From cmoulliard at redhat.com Tue Sep 1 01:20:32 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Tue, 1 Sep 2015 07:20:32 +0200 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: <55E4EF21.4040402@redhat.com> References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> Message-ID: <55E535A0.4060906@redhat.com> This blog refers to a link where we will import a pre-defined config First, log into the Keycloak server. If you?re following our walkthrough, the log-in details are identical to those mentioned earlier (admin, admin123!). You can see that there is already an apiman realm defined, but we?re going to create a new one, so navigate to Add Realm (top right), and import and upload "this demonstration realm definition - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it provides an extremely simple setup where we have: What I would like to explain how we can create this "stottie" config in Keycloak (step by step, screenshots) On 01/09/15 02:19, Eric Wittmann wrote: > +1 > > Thanks for responding, Rafael. I had intended to link this very same > tutorial but then it slipped my mind. :) > > On 8/31/2015 5:48 PM, Rafael Soares wrote: >> Charles, >> >> Recently I followed the "/Keycloak and dagger: Securing your services >> with OAuth2/" tutorial [1] and it worked fine! This howto is great! >> >> You don't need to do anything on the Fuse/Camel side. All setup is done >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and >> all you need to do is install the Apiman oauth2 keycloak plugin and >> configure your service policy to use it. The tutorial [1] describes each >> step in detail. >> >> [1] >> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html >> >> >> >> >> ________________________ >> Rafael Torres Coelho Soares >> >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard >> > wrote: >> >> Hi, >> >> I have already asked this question but I need some help to figure >> out >> what are the steps required to setup Oauth 2 with Keycloak as I'm >> preparing a demo >> (https://github.com/FuseByExample/rest-dsl-in-action) >> covering the point about how to secure & govern Camel REST DSL >> endpoints >> on JBoss Fuse using Apiman & Keycloak ? >> >> I just need the list of the steps to perform from the Web Site. >> Base on >> the input, I will take some screenshots and include the instructions >> within the demo content. Such input could be reused to write a blog >> article too ;-) >> >> Regards, >> >> Charles >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> From marc.savy at redhat.com Tue Sep 1 05:57:47 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 1 Sep 2015 10:57:47 +0100 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: <55E535A0.4060906@redhat.com> References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> Message-ID: <55E5769B.9040008@redhat.com> I would suggest you refer to the Keycloak documentation, as there are several ways to skin this particular cat. For instance, how you decide to set up your Keycloak configuration is highly dependent upon your specific requirements; whether you want token grants to be via the API-only, or an HTTP redirect based approach (see: https://keycloak.github.io/docs/userguide/html/access-types.html); how you wish to divide up your application; the level of security you desire; any identity provision sources... At any rate, once you have Keycloak going, you would log in and click on 'create realm' (in my blog demo, that would be http://localhost:8080/auth/admin/master/console/#/create/realm) - then, add your client, roles, users, etc. To make your life simple for demo purposes, I suggest your clients be 'Direct Grants Only' and 'Public'. I'm not entirely clear from your email whether you want to script this, or provide walk-through steps, or provide a pre-baked config (like the blog). Do you need to use roles and authorization? Or just simple authentication? Regards, Marc On 01/09/2015 06:20, Charles Moulliard wrote: > This blog refers to a link where we will import a pre-defined config > > First, log into the Keycloak server. If you?re following our > walkthrough, the log-in details are identical to those mentioned earlier > (admin, admin123!). You can see that there is already an apiman realm > defined, but we?re going to create a new one, so navigate to Add Realm > (top right), and import and upload "this demonstration realm definition > - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it > provides an extremely simple setup where we have: > > What I would like to explain how we can create this "stottie" config in > Keycloak (step by step, screenshots) > > On 01/09/15 02:19, Eric Wittmann wrote: > > +1 > > > > Thanks for responding, Rafael. I had intended to link this very same > > tutorial but then it slipped my mind. :) > > > > On 8/31/2015 5:48 PM, Rafael Soares wrote: > >> Charles, > >> > >> Recently I followed the "/Keycloak and dagger: Securing your services > >> with OAuth2/" tutorial [1] and it worked fine! This howto is great! > >> > >> You don't need to do anything on the Fuse/Camel side. All setup is done > >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and > >> all you need to do is install the Apiman oauth2 keycloak plugin and > >> configure your service policy to use it. The tutorial [1] describes each > >> step in detail. > >> > >> [1] > >> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html > >> > >> > >> > >> > >> ________________________ > >> Rafael Torres Coelho Soares > >> > >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard > >> > wrote: > >> > >> Hi, > >> > >> I have already asked this question but I need some help to figure > >> out > >> what are the steps required to setup Oauth 2 with Keycloak as I'm > >> preparing a demo > >> (https://github.com/FuseByExample/rest-dsl-in-action) > >> covering the point about how to secure & govern Camel REST DSL > >> endpoints > >> on JBoss Fuse using Apiman & Keycloak ? > >> > >> I just need the list of the steps to perform from the Web Site. > >> Base on > >> the input, I will take some screenshots and include the instructions > >> within the demo content. Such input could be reused to write a blog > >> article too ;-) > >> > >> Regards, > >> > >> Charles > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > >> > >> > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From cmoulliard at redhat.com Tue Sep 1 10:54:29 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Tue, 1 Sep 2015 16:54:29 +0200 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: <55E5769B.9040008@redhat.com> References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> Message-ID: <55E5BC25.9030606@redhat.com> On 01/09/15 11:57, Marc Savy wrote: > I would suggest you refer to the Keycloak documentation, as there are > several ways to skin this particular cat. For instance, how you decide > to set up your Keycloak configuration is highly dependent upon your > specific requirements; whether you want token grants to be via the > API-only, or an HTTP redirect based approach (see: > https://keycloak.github.io/docs/userguide/html/access-types.html); how > you wish to divide up your application; the level of security you > desire; any identity provision sources... > > At any rate, once you have Keycloak going, you would log in and click > on 'create realm' (in my blog demo, that would be > http://localhost:8080/auth/admin/master/console/#/create/realm) - > then, add your client, roles, users, etc. > >> I have created a very basic use case : - realm = demo, - a user = demo and - a client = demo where Direct Grants Only = ON and Access Type = Public but when I issue a request to get the Access Token, curl -X POST http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d 'password=demo' -d 'grant_type=password' -d 'client_id=demo' I get this error --> {"error_description":"Direct Grant REST API not enabled","error":"not_enabled"} Here is the demo.json exported file = https://gist.github.com/cmoulliard/c25fef751886ace8c354 > To make your life simple for demo purposes, I suggest your clients be > 'Direct Grants Only' and 'Public'. > > I'm not entirely clear from your email whether you want to script > this, or provide walk-through steps, or provide a pre-baked config > (like the blog). >> I would like to include instructions (= step by step instructions) + screenshots and also a file (= json exported config) for end users not interested to setup Keycloak > > Do you need to use roles and authorization? Or just simple authentication? > > Regards, > Marc > > > On 01/09/2015 06:20, Charles Moulliard wrote: >> This blog refers to a link where we will import a pre-defined config >> >> First, log into the Keycloak server. If you?re following our >> walkthrough, the log-in details are identical to those mentioned earlier >> (admin, admin123!). You can see that there is already an apiman realm >> defined, but we?re going to create a new one, so navigate to Add Realm >> (top right), and import and upload "this demonstration realm definition >> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it >> provides an extremely simple setup where we have: >> >> What I would like to explain how we can create this "stottie" config in >> Keycloak (step by step, screenshots) >> >> On 01/09/15 02:19, Eric Wittmann wrote: >> > +1 >> > >> > Thanks for responding, Rafael. I had intended to link this very same >> > tutorial but then it slipped my mind. :) >> > >> > On 8/31/2015 5:48 PM, Rafael Soares wrote: >> >> Charles, >> >> >> >> Recently I followed the "/Keycloak and dagger: Securing your >> services >> >> with OAuth2/" tutorial [1] and it worked fine! This howto is great! >> >> >> >> You don't need to do anything on the Fuse/Camel side. All setup is >> done >> >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and >> >> all you need to do is install the Apiman oauth2 keycloak plugin and >> >> configure your service policy to use it. The tutorial [1] >> describes each >> >> step in detail. >> >> >> >> [1] >> >> >> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html >> >> >> >> >> >> >> >> >> >> ________________________ >> >> Rafael Torres Coelho Soares >> >> >> >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard >> >> > wrote: >> >> >> >> Hi, >> >> >> >> I have already asked this question but I need some help to >> figure >> >> out >> >> what are the steps required to setup Oauth 2 with Keycloak as >> I'm >> >> preparing a demo >> >> (https://github.com/FuseByExample/rest-dsl-in-action) >> >> covering the point about how to secure & govern Camel REST DSL >> >> endpoints >> >> on JBoss Fuse using Apiman & Keycloak ? >> >> >> >> I just need the list of the steps to perform from the Web Site. >> >> Base on >> >> the input, I will take some screenshots and include the >> instructions >> >> within the demo content. Such input could be reused to write >> a blog >> >> article too ;-) >> >> >> >> Regards, >> >> >> >> Charles >> >> _______________________________________________ >> >> Apiman-user mailing list >> >> Apiman-user at lists.jboss.org >> >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> Apiman-user mailing list >> >> Apiman-user at lists.jboss.org >> >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> > From marc.savy at redhat.com Tue Sep 1 11:22:28 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 1 Sep 2015 16:22:28 +0100 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: <55E5BC25.9030606@redhat.com> References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> <55E5BC25.9030606@redhat.com> Message-ID: <55E5C2B4.40305@redhat.com> http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings -> 'Direct Grant API' -> ON Now, curl -X POST http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d 'password=demo' -d 'grant_type=password' -d 'client_id=demo' Works fine! As a side-note: I would also point your readers towards the Keycloak docs, as this may not be an optimal setup for their real-world requirements (e.g. they may want redirected login-screens, user registration, SAML, etc, etc). On 01/09/2015 15:54, Charles Moulliard wrote: > > On 01/09/15 11:57, Marc Savy wrote: > > I would suggest you refer to the Keycloak documentation, as there are > > several ways to skin this particular cat. For instance, how you decide > > to set up your Keycloak configuration is highly dependent upon your > > specific requirements; whether you want token grants to be via the > > API-only, or an HTTP redirect based approach (see: > > https://keycloak.github.io/docs/userguide/html/access-types.html); how > > you wish to divide up your application; the level of security you > > desire; any identity provision sources... > > > > At any rate, once you have Keycloak going, you would log in and click > > on 'create realm' (in my blog demo, that would be > > http://localhost:8080/auth/admin/master/console/#/create/realm) - > > then, add your client, roles, users, etc. > > > >> I have created a very basic use case : > - realm = demo, > - a user = demo and > - a client = demo where Direct Grants Only = ON and Access Type = Public > > but when I issue a request to get the Access Token, > > curl -X POST > http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H > "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d > 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > > I get this error --> > > {"error_description":"Direct Grant REST API not > enabled","error":"not_enabled"} > > Here is the demo.json exported file = > https://gist.github.com/cmoulliard/c25fef751886ace8c354 > > > > To make your life simple for demo purposes, I suggest your clients be > > 'Direct Grants Only' and 'Public'. > > > > I'm not entirely clear from your email whether you want to script > > this, or provide walk-through steps, or provide a pre-baked config > > (like the blog). > >> I would like to include instructions (= step by step instructions) + > screenshots and also a file (= json exported config) for end users not > interested to setup Keycloak > > > > Do you need to use roles and authorization? Or just simple > > authentication? > > > > Regards, > > Marc > > > > > > On 01/09/2015 06:20, Charles Moulliard wrote: > >> This blog refers to a link where we will import a pre-defined config > >> > >> First, log into the Keycloak server. If you?re following our > >> walkthrough, the log-in details are identical to those mentioned earlier > >> (admin, admin123!). You can see that there is already an apiman realm > >> defined, but we?re going to create a new one, so navigate to Add Realm > >> (top right), and import and upload "this demonstration realm definition > >> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it > >> provides an extremely simple setup where we have: > >> > >> What I would like to explain how we can create this "stottie" config in > >> Keycloak (step by step, screenshots) > >> > >> On 01/09/15 02:19, Eric Wittmann wrote: > >> > +1 > >> > > >> > Thanks for responding, Rafael. I had intended to link this very same > >> > tutorial but then it slipped my mind. :) > >> > > >> > On 8/31/2015 5:48 PM, Rafael Soares wrote: > >> >> Charles, > >> >> > >> >> Recently I followed the "/Keycloak and dagger: Securing your > >> services > >> >> with OAuth2/" tutorial [1] and it worked fine! This howto is great! > >> >> > >> >> You don't need to do anything on the Fuse/Camel side. All setup is > >> done > >> >> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and > >> >> all you need to do is install the Apiman oauth2 keycloak plugin and > >> >> configure your service policy to use it. The tutorial [1] > >> describes each > >> >> step in detail. > >> >> > >> >> [1] > >> >> > >> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html > >> > >> >> > >> >> > >> >> > >> >> > >> >> ________________________ > >> >> Rafael Torres Coelho Soares > >> >> > >> >> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard > >> >> > wrote: > >> >> > >> >> Hi, > >> >> > >> >> I have already asked this question but I need some help to > >> figure > >> >> out > >> >> what are the steps required to setup Oauth 2 with Keycloak as > >> I'm > >> >> preparing a demo > >> >> (https://github.com/FuseByExample/rest-dsl-in-action) > >> >> covering the point about how to secure & govern Camel REST DSL > >> >> endpoints > >> >> on JBoss Fuse using Apiman & Keycloak ? > >> >> > >> >> I just need the list of the steps to perform from the Web Site. > >> >> Base on > >> >> the input, I will take some screenshots and include the > >> instructions > >> >> within the demo content. Such input could be reused to write > >> a blog > >> >> article too ;-) > >> >> > >> >> Regards, > >> >> > >> >> Charles > >> >> _______________________________________________ > >> >> Apiman-user mailing list > >> >> Apiman-user at lists.jboss.org > >> >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> >> > >> >> > >> >> > >> >> > >> >> _______________________________________________ > >> >> Apiman-user mailing list > >> >> Apiman-user at lists.jboss.org > >> >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> >> > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > > > From marc.savy at redhat.com Tue Sep 1 11:39:54 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 1 Sep 2015 16:39:54 +0100 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> <55E5BC25.9030606@redhat.com> <55E5C2B4.40305@redhat.com> Message-ID: <55E5C6CA.9020602@redhat.com> > I have also reseted the password to demo and I get an account temporarily disabled You should probably hit the slider that says "temporary" to OFF, then. http://localhost:8080/auth/admin/master/console/#/realms/demo/users/demo/user-credentials However, we're straying firmly into Keycloak rather than apiman territory, here. On 01/09/2015 16:36, Charles Moulliard wrote: > Works better now. I have also reseted the password to demo and I get an account temporarily disabled > > Sent from my iPhone > > > On 1 sept. 2015, at 17:22, Marc Savy wrote: > > > > http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings -> 'Direct Grant API' -> ON > > > > Now, curl -X POST http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > > > > Works fine! > > > > As a side-note: I would also point your readers towards the Keycloak docs, as this may not be an optimal setup for their real-world requirements (e.g. they may want redirected login-screens, user registration, SAML, etc, etc). > > > >> On 01/09/2015 15:54, Charles Moulliard wrote: > >> > >> On 01/09/15 11:57, Marc Savy wrote: > >>> I would suggest you refer to the Keycloak documentation, as there are > >>> several ways to skin this particular cat. For instance, how you decide > >>> to set up your Keycloak configuration is highly dependent upon your > >>> specific requirements; whether you want token grants to be via the > >>> API-only, or an HTTP redirect based approach (see: > >>> https://keycloak.github.io/docs/userguide/html/access-types.html); how > >>> you wish to divide up your application; the level of security you > >>> desire; any identity provision sources... > >>> > >>> At any rate, once you have Keycloak going, you would log in and click > >>> on 'create realm' (in my blog demo, that would be > >>> http://localhost:8080/auth/admin/master/console/#/create/realm) - > >>> then, add your client, roles, users, etc. > >>> > >>>> I have created a very basic use case : > >> - realm = demo, > >> - a user = demo and > >> - a client = demo where Direct Grants Only = ON and Access Type = Public > >> > >> but when I issue a request to get the Access Token, > >> > >> curl -X POST > >> http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H > >> "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d > >> 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > >> > >> I get this error --> > >> > >> {"error_description":"Direct Grant REST API not > >> enabled","error":"not_enabled"} > >> > >> Here is the demo.json exported file = > >> https://gist.github.com/cmoulliard/c25fef751886ace8c354 > >> > >> > >>> To make your life simple for demo purposes, I suggest your clients be > >>> 'Direct Grants Only' and 'Public'. > >>> > >>> I'm not entirely clear from your email whether you want to script > >>> this, or provide walk-through steps, or provide a pre-baked config > >>> (like the blog). > >>>> I would like to include instructions (= step by step instructions) + > >> screenshots and also a file (= json exported config) for end users not > >> interested to setup Keycloak > >>> > >>> Do you need to use roles and authorization? Or just simple > >>> authentication? > >>> > >>> Regards, > >>> Marc > >>> > >>> > >>> On 01/09/2015 06:20, Charles Moulliard wrote: > >>>> This blog refers to a link where we will import a pre-defined config > >>>> > >>>> First, log into the Keycloak server. If you?re following our > >>>> walkthrough, the log-in details are identical to those mentioned earlier > >>>> (admin, admin123!). You can see that there is already an apiman realm > >>>> defined, but we?re going to create a new one, so navigate to Add Realm > >>>> (top right), and import and upload "this demonstration realm definition > >>>> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it > >>>> provides an extremely simple setup where we have: > >>>> > >>>> What I would like to explain how we can create this "stottie" config in > >>>> Keycloak (step by step, screenshots) > >>>> > >>>> On 01/09/15 02:19, Eric Wittmann wrote: > >>>>> +1 > >>>>> > >>>>> Thanks for responding, Rafael. I had intended to link this very same > >>>>> tutorial but then it slipped my mind. :) > >>>>> > >>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote: > >>>>>> Charles, > >>>>>> > >>>>>> Recently I followed the "/Keycloak and dagger: Securing your > >>>> services > >>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto is great! > >>>>>> > >>>>>> You don't need to do anything on the Fuse/Camel side. All setup is > >>>> done > >>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service embedded and > >>>>>> all you need to do is install the Apiman oauth2 keycloak plugin and > >>>>>> configure your service policy to use it. The tutorial [1] > >>>> describes each > >>>>>> step in detail. > >>>>>> > >>>>>> [1] > >>>>>> > >>>> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html > >>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> ________________________ > >>>>>> Rafael Torres Coelho Soares > >>>>>> > >>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard > >>>>>> > wrote: > >>>>>> > >>>>>> Hi, > >>>>>> > >>>>>> I have already asked this question but I need some help to > >>>> figure > >>>>>> out > >>>>>> what are the steps required to setup Oauth 2 with Keycloak as > >>>> I'm > >>>>>> preparing a demo > >>>>>> (https://github.com/FuseByExample/rest-dsl-in-action) > >>>>>> covering the point about how to secure & govern Camel REST DSL > >>>>>> endpoints > >>>>>> on JBoss Fuse using Apiman & Keycloak ? > >>>>>> > >>>>>> I just need the list of the steps to perform from the Web Site. > >>>>>> Base on > >>>>>> the input, I will take some screenshots and include the > >>>> instructions > >>>>>> within the demo content. Such input could be reused to write > >>>> a blog > >>>>>> article too ;-) > >>>>>> > >>>>>> Regards, > >>>>>> > >>>>>> Charles > >>>>>> _______________________________________________ > >>>>>> Apiman-user mailing list > >>>>>> Apiman-user at lists.jboss.org > >>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>>> > >>>>>> > >>>>>> > >>>>>> > >>>>>> _______________________________________________ > >>>>>> Apiman-user mailing list > >>>>>> Apiman-user at lists.jboss.org > >>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>>> > >>>> > >>>> _______________________________________________ > >>>> Apiman-user mailing list > >>>> Apiman-user at lists.jboss.org > >>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>> > >>> > > From rafaelcba at gmail.com Tue Sep 1 12:34:07 2015 From: rafaelcba at gmail.com (Rafael Soares) Date: Tue, 1 Sep 2015 13:34:07 -0300 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: <099D0DAC-A85B-4BC6-B371-D49FAC4A53EC@redhat.com> References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> <55E5BC25.9030606@redhat.com> <55E5C2B4.40305@redhat.com> <099D0DAC-A85B-4BC6-B371-D49FAC4A53EC@redhat.com> Message-ID: Hi! One nice thing you could add to your post is the use of Postman REST Client App [1] (Chrome addon). Postman offers a way to get an oAuth2 access_token (JWT) and add it to your request. All visually without have to get the access_token using 'curl' or 'httpie' (CLI utilities). See Postman Helpers [2]. I used it for my demos when working with REST endpoints. I managed to get it working with the APIMan/Keycloak oauth2. [1] https://www.getpostman.com/ [2] https://www.getpostman.com/docs/helpers ________________________ Rafael Torres Coelho Soares On Tue, Sep 1, 2015 at 12:41 PM, Charles Moulliard wrote: > Fixed after changing user parameter. I'm able to get an access token > > So i will be able to take some screenshots now & elaborate the > instructions as addon of the excellent apiman & keycloak blog article ;-) > > Sent from my iPhone > > > On 1 sept. 2015, at 17:36, Charles Moulliard > wrote: > > > > Works better now. I have also reseted the password to demo and I get an > account temporarily disabled > > > > Sent from my iPhone > > > >> On 1 sept. 2015, at 17:22, Marc Savy wrote: > >> > >> > http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings > -> 'Direct Grant API' -> ON > >> > >> Now, curl -X POST > http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H > "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d > 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > >> > >> Works fine! > >> > >> As a side-note: I would also point your readers towards the Keycloak > docs, as this may not be an optimal setup for their real-world requirements > (e.g. they may want redirected login-screens, user registration, SAML, etc, > etc). > >> > >>> On 01/09/2015 15:54, Charles Moulliard wrote: > >>> > >>> On 01/09/15 11:57, Marc Savy wrote: > >>>> I would suggest you refer to the Keycloak documentation, as there are > >>>> several ways to skin this particular cat. For instance, how you decide > >>>> to set up your Keycloak configuration is highly dependent upon your > >>>> specific requirements; whether you want token grants to be via the > >>>> API-only, or an HTTP redirect based approach (see: > >>>> https://keycloak.github.io/docs/userguide/html/access-types.html); > how > >>>> you wish to divide up your application; the level of security you > >>>> desire; any identity provision sources... > >>>> > >>>> At any rate, once you have Keycloak going, you would log in and click > >>>> on 'create realm' (in my blog demo, that would be > >>>> http://localhost:8080/auth/admin/master/console/#/create/realm) - > >>>> then, add your client, roles, users, etc. > >>>> > >>>>> I have created a very basic use case : > >>> - realm = demo, > >>> - a user = demo and > >>> - a client = demo where Direct Grants Only = ON and Access Type = > Public > >>> > >>> but when I issue a request to get the Access Token, > >>> > >>> curl -X POST > >>> http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token > -H > >>> "Content-Type: application/x-www-form-urlencoded" -d "username=demo" -d > >>> 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > >>> > >>> I get this error --> > >>> > >>> {"error_description":"Direct Grant REST API not > >>> enabled","error":"not_enabled"} > >>> > >>> Here is the demo.json exported file = > >>> https://gist.github.com/cmoulliard/c25fef751886ace8c354 > >>> > >>> > >>>> To make your life simple for demo purposes, I suggest your clients be > >>>> 'Direct Grants Only' and 'Public'. > >>>> > >>>> I'm not entirely clear from your email whether you want to script > >>>> this, or provide walk-through steps, or provide a pre-baked config > >>>> (like the blog). > >>>>> I would like to include instructions (= step by step instructions) + > >>> screenshots and also a file (= json exported config) for end users not > >>> interested to setup Keycloak > >>>> > >>>> Do you need to use roles and authorization? Or just simple > >>>> authentication? > >>>> > >>>> Regards, > >>>> Marc > >>>> > >>>> > >>>>> On 01/09/2015 06:20, Charles Moulliard wrote: > >>>>> This blog refers to a link where we will import a pre-defined config > >>>>> > >>>>> First, log into the Keycloak server. If you?re following our > >>>>> walkthrough, the log-in details are identical to those mentioned > earlier > >>>>> (admin, admin123!). You can see that there is already an apiman realm > >>>>> defined, but we?re going to create a new one, so navigate to Add > Realm > >>>>> (top right), and import and upload "this demonstration realm > definition > >>>>> - http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it > >>>>> provides an extremely simple setup where we have: > >>>>> > >>>>> What I would like to explain how we can create this "stottie" config > in > >>>>> Keycloak (step by step, screenshots) > >>>>> > >>>>>> On 01/09/15 02:19, Eric Wittmann wrote: > >>>>>> +1 > >>>>>> > >>>>>> Thanks for responding, Rafael. I had intended to link this very same > >>>>>> tutorial but then it slipped my mind. :) > >>>>>> > >>>>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote: > >>>>>>> Charles, > >>>>>>> > >>>>>>> Recently I followed the "/Keycloak and dagger: Securing your > >>>>> services > >>>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto is great! > >>>>>>> > >>>>>>> You don't need to do anything on the Fuse/Camel side. All setup is > >>>>> done > >>>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service embedded > and > >>>>>>> all you need to do is install the Apiman oauth2 keycloak plugin and > >>>>>>> configure your service policy to use it. The tutorial [1] > >>>>> describes each > >>>>>>> step in detail. > >>>>>>> > >>>>>>> [1] > >>>>> > http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html > >>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> ________________________ > >>>>>>> Rafael Torres Coelho Soares > >>>>>>> > >>>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard > >>>>>>> > wrote: > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> I have already asked this question but I need some help to > >>>>> figure > >>>>>>> out > >>>>>>> what are the steps required to setup Oauth 2 with Keycloak as > >>>>> I'm > >>>>>>> preparing a demo > >>>>>>> (https://github.com/FuseByExample/rest-dsl-in-action) > >>>>>>> covering the point about how to secure & govern Camel REST DSL > >>>>>>> endpoints > >>>>>>> on JBoss Fuse using Apiman & Keycloak ? > >>>>>>> > >>>>>>> I just need the list of the steps to perform from the Web Site. > >>>>>>> Base on > >>>>>>> the input, I will take some screenshots and include the > >>>>> instructions > >>>>>>> within the demo content. Such input could be reused to write > >>>>> a blog > >>>>>>> article too ;-) > >>>>>>> > >>>>>>> Regards, > >>>>>>> > >>>>>>> Charles > >>>>>>> _______________________________________________ > >>>>>>> Apiman-user mailing list > >>>>>>> Apiman-user at lists.jboss.org Apiman-user at lists.jboss.org> > >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Apiman-user mailing list > >>>>>>> Apiman-user at lists.jboss.org > >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>> > >>>>> _______________________________________________ > >>>>> Apiman-user mailing list > >>>>> Apiman-user at lists.jboss.org > >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150901/cdbfaf95/attachment-0001.html From eric.wittmann at redhat.com Tue Sep 1 13:24:18 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Tue, 1 Sep 2015 13:24:18 -0400 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> <55E5BC25.9030606@redhat.com> <55E5C2B4.40305@redhat.com> <099D0DAC-A85B-4BC6-B371-D49FAC4A53EC@redhat.com> Message-ID: <55E5DF42.90602@redhat.com> Well that's pretty cool. :) On 9/1/2015 12:09 PM, Rafael Soares wrote: > Hi! > > One nice thing you could add to your post is the use of Postman REST > Client App [1] (Chrome addon). > Postman offers a way to get an oAuth2 access_token (JWT) and add it to > your request. All visually without have to get the access_token using > 'curl' or 'httpie' (CLI utilities). > > See the attached Screenshot. I used it for my demos when working with > REST endpoints. I managed to get it working with the APIMan/Keycloak oauth2. > > [1] https://www.getpostman.com/ > > > > ________________________ > Rafael Torres Coelho Soares > > On Tue, Sep 1, 2015 at 12:41 PM, Charles Moulliard > wrote: > > Fixed after changing user parameter. I'm able to get an access token > > So i will be able to take some screenshots now & elaborate the > instructions as addon of the excellent apiman & keycloak blog > article ;-) > > Sent from my iPhone > > > On 1 sept. 2015, at 17:36, Charles Moulliard > wrote: > > > > Works better now. I have also reseted the password to demo and I > get an account temporarily disabled > > > > Sent from my iPhone > > > >> On 1 sept. 2015, at 17:22, Marc Savy > wrote: > >> > >> > http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings > -> 'Direct Grant API' -> ON > >> > >> Now, curl -X POST > http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token > -H "Content-Type: application/x-www-form-urlencoded" -d > "username=demo" -d 'password=demo' -d 'grant_type=password' -d > 'client_id=demo' > >> > >> Works fine! > >> > >> As a side-note: I would also point your readers towards the > Keycloak docs, as this may not be an optimal setup for their > real-world requirements (e.g. they may want redirected > login-screens, user registration, SAML, etc, etc). > >> > >>> On 01/09/2015 15:54, Charles Moulliard wrote: > >>> > >>> On 01/09/15 11:57, Marc Savy wrote: > >>>> I would suggest you refer to the Keycloak documentation, as > there are > >>>> several ways to skin this particular cat. For instance, how > you decide > >>>> to set up your Keycloak configuration is highly dependent upon > your > >>>> specific requirements; whether you want token grants to be via the > >>>> API-only, or an HTTP redirect based approach (see: > >>>> > https://keycloak.github.io/docs/userguide/html/access-types.html); how > >>>> you wish to divide up your application; the level of security you > >>>> desire; any identity provision sources... > >>>> > >>>> At any rate, once you have Keycloak going, you would log in > and click > >>>> on 'create realm' (in my blog demo, that would be > >>>> http://localhost:8080/auth/admin/master/console/#/create/realm) - > >>>> then, add your client, roles, users, etc. > >>>> > >>>>> I have created a very basic use case : > >>> - realm = demo, > >>> - a user = demo and > >>> - a client = demo where Direct Grants Only = ON and Access Type > = Public > >>> > >>> but when I issue a request to get the Access Token, > >>> > >>> curl -X POST > >>> > http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H > >>> "Content-Type: application/x-www-form-urlencoded" -d > "username=demo" -d > >>> 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > >>> > >>> I get this error --> > >>> > >>> {"error_description":"Direct Grant REST API not > >>> enabled","error":"not_enabled"} > >>> > >>> Here is the demo.json exported file = > >>> https://gist.github.com/cmoulliard/c25fef751886ace8c354 > >>> > >>> > >>>> To make your life simple for demo purposes, I suggest your > clients be > >>>> 'Direct Grants Only' and 'Public'. > >>>> > >>>> I'm not entirely clear from your email whether you want to script > >>>> this, or provide walk-through steps, or provide a pre-baked config > >>>> (like the blog). > >>>>> I would like to include instructions (= step by step > instructions) + > >>> screenshots and also a file (= json exported config) for end > users not > >>> interested to setup Keycloak > >>>> > >>>> Do you need to use roles and authorization? Or just simple > >>>> authentication? > >>>> > >>>> Regards, > >>>> Marc > >>>> > >>>> > >>>>> On 01/09/2015 06:20, Charles Moulliard wrote: > >>>>> This blog refers to a link where we will import a pre-defined > config > >>>>> > >>>>> First, log into the Keycloak server. If you?re following our > >>>>> walkthrough, the log-in details are identical to those > mentioned earlier > >>>>> (admin, admin123!). You can see that there is already an > apiman realm > >>>>> defined, but we?re going to create a new one, so navigate to > Add Realm > >>>>> (top right), and import and upload "this demonstration realm > definition > >>>>> - > http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it > >>>>> provides an extremely simple setup where we have: > >>>>> > >>>>> What I would like to explain how we can create this "stottie" > config in > >>>>> Keycloak (step by step, screenshots) > >>>>> > >>>>>> On 01/09/15 02:19, Eric Wittmann wrote: > >>>>>> +1 > >>>>>> > >>>>>> Thanks for responding, Rafael. I had intended to link this > very same > >>>>>> tutorial but then it slipped my mind. :) > >>>>>> > >>>>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote: > >>>>>>> Charles, > >>>>>>> > >>>>>>> Recently I followed the "/Keycloak and dagger: Securing your > >>>>> services > >>>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto > is great! > >>>>>>> > >>>>>>> You don't need to do anything on the Fuse/Camel side. All > setup is > >>>>> done > >>>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service > embedded and > >>>>>>> all you need to do is install the Apiman oauth2 keycloak > plugin and > >>>>>>> configure your service policy to use it. The tutorial [1] > >>>>> describes each > >>>>>>> step in detail. > >>>>>>> > >>>>>>> [1] > >>>>> > http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html > >>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> ________________________ > >>>>>>> Rafael Torres Coelho Soares > >>>>>>> > >>>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard > >>>>>>> > >> wrote: > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> I have already asked this question but I need some help to > >>>>> figure > >>>>>>> out > >>>>>>> what are the steps required to setup Oauth 2 with > Keycloak as > >>>>> I'm > >>>>>>> preparing a demo > >>>>>>> (https://github.com/FuseByExample/rest-dsl-in-action) > >>>>>>> covering the point about how to secure & govern Camel > REST DSL > >>>>>>> endpoints > >>>>>>> on JBoss Fuse using Apiman & Keycloak ? > >>>>>>> > >>>>>>> I just need the list of the steps to perform from the > Web Site. > >>>>>>> Base on > >>>>>>> the input, I will take some screenshots and include the > >>>>> instructions > >>>>>>> within the demo content. Such input could be reused to > write > >>>>> a blog > >>>>>>> article too ;-) > >>>>>>> > >>>>>>> Regards, > >>>>>>> > >>>>>>> Charles > >>>>>>> _______________________________________________ > >>>>>>> Apiman-user mailing list > >>>>>>> Apiman-user at lists.jboss.org > > > > >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Apiman-user mailing list > >>>>>>> Apiman-user at lists.jboss.org > > >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>> > >>>>> _______________________________________________ > >>>>> Apiman-user mailing list > >>>>> Apiman-user at lists.jboss.org > >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > > From marc.savy at redhat.com Wed Sep 2 05:38:50 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 2 Sep 2015 10:38:50 +0100 Subject: [Apiman-user] Simple Prometheus metrics impl to try Message-ID: <55E6C3AA.7060305@redhat.com> Hi All, A very simple Prometheus scrape-based metrics impl was landed onto master (i.e. 1.2.x) yesterday. It's presently intended for use with the Vert.x 3 based gateway impl, but if you're so inclined you can actually test it with the Servlet-based impl[1]. It doesn't have any support for auth and is just plain HTTP. So, you'd need to lock down the network if you don't want outsiders to access it. The only configurable option at the moment is 'port', which indicates which port the HTTP server will listen on. To try it out, check out and build the latest apiman `master`, then in your vert.x conf file: "metrics": { "class": "io.apiman.gateway.engine.prometheus.PrometheusScrapeMetrics", "config": { "port": 8083 } } and for a servlet-based impl (you may need to do some twiddling to get stuff onto the classpath): apiman-gateway.metrics=io.apiman.gateway.engine.prometheus.PrometheusScrapeMetrics apiman-gateway.metrics.port=8083 You should then be able to set up Prometheus to scrape the gateway(s). Regards, Marc [1] This is inadvisable for any production scenario, since the web-server can't be configured through the usual standalone.xml route. From marc.savy at redhat.com Wed Sep 2 06:30:43 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 2 Sep 2015 11:30:43 +0100 