[Apiman-user] News: apiman 1.1.1.Final released!

Christina Lau christinalau28 at icloud.com
Thu Apr 23 14:57:55 EDT 2015


Thanks, I changed it to 1.1.1.Final and it works. But now I have a new problem. It seems the new policy requires SSL. I get this error:

>> OAuth2 token was transmitted without required transport security (TLS, SSL).

Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing…


> On Apr 23, 2015, at 1:51 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
> 
> What version did you type into the UI?  It should be:
> 
> 1.1.1.Final
> 
> If you try to use the -SNAPSHOT version it will likely not find it unless you compile and install it locally.
> 
> -Eric
> 
> On 4/23/2015 1:39 PM, Christina Lau wrote:
>> It didn’t seem to work, I got 404 not found error. I just entered the GAV info in the UI.
>> 
>> {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy
>> :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions
>> .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n
>> \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io
>> .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat
>>  sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl
>> .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
>> .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl
>> .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>> (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker
>> .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237
>> )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org
>> .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy
>> .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat
>>  org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56
>> )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher
>> .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet
>> .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl
>> .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter
>> .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter
>> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler
>> .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59
>> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet
>> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet
>> .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter
>> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler
>> .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61
>> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet
>> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers
>> .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler
>> .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler
>> .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler
>> .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler
>> .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler
>> .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security
>> .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow
>> .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler
>> .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java
>> :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat
>>  io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler
>> .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler
>> .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest
>> (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler
>> .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler
>> .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler
>> .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler
>> .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest
>> (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest
>> (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler
>> .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler
>> .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>> \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java
>> :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler
>> .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler
>> .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler
>> .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow
>> .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor
>> .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
>> .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions
>> .InvalidPluginException: Could not find plugin.  (Not found locally and could not download from remote
>>  maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry
>> .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin
>> (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java
>> :103)\n\t... 60 more\n"}
>> 
>>> On Apr 23, 2015, at 1:07 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
>>> 
>>> All you need to do is add the plugin to apiman via the API Manager UI (as an admin).  Assuming you are starting from a fresh apiman install.
>>> 
>>> Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies.
>>> 
>>> -Eric
>>> 
>>> PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins.
>>> 
>>> On 4/23/2015 12:38 PM, Christina Lau wrote:
>>>> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks…
>>>> 
>>>> Christina
>>>> 
>>>>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
>>>>> 
>>>>> Hey everyone.  We released apiman version 1.1.1.Final.  There are a few
>>>>> news things in this release, but the big reason to do it now was to fix
>>>>> a CORS problem that was causing the UI to fail in certain browsers.
>>>>> Some users were seeing 403 errors when creating Organizations!  Thanks
>>>>> to Marc for tracking that down - it was a tough one.
>>>>> 
>>>>> Additionally we have a new policy plugin that turns any JSON REST
>>>>> endpoint into a JSONP endpoint:
>>>>> 
>>>>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy
>>>>> 
>>>>> Thanks to Alexandre Kieling for contributing that to us.  Much appreciated.
>>>>> 
>>>>> And finally the Keycloak OAuth2 security policy now supports role based
>>>>> authorization.  When configuring the policy you can now say what roles
>>>>> are required for a user to be able to access the service.  Thanks to
>>>>> Marc for this one as well - good stuff!
>>>>> 
>>>>> -Eric
>>>>> _______________________________________________
>>>>> Apiman-user mailing list
>>>>> Apiman-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>> 
>> 




More information about the Apiman-user mailing list