Search Results

Search found 1079 results on 44 pages for 'specification'.

Page 29/44 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >

  • Architect desperately wants to use SOAP over JMS

    - by Aerosteak
    Hello, I have used JMS in the past to build application and it works great. Now I work with Architects that would love to use the Spec : SOAP over Java Message Service 1.0. This spec seams overly complicated. I do not see many implementation (Beside the vendors pushing for the spec). Does anyone here is using this specification in a production environment? What is your main benefit of using this spec? Link: http://www.w3.org/TR/2009/CR-soapjms-20090604/

    Read the article

  • Does TCP actually define 'TCP server' and 'TCP clients'? [closed]

    - by mjn
    In the Wikipedia article, TCP communication is explained using the terms 'client' and 'server'. It also uses the word 'peers'. But TCP actually does not define "TCP clients" and "TCP servers" - In the RFC 675 document (SPECIFICATION OF INTERNET TRANSMISSION CONTROL PROGRAM), the word "client" never appears. The RFC explains that TCP is used to connect processes over ports (sockets), and that 'A pair of sockets form a CONNECTION which can be used to carry data in either direction [i.e. full duplex]. Calling the originating party the "client" seems to be common practice. But this client/server communication model is not always applicable to TCP communication. For example take peer-to-peer networks. Calling all processes which open a socket (and wait for incoming connections from peers) "TCP servers", sounds wrong to me. I would not call my uncle's telephone device a "Telephony server" if I dial his phone number and he picks up.

    Read the article

  • Facebook access token: server-side vs client-side flows

    - by alexey
    Facebook docs: Facebook Platform supports two different OAuth 2.0 flows for user login: server-side (known as the authentication code flow in the specification) and client-side (known as the implicit flow). The server-side flow is used whenever you need to call the Graph API from your web server. The client-side flow is used when you need to make calls to the Graph API from a client, such as JavaScript running in a Web browser or from a native mobile or desktop app. What is the difference between access tokens taken by these flows? It seems like they length differ. Can we use server-side flow token on a client? And otherwise, can we use client-side flow token on a server?

    Read the article

  • __FILE__ In .h what does it resolve to

    - by Pablitorun
    Is there a specification on how the FILE macro will be expanded if it is in a .h? So if I #define MYFILE __FILE__ in foo.h and foo.c #includes "foo.h" void main(){ printf("%s",MYFILE); .... does this output foo.h or foo.c? (Yes I realize this is a stupid example) Sorry for what should be a simple question. The documentation on the web seems conflicting. For what it is worth VS2008 comes back as foo.c which is what I would expect....I think. I am just trying to confirm if this is defined behavior.

    Read the article

  • How can I fix Grails error: "No domain class found for name PrivacyOptions. Please try again and e

    - by ?????
    I'm just getting started with Groovy/Grails. I added a new domain controller to my project, and generate-controller doesn't like it. There are other indications something's wrong: If I run the app no table is actually created in the database for this. I've reduced the DomainController to one String field and no constraints, just to make sure there wasn't something wrong with my specification. I also tried renaming it, just in case there was something about the original name (Privacy) that conflicted with something. I'm sure I have the correct name, and that the file is called PrivacyOptions.groovy and inside the class is also called PrivacyOptions. Here's the error: Running script /opt/local/grails/scripts/GenerateController.groovy Environment set to development Domain class not found in grails-app/domain, trying hibernate mapped classes... No domain class found for name PrivacyOptions. Please try again and enter a valid domain class name

    Read the article

  • beginner Linq syntax and EF4 question

    - by user564577
    Question With the following linq code snip I get a list of clients with address filtered by the specifications but the form of the entities returned is not what i had expected. The data is 1 client with 2 addresses and 1 client with 1 address. The query returns 3 rows of clients each with 1 address Client 1 = Address1 Client 1 = Address2 Client 2 = Address3 var query = from t1 in context.Clients.Where(specification.SatisfiedBy()).Include("ClientAddresses") join t2 in context.ClientAddresses.Where(spec.SatisfiedBy()) on t1.ClientKey equals t2.ClientKey select t1; My expectation was a little more like a list with only two clients in it, one client with a collection of two addresses and one client with a collection of one address. Client 1 = Address1 / Address2 Client 2 = Address3 What am I missing??? Thanks!