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> <55E5BC25.9030606@redhat.com> <55E5C2B4.40305@redhat.com> <099D0DAC-A85B-4BC6-B371-D49FAC4A53EC@redhat.com> Message-ID: <55E6CFD3.4080205@redhat.com> Part of it was that I want to show the steps that would be required if/when people are writing their own programs - so, extracting the token, adding it to the appropriate header, etc. However, you do hit on an issue I felt, which is that the blog doesn't explore enough of the more realistic setups where client secrets (and auth codes, etc) are used instead of username and password. Perhaps in a future blog I should explore it; however, I'm always wary about using a tool that might exclude some of the audience (e.g. people who use only Firefox; people who don't want to install an extension). If I do it as separate post, rather than modifying the original, then I think this could be acceptable. Thanks for your thoughts, I'll try to integrate something into my next postings. On 01/09/2015 17:34, Rafael Soares wrote: > Hi! > > One nice thing you could add to your post is the use of Postman REST > Client App [1] (Chrome addon). > Postman offers a way to get an oAuth2 access_token (JWT) and add it to > your request. All visually without have to get the access_token using > 'curl' or 'httpie' (CLI utilities). > > See Postman Helpers [2]. I used it for my demos when working with REST > endpoints. I managed to get it working with the APIMan/Keycloak oauth2. > > [1] https://www.getpostman.com/ > [2] https://www.getpostman.com/docs/helpers > > ________________________ > Rafael Torres Coelho Soares > > On Tue, Sep 1, 2015 at 12:41 PM, Charles Moulliard > wrote: > > Fixed after changing user parameter. I'm able to get an access token > > So i will be able to take some screenshots now & elaborate the > instructions as addon of the excellent apiman & keycloak blog > article ;-) > > Sent from my iPhone > > > On 1 sept. 2015, at 17:36, Charles Moulliard > wrote: > > > > Works better now. I have also reseted the password to demo and I > get an account temporarily disabled > > > > Sent from my iPhone > > > >> On 1 sept. 2015, at 17:22, Marc Savy > wrote: > >> > >> > http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings > -> 'Direct Grant API' -> ON > >> > >> Now, curl -X POST > http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token > -H "Content-Type: application/x-www-form-urlencoded" -d > "username=demo" -d 'password=demo' -d 'grant_type=password' -d > 'client_id=demo' > >> > >> Works fine! > >> > >> As a side-note: I would also point your readers towards the > Keycloak docs, as this may not be an optimal setup for their > real-world requirements (e.g. they may want redirected > login-screens, user registration, SAML, etc, etc). > >> > >>> On 01/09/2015 15:54, Charles Moulliard wrote: > >>> > >>> On 01/09/15 11:57, Marc Savy wrote: > >>>> I would suggest you refer to the Keycloak documentation, as > there are > >>>> several ways to skin this particular cat. For instance, how > you decide > >>>> to set up your Keycloak configuration is highly dependent upon > your > >>>> specific requirements; whether you want token grants to be via the > >>>> API-only, or an HTTP redirect based approach (see: > >>>> > https://keycloak.github.io/docs/userguide/html/access-types.html); how > >>>> you wish to divide up your application; the level of security you > >>>> desire; any identity provision sources... > >>>> > >>>> At any rate, once you have Keycloak going, you would log in > and click > >>>> on 'create realm' (in my blog demo, that would be > >>>> http://localhost:8080/auth/admin/master/console/#/create/realm) - > >>>> then, add your client, roles, users, etc. > >>>> > >>>>> I have created a very basic use case : > >>> - realm = demo, > >>> - a user = demo and > >>> - a client = demo where Direct Grants Only = ON and Access Type > = Public > >>> > >>> but when I issue a request to get the Access Token, > >>> > >>> curl -X POST > >>> > http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H > >>> "Content-Type: application/x-www-form-urlencoded" -d > "username=demo" -d > >>> 'password=demo' -d 'grant_type=password' -d 'client_id=demo' > >>> > >>> I get this error --> > >>> > >>> {"error_description":"Direct Grant REST API not > >>> enabled","error":"not_enabled"} > >>> > >>> Here is the demo.json exported file = > >>> https://gist.github.com/cmoulliard/c25fef751886ace8c354 > >>> > >>> > >>>> To make your life simple for demo purposes, I suggest your > clients be > >>>> 'Direct Grants Only' and 'Public'. > >>>> > >>>> I'm not entirely clear from your email whether you want to script > >>>> this, or provide walk-through steps, or provide a pre-baked config > >>>> (like the blog). > >>>>> I would like to include instructions (= step by step > instructions) + > >>> screenshots and also a file (= json exported config) for end > users not > >>> interested to setup Keycloak > >>>> > >>>> Do you need to use roles and authorization? Or just simple > >>>> authentication? > >>>> > >>>> Regards, > >>>> Marc > >>>> > >>>> > >>>>> On 01/09/2015 06:20, Charles Moulliard wrote: > >>>>> This blog refers to a link where we will import a pre-defined > config > >>>>> > >>>>> First, log into the Keycloak server. If you?re following our > >>>>> walkthrough, the log-in details are identical to those > mentioned earlier > >>>>> (admin, admin123!). You can see that there is already an > apiman realm > >>>>> defined, but we?re going to create a new one, so navigate to > Add Realm > >>>>> (top right), and import and upload "this demonstration realm > definition > >>>>> - > http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it > >>>>> provides an extremely simple setup where we have: > >>>>> > >>>>> What I would like to explain how we can create this "stottie" > config in > >>>>> Keycloak (step by step, screenshots) > >>>>> > >>>>>> On 01/09/15 02:19, Eric Wittmann wrote: > >>>>>> +1 > >>>>>> > >>>>>> Thanks for responding, Rafael. I had intended to link this > very same > >>>>>> tutorial but then it slipped my mind. :) > >>>>>> > >>>>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote: > >>>>>>> Charles, > >>>>>>> > >>>>>>> Recently I followed the "/Keycloak and dagger: Securing your > >>>>> services > >>>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto > is great! > >>>>>>> > >>>>>>> You don't need to do anything on the Fuse/Camel side. All > setup is > >>>>> done > >>>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service > embedded and > >>>>>>> all you need to do is install the Apiman oauth2 keycloak > plugin and > >>>>>>> configure your service policy to use it. The tutorial [1] > >>>>> describes each > >>>>>>> step in detail. > >>>>>>> > >>>>>>> [1] > >>>>> > http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html > >>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> ________________________ > >>>>>>> Rafael Torres Coelho Soares > >>>>>>> > >>>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard > >>>>>>> > >> wrote: > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> I have already asked this question but I need some help to > >>>>> figure > >>>>>>> out > >>>>>>> what are the steps required to setup Oauth 2 with > Keycloak as > >>>>> I'm > >>>>>>> preparing a demo > >>>>>>> (https://github.com/FuseByExample/rest-dsl-in-action) > >>>>>>> covering the point about how to secure & govern Camel > REST DSL > >>>>>>> endpoints > >>>>>>> on JBoss Fuse using Apiman & Keycloak ? > >>>>>>> > >>>>>>> I just need the list of the steps to perform from the > Web Site. > >>>>>>> Base on > >>>>>>> the input, I will take some screenshots and include the > >>>>> instructions > >>>>>>> within the demo content. Such input could be reused to > write > >>>>> a blog > >>>>>>> article too ;-) > >>>>>>> > >>>>>>> Regards, > >>>>>>> > >>>>>>> Charles > >>>>>>> _______________________________________________ > >>>>>>> Apiman-user mailing list > >>>>>>> Apiman-user at lists.jboss.org > > > > >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> _______________________________________________ > >>>>>>> Apiman-user mailing list > >>>>>>> Apiman-user at lists.jboss.org > > >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >>>>> > >>>>> _______________________________________________ > >>>>> Apiman-user mailing list > >>>>> Apiman-user at lists.jboss.org > >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > > From cmoulliard at redhat.com Wed Sep 2 10:31:13 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Wed, 2 Sep 2015 16:31:13 +0200 Subject: [Apiman-user] Apiman & Keycloak In-Reply-To: <55E6CFD3.4080205@redhat.com> References: <55E4911A.8050904@redhat.com> <55E4EF21.4040402@redhat.com> <55E535A0.4060906@redhat.com> <55E5769B.9040008@redhat.com> <55E5BC25.9030606@redhat.com> <55E5C2B4.40305@redhat.com> <099D0DAC-A85B-4BC6-B371-D49FAC4A53EC@redhat.com> <55E6CFD3.4080205@redhat.com> Message-ID: <55E70831.7020603@redhat.com> Thx for your help. To avoid that the enduser use getpostman, I have created a bash script to query apiman to get & extract the access_token ftom HTTP response and next to call my service. Here is the script https://gist.github.com/cmoulliard/026a1867222dfe7dcfeb On 02/09/15 12:30, Marc Savy wrote: > Part of it was that I want to show the steps that would be required > if/when people are writing their own programs - so, extracting the > token, adding it to the appropriate header, etc. > > However, you do hit on an issue I felt, which is that the blog doesn't > explore enough of the more realistic setups where client secrets (and > auth codes, etc) are used instead of username and password. > > Perhaps in a future blog I should explore it; however, I'm always wary > about using a tool that might exclude some of the audience (e.g. people > who use only Firefox; people who don't want to install an extension). If > I do it as separate post, rather than modifying the original, then I > think this could be acceptable. > > Thanks for your thoughts, I'll try to integrate something into my next > postings. > > On 01/09/2015 17:34, Rafael Soares wrote: >> Hi! >> >> One nice thing you could add to your post is the use of Postman REST >> Client App [1] (Chrome addon). >> Postman offers a way to get