URL Content Rule with SSL
Hi
I have two different ssl services on the same servers. One service is published with standard 443 port and 444 port.
I would like to balance those services with two different contents. They should have the same VIP address and the standard ssl port (443 tcp). Then, the difference between both contents would be the url.
content 1
url "//myserver.com/APL1/*"
vip address 192.168.1.1
port 443
add service service1_443
add service service2_443
content 2
url "//myserver.com/APL2/*"
vip address 192.168.1.1
port 443
add service service1_444
add service service2_444
I've tried it but it doesn't work.
Have I done anything wrong?
Regards
the main purpose of SSL is security.
So, what is security ?
Securit means you don't want other person/devices to see the content of your traffic.
If nobody can see the content, this includes the CSS.
So, the CSS is unable to see the URL which is part of the content.
Your solution can't work.
Unless you install an ssl module with the key of the server so the module can decrypt the traffic.
Regards,
Gilles.
Similar Messages
-
One Arm config Domain Name Content rule
Hi Guys
How does domain name content rule works in one arm config.
What do we put in source groups as VIP address.
Does it need host headers in WebServer as a requirement.
How does the client request gets completed.
Any help much appriciated..Thanks for your reply Jim,
This is what I am trying to do in a One arm config topology
( As the CSS guide ( cntntgd.pdf ) says under Configuring a Domain Name content rule)
The CSS allows you to use a domain name in place of, or in conjunction with, a
VIP address in a content rule. Using a domain name in a content rule enables you
to:
Enable service provisioning to be independent of IP-to-domain namemappings
Provision cache bandwidth as needed based on domain names
So I am trying to create a content rule with a domain name instead of VIP address. For ex.
content domainRule3
protocol tcp
port 80
url "//domain.com/*"
add service Serv1
active
group servers
add destination service Serv1
VIP address ???????? ( what shd we put in here )
In this case what do we put as VIP address in source groups and how does the traffic flows from Client to actual Server in One arm topology. I am trying this topology where we have multiple sites configured with the same IP address with host headers
My assumption is that I shd configure DNS servers with VIP address for domain.com and use that as VIP address in source group. But how does the actual traffic flows from client to servers
Many thanks. -
SSL Content rules based on uri
I don't seem to be able to construct an ssl content rule that allows dilineation by uri. The documentation says to set the rule as follows for ssl:
vip address x.x.x.x
add service abcd
add service defg
application ssl
advanced-balance ssl
protocol tcp
port 443
uri "/*"
active
This works but if I try to change the uri to:
uri "/CSO/html/SignOn.html" the rule stops working.
Is it possible to do this?????That's the nature of SSL.
All traffic is encrypted to avoid people to look at it.
So, the CSS does not see and has no way to see the URL.
With 'url "/*"' it works because it means any URL.
Gilles. -
WCF service fronted with SSL enabled NGINX load balancer shows HTTP based WSDL url instead of HTTPS
Hi,
I have WCF service hosted using IIS 8.5 on application server. And application servers are fronted with NGINX load balancer with SSL enabled. Backend communication protocol between NGINX to application server is http.
When customer visits public domain url (https://xxx.com/service.svc), they can see the WSDL url with http://xxx.com/service.svc?wsdl.
What change should I make so that WSDL url will have https instead of http ?
This is service side configuration.
<system.serviceModel>
<services>
<service name="Service.IService">
<endpoint address="" binding="basicHttpBinding" bindingNamespace="http://xyz.com/Service" name="Service_Endpoint" contract="Service.IService" />
</service>
</services>
<bindings>
<basicHttpBinding />
</bindings>
<client />
<behaviors>
<serviceBehaviors>
<behavior>
<serviceThrottling maxConcurrentCalls="5000" maxConcurrentInstances="2147483647" maxConcurrentSessions="5000" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks in advance !!Hi,
For this scenario, you could just enable SSL in IIS to get HTTPS endpoints. If your service is exposed at https then you configure the same using “httpsGetEnabled”:
<behaviors>
<serviceBehaviors>
<behavior
name="MyServiceTypeBehaviors"
>
<serviceMetadata
httpGetEnabled="true"
/>
</behavior>
</serviceBehaviors>
</behaviors>
For more information, you could refer to:
http://www.codeproject.com/Articles/327260/What-s-new-in-WCF-Automatic-HTTPS-endpoint-for
http://blogs.msdn.com/b/brajens/archive/2007/04/26/accessing-description-metadata-wsdl-of-wcf-web-service.aspx
Regards -
Is there a way to have a user going to http://www.xxx.com/ redirected to http://www.xxx.com/subdir?