    Read the article

  • I need a simple slideshow for images of different sizes

    - by Darryl Young
    I'm looking for a very basic slideshow which displays images of various sizes. For example, the first image could be a standard 800x600 but the next might be a taller portrait image and so on. The slideshow doesn't need to have any controls. The specification just states that the page will be black and in the centre there'll be the area where images will display. As far as I know, it will be very simple like this - www.jeffcutter.net. I'm limited on time here so I'm not able to look into writing a custom one or anything like that. I just need to get some images displaying like in the example. Thanks in advance, it's much appreciated. Have a great weekend! Regards.

    Read the article

  • Erlang: configuring cover via rebar

    - by exterm
    My project is using a websocket server. Only for testing purposes, I also have an erlang websocket client implementation which resides in the test/ folder along with the tests. Now, when I run the tests via rebar with {cover_enabled, true} in my rebar.config, I also get coverage reported for the modules of the websocket client. I don't want this in my reports. Cover documentation says I should create a cover specification file containing {excl_mods, [websocket_client]}. But how do I convince rebar to use this file? Cover documentation: http://www.erlang.org/doc/apps/common_test/cover_chapter.html http://www.erlang.org/doc/man/cover.html rebar: https://github.com/basho/rebar

    Read the article

  • Spring 3, Java EE 6

    - by arg20
    I'm learning Java EE 6. I've seen how much progress it has achieved in this release of the umbrella specification. EJBs 3.1 are far easier and more lightweight than previous versions, and CDI is amazing. I'm not familiar with Spring, but I often read that it offered some neat features that the Java EE stack didn't. Yet I also read now that JEE has caught up, and can now fully compete with Spring. I know that choosing from both depends on many factors, but if we only focus on features, say the latest trends etc. Which one has the leading edge?. Can Spring 3 offer some assets The JAVA EE 6 stack can't? Also, what about Seam framework? From what I read it's like java ee 6 but with some additions?

    Read the article

  • Through Java, make a call to Javascript functions on networked device?

    - by stjowa
    I am doing device monitoring on a networked system. I need to know how to make Javascript calls on that device via its IP address to get certain status information (this device's status is only available through Javascript APIs, not SNMP, etc). I am working in Java. ADDED: The specific device is an Amino set-top-box. It has what it calls JMACX: JavaScript Media Access Control Extensions API specification. It allows you within an HTML document to use that API to get MUCH information about the device (cpu usage, channel info, remote-control options, etc.). I need to get this information within a Java program for specific monitoring purposes. Perhaps possible with HTTP requests? Any input would be greatly appreciated. Thanks, Steve

    Read the article

  • What are the differences between struct and class in C++

    - by palm3D
    This question was already asked in the context of C#/.Net. Now I'd like to learn the differences between a struct and a class in (unmanaged) C++. Please discuss the technical differences as well as reasons for choosing one or the other in OO design. I'll start with an obvious difference: If you don't specify public: or private:, members of a struct are public by default; members of a class are private by default. I'm sure there are other differences to be found in the obscure corners of the C++ specification.

    Read the article

  • Const-Qualification of Main's Parameters in C++

    - by pt2cv
    The C++ standard mandates that all conforming implementations support the following two signatures for main: int main(); int main(int, char*[]); In case of the latter signature, would the addition of (top-level) const-ness break any language rules? For example: int main(const int argc, char** const argv); From my understanding, top-level const qualification doesn't affect the function's signature hash, so it should be legal as far as the specification is concerned. Also, did anyone ever encounter an implementation which rejected this type of modification?

    Read the article

  • Why doesn't the C++ default destructor destroy my objects?

