
}

How to use the Utility


                CasBasicAuthUtil casUtil = new CasBasicAuthUtil("Usename", "Password");
  HttpClient client = casUtil.getHttpClient();
  final String url = getDocUrl(fileId);
  cat.debug(url);
  HttpGet httpGet = new HttpGet(url);
  casUtil.addHeaders(httpGet);
  HttpResponse response = client.execute(httpGet);
  final int statusCode = response.getStatusLine().getStatusCode();
  if (statusCode == 200) {
   //  we got the file.  Do something with it.
  }
Posted by at No comments:

Tuesday, October 31, 2017

Move dropbox directory on Linux using the command line

Short Answer

You can't.  All the stuff on the internet is real old.   I worked on this for 10 hours and here is my answer.

How to get the directory where you want

This is only really useful if you want to move the dropbox directory to a filesystem other then the one your users are on.

Create a user whose home directory is where you want the Dropbox directory to be.  The Dropbox directory is going to end up under this user's home directory.  

Why is this better then a symbolic link?

It is better than a symbolic link since because Dropbox uses OS level file notifications calls to decide what to sync.  These do not work through a symbolic link.  If you just make a link called Dropbox and point it to another filesystem your files will not be synced.  You can change and create files through a symbolic link.  Dropbox needs to have a real link to work.
Posted by at No comments:

Tuesday, June 27, 2017

Fix Greeter Login panel on Ubuntu 17.04

This works with all flavors of Linux that use LightDM as their greeter.

When my laptop was in its docking station, the login prompt would not display.  I guess it was displaying on the closed laptop display.

Create a file /opt/sbin/set-prime-mon

 Contents:
#!/bin/sh
# Set prime monitor to left most
LOG=/var/log/set-prime-mon.log
# Remove any previous logs
rm -f $LOG
output=$(xrandr | grep -E " connected (primary )?[1-9]+" | grep "+0+0" | sed -e "s/\([A-Z0-9]\+\) connected.*/\1/")
echo $output >> $LOG 2>&1
if [ -n $output ]; then
 echo "setting prime to $output" >> $LOG 2>&1
 xrandr --output $output --primary
fi

Create a file /etc/lightdm/lightdm.conf.d/99-setprime.sh

Contents:
display-setup-script=/opt/sbin/set-prime-mon
Posted by at No comments:
Labels: , , ,

Wednesday, April 19, 2017

Stopping new Icon when I launch a java appication from Gnome or Unity

So I had successfully created a .desktop file to launch Eclipse from Gnome.  I also found it no problem  making it a favorite.  The problem I was having was every time I launched Eclipse I ended up with 2 icons.  The Favorite and one for the running process.  The trick to making not getting this is to make sure the .desktop name matches the xwindows WM_CLASS property. You can get this value by running:

 xprop WM_CLASS 

 Next click on the window of the Java application you are interested in.  In the case of Eclipse the value is "Eclipse" so the file needs to be named Eclipse.desktop.
Posted by at No comments:
Labels: , , ,

Thursday, March 30, 2017

Java Base64 OutputStream cutting off characters

This took me a while to figure out. I am using a Outputstream to write create a piece of XML.  One of the elements needed to be Base64 encoded.  I wrapped my outputstring using java.util.Base64.wrap.  I did not close the Base64 OutputStream.  It is not really clear but the close of this stream is when it takes care of padding,

Bad Code

 // out is a FileOutputStream 
final Base64.Encoder encoder = Base64.getMimeEncoder(); 
final OutputStream clob = encoder.wrap(out); 
IOUtils.copy(in, clob, Charset.forName("UTF-8")); 
// No close of clob Just went and kept writing to out 

 Good Code

 // out is a FileOutputStream 
final Base64.Encoder encoder = Base64.getMimeEncoder(); 
final OutputStream clob = encoder.wrap(
      new CloseShieldOutputStream(out)); // Use nice Apache IO Wrapper that does                        // not chain close 
IOUtils.copy(in, clob, Charset.forName("UTF-8")); 
clob.close(); // this forces out the padding
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)