I am trying to match on a domain in a URL statement in a content rule and then have the client redirected to a subdirectory on the same domain. This doesn't appear to work because the redirect string has the same domain and also matches the URL string in the content rule, creating a loop of sorts.Thought your suggestion would work, but it didn't. Here is the before and after code.
service www_elearning_to_https
ip address 172.20.4.138
keepalive type none
type redirect
no prepend-http
redirect-string https://www.elearning.xxx.ca/sapportal/
active
content www_elearning_to_https
vip address 214.114.133.112
add service www_elearning_to_https
protocol tcp
port 80
url "/*"
active
content www_elearning
vip address 214.114.133.112
add service cwh-ott-nt-019-www_elearning
active
The above works, but fails when the following is added. Shouldn't it match on the URL and permit the traffic to flow?
content www_elearning_sapportal
vip address 214.114.133.112
add service cwh-ott-nt-019-www_elearning
protocol tcp
port 443
url "//www.elearning.xxx.ca/sapportal/*"
active
Thanks. -
Content rule works with no redundant-vips configured
Hello,
We have a content rule configured (VIP address 10.1.2.3) but have not configured an ip redundant-vip 1 10.1.2.3 under the circuit configuration on either the master or backup CSS.
This content rule works though ? Why is this ?
cheers,
Mikeboth css are responding to arp request for this vip, but luckily the upstream router keeps using the csm mac/css.
I would still recommend to use the redundant-vip.
G. -
How to configure sso with SSL step by step
Purpose
In this document, you can learn how to configure SSO with SSL. After user have certificate installed in browser, he can login without input username and password.
Overview
In this document we will demonstrate:
1. How to configure OHS support SSL
2. How to Register SSO with SSL
3. Configure SSO for certificates
Prerequisites
Before start this document, you should have:
1. Oracle AS 10g infrastructure installed (10.1.2)
2. OCA installed
Note:
1. “When you install Oracle infrastructure, please make sure you have select OCA.
2. How Certificate-Enabled Authentication Works:
a. The user tries to access a partner application.
b. The partner application redirects the user to the single sign-on server for authentication. As part of this redirection, the browser sends the user's certificate to the login URL of the server (2a). If it is able to verify the certificate, the server returns the user to the requested application.
c. The application delivers content. Users whose browsers are configured to prompt for a certificate-store password may only have to present this password once, depending upon how their browser is configured. If they log out and then attempt to access a partner application, the browser passes their certificate to the single sign-on server automatically. This means that they never really log out. To effectively log out, they must close the browser.
Enable SSL on the Single Sign-On Middle Tier
The following steps involve configuring the Oracle HTTP Server. Perform them on the single sign-on middle tier. In doing so, keep the following in mind:
l You must configure SSL on the computer where the single sign-on middle tier is running.
l You are configuring one-way SSL.
l You may enable SSL for simple network encryption; PKI authentication is not required. Note though that you must use a valid wallet and server certificate. The default wallet location is ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default.
1. Back up the opmn.xml file, found at ORACLE_HOME/opmn/conf
2. In opmn.xml, change the value for the start-mode parameter to ssl-enabled. This parameter appears in boldface in the xml tag immediately following.
<ias-component id="HTTP_Server">
<process-type id="HTTP_Server" module-id="OHS">
<module-data>
<category id="start-parameters">
<data id="start-mode" value="ssl-enabled"/>
</category>
</module-data>
<process-set id="HTTP_Server" numprocs="1"/>
</process-type>
</ias-component>
3. Update the distributed cluster management database with the change: ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct opmn
4. Reload the modified opmn configuration file:
ORACLE_HOME/opmn/bin/opmnctl reload
5. Keep a non-SSL port active. The External Applications portlet communicates with the single sign-on server over a non-SSL port. The HTTP port is enabled by default. If you have not disabled the port, this step requires no action.
6. Apply the rule mod_rewrite to SSL configuration. This step involves modifying the ssl.conf file on the middle-tier computer. The file is at ORACLE_HOME/Apache/Apache/conf. Back up the file before editing it.
Because the Oracle HTTP Server has to be available over both HTTP and HTTPS, the SSL host must be configured as a virtual host. Add the lines that follow to the SSL Virtual Hosts section of ssl.conf if they are not already there. These lines ensure that the single sign-on login module in OC4J_SECURITY is invoked when a user logs in to the SSL host.