    - by Oszkar
    The C++ specification says the default destructor deletes all non-static members. Nevertheless, I can't manage to achieve that. I have this: class N { public: ~N() { std::cout << "Destroying object of type N"; } }; class M { public: M() { n = new N; } // ~M() { //this should happen by default // delete n; // } private: N* n; }; Then this should print the given message, but it doesn't: M* m = new M(); delete m; //this should invoke the default destructor

    Read the article

  • Awk or Sed: File Annotation

    - by lukmac
    Hallo, my SO friend, my question is: Specification: annotate the fields of FILE_2 to the corresponding position of FILE_1. A field is marked, and hence identified, by a delimiter pair. I did this job in python before I knew awk and sed, with a couple hundred lines of code. Now I want to see how powerful and efficient awk and sed can be. Show me some masterpiece of awk or sed, please! The delimiter pairs can be configured in FILE_3, but let's assume the first delimiter in a pair is 'Marker (number i) start', the other one is 'Marker (number i) done' Example: |-----------------FILE_1------------------| text text text text blabla Marker_1_start Marker_1_done any text in between blabla Marker_2_start Marker_2_done text text |-----------------FILE_2------------------| Marker_1_start 11 1111 Marker_1_done Marker_2_start 2222 22 Marker_2_done Expected Output: |-----------------FILE_Out------------------| text text text text blabla Marker_1_start 11 1111 Marker_1_done any text in between blabla Marker_2_start 2222 22 Marker_2_done text text

    Read the article

  • simulate what native object is not exist

    - by Naitro
    Here is the situation: I have checking on existing class like: ('Promise' in window) // true/false` And I wanna force return false or true on it, can I do it? Yes, I can check it by some other way, like ` window.Promise = undefined; window.Promise === undefined; Or something like this, but can I somehow delete this object or simulate something for 'in' operator? I check specification and v8 code, there is 'in' operator just call 'HasProperty' operator, which realization on c++.. I know 'hack' with faking toString/valueOf methods: obj = { toString: function(){ return 'myName'; } }, obj2 = {}; obj2[obj] = 1; // Object {myName: 1} May be I can use it in some way? But, as I send string 'Promise' I can't just fake it like this way.. may be exist some way to fake 'HasProperty'?

    Read the article

  • Is MSDN referencing a system.thread, a worker thread, an io thread or all three?

    - by w0051977
    Please see the warning below taken from the StreamWriter class specification (http://msdn.microsoft.com/en-us/library/system.io.streamwriter.aspx): "Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe." I understand that a W3WC process contains two thread pools i.e. worker threads and I/O threads. A worker thread could contain many threads of its own (if the application creates its own System.Thread instances). Does the warning only relate to System.Threads or does it relate to worker threads and I/O threads as well I.e. as the instance variables of the streamwriter class are not thread safe then does this mean that there would be problems if multiple worker threads access it eg if two users on two different web clients attempt to write to the log file at the same time, then could one lock out the other?

    Read the article

  • Error occurs while using SPADE method in R

    - by Yuwon Lee
    I'm currently mining sequence patterns using SPADE algorithm in R. SPADE is included in "arulesSequence" package of R. I'm running R on my CentOS 6.3 64bit. For an exercise, I've tried an example presented in http://en.wikibooks.org/wiki/Data_Mining_Algorithms_In_R/Sequence_Mining/SPADE When I tried to do "cspade(x, parameter = list(support = 0.4), control = list(verbose = TRUE))" R says: parameter specification: support : 0.4 maxsize : 10 maxlen : 10 algorithmic control: bfstype : FALSE verbose : TRUE summary : FALSE preprocessing ... 1 partition(s), 0 MB [0.096s] mining transactions ... 0 MB [0.066s] reading sequences ...Error in asMethod(object) : 's' is not an integer vector When I try to run SPADE on my Window 7 32bit, it runs well without any error. Does anybody know why such errors occur?

