Sunday, June 4, 2023

Get Ready to Decode the Mysteries of JWTs - The Superhero of Web Security!

Have you ever wondered how web applications keep your sensitive information safe and sound? Well, let me introduce you to the savior of web security - JSON Web Tokens, a.k.a. JWTs! They may sound like a secret code from a superhero movie, but they are the real deal when it comes to safeguarding your data.

So, what exactly is a JWT, you ask? Picture it like a tiny information-packed package, neatly divided into three parts: the header, the payload, and the signature. It's like a mini treasure chest that holds all the secret goodies securely. But hey, don't worry, it's not some ancient hieroglyphic text; it's just a fancy JSON-based token!

Header

Now, let's break it down. The header is like the superhero's cape, proudly displaying its powers. It contains information about the algorithm used for signing the token, like a signature style unique to our hero. This algorithm ensures that the token hasn't been tampered with, protecting it from evil villains.

Payload

Next, we have the payload, the heart and soul of our JWT. It carries essential information, or "claims," about the user. Imagine it as a tiny passport that holds your identity and characteristics. This is where your superpowers and permissions are stored. But don't worry, it's all encrypted and safe from prying eyes!

Signature

Last but not least, we have the signature, the trusty sidekick of our JWT. It's like a seal of authenticity, verifying that the token is genuine and hasn't been forged. The server uses a secret key known only to itself to create this signature. So, when our superhero arrives at the scene, everyone knows it's the real deal!



Now you might wonder, how do these JWTs actually work? Well, when you log into a web application, the server creates a JWT specifically for you, custom-tailored to your superpowers. It sends this JWT back to your browser, which stores it securely. Every time you make a request to the server, you attach this token like a secret badge, proving your identity and gaining access to your superpowers.

But remember, even superheroes have to watch out for villains! The server always verifies the signature of the JWT to ensure it hasn't been tampered with. It checks the header, the payload, and the signature to make sure everything matches up. If all is well, you're granted access to your desired features and functionalities. If not, sorry, but the fortress remains locked!

So there you have it, the magical world of JWTs unveiled! They're like the guardians of your web application, ensuring your data stays safe and secure. So next time you log in and see that strange-looking token, don't be alarmed. It's just your superhero companion, JWT, ready to protect you on your web adventures!

Monday, June 11, 2018

javax.servlet.ServletException: Circular view path [customers]

javax.servlet.ServletException: Circular view path [customers]: would dispatch back to the current handler URL [/customers] again. Check your ViewResolver setup! (Hint: This may be the result of an unspecified view, due to default view name generation.)
at org.springframework.web.servlet.view.InternalResourceView.prepareForRendering(InternalResourceView.java:209) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:147) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:314) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1325) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:1069) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1008) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:925) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:974) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:866) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:851) ~[spring-webmvc-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) ~[tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) ~[tomcat-embed-core-8.5.31.jar:8.5.31]


Friday, January 5, 2018

java.lang.ClassNotFoundException: org.apache.http.conn.ManagedHttpClientConnection

Encountered following while trying to save a file on aws s3:

Trace:

<Jan 5, 2018 4:43:34 PM GMT> <Error> <HTTP> <BEA-101017> <[ServletContext@126209232[app:testservices-ear-0 module:testservices path:/testservices spec-version:2.5]] Root cause of ServletException.
java.lang.NoClassDefFoundError: org/apache/http/conn/ManagedHttpClientConnection
        at com.amazonaws.http.protocol.SdkHttpRequestExecutor.doSendRequest(SdkHttpRequestExecutor.java:50)
        at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)
        at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:715)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:520)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
        at com.amazonaws.http.AmazonHttpClient.executeOneRequest(AmazonHttpClient.java:843)
        at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:597)
        at com.amazonaws.http.AmazonHttpClient.doExecute(AmazonHttpClient.java:363)
        at com.amazonaws.http.AmazonHttpClient.executeWithTimer(AmazonHttpClient.java:329)
        at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:308)
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3659)
        at com.amazonaws.services.s3.AmazonS3Client.invoke(AmazonS3Client.java:3612)
        at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:743)
        at com.amazonaws.services.s3.AmazonS3Client.listBuckets(AmazonS3Client.java:749)     
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1499)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused By: java.lang.ClassNotFoundException: org.apache.http.conn.ManagedHttpClientConnection
        at weblogic.utils.classloaders.GenericClassLoader.findLocalClass(GenericClassLoader.java:297)
        at weblogic.utils.classloaders.GenericClassLoader.findClass(GenericClassLoader.java:270)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
        at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
        at weblogic.utils.classloaders.GenericClassLoader.loadClass(GenericClassLoader.java:179)
        at com.amazonaws.http.protocol.SdkHttpRequestExecutor.doSendRequest(SdkHttpRequestExecutor.java:50)
        at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125)

Solution that worked for me

In my it was a jar conflict due to which an older httpclient was being added after adding an exclusion on the older one the problem got resolved. You can see the jar in Dependency Hierarchy in Eclipse.

If httpclient is not coming through transitive dependencies then you can add it to pom.