<VirtualHost ssl_host:port>
RewriteEngine on
RewriteOptions inherit
</VirtualHost>
Save and close the file.
7. Update the distributed cluster management database with the changes:
ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct ohs
8. Restart the Oracle HTTP Server:
ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=HTTP_Server
ORACLE_HOME/opmn/bin/opmnctl startproc process-type=HTTP_Server
9. Verify that you have enabled the single sign-on middle tier for SSL by trying to access the OracleAS welcome page, using the format https://host:ssl_port.
Reconfigure the Identity Management Infrastructure Database
Change all references of http in single sign-on URLs to https within the identity management infrastructure database. When you change single sign-on URLs in the database, you must also change these URLs in the targets.xml file on the single sign-on middle tier. targets.xml is the configuration file for the various "targets" that Oracle Enterprise Manager monitors. One of these targets is OracleAS Single Sign-On.
1. Change Single Sign-On URLs
Run the ssocfg script, taking care to enter the command on the computer where the single sign-on middle tier is located. Use the following syntax:
UNIX:
$ORACLE_HOME/sso/bin/ssocfg.sh protocol host ssl_port
Windows:
%ORACLE_HOME%\sso\bin\ssocfg.bat protocol host ssl_port
In this case, protocol is https. (To change back to HTTP, use http.) The parameter host is the host name, or server name, of the Oracle HTTP listener for the single sign-on server.
Here is an example:
ssocfg.sh https login.acme.com 4443
2. Restart OC4J_SECURITY instance and verify the configuration
To determine the correct port number, examine the ssl.conf file. Port 4443 is the port number that the OracleAS installer assigns during installation.
If you run ssocfg successfully, the script returns a status 0. To confirm that you were successful, restart the OC4J_SECURITY instance:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Then try logging in to the single sign-on server at its SSL address:
https://host:ssl_port/pls/orasso/
3. Back up the file targets.xml:
cp ORACLE_HOME/sysman/emd/targets.xml ORACLE_HOME/sysman/emd/targets.xml.backup
4. Open the file and find the target type oracle_sso_server. Within this target type, locate and edit the three attributes that you passed to ssocfg:
· HTTPMachine—the server host name
· HTTPPort—the server port number
· HTTPProtocol—the server protocol
If, for example, you run ssocfg like this:
ORACLE_HOME/sso/bin/ssocfg.sh http sso.mydomain.com:4443
Update the three attributes this way:
<Property NAME="HTTPMachine" VALUE="sso.mydomain.com"/>
<Property NAME="HTTPPort" VALUE="4443"/>
<Property NAME="HTTPProtocol" VALUE="HTTPS"/>
5.Save and close the file.
6. Reload the OracleAS console:
ORACLE_HOME/bin/emctl reload
7. Issue these two commands:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Registering mod_osso
1. This command sequence that follows shows a mod_osso instance being reregistered with the single sign-on server.
$ORACLE_HOME/sso/bin/ssoreg.sh
-oracle_home_path $ORACLE_HOME
-config_mod_osso TRUE
-mod_osso_url https://myhost.mydomain.com:4443
2. Restarting the Oracle HTTP Server
After running ssoreg, restart the Oracle HTTP Server:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
Configuring the Single Sign-On System for Certificates
1. Configure policy.properties with the Default Authentication Plugin
Update the DefaultAuthLevel section of the policy.properties file with the correct authentication level for certificate sign-on. This file is at ORACLE_HOME/sso/conf. Set the default authentication level to this value:
DefaultAuthLevel = MediumHighSecurity
Then, in the Authentication plugins section, pair this authentication level with the default authentication plugin:
MediumHighSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOX509CertAuth
2. Restart the Single Sign-On Middle Tier
After configuring the server, restart the middle tier:
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server
ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY
Bringing the SSO Users to OCA User Certificate Request URL
The OCA server reduces the administrative and maintenance cost of provisioning a user certificate. The OCA server achieves this by authenticating users by using OracleAS SSO server authentication. All users who have an Oracle AS SSO server account can directly get a certificate by using the OCA user interface. This reduces the time normoally requidred to provision a certificate by a certificate authority.