    Read the article

  • when creating a release version I get the following warnings (vs 2008 settings)

    - by djones2010
    warning lnk4075:ignoring /editandcontinue due to /opt:icp specification error lnk2005: initp+misc_invarg already defined in libcmtd.lib(invarg.obj) i have many more errors lnk2005 all int he libcmt.lib file in the invarg.obj also lnk2098:: defaultlib conflicts with use of other libs. when i had it as debug it was all working i just started to make a release and everything went south. could I get some help how to do the release version the lib i was using is a composite lib which was working with my test app. however before i do the final release i wanted to test the release version of my lib but when i include that into my test app i got the aforementioned errors

    Read the article

  • C++ template + typedef

    - by MMS
    What is wrong in the following code: Point2D.h template <class T> class Point2D { private: T x; T y; ... }; PointsList.h template <class T> class Point2D; template <class T> struct TPointsList { typedef std::vector <Point2D <T> > Type; }; template <class T> class PointsList { private: TPointsList <T>::Type points; //Compiler error ... }; I would like to create new user type TPointsList without direct type specification...

    Read the article

  • Team activity/game for illustrating design in a SCRUM environment

    - by njreed.myopenid.com
    I'm looking for a team building / training activity for some of my scrum teams. I want something that really illustrates the flexibility that the team has when implementing stories to define the scope and complexity of the feature themselves. Most of the teams have long-term waterfall experience and are used to having a well-defined specification. I'm looking for something that illustrates the need for the team to vary the scope of what they are building themselves, dependent on the time and resources available. I couldn't find anything at tastycupcakes.com and Google wasn't much help. Maybe someone has prepared something themselves they would care to share?

    Read the article

  • Converting byte[] of binary fixed point to floating point value?

    - by Sean Donohue
    I'm reading some data over a socket. The integral data types are no trouble, the System.BitConverter methods are correctly handling the conversion. (So there are no Endian issues to worry about, I think?) However, BitConverter.ToDouble isn't working for the floating point parts of the data...the source specification is a bit low level for me, but talks about a binary fixed point representation with a positive byte offset in the more significant direction and negative byte offset in the less significant direction. Most of the research I've done has been aimed at C++ or a full fixed-point library handling sines and cosines, which sounds like overkill for this problem. Could someone please help me with a C# function to produce a float from 8 bytes of a byte array with, say, a -3 byte offset?

    Read the article

  • Implementing an iterator over binary tree using C++ 11

    - by user1459339
    I would like to create an iterator over the binary tree so as to be able to use range-based for loop. I understand I ought to implement the begin() and end() function first. Begin should probably point to the root. According to the specification, however, the end() functions returns "the element following the last valid element". Which element (node) is that? Would it not be illegal to point to some "invalid" place? The other thing is the operator++. What is the best way to return "next" element in tree? I just need some advice to begin with this programming.

    Read the article

  • phpMySql connection

    - by Eiriko Pedroza
    PL = VB.net Issue: format of the initialization string does not conform to specification starting at index 17 connection string: objconn.ConnectionString = ("server=" & txtServer.Text & ";" _ & "user id=" & "'" & txtUserId.Text & ";" _ & "password=" & txtPassword.Text & ";" _ & "database=try") Try objconn.Open() MsgBox("Connected") objconn.Close() Catch ex As Exception MsgBox(ex.ToString) End Try -objconn is declared as new mysqlconnection every time I run the application and try to login, i keep on receiving this error message, I already double checked my line of connection string. im using 'localhost' as server and 'root' as username, password is blank. thank you in advance for your response

