[Apiman-user] News: apiman 1.1.1.Final released!

Christina Lau christinalau28 at icloud.com
Thu Apr 23 17:55:56 EDT 2015 

Hi Marc, yes that works. Thanks.. Looking good, will do more testing :-). 


> On Apr 23, 2015, at 4:39 PM, Marc Savy <msavy at redhat.com> wrote:
> 
> Hi Christina,
> 
>> Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing…
> 
> You'll be glad to know this is a trivial one to change; simply turn it off in the plugin's configuration page - change "Require Transport Security" to false and you should be good to go.
> 
> Regards,
> Marc
> 
> ----- Original Message -----
> From: "Christina Lau" <christinalau28 at icloud.com>
> To: "Eric Wittmann" <eric.wittmann at redhat.com>
> Cc: apiman-user at lists.jboss.org
> Sent: Thursday, 23 April, 2015 7:57:55 PM
> Subject: Re: [Apiman-user] News:  apiman 1.1.1.Final released!
> 
> Thanks, I changed it to 1.1.1.Final and it works. But now I have a new problem. It seems the new policy requires SSL. I get this error:
> 
>>> OAuth2 token was transmitted without required transport security (TLS, SSL).
> 
> Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing…
> 
> 
>> On Apr 23, 2015, at 1:51 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
>> 
>> What version did you type into the UI?  It should be:
>> 
>> 1.1.1.Final
>> 
>> If you try to use the -SNAPSHOT version it will likely not find it unless you compile and install it locally.
>> 
>> -Eric
>> 
>> On 4/23/2015 1:39 PM, Christina Lau wrote:
>>> It didn’t seem to work, I got 404 not found error. I just entered the GAV info in the UI.
>>> 
>>> {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy
>>> :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions
>>> .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n
>>> \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io
>>> .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl
>>> .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
>>> .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl
>>> .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget
>>> (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker
>>> .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237
>>> )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org
>>> .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy
>>> .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat
>>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56
>>> )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher
>>> .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet
>>> .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl
>>> .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter
>>> .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter
>>> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler
>>> .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59
>>> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet
>>> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet
>>> .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter
>>> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler
>>> .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61
>>> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet
>>> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers
>>> .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler
>>> .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler
>>> .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler
>>> .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler
>>> .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler
>>> .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security
>>> .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow
>>> .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler
>>> .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java
>>> :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat
>>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler
>>> .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler
>>> .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest
>>> (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler
>>> .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler
>>> .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler
>>> .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler
>>> .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest
>>> (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest
>>> (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler
>>> .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler
>>> .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>>> \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java
>>> :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler
>>> .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler
>>> .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler
>>> .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow
>>> .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor
>>> .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
>>> .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions
>>> .InvalidPluginException: Could not find plugin.  (Not found locally and could not download from remote
>>> maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry
>>> .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin
>>> (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java
>>> :103)\n\t... 60 more\n"}
>>> 
>>>> On Apr 23, 2015, at 1:07 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
>>>> 
>>>> All you need to do is add the plugin to apiman via the API Manager UI (as an admin).  Assuming you are starting from a fresh apiman install.
>>>> 
>>>> Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies.
>>>> 
>>>> -Eric
>>>> 
>>>> PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins.
>>>> 
>>>> On 4/23/2015 12:38 PM, Christina Lau wrote:
>>>>> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks…
>>>>> 
>>>>> Christina
>>>>> 
>>>>>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann <eric.wittmann at redhat.com> wrote:
>>>>>> 
>>>>>> Hey everyone.  We released apiman version 1.1.1.Final.  There are a few
>>>>>> news things in this release, but the big reason to do it now was to fix
>>>>>> a CORS problem that was causing the UI to fail in certain browsers.
>>>>>> Some users were seeing 403 errors when creating Organizations!  Thanks
>>>>>> to Marc for tracking that down - it was a tough one.
>>>>>> 
>>>>>> Additionally we have a new policy plugin that turns any JSON REST
>>>>>> endpoint into a JSONP endpoint:
>>>>>> 
>>>>>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy
>>>>>> 
>>>>>> Thanks to Alexandre Kieling for contributing that to us.  Much appreciated.
>>>>>> 
>>>>>> And finally the Keycloak OAuth2 security policy now supports role based
>>>>>> authorization.  When configuring the policy you can now say what roles
>>>>>> are required for a user to be able to access the service.  Thanks to
>>>>>> Marc for this one as well - good stuff!
>>>>>> 
>>>>>> -Eric
>>>>>> _______________________________________________
>>>>>> Apiman-user mailing list
>>>>>> Apiman-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user
>>>>> 
>>> 
> 
> 
> _______________________________________________
> Apiman-user mailing list
> Apiman-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/apiman-user

More information about the Apiman-user mailing list