an oAuth2 access_token (JWT) and add it to >> your request. All visually without have to get the access_token using >> 'curl' or 'httpie' (CLI utilities). >> >> See Postman Helpers [2]. I used it for my demos when working with REST >> endpoints. I managed to get it working with the APIMan/Keycloak oauth2. >> >> [1] https://www.getpostman.com/ >> [2] https://www.getpostman.com/docs/helpers >> >> ________________________ >> Rafael Torres Coelho Soares >> >> On Tue, Sep 1, 2015 at 12:41 PM, Charles Moulliard > > wrote: >> >> Fixed after changing user parameter. I'm able to get an access token >> >> So i will be able to take some screenshots now & elaborate the >> instructions as addon of the excellent apiman & keycloak blog >> article ;-) >> >> Sent from my iPhone >> >> > On 1 sept. 2015, at 17:36, Charles Moulliard > > wrote: >> > >> > Works better now. I have also reseted the password to demo and I >> get an account temporarily disabled >> > >> > Sent from my iPhone >> > >> >> On 1 sept. 2015, at 17:22, Marc Savy > > wrote: >> >> >> >> >> http://localhost:8080/auth/admin/master/console/#/realms/demo/login-settings >> -> 'Direct Grant API' -> ON >> >> >> >> Now, curl -X POST >> http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token >> -H "Content-Type: application/x-www-form-urlencoded" -d >> "username=demo" -d 'password=demo' -d 'grant_type=password' -d >> 'client_id=demo' >> >> >> >> Works fine! >> >> >> >> As a side-note: I would also point your readers towards the >> Keycloak docs, as this may not be an optimal setup for their >> real-world requirements (e.g. they may want redirected >> login-screens, user registration, SAML, etc, etc). >> >> >> >>> On 01/09/2015 15:54, Charles Moulliard wrote: >> >>> >> >>> On 01/09/15 11:57, Marc Savy wrote: >> >>>> I would suggest you refer to the Keycloak documentation, as >> there are >> >>>> several ways to skin this particular cat. For instance, how >> you decide >> >>>> to set up your Keycloak configuration is highly dependent upon >> your >> >>>> specific requirements; whether you want token grants to be >> via the >> >>>> API-only, or an HTTP redirect based approach (see: >> >>>> >> https://keycloak.github.io/docs/userguide/html/access-types.html); how >> >>>> you wish to divide up your application; the level of >> security you >> >>>> desire; any identity provision sources... >> >>>> >> >>>> At any rate, once you have Keycloak going, you would log in >> and click >> >>>> on 'create realm' (in my blog demo, that would be >> >>>> >> http://localhost:8080/auth/admin/master/console/#/create/realm) - >> >>>> then, add your client, roles, users, etc. >> >>>> >> >>>>> I have created a very basic use case : >> >>> - realm = demo, >> >>> - a user = demo and >> >>> - a client = demo where Direct Grants Only = ON and Access Type >> = Public >> >>> >> >>> but when I issue a request to get the Access Token, >> >>> >> >>> curl -X POST >> >>> >> http://127.0.0.1:8080/auth/realms/demo/protocol/openid-connect/token -H >> >>> "Content-Type: application/x-www-form-urlencoded" -d >> "username=demo" -d >> >>> 'password=demo' -d 'grant_type=password' -d 'client_id=demo' >> >>> >> >>> I get this error --> >> >>> >> >>> {"error_description":"Direct Grant REST API not >> >>> enabled","error":"not_enabled"} >> >>> >> >>> Here is the demo.json exported file = >> >>> https://gist.github.com/cmoulliard/c25fef751886ace8c354 >> >>> >> >>> >> >>>> To make your life simple for demo purposes, I suggest your >> clients be >> >>>> 'Direct Grants Only' and 'Public'. >> >>>> >> >>>> I'm not entirely clear from your email whether you want to >> script >> >>>> this, or provide walk-through steps, or provide a pre-baked >> config >> >>>> (like the blog). >> >>>>> I would like to include instructions (= step by step >> instructions) + >> >>> screenshots and also a file (= json exported config) for end >> users not >> >>> interested to setup Keycloak >> >>>> >> >>>> Do you need to use roles and authorization? Or just simple >> >>>> authentication? >> >>>> >> >>>> Regards, >> >>>> Marc >> >>>> >> >>>> >> >>>>> On 01/09/2015 06:20, Charles Moulliard wrote: >> >>>>> This blog refers to a link where we will import a pre-defined >> config >> >>>>> >> >>>>> First, log into the Keycloak server. If you?re following our >> >>>>> walkthrough, the log-in details are identical to those >> mentioned earlier >> >>>>> (admin, admin123!). You can see that there is already an >> apiman realm >> >>>>> defined, but we?re going to create a new one, so navigate to >> Add Realm >> >>>>> (top right), and import and upload "this demonstration realm >> definition >> >>>>> - >> http://www.apiman.io/blog/resources/2015-06-04/stottie.json"; it >> >>>>> provides an extremely simple setup where we have: >> >>>>> >> >>>>> What I would like to explain how we can create this "stottie" >> config in >> >>>>> Keycloak (step by step, screenshots) >> >>>>> >> >>>>>> On 01/09/15 02:19, Eric Wittmann wrote: >> >>>>>> +1 >> >>>>>> >> >>>>>> Thanks for responding, Rafael. I had intended to link this >> very same >> >>>>>> tutorial but then it slipped my mind. :) >> >>>>>> >> >>>>>>> On 8/31/2015 5:48 PM, Rafael Soares wrote: >> >>>>>>> Charles, >> >>>>>>> >> >>>>>>> Recently I followed the "/Keycloak and dagger: >> Securing your >> >>>>> services >> >>>>>>> with OAuth2/" tutorial [1] and it worked fine! This howto >> is great! >> >>>>>>> >> >>>>>>> You don't need to do anything on the Fuse/Camel side. All >> setup is >> >>>>> done >> >>>>>>> in the ApiMan side. ApiMan comes with a KeyCloak service >> embedded and >> >>>>>>> all you need to do is install the Apiman oauth2 keycloak >> plugin and >> >>>>>>> configure your service policy to use it. The tutorial [1] >> >>>>> describes each >> >>>>>>> step in detail. >> >>>>>>> >> >>>>>>> [1] >> >>>>> >> http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html >> >>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> ________________________ >> >>>>>>> Rafael Torres Coelho Soares >> >>>>>>> >> >>>>>>> On Mon, Aug 31, 2015 at 2:38 PM, Charles Moulliard >> >>>>>>> >> >> >> wrote: >> >>>>>>> >> >>>>>>> Hi, >> >>>>>>> >> >>>>>>> I have already asked this question but I need some >> help to >> >>>>> figure >> >>>>>>> out >> >>>>>>> what are the steps required to setup Oauth 2 with >> Keycloak as >> >>>>> I'm >> >>>>>>> preparing a demo >> >>>>>>> (https://github.com/FuseByExample/rest-dsl-in-action) >> >>>>>>> covering the point about how to secure & govern Camel >> REST DSL >> >>>>>>> endpoints >> >>>>>>> on JBoss Fuse using Apiman & Keycloak ? >> >>>>>>> >> >>>>>>> I just need the list of the steps to perform from the >> Web Site. >> >>>>>>> Base on >> >>>>>>> the input, I will take some screenshots and include the >> >>>>> instructions >> >>>>>>> within the demo content. Such input could be reused to >> write >> >>>>> a blog >> >>>>>>> article too ;-) >> >>>>>>> >> >>>>>>> Regards, >> >>>>>>> >> >>>>>>> Charles >> >>>>>>> _______________________________________________ >> >>>>>>> Apiman-user mailing list >> >>>>>>> Apiman-user at lists.jboss.org >> >> > > >> >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >> >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> >> >>>>>>> _______________________________________________ >> >>>>>>> Apiman-user mailing list >> >>>>>>> Apiman-user at lists.jboss.org >> >> >>>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >> >>>>> >> >>>>> _______________________________________________ >> >>>>> Apiman-user mailing list >> >>>>> Apiman-user at lists.jboss.org >> >> >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> >> > From marc.savy at redhat.com Sat Sep 5 06:45:28 2015 From: marc.savy at redhat.com (Marc Savy) Date: Sat, 5 Sep 2015 11:45:28 +0100 Subject: [Apiman-user] Call for testers: Vert.x 3 Gateway Message-ID: <55EAC7C8.8070707@redhat.com> Hi, As you may (or may not) know, we have had a Vert.x 3-based gateway hiding in our code-base for a couple of months now. Over that time it's received a fair bit of automated and manual testing, in addition to a good few tweaks and bug-fixes. The next step is to have a few intrepid community members try it out! It still has a few areas where we'll be looking to do improvements as features arrive from upstream, but generally things should work fine. Without further ado - = Prerequisites: * At the moment, ElasticSearch is the only component type supported. So, you'll need ES available on the machine(s) you're testing this on. * You need Java 8 and Maven = Build apiman master: git clone https://github.com/apiman/apiman.git && cd apiman mvn clean install cd gateway/platforms/vertx3/vertx3/ = Edit src/conf/conf.json: To better understand how this works, check out this README: https://github.com/apiman/apiman/blob/master/gateway/platforms/vertx3/vertx3/README.adoc Take particular note of which port your 'api' and 'http' verticles are running on. Feel free to change the 'count' of each type (e.g. 5 policy verticles). For each of the ES components, you'll need to edit it to match your local config - it might well be the same. = Run: java -jar target/apiman-gateway-platforms-vertx3-1.2.0-SNAPSHOT-fat.jar -conf src/conf/conf.json = Add the gateway: Fire up the apiman manager in the usual way, and in the Administration section, 'Manage Gateways'. Put in the details of your Vert.x Gateway, and give it a test Remember: you need to add the *API* endpoint here - by default http://localhost:8081; username: admin, password: admin. You should be able to explicitly publish stuff to your Vert.x 3 gateway now! = Are you brave? Run with -cluster to run in clustered mode. Let us know how it goes. Regards, Marc From msavy at redhat.com Sat Sep 5 07:20:17 2015 From: msavy at redhat.com (Marc Savy) Date: Sat, 5 Sep 2015 07:20:17 -0400 (EDT) Subject: [Apiman-user] HTTP Methods In-Reply-To: <55E05731.7090708@redhat.com> References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> Message-ID: <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> Fadi - Is this all working as expected? ----- Original Message ----- From: "Marc Savy" To: "Fadi Abdin" Cc: "apiman-user" Sent: Friday, 28 August, 2015 1:42:25 PM Subject: Re: [Apiman-user] HTTP Methods Should be 