Add a dependency to httpclient jar.:

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
    <version>4.5.4</version>
</dependency>



Friday, July 28, 2017

Windows - Unable to delete file with name too long

Problem :

In Eclipse while moving some packages to another it accidently got copied several times. Not sure how. It created a folder under folders like infinite times.

Apparently Windows has a length limit on file names and doesnt let you delete it if the file name and path is way too long. Although it doesn't prevent us from creating these files.

If I try to delete them from Explorer I get following error:
Cannot delete [file name]: The file name you specified is not valid or too long.  
Specify a different file name

I even tried to delete it from DOS but it dint help. I tried rmdir /S /Q <<folder name>> and also robocopy option to purge the folder and files but it did not help.

Some posts suggested to use a third party tools like 7zip etc, which din't seem a good idea.

As a final resort I wrote a small Java Program to fix this issue. Following is my program to delete the files and directories recursively for long file path problem:

Please note that will work in Java 8. You will have to make small modifications to make it work in lower versions.

package com.ingole.bot.demo.function;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.stream.Stream;

public class DeleteLongPath {

public static void main(String[] args) throws IOException {

try {
//paths.forEach(System.out::println);

DeleteLongPath deleteLongPath = new DeleteLongPath();
while(true) {

Stream<Path> paths = Files.walk(Paths.get("C:\\research\\vclone-parent\\"
+ "vclone-client\\src\\main\\java\\com\\vclone\\claims"));

paths.forEach(deleteLongPath::removeFile);
}

} catch (Exception e) {
//e.printStackTrace();
}

}

private void removeFile(Path path) {

try {
if(Files.deleteIfExists(path)){
System.out.println("Deleted path " + path.toString());
}
} catch (Exception e) {
//e.printStackTrace();
}
}

}

Friday, July 7, 2017

Weblogic 11G Destination unreachable;

I have a local clustered environment with an Admin server and two nodes node1, and node2.
I am getting following while starting the node1 and node2. The error is basically complaining about the destination not reachable when it tries to connect the Admin server.

It shows the destination as follows:

[fd56:801a:cd17:0:39c0:fd3e:4d90:1ce]:7001

Here is the full stacktrace:

<Jul 7, 2017 10:57:08 AM CDT> <Warning> <JMX> <BEA-149509> <Unable to establish JMX Connectivity with the Adminstration Server AdminServer at service:jmx:t3://[fd56:801a:cd17:0:39c0:fd3e:4d90:1ce]:7001/jndi/weblogic.management.mbeanservers.domainruntime.
java.io.IOException
        at weblogic.management.remote.common.ClientProviderBase.makeConnection(ClientProviderBase.java:196)
        at weblogic.management.remote.common.ClientProviderBase.newJMXConnector(ClientProviderBase.java:84)
        at javax.management.remote.JMXConnectorFactory.newJMXConnector(JMXConnectorFactory.java:369)
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:267)
        at weblogic.management.mbeanservers.runtime.internal.RegisterWithDomainRuntimeService.getDomainMBeanServerConnection(RegisterWithDomainRuntimeService.java:222)
        Truncated. see log file for complete stacktrace
Caused By: javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://[fd56:801a:cd17:0:39c0:fd3e:4d90:1ce]:7001: Destination unreachable; nested exception is:

Fix in my case : 

For me setting the Listen address localhost resolved the issue.
Go to weblogic console and check the AdminServer Listen Address. I set it to localhost since I am working on my local but this can be an IP if you are working on remote environment.


BadSqlGrammarException : java.sql.SQLException: Invalid column name

I am using jdbcTemplate in my Dao. Getting following error while running a simple query.:

SELECT E.EMPID, E.EMPNAME FROM EMPLOYEE E WHERE E.SALARY > ?

java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:160)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
        at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:326)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305)
        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154)
        at org.glassfish.jersey.servlet.WebComponent.serviceImpl(WebComponent.java:473)
        at org.glassfish.jersey.servlet.WebComponent.service(WebComponent.java:427)
        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:388)
        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:341)
        at org.glassfish.jersey.servlet.ServletContainer.service(ServletContainer.java:228)
        at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
        at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
        at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:184)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3732)
        at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3696)
        at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
        at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
        at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2273)
        at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2179)
        at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1490)
        at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
        at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad SQL grammar [
SELECT E.EMPID, E.EMPNAME FROM EMPLOYEE E WHERE E.SALARY > ?];
nested exception is java.sql.SQLException: Invalid column name
        at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:231)
        at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:73)
        at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:660)
        at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:695)
        at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:727)
        at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:737)
        at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:792)



Thursday, July 6, 2017

Circular placeholder reference 'ACCOUNT_SID' in property defini ions

Jul 6, 2017 9:14:45 PM GMT> <Error> <Deployer> <BEA-149265> <Failure occurred in the execution of deployment
equest with ID '1499375648175' for task '3'. Error is: 'weblogic.application.ModuleException: '
eblogic.application.ModuleException:
       at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1520)
       at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:484)
       at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
       at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
       at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
       Truncated. see log file for complete stacktrace
aused By: java.lang.IllegalArgumentException: Circular placeholder reference 'ACCOUNT_SID' in property definiions
       at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:
41)