The URL for the SSO certificate Request is:
https://<Oracle_HTTP_host>:<oca_ssl_port>/oca/sso_oca_link
You can configure OCA to provide the user certificate request interface URL to SSO server for display whenever SSO is not using a sertificate to authenticate a user. After the OracleAS SSO server authenticates a user, it then display the OCA screen enabling that user to request a certificate.
To link the OCA server to OracleAS SSO server, use the following command:
ocactl linksso
opmnctl stoproc type=oc4j instancename=oca
opmnctl startproc type=oc4j instancename=oca
You also can use ocactl unlinksso to unlink the OCA to SSO.I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance -
Complete working code for Gmail POP3 & SMTP with SSL - Java mail API
Finally, your code-hunt has come to an end!!!!
I am presenting you the complete solution (with code) to send and retrieve you mails to & from GMAIL using SMTP and POP3 with SSL & Authenticaion enabled. [Even starters & newbies like me, can easy try, test & understand - But first download & add JAR's of Java Mail API & Java Activation Framework to Netbeans Library Manager]
Download Java Mail API here
http://java.sun.com/products/javamail/
Read Java Mail FAQ's here
http://java.sun.com/products/javamail/FAQ.html
Download Java Activation Framework [JAF]
http://java.sun.com/products/javabeans/jaf/downloads/index.html
Also, The POP program retrieves the mail sent with SMTP program :) [MOST IMPORTANT & LARGELY IN DEMAND]okey.. first things first... all of your thanks goes to the following and not a s@!te to me :)
hail Java !!
hail Java mail API !!
hail Java forums !!
hail Java-tips.org !!
hail Netbeans !!
Thanks to all coders who helped me by getting the code to work in one piece.
special thanks to "bshannon" - The dude who runs this forum from 97!!I am just as happy as you will be when you execute the below code!! [my 13 hours of tweaking & code hunting has paid off!!]
Now here it is...I only present you the complete solution!!
START OF PROGRAM 1
SENDING A MAIL FROM GMAIL ACCOUNT USING SMTP [STARTTLS (SSL)] PROTOCOL OF JAVA MAIL APINote on Program 1:
1. In the code below replace USERNAME & PASSWORD with your respective GMAIL account username and its corresponding password!
2. Use the code to make your Gmail client [jsp/servlets whatever]
//Mail.java - smtp sending starttls (ssl) authentication enabled
//1.Open a new Java class in netbeans (default package of the project) and name it as "Mail.java"
//2.Copy paste the entire code below and save it.
//3.Right click on the file name in the left side panel and click "compile" then click "Run"
import javax.mail.*;
import javax.mail.internet.*;
import java.util.*;
public class Main
String d_email = "[email protected]",
d_password = "PASSWORD",
d_host = "smtp.gmail.com",
d_port = "465",
m_to = "[email protected]",
m_subject = "Testing",
m_text = "Hey, this is the testing email.";
public Main()
Properties props = new Properties();
props.put("mail.smtp.user", d_email);
props.put("mail.smtp.host", d_host);
props.put("mail.smtp.port", d_port);
props.put("mail.smtp.starttls.enable","true");
props.put("mail.smtp.auth", "true");
//props.put("mail.smtp.debug", "true");
props.put("mail.smtp.socketFactory.port", d_port);
props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.socketFactory.fallback", "false");
SecurityManager security = System.getSecurityManager();
try
Authenticator auth = new SMTPAuthenticator();
Session session = Session.getInstance(props, auth);
//session.setDebug(true);
MimeMessage msg = new MimeMessage(session);
msg.setText(m_text);
msg.setSubject(m_subject);
msg.setFrom(new InternetAddress(d_email));
msg.addRecipient(Message.RecipientType.TO, new InternetAddress(m_to));
Transport.send(msg);
catch (Exception mex)
mex.printStackTrace();
public static void main(String[] args)
Main blah = new Main();
private class SMTPAuthenticator extends javax.mail.Authenticator
public PasswordAuthentication getPasswordAuthentication()
return new PasswordAuthentication(d_email, d_password);
END OF PROGRAM 1-----
START OF PROGRAM 2
RETRIVE ALL THE MAILS FROM GMAIL INBOX USING Post Office Protocol POP3 [SSL] PROTOCOL OF JAVA MAIL APINote:
1.Log into your gmail account via webmail [http://mail.google.com/]
2.Click on "settings" and select "Mail Forwarding & POP3/IMAP"
3.Select "enable POP for all mail" and "save changes"
4.In the code below replace USERNAME & PASSWORD with your respective GMAIL account username and its corresponding password!