    Read the article

  • WCF WS-Security and WSE Nonce Authentication

    - by Rick Strahl
    WCF makes it fairly easy to access WS-* Web Services, except when you run into a service format that it doesn't support. Even then WCF provides a huge amount of flexibility to make the service clients work, however finding the proper interfaces to make that happen is not easy to discover and for the most part undocumented unless you're lucky enough to run into a blog, forum or StackOverflow post on the matter. This is definitely true for the Password Nonce as part of the WS-Security/WSE protocol, which is not natively supported in WCF. Specifically I had a need to create a WCF message on the client that includes a WS-Security header that looks like this from their spec document:<soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-8" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:Username>TeStUsErNaMe1</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >TeStPaSsWoRd1</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >f8nUe3YupTU5ISdCy3X9Gg==</wsse:Nonce> <wsu:Created>2011-05-04T19:01:40.981Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> Specifically, the Nonce and Created keys are what WCF doesn't create or have a built in formatting for. Why is there a nonce? My first thought here was WTF? The username and password are there in clear text, what does the Nonce accomplish? The Nonce and created keys are are part of WSE Security specification and are meant to allow the server to detect and prevent replay attacks. The hashed nonce should be unique per request which the server can store and check for before running another request thus ensuring that a request is not replayed with exactly the same values. Basic ServiceUtl Import - not much Luck The first thing I did when I imported this service with a service reference was to simply import it as a Service Reference. The Add Service Reference import automatically detects that WS-Security is required and appropariately adds the WS-Security to the basicHttpBinding in the config file:<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="RealTimeOnlineSoapBinding"> <security mode="Transport" /> </binding> <binding name="RealTimeOnlineSoapBinding1" /> </basicHttpBinding> </bindings> <client> <endpoint address="https://notarealurl.com:443/services/RealTimeOnline" binding="basicHttpBinding" bindingConfiguration="RealTimeOnlineSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> </configuration> If if I run this as is using code like this:var client = new RealTimeOnlineClient(); client.ClientCredentials.UserName.UserName = "TheUsername"; client.ClientCredentials.UserName.Password = "ThePassword"; … I get nothing in terms of WS-Security headers. The request is sent, but the the binding expects transport level security to be applied, rather than message level security. To fix this so that a WS-Security message header is sent the security mode can be changed to: <security mode="TransportWithMessageCredential" /> Now if I re-run I at least get a WS-Security header which looks like this:<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2012-11-24T02:55:18.011Z</u:Created> <u:Expires>2012-11-24T03:00:18.011Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-18c215d4-1106-40a5-8dd1-c81fdddf19d3-1"> <o:Username>TheUserName</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> Closer! Now the WS-Security header is there along with a timestamp field (which might not be accepted by some WS-Security expecting services), but there's no Nonce or created timestamp as required by my original service. Using a CustomBinding instead My next try was to go with a CustomBinding instead of basicHttpBinding as it allows a bit more control over the protocol and transport configurations for the binding. Specifically I can explicitly specify the message protocol(s) used. Using configuration file settings here's what the config file looks like:<?xml version="1.0"?> <configuration> <system.serviceModel> <bindings> <customBinding> <binding name="CustomSoapBinding"> <security includeTimestamp="false" authenticationMode="UserNameOverTransport" defaultAlgorithmSuite="Basic256" requireDerivedKeys="false" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"> </security> <textMessageEncoding messageVersion="Soap11"></textMessageEncoding> <httpsTransport maxReceivedMessageSize="2000000000"/> </binding> </customBinding> </bindings> <client> <endpoint address="https://notrealurl.com:443/services/RealTimeOnline" binding="customBinding" bindingConfiguration="CustomSoapBinding" contract="RealTimeOnline.RealTimeOnline" name="RealTimeOnline" /> </client> </system.serviceModel> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> This ends up creating a cleaner header that's missing the timestamp field which can cause some services problems. The WS-Security header output generated with the above looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-291622ca-4c11-460f-9886-ac1c78813b24-1"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" >ThePassword</o:Password> </o:UsernameToken> </o:Security> </s:Header> This is closer as it includes only the username and password. The key here is the protocol for WS-Security:messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" which explicitly specifies the protocol version. There are several variants of this specification but none of them seem to support the nonce unfortunately. This protocol does allow for optional omission of the Nonce and created