'apiman-plugins-cors-policy' ; repo is 'apiman-plugins' On 28/08/2015 13:40, Fadi Abdin wrote: > latest of cors-policy-plugin? > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > wrote: > > I think there may have been some overzealous error detection going > on. Please try out the latest master/1.1.x. > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > Hi Fadi. > > It's possible this is a bug in the CORS policy or a > mis-configuration. > Hopefully Marc can respond shortly. > > One thing I'll say is that you *probably* don't need to include > "OPTIONS" as one of the allowed CORS methods. > > -Eric > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > Hey Eric / Marc, > > > > Everything going good so far with the CORS fix but guessing > there is > > something still, or maybe i'm doing something wrong ( it > always happened > > to me ). > > > > I have setup my CORS Policy in API Man and included > > "Access-Control-Allow-Methods" : > "OPTIONS","GET","POST","DELETE",'PUT". > > > > But i get a 403 and "CORS: Invalid preflight request; must > use OPTIONS > > verb." on ANY service that is not GET. > > > > OPTIONS Header : > > > > 1. > > Remote Address: > > 172.26.209.66:443 > > > 2. > > Request URL: > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > 3. > > Request Method: > > OPTIONS > > 4. > > Status Code: > > 200 OK > > 1. Response Headersview source > > 1. > > Access-Control-Allow-Headers: > > Accept, Authorization, Head > > 2. > > Access-Control-Allow-Methods: > > OPTIONS, GET, POST, DELETE, PUT > > 3. > > Access-Control-Allow-Origin: > > http://localhost:8383 > > 4. > > Access-Control-Max-Age: > > 0 > > 5. > > Connection: > > keep-alive > > 6. > > Date: > > Thu, 27 Aug 2015 18:44:39 GMT > > 7. > > Server: > > WildFly/8 > > 8. > > Transfer-Encoding: > > chunked > > 9. > > X-Powered-By: > > Undertow/1 > > 2. Request Headersview source > > 1. > > Accept: > > */* > > 2. > > Accept-Encoding: > > gzip, deflate, sdch > > 3. > > Accept-Language: > > en-US,en;q=0.8,ar;q=0.6 > > 4. > > Access-Control-Request-Headers: > > accept, authorization > > 5. > > Access-Control-Request-Method: > > POST > > 6. > > Cache-Control: > > no-cache > > 7. > > Connection: > > keep-alive > > 8. > > Host: > > dev-internal-api.expdev.local > > 9. > > Origin: > > http://localhost:8383 > > 10. > > Pragma: > > no-cache > > 11. > > Referer: > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > POST HEADER > > > > 1. > > Remote Address: > > 172.26.209.66:443 > > > 2. > > Request URL: > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > 3. > > Request Method: > > POST > > 4. > > Status Code: > > 403 Forbidden > > 1. Response Headersview source > > 1. > > Access-Control-Allow-Origin: > > http://localhost:8383 > > 2. > > Connection: > > keep-alive > > 3. > > Content-Length: > > 195 > > 4. > > Content-Type: > > application/json > > 5. > > Date: > > Thu, 27 Aug 2015 18:44:39 GMT > > 6. > > Server: > > WildFly/8 > > 7. > > X-Policy-Failure-Code: > > 400 > > 8. > > X-Policy-Failure-Message: > > CORS: Invalid preflight request; must use > OPTIONS verb. > > 9. > > X-Policy-Failure-Type: > > Authorization > > 10. > > X-Powered-By: > > Undertow/1 > > 2. Request Headersview source > > 1. > > Accept: > > application/json, text/plain, */* > > 2. > > Accept-Encoding: > > gzip, deflate > > 3. > > Accept-Language: > > en-US,en;q=0.8,ar;q=0.6 > > 4. > > Authorization: > > Bearer > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > 5. > > Cache-Control: > > no-cache > > 6. > > Connection: > > keep-alive > > 7. > > Content-Length: > > 0 > > 8. > > Host: > > dev-internal-api.expdev.local > > 9. > > Origin: > > http://localhost:8383 > > 10. > > Pragma: > > no-cache > > 11. > > > > 12. > > > > > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From fadiabdeen at gmail.com Sat Sep 5 07:29:58 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Sat, 5 Sep 2015 07:29:58 -0400 Subject: [Apiman-user] HTTP Methods In-Reply-To: <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> Message-ID: Hey Marc, Thanks for asking.. I did not try updating the new version to get other the GET to work. Otherwise everything was perfect until Friday. and all the sudden some services start giving 500 when calling them (only in one of the environments setup). then i tried duplicating the the service and pumpup the version and it worked .. that was weird. but the cors didnt work. I did not fully invistigate whats going on but i was ready to send you an email explaining what happened after collecting more information. i'm not sure why i keep having some issues like this . but if i got a chance this weekend i might send you details. Thanks, Fadi On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy wrote: > Fadi - Is this all working as expected? > > ----- Original Message ----- > From: "Marc Savy" > To: "Fadi Abdin" > Cc: "apiman-user" > Sent: Friday, 28 August, 2015 1:42:25 PM > Subject: Re: [Apiman-user] HTTP Methods > > Should be 'apiman-plugins-cors-policy' ; repo is 'apiman-plugins' > > On 28/08/2015 13:40, Fadi Abdin wrote: > > latest of cors-policy-plugin? > > > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > > wrote: > > > > I think there may have been some overzealous error detection going > > on. Please try out the latest master/1.1.x. > > > > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > > > Hi Fadi. > > > > It's possible this is a bug in the CORS policy or a > > mis-configuration. > > Hopefully Marc can respond shortly. > > > > One thing I'll say is that you *probably* don't need to include > > "OPTIONS" as one of the allowed CORS methods. > > > > -Eric > > > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > > Hey Eric / Marc, > > > > > > Everything going good so far with the CORS fix but guessing > > there is > > > something still, or maybe i'm doing something wrong ( it > > always happened > > > to me ). > > > > > > I have setup my CORS Policy in API Man and included > > > "Access-Control-Allow-Methods" : > > "OPTIONS","GET","POST","DELETE",'PUT". > > > > > > But i get a 403 and "CORS: Invalid preflight request; must > > use OPTIONS > > > verb." on ANY service that is not GET. > > > > > > OPTIONS Header : > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > OPTIONS > > > 4. > > > Status Code: > > > 200 OK > > > 1. Response Headersview source > > > 1. > > > Access-Control-Allow-Headers: > > > Accept, Authorization, Head > > > 2. > > > Access-Control-Allow-Methods: > > > OPTIONS, GET, POST, DELETE, PUT > > > 3. > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 4. > > > Access-Control-Max-Age: > > > 0 > > > 5. > > > Connection: > > > keep-alive > > > 6. > > > Date: > > > Thu, 27 Aug 2015 18:44:39 GMT > > > 7. > > > Server: > > > WildFly/8 > > > 8. > > > Transfer-Encoding: > > > chunked > > > 9. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate, sdch > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Access-Control-Request-Headers: > > > accept, authorization > > > 5. > > > Access-Control-Request-Method: > > > POST > > > 6. > > > Cache-Control: > > > no-cache > > > 7. > > > Connection: > > > keep-alive > > > 8. > > > Host: > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > Referer: > > > > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > > > > > > POST HEADER > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > POST > > > 4. > > > Status Code: > > > 403 Forbidden > > > 1. Response Headersview source > > > 1. > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 2. > > > Connection: > > > keep-alive > > > 3. > > > Content-Length: > > > 195 > > > 4. > > > Content-Type: > > > application/json > > > 5. > > > Date: > > > Thu, 27 Aug 2015 18:44:39 GMT > > > 6. > > > Server: > > > WildFly/8 > > > 7. > > > X-Policy-Failure-Code: > > > 400 > > > 8. > > > X-Policy-Failure-Message: > > > CORS: Invalid preflight request; must use > > OPTIONS verb. > > > 9. > > > X-Policy-Failure-Type: > > > Authorization > > > 10. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > application/json, text/plain, */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Authorization: > > > Bearer > > > > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > > 5. > > > Cache-Control: > > > no-cache > > > 6. > > > Connection: > > > keep-alive > > > 7. > > > Content-Length: > > > 0 > > > 8. > > > Host: > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > > > > 12. > > > > > > > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org Apiman-user at lists.jboss.org> > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150905/ea5373c9/attachment-0001.html From fadiabdeen at gmail.com Sun Sep 6 07:45:57 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Sun, 6 Sep 2015 07:45:57 -0400 Subject: [Apiman-user] apiman 1.1.x build Message-ID: is anyone able to build ? i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions starting with : 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300 ]][index] ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr eady exists]; at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150906/fb8b46dd/attachment.html From fadiabdeen at gmail.com Sun Sep 6 07:56:11 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Sun, 6 Sep 2015 07:56:11 -0400 Subject: [Apiman-user] Failing Service Message-ID: Hey Guys, for one of the setup servers , i have woke up friday with a failing service .. nothing really changed overnight on Friday /3.1/.... All i did is create a new version of the service and publishing it /3.2/.... and here is my exception, do you have any explanation or thinks might make this happened that i can investigate and avoid ? : io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: Service not found. at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:415) at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:407) at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) at java.lang.Thread.run(Thread.java:745) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150906/ff458eb1/attachment.html From msavy at redhat.com Sun Sep 6 10:09:16 2015 From: msavy at redhat.com (Marc Savy) Date: Sun, 6 Sep 2015 10:09:16 -0400 (EDT) Subject: [Apiman-user] Failing Service In-Reply-To: References: Message-ID: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> Will