PROGRAM 2 - PART 1 - Main.java
//1.Open a new Java class file in the default package
//2.Copy paste the below code and rename it to Mail.java
//3.Compile and execute this code.
public class Main {
/** Creates a new instance of Main */
public Main() {
* @param args the command line arguments
public static void main(String[] args) {
try {
GmailUtilities gmail = new GmailUtilities();
gmail.setUserPass("[email protected]", "PASSWORD");
gmail.connect();
gmail.openFolder("INBOX");
int totalMessages = gmail.getMessageCount();
int newMessages = gmail.getNewMessageCount();
System.out.println("Total messages = " + totalMessages);
System.out.println("New messages = " + newMessages);
System.out.println("-------------------------------");
//Uncomment the below line to print the body of the message. Remember it will eat-up your bandwidth if you have 100's of messages. //gmail.printAllMessageEnvelopes();
gmail.printAllMessages();
} catch(Exception e) {
e.printStackTrace();
System.exit(-1);
END OF PART 1
PROGRAM 2 - PART 2 - GmailUtilities.java
//1.Open a new Java class in the project (default package)
//2.Copy paste the below code
//3.Compile - Don't execute this[Run]
import com.sun.mail.pop3.POP3SSLStore;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.util.Date;
import java.util.Properties;
import javax.mail.Address;
import javax.mail.FetchProfile;
import javax.mail.Flags;
import javax.mail.Folder;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.Multipart;
import javax.mail.Part;
import javax.mail.Session;
import javax.mail.Store;
import javax.mail.URLName;
import javax.mail.internet.ContentType;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeBodyPart;
import javax.mail.internet.ParseException;
public class GmailUtilities {
private Session session = null;
private Store store = null;
private String username, password;
private Folder folder;
public GmailUtilities() {
public void setUserPass(String username, String password) {
this.username = username;
this.password = password;
public void connect() throws Exception {
String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory";
Properties pop3Props = new Properties();
pop3Props.setProperty("mail.pop3.socketFactory.class", SSL_FACTORY);
pop3Props.setProperty("mail.pop3.socketFactory.fallback", "false");
pop3Props.setProperty("mail.pop3.port", "995");
pop3Props.setProperty("mail.pop3.socketFactory.port", "995");
URLName url = new URLName("pop3", "pop.gmail.com", 995, "",
username, password);
session = Session.getInstance(pop3Props, null);
store = new POP3SSLStore(session, url);
store.connect();
public void openFolder(String folderName) throws Exception {
// Open the Folder
folder = store.getDefaultFolder();
folder = folder.getFolder(folderName);
if (folder == null) {
throw new Exception("Invalid folder");
// try to open read/write and if that fails try read-only
try {
folder.open(Folder.READ_WRITE);
} catch (MessagingException ex) {
folder.open(Folder.READ_ONLY);
public void closeFolder() throws Exception {
folder.close(false);
public int getMessageCount() throws Exception {
return folder.getMessageCount();
public int getNewMessageCount() throws Exception {
return folder.getNewMessageCount();
public void disconnect() throws Exception {
store.close();
public void printMessage(int messageNo) throws Exception {
System.out.println("Getting message number: " + messageNo);
Message m = null;
try {
m = folder.getMessage(messageNo);
dumpPart(m);
} catch (IndexOutOfBoundsException iex) {
System.out.println("Message number out of range");
public void printAllMessageEnvelopes() throws Exception {
// Attributes & Flags for all messages ..
Message[] msgs = folder.getMessages();
// Use a suitable FetchProfile
FetchProfile fp = new FetchProfile();
fp.add(FetchProfile.Item.ENVELOPE);
folder.fetch(msgs, fp);
for (int i = 0; i < msgs.length; i++) {
System.out.println("--------------------------");
System.out.println("MESSAGE #" + (i + 1) + ":");
dumpEnvelope(msgs);
public void printAllMessages() throws Exception {
// Attributes & Flags for all messages ..