timestamp provided (which effectively makes those keys optional). With some services I tried that requested a Nonce just using this protocol actually worked where the default basicHttpBinding failed to connect, so this is a possible solution for access to some services. Unfortunately for my target service that was not an option. The nonce has to be there. Creating Custom ClientCredentials As it turns out WCF doesn't have support for the Digest Nonce as part of WS-Security, and so as far as I can tell there's no way to do it just with configuration settings. I did a bunch of research on this trying to find workarounds for this, and I did find a couple of entries on StackOverflow as well as on the MSDN forums. However, none of these are particularily clear and I ended up using bits and pieces of several of them to arrive at a working solution in the end. http://stackoverflow.com/questions/896901/wcf-adding-nonce-to-usernametoken http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/4df3354f-0627-42d9-b5fb-6e880b60f8ee The latter forum message is the more useful of the two (the last message on the thread in particular) and it has most of the information required to make this work. But it took some experimentation for me to get this right so I'll recount the process here maybe a bit more comprehensively. In order for this to work a number of classes have to be overridden: ClientCredentials ClientCredentialsSecurityTokenManager WSSecurityTokenizer The idea is that we need to create a custom ClientCredential class to hold the custom properties so they can be set from the UI or via configuration settings. The TokenManager and Tokenizer are mainly required to allow the custom credentials class to flow through the WCF pipeline and eventually provide custom serialization. Here are the three classes required and their full implementations:public class CustomCredentials : ClientCredentials { public CustomCredentials() { } protected CustomCredentials(CustomCredentials cc) : base(cc) { } public override System.IdentityModel.Selectors.SecurityTokenManager CreateSecurityTokenManager() { return new CustomSecurityTokenManager(this); } protected override ClientCredentials CloneCore() { return new CustomCredentials(this); } } public class CustomSecurityTokenManager : ClientCredentialsSecurityTokenManager { public CustomSecurityTokenManager(CustomCredentials cred) : base(cred) { } public override System.IdentityModel.Selectors.SecurityTokenSerializer CreateSecurityTokenSerializer(System.IdentityModel.Selectors.SecurityTokenVersion version) { return new CustomTokenSerializer(System.ServiceModel.Security.SecurityVersion.WSSecurity11); } } public class CustomTokenSerializer : WSSecurityTokenSerializer { public CustomTokenSerializer(SecurityVersion sv) : base(sv) { } protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); // in this case password is plain text // for digest mode password needs to be encoded as: // PasswordAsDigest = Base64(SHA-1(Nonce + Created + Password)) // and profile needs to change to //string password = GetSHA1String(nonce + createdStr + userToken.Password); string password = userToken.Password; writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } protected string GetSHA1String(string phrase) { SHA1CryptoServiceProvider sha1Hasher = new SHA1CryptoServiceProvider(); byte[] hashedDataBytes = sha1Hasher.ComputeHash(Encoding.UTF8.GetBytes(phrase)); return Convert.ToBase64String(hashedDataBytes); } } Realistically only the CustomTokenSerializer has any significant code in. The code there deals with actually serializing the custom credentials using low level XML semantics by writing output into an XML writer. I can't take credit for this code - most of the code comes from the MSDN forum post mentioned earlier - I made a few adjustments to simplify the nonce generation and also added some notes to allow for PasswordDigest generation. Per spec the nonce is nothing more than a unique value that's supposed to be 'random'. I'm thinking that this value can be any string that's unique and a GUID on its own probably would have sufficed. Comments on other posts that GUIDs can be potentially guessed are highly exaggerated to say the least IMHO. To satisfy even that aspect though I added the SHA1 encryption and binary decoding to give a more random value that would be impossible to 'guess'. The original example from the forum post used another level of encoding and decoding to string in between - but that really didn't accomplish anything but extra overhead. The header output generated from this looks like this:<s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-f43d8b0d-0ebb-482e-998d-f544401a3c91-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <o:Username>TheUsername</o:Username> <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">ThePassword</o:Password> <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" >PjVE24TC6HtdAnsf3U9c5WMsECY=</o:Nonce> <u:Created>2012-11-23T07:10:04.670Z</u:Created> </o:UsernameToken> </o:Security> </s:Header> which is exactly as it should be. Password Digest? In my case the password is passed in plain text over an SSL connection, so there's no digest required so I was done with the code above. Since I don't have a service handy that requires a password digest,  I had no way of testing the code for the digest implementation, but here is how this is likely to work. If you need to pass a digest encoded password things are a little bit trickier. The password type namespace needs to change to: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest and then the password value needs to be encoded. The format for password digest encoding is this: Base64(SHA-1(Nonce + Created + Password)) and it can be handled in the code above with this code (that's commented in the snippet above): string password = GetSHA1String(nonce + createdStr + userToken.Password); The entire WriteTokenCore method for digest code looks like this:protected override void WriteTokenCore(System.Xml.XmlWriter writer, System.IdentityModel.Tokens.SecurityToken token) { UserNameSecurityToken userToken = token as UserNameSecurityToken; string tokennamespace = "o"; DateTime created = DateTime.Now; string createdStr = created.ToString("yyyy-MM-ddThh:mm:ss.fffZ"); // unique Nonce value - encode with SHA-1 for 'randomness' // in theory the nonce could just be the GUID by itself string phrase = Guid.NewGuid().ToString(); var nonce = GetSHA1String(phrase); string password = GetSHA1String(nonce + createdStr + userToken.Password); writer.WriteRaw(string.Format( "<{0}:UsernameToken u:Id=\"" + token.Id + "\" xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" + "<{0}:Username>" + userToken.UserName + "</{0}:Username>" + "<{0}:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#Digest\">" + password + "</{0}:Password>" + "<{0}:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</{0}:Nonce>" + "<u:Created>" + createdStr + "</u:Created></{0}:UsernameToken>", tokennamespace)); } I had no service to connect to to try out Digest auth - if you end up needing it and get it to work please drop a comment… How to use the custom Credentials The easiest way to use the custom credentials is to create the client in code. Here's a factory method I use to create an instance of my service client:  public static RealTimeOnlineClient CreateRealTimeOnlineProxy(string url, string username, string password) { if (string.IsNullOrEmpty(url)) url = "https://notrealurl.com:443/cows/services/RealTimeOnline"; CustomBinding binding = new CustomBinding(); var security = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement(); security.IncludeTimestamp = false; security.DefaultAlgorithmSuite = SecurityAlgorithmSuite.Basic256; security.MessageSecurityVersion = MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10; var encoding = new TextMessageEncodingBindingElement(); encoding.MessageVersion = MessageVersion.Soap11; var transport = new HttpsTransportBindingElement(); transport.MaxReceivedMessageSize = 20000000; // 20 megs binding.Elements.Add(security); binding.Elements.Add(encoding); binding.Elements.Add(transport); RealTimeOnlineClient client = new RealTimeOnlineClient(binding, new EndpointAddress(url)); // to use full client credential with Nonce uncomment this code: // it looks like this might not be required - the service seems to work without it client.ChannelFactory.Endpoint.Behaviors.Remove<System.ServiceModel.Description.ClientCredentials>(); client.ChannelFactory.Endpoint.Behaviors.Add(new CustomCredentials()); client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; return client; } This returns a service client that's ready to call other service methods. The key item in this code is the ChannelFactory endpoint behavior modification that that first removes the original ClientCredentials and then adds the new one. The ClientCredentials property on the client is read only and this is the way it has to be added.   Summary It's a bummer that WCF doesn't suport WSE Security authentication with nonce values out of the box. From reading the comments in posts/articles while I was trying to find a solution, I found that this feature was omitted by design as this protocol is considered unsecure. While I agree that plain text passwords are rarely a good idea even if they go over secured SSL connection as WSE Security does, there are unfortunately quite a few services (mosly Java services I suspect) that use this protocol. I've run into this twice now and trying to find a solution online I can see that this is not an isolated problem - many others seem to have struggled with this. It seems there are about a dozen questions about this on StackOverflow all with varying incomplete answers. Hopefully this post provides a little more coherent content in one place. Again I marvel at WCF and its breadth of support for protocol features it has in a single tool. And even when it can't handle something there are ways to get it working via extensibility. But at the same time I marvel at how freaking difficult it is to arrive at these solutions. I mean there's no way I could have ever figured this out on my own. It takes somebody working on the WCF team or at least being very, very intricately involved in the innards of WCF to figure out the interconnection of the various objects to do this from scratch. Luckily this is an older problem that has been discussed extensively online and I was able to cobble together a solution from the online content. I'm glad it worked out that way, but it feels dirty and incomplete in that there's a whole learning path that was omitted to get here… Man am I glad I'm not dealing with SOAP services much anymore. REST service security - even when using some sort of federation is a piece of cake by comparison :-) I'm sure once standards bodies gets involved we'll be right back in security standard hell…© Rick Strahl, West Wind Technologies, 2005-2012Posted in WCF  Web Services   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • USB packets - receive wrong data