Message[] msgs = folder.getMessages();
// Use a suitable FetchProfile
FetchProfile fp = new FetchProfile();
fp.add(FetchProfile.Item.ENVELOPE);
folder.fetch(msgs, fp);
for (int i = 0; i < msgs.length; i++) {
System.out.println("--------------------------");
System.out.println("MESSAGE #" + (i + 1) + ":");
dumpPart(msgs[i]);
public static void dumpPart(Part p) throws Exception {
if (p instanceof Message)
dumpEnvelope((Message)p);
String ct = p.getContentType();
try {
pr("CONTENT-TYPE: " + (new ContentType(ct)).toString());
} catch (ParseException pex) {
pr("BAD CONTENT-TYPE: " + ct);
* Using isMimeType to determine the content type avoids
* fetching the actual content data until we need it.
if (p.isMimeType("text/plain")) {
pr("This is plain text");
pr("---------------------------");
System.out.println((String)p.getContent());
} else {
// just a separator
pr("---------------------------");
public static void dumpEnvelope(Message m) throws Exception {
pr(" ");
Address[] a;
// FROM
if ((a = m.getFrom()) != null) {
for (int j = 0; j < a.length; j++)
pr("FROM: " + a[j].toString());
// TO
if ((a = m.getRecipients(Message.RecipientType.TO)) != null) {
for (int j = 0; j < a.length; j++) {
pr("TO: " + a[j].toString());
// SUBJECT
pr("SUBJECT: " + m.getSubject());
// DATE
Date d = m.getSentDate();
pr("SendDate: " +
(d != null ? d.toString() : "UNKNOWN"));
static String indentStr = " ";
static int level = 0;
* Print a, possibly indented, string.
public static void pr(String s) {
System.out.print(indentStr.substring(0, level * 2));
System.out.println(s);
}END OF PART 2
END OF PROGRAM 2
P.S: CHECKING !!
STEP 1.
First compile and execute the PROGRAM 1 with your USERNAME & PASSWORD. This will send a mail to your own account.
STEP 2.
Now compile both PART 1 & PART 2 of PROGRAM 2. Then, execute PART 1 - Main.java. This will retrive the mail sent in step 1. njoy! :)
In future, I hope this is added to the demo programs of the Java Mail API download package.
This is for 3 main reasons...
1. To prevent a lot of silly questions being posted on this forum [like the ones I did :(].
2. To give the first time Java Mail user with a real time working example without code modification [code has to use command line args like the demo programs - for instant results].
3. Also, this is what google has to say..
"The Gmail Team is committed to making sure you always can access your mail. That's why we're offering POP access and auto-forwarding. Both features are free for all Gmail users and we have no plans to charge for them in the future."
http://mail.google.com/support/bin/answer.py?answer=13295
I guess bshannon & Java Mail team is hearing this....
Again, Hurray and thanks for helping me make it!! cheers & no more frowned faces!!
(: (: (: (: (: GO JCODERS GO!! :) :) :) :) :)
codeace
-----Thanks for the reply,
I did checked by enabling session debuging and also checked pop settings it's enabled for all
mails, I tried deleting some very old messages and now the message count is changed to 310.
This may be the problem with gmail.
Bellow is the output i got,
DEBUG: setDebug: JavaMail version 1.4ea
DEBUG: getProvider() returning javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]
DEBUG POP3: connecting to host "pop.gmail.com", port 995, isSSL false
S: +OK Gpop ready for requests from 121.243.255.240 n22pf5432603pof.2
C: USER [email protected]
S: +OK send PASS
C: PASS my_password
S: +OK Welcome.
C: STAT
S: +OK 310 26900234
Custom output: messageCount : 310
C: QUIT
S: +OK Farewell. -
LD416 (Ver4.2.5) specification content-rule
I have localdirector 416 with 4.2.5.
How to define the rules for content load balancing
with https.
First of all, on specification Is it impossible?
As the following
content-rule rule01 depth 1024 "/aaa/"
content-rule rule02 depth 1024 "/bbb/"
virtual 10.1.1.1:443:0:tcp1 is
virtual 10.1.1.1:443:0:tcp:rule01 is
virtual 10.1.1.1:443:0:tcp:rule02 is
bind 10.1.1.1:443:0:tcp 10.1.1.2:443:0:tcp
bind 10.1.1.1:443:0:tcp:rule01 10.1.1.3:443:0:tcp
bind 10.1.1.1:443:0:tcp:rule02 10.1.1.2:443:0:tcp
sticky 10.1.1.1:443:0:tcp 10 sslI found the following comments about CSS.
All traffic is encrypted to avoid people to look at it.
So, the CSS does not see and has no way to see the URL.
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eea6243
Does this correspond to Local Director ? -
Content rules issue - request directed to the wrong content
Hi,
We have the following setup;
Requests to www.oursite.com goes to the content rule LB_FD_87. Request to www.oursite.com/water/* goes to the more specific content rule FD/WATER_LB_87. Sometimes, for unexplicable reasons, requests for www.oursite.com/water/* are sent to the content rule LB_FD_87 instead of the more specific rule FD/WATER_LB_87 and the client get a 404 error. Anyone have a clue?
our setup:
dql FD_87
domain www.oursite.com index 1
owner FD
content LB_FD_87
add service W0_FD_3.71
add service W1_FD_3.81
protocol tcp
vip address XXX.XXX.29.87
port 80
balance leastconn
advanced-balance arrowpoint-cookie
active
owner FD_nonbalance
content FD/WATER_LB_87
vip address XXX.XXX.29.87
add service W3_GL_3.160
protocol tcp
port 80
url "/water*" dql FD_87
active
Thanks for your help
WigHi Gilles,
I don't understand your sugestion .
I don't think increasing the flow timeout will help since according to CISCO documentation that will only permit to the flow to stay idle longer.
http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_configuration_guide_chapter09186a00801ee806.html#wp1013729
CISCO DOC: "Configuring Flow Inactivity Timeouts on Content Rules and Source Groups
Use this feature with a CSS to configure flow inactivity timeout values for TCP and UDP flows on a per content rule and per source group basis. This timeout value is not the frequency with which a CSS reclaims flow resources, but is the time period that must elapse for an idle flow before the CSS marks the flow for cleanup. "
And I am not sure of what you mean by "the CSS it will stop looking into the content to detect if a remapping to a better rule is required" I think you mean that the CSS will look for a another content rule if a content rule does not repond to a request. But our understanding is that a CSS look for the more specific content rule to serve a request and if all the service of that content rule are dead the pacquet is drop not send to a another content rule.
We did test that with spefic and less specific content rule and if the more specific content rule as all is services dead the packet is drop not send to the least specific content rule.
thanks for your interest in our problem
We cannot reproduce this problem but still find the line sporadically in the web server log . -
CS-150-LAN extra content rule disables all access to website
We have a CS-150-LAN Content switch with software version 6.10Build203. Yesterday for no apparent reason we lost connectivity to our website through our CSS. To get around this issue we removed all content rules except for the "everything-else" rule.
owner http://www.acmi.net.au
content AIC
add service acmi-web3
url "//www.acmi.net.au/AIC*"
protocol tcp
port 80
vip address 203.14.59.174
content everything-else
add service acmi-web1
vip address 203.14.59.174
protocol tcp
port 80
active
owner http://www.vceart.com
content everything
add service acmi-web3
vip address 203.14.59.175
protocol tcp
port 80
active
What is happening now is that when l create an addional content rule it then times out all connections to our website http://www.acmi.net.au. If l suspend the additional rule "AIC" the website comes back online. We need these additional content rules for accessing subsites. Please help.
ThanksHere are the sho service summary and show summmary outputs
Owner Content Rules State Services Service Hits
www.acmi.net.au AIC Suspended acmi-web3 6
everything-else Active acmi-web1 243
acmi-web2 340
www.vceart.com everything Active acmi-web3 23
sec-css-11150# sh service summary
Service Name State Conn Weight Avg State Idx
Load Transitions
acmi-web1 Alive 2 1 2 2 2
acmi-web2 Alive 9 1 23 2 3
acmi-web3 Alive 1 1 17 2 4
The content rule AIC is suspended because if l activate it, it then makes the website www.acmi.net.au unreachable and timesout.
This config was working from day one with the AIC content rule and about another 9 content rules under the owner www.acmi.net.au
If l add the url "/*" command to the content rule "everything-else this also hangs the site www.acmi.net.au -
When we start Flex from an SSL url (and send messages to a
web server with SSL on), one of our SOAP messages gets corrupted.
It only happens with one particular call, and there is another call
which produces almost-identical XML that doesn't encounter the
problem.
Using ethereal, we see that the SOAP message looks as follows
(I've removed some parts inside the XML that are well-formed, I've
also modified the IP address). Note that the last n characters from
the XML string have been pasted over the start of the SOAP XML!
If we turn SSL off in the web server (and access the Flex app
using http), it works with no problem.
Have you seen anything like this or know what might be
causing this corruption?
Thanks.