    - by regorianer
    i have a little python script which shows me the packets of an enocean device and does some events depending on the packet type. unfortunately it doesn't work because i'm getting wrong packets. Parts of the python script (used pySerial): Blockquote ser = serial.Serial('/dev/ttyUSB1',57600,bytesize = serial.EIGHTBITS,timeout = 1, parity = serial.PARITY_NONE , rtscts = 0) print 'clearing buffer' s = ser.read(10000) print 'start read' while 1: s = ser.read(1) for character in s: sys.stdout.write(" %s" % character.encode('hex')) print 'end' ser.close() output baudrate 57600: e0 e0 00 e0 00 e0 e0 e0 e0 e0 00 e0 e0 00 00 00 00 00 00 00 e0 e0 e0 00 00 00 00 e0 e0 e0 00 00 e0 e0 e0 e0 e0 00 e0 00 e0 e0 e0 e0 e0 00 e0 e0 00 00 00 00 00 00 e0 e0 e0 00 00 00 00 e0 e0 e0 00 00 e0 e0 e0 output baudrate 9600: a5 5a 0b 05 10 00 00 00 00 15 c4 56 20 6f a5 5a 0b 05 00 00 00 00 00 15 c4 56 20 5f linux terminal baudrate 57600: $stty -F /dev/ttyUSB1 57600 $stty < /dev/ttyUSB1 speed 57600 baud; line = 0; eof = ^A; min = 0; time = 0; -brkint -icrnl -imaxbel -opost -onlcr -isig -icanon -iexten -echo -echoe -echok -echoctl -echoke $while (true) do cat -A /dev/ttyUSB1 ; done myfile $hexdump -C myfile 00000000 4d 2d 60 4d 2d 60 5e 40 4d 2d 60 5e 40 4d 2d 60 |M-M-^@M-^@M-| 00000010 4d 2d 60 4d 2d 60 4d 2d 60 4d 2d 60 5e 40 4d 2d |M-M-M-M-^@M-| 00000020 60 4d 2d 60 5e 40 5e 40 5e 40 5e 40 5e 40 5e 40 |M-^@^@^@^@^@^@| 00000030 5e 40 4d 2d 60 4d 2d 60 4d 2d 60 5e 40 5e 40 5e |^@M-M-M-`^@^@^| 00000040 40 5e 40 4d 2d 60 4d 2d 60 4d 2d 60 |@^@M-M-M-`| 0000004c linux terminal baudrate 9600: $hexdump -C myfile2 00000000 5e 40 5e 55 4d 2d 44 56 30 4d 2d 3f 5e 40 5e 40 |^@^UM-DV0M-?^@^@| 00000010 5e 55 4d 2d 44 56 20 5f |^UM-DV _| 00000018 the specification says: 0x55 sync byte 1st 0xNNNN data length bytes (2 bytes) 0x07 opt length byte 0x01 type byte CRC, data, opt data und nochmal CRC but I'm not getting this packet structure. The output of the python script differs from the one I get via the terminal. I also wrote the python part with C, but the output is the same as with python As the USB receiver a BSC-BoR USB Receiver/Sender is used The EnOcean device is a simple button

    Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36  | Next Page >