POST /PDisp HTTP/1.1
Host: 1.2.3.4:11080
Accept: */*
Referer: https://1.2.3.4/foo.swf
x-flash-version: 9,0,16,0
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT
5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
Cache-Control: no-cache
Cookie: LoginSessionID=bc65dbdda75f854ab58c242982d393f6
Max-Forwards: 10
X-Forwarded-For: 1.2.3.4
X-Forwarded-Host: 1.2.3.4
X-Forwarded-Server: test1.bar.com
Content-Length: 8294
lanEntries>
</facTemplate>
</TemplateTO>
</validateTemplate></SOAP-ENV:Body></SOAP-ENV:Envelope>
xmlns:SOAP-ENV="
http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"><SOAP-ENV:Body><validateTemplate>
<TemplateTO>
<id>68</id>
<facTemplate>
<dialPlanEntries>
<dialPlanEntry>
<dialedString>0</dialedString>
<totalLength>3</totalLength>
<callType />
</dialPlanEntry>
</dialPlanEntries>
</facTemplate>
</TemplateTO>
</validateTemplate></SOAP-ENV:Body></SOAP-ENV:Envelope>There appears to be a bug where the XML is corrupted if the
file size is too big and SSL is turned on. This happened for XML
somewhere in the range of 8K-9K. To fix the problem, I tried
removing single tags (tried several different ones), and that was
enough to get it to work where there was no corruption. In the end,
I re-named my tags with shorter names and was able to make this
work.
Definitely a work-around and we need to find a "real" way to
solve this.
Has anyone run into this? -
Sticky sessions across multiple content rules
Hi,
If a client PC initiates two requests which match different content rules on a CSS (first request http port 80 to CSS VIP downloads a small application. This application then sends a second request to the VIP, on tcp port 8085) can sticky rules be configured on the CSS content rules, so that they hit the same destination server, given that both content rules contain the same services, and hence be considered part of the same session?
Thanksthere is no sitcky accros content rules option on the CSS.
But there are solutions to this problem.
First, are you doing anything special with your HTTP content rule ? Like cookies or url inspection ?
If not, you can group the 2 content rules into a single one. You will have 1 Layer3 rule instead of 2 Layer 4 rules.
If you have L5-7 rules [http inspection], the previous solution is not possible.
You will need to maintain 2 rules.
You could then use a 'balance srcip' balancing method on both rules.
This algorithm is deterministic.
The same client will always go to the same server.
Hope this helps.
Regards,
Gilles.
Thanks for rating. -
Layer 5 port 80 content rule breaks realaudio.
I have some layer 5 content rules we are using to filter virus's:
content block_.ida
protocol tcp
port 80
url "/*"
header-field-rule .ida weight 0
add service drop
active
header-field-group .ida
header-field .ida request-line contain ".ida"
This does a great job of filtering what we want, however realaudio which uses port 80 fails. If I disable the content rule the realaudio traffic works.
Any ideas?
Thanks!Thanks for the response. We only have the one real audio stream. I have not seen and reference to .ida within the stream.
Is there anyway to create a content rule stating that all realvideo traffic on port 80 go directly to the original destination with no further processing by the CSS? -
Port 443 content rule, can the CSS see inside the cookie ?
Hi Gilles/everyone,
With a content rule using port 443, can we use cookie based stickiness or is the cookie also encrpyted ?
cheers,
Mikealso encrypted.
No way to see it without an SSL module to decrypt.
Gilles.
Maybe you are looking for
-
MacBook Shutdown when using external display (DLP TV)
I have a latest gen. MacBook. I just purchased the new wireless keyboard and mouse so that I can use the computer with my HD TV with VGA input. The setup works fine in two screen mode (laptop display as well as TV). However I want to use it with the
-
Using Adobe Export PDF, I converted a PDF document into MS Word. However, all the images are missing
Using Adobe Export PDF, I converted a PDF document into MS Word. However, all the images are missing--replaced by black rectangles. How can I fix this? Thanks for any assistance.
-
Create Spark Components programatically
Good Day... I am developing a mobile application using XML data to create components during runtime. The only problem is that how to set the font size, fontface of the created component (eg. label) and this label component is group by another compone
-
How to access a shared disk with two users account on same Mac
I am seeking how to share / access at same time with two accounts on a same Mac a disk that is shared with a TC or an AEBS. When a user account is connected to the shared drive and when I switch to the 2nd user this 2nd user cannot access / see the c
-
How to install hp deskjet 920c printer?
I was trying to install this printer, but the macbook doesn't take the software