need a lot more information than this to understand what's going on. 1) Which version are you using (apiman & plugins) 2) Gist your apiman.properties (feel free to delete any sensitive info) 3) Provide a more detailed on your ES setup. Do you set it to delete old records (age-based reaping)? Could someone have reset the DB overnight? i.e. use a UI tool like https://mobz.github.io/elasticsearch-head/ to see what data is in there. ----- Original Message ----- From: "Fadi Abdin" To: "apiman-user" Sent: Sunday, 6 September, 2015 12:56:11 PM Subject: [Apiman-user] Failing Service Hey Guys, for one of the setup servers , i have woke up friday with a failing service .. nothing really changed overnight on Friday /3.1/.... All i did is create a new version of the service and publishing it /3.2/.... and here is my exception, do you have any explanation or thinks might make this happened that i can investigate and avoid ? : io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: Service not found. at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:415) at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:407) at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) at java.lang.Thread.run(Thread.java:745) _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From msavy at redhat.com Sun Sep 6 10:36:21 2015 From: msavy at redhat.com (Marc Savy) Date: Sun, 6 Sep 2015 10:36:21 -0400 (EDT) Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: References: Message-ID: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> Hi, Which version of Java? (java -version) Which OS? (uname -a) Which commit? (git log -n 1) I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. Regards, Marc ----- Original Message ----- From: "Fadi Abdin" To: "apiman-user" Sent: Sunday, 6 September, 2015 12:45:57 PM Subject: [Apiman-user] apiman 1.1.x build is anyone able to build ? i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions starting with : 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr eady exists]; at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From fadiabdeen at gmail.com Sun Sep 6 10:41:11 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Sun, 6 Sep 2015 10:41:11 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> Message-ID: i tried it on mac and windows java version "1.7.0_71" its a clean clone : commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 Author: Eric Wittmann Date: Thu Sep 3 15:10:52 2015 -0400 also tried it with -DskipTests but get stuck or fail On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy wrote: > Hi, > > Which version of Java? (java -version) > > Which OS? (uname -a) > > Which commit? (git log -n 1) > > I wonder if the tests run during the build are actually connecting to your > production ES setup, which might explain some of your earlier issues. I'll > defer to Eric on that, as he's our resident ES expert. > > Regards, > Marc > > ----- Original Message ----- > From: "Fadi Abdin" > To: "apiman-user" > Sent: Sunday, 6 September, 2015 12:45:57 PM > Subject: [Apiman-user] apiman 1.1.x build > > is anyone able to build ? > i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot > of exceptions > > starting with : > 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: > javax.servlet.ServletException: io.apiman.manager.api.core.ex > ceptions.StorageException: Failed to index document admin of type user: > RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300 > ]][index] > ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] > [user][admin]: document already exists]; > javax.servlet.ServletException: > io.apiman.manager.api.core.exceptions.StorageException: Failed to index > document admin of type user: RemoteTransportEx > ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: > DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document > alr > eady exists]; > at > io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) > at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150906/2253b1f6/attachment.html From msavy at redhat.com Sun Sep 6 11:21:15 2015 From: msavy at redhat.com (Marc Savy) Date: Sun, 6 Sep 2015 11:21:15 -0400 (EDT) Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> Message-ID: <412389383.26367428.1441552875096.JavaMail.zimbra@redhat.com> Works okay for me locally on OS X with Java 1.7 Please post the full stack-trace and surrounding Maven build info into a Gist (i.e. few k lines before the error, and all after). ----- Original Message ----- From: "Fadi Abdin" To: "Marc Savy" Cc: "apiman-user" Sent: Sunday, 6 September, 2015 3:41:11 PM Subject: Re: [Apiman-user] apiman 1.1.x build i tried it on mac and windows java version "1.7.0_71" its a clean clone : commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 Author: Eric Wittmann < eric.wittmann at gmail.com > Date: Thu Sep 3 15:10:52 2015 -0400 also tried it with -DskipTests but get stuck or fail On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: Hi, Which version of Java? (java -version) Which OS? (uname -a) Which commit? (git log -n 1) I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. Regards, Marc ----- Original Message ----- From: "Fadi Abdin" < fadiabdeen at gmail.com > To: "apiman-user" < apiman-user at lists.jboss.org > Sent: Sunday, 6 September, 2015 12:45:57 PM Subject: [Apiman-user] apiman 1.1.x build is anyone able to build ? i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions starting with : 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr eady exists]; at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From msavy at redhat.com Sun Sep 6 11:25:04 2015 From: msavy at redhat.com (Marc Savy) Date: Sun, 6 Sep 2015 11:25:04 -0400 (EDT) Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> Message-ID: <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> And FWIW, here's our CI - https://travis-ci.org/apiman/apiman/builds/78634639 ----- Original Message ----- From: "Fadi Abdin" To: "Marc Savy" Cc: "apiman-user" Sent: Sunday, 6 September, 2015 3:41:11 PM Subject: Re: [Apiman-user] apiman 1.1.x build i tried it on mac and windows java version "1.7.0_71" its a clean clone : commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 Author: Eric Wittmann < eric.wittmann at gmail.com > Date: Thu Sep 3 15:10:52 2015 -0400 also tried it with -DskipTests but get stuck or fail On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: Hi, Which version of Java? (java -version) Which OS? (uname -a) Which commit? (git log -n 1) I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. Regards, Marc ----- Original Message ----- From: "Fadi Abdin" < fadiabdeen at gmail.com > To: "apiman-user" < apiman-user at lists.jboss.org > Sent: Sunday, 6 September, 2015 12:45:57 PM Subject: [Apiman-user] apiman 1.1.x build is anyone able to build ? i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions starting with : 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr eady exists]; at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From bgaisford at punagroup.com Sun Sep 6 12:24:50 2015 From: bgaisford at punagroup.com (Brandon Gaisford) Date: Sun, 6 Sep 2015 06:24:50 -1000 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> Message-ID: <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> Probably unrelated, but I also encountered build issues with the last couple apiman releases and had to give maven additional memory via maven_opts to complete a build: export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" Brandon On Sep 6, 2015, at 5:25 AM, Marc Savy wrote: > And FWIW, here's our CI - https://travis-ci.org/apiman/apiman/builds/78634639 > > ----- Original Message ----- > From: "Fadi Abdin" > To: "Marc Savy" > Cc: "apiman-user" > Sent: Sunday, 6 September, 2015 3:41:11 PM > Subject: Re: [Apiman-user] apiman 1.1.x build > > i tried it on mac and windows > > > java version "1.7.0_71" > > its a clean clone : > > commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 > > Author: Eric Wittmann < eric.wittmann at gmail.com > > > > > Date: Thu Sep 3 15:10:52 2015 -0400 > > > > > > > > also tried it with -DskipTests but get stuck or fail > > > > > > > On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: > > > Hi, > > Which version of Java? (java -version) > > Which OS? (uname -a) > > Which commit? (git log -n 1) > > I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. > > Regards, > Marc > > ----- Original Message ----- > From: "Fadi Abdin" < fadiabdeen at gmail.com > > To: "apiman-user" < apiman-user at lists.jboss.org > > Sent: Sunday, 6 September, 2015 12:45:57 PM > Subject: [Apiman-user] apiman 1.1.x build > > is anyone able to build ? > i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions > > starting with : > 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex > ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] > ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; > javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx > ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr > eady exists]; > at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) > at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user From marc.savy at redhat.com Sun Sep 6 13:12:53 2015 From: marc.savy at redhat.com (Marc Savy) Date: Sun, 6 Sep 2015 18:12:53 +0100 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> Message-ID: <55EC7415.7090308@redhat.com> +1 - it's a pain, and we'll fix it in the pom at some point soon. https://issues.jboss.org/browse/APIMAN-619 On 06/09/2015 17:24, Brandon Gaisford wrote: > > Probably unrelated, but I also encountered build issues with the last couple apiman releases and had to give maven additional memory via maven_opts to complete a build: > > export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" > > Brandon > > On Sep 6, 2015, at 5:25 AM, Marc Savy wrote: > >> And FWIW, here's our CI - https://travis-ci.org/apiman/apiman/builds/78634639 >> >> ----- Original Message ----- >> From: "Fadi Abdin" >> To: "Marc Savy" >> Cc: "apiman-user" >> Sent: Sunday, 6 September, 2015 3:41:11 PM >> Subject: Re: [Apiman-user] apiman 1.1.x build >> >> i tried it on mac and windows >> >> >> java version "1.7.0_71" >> >> its a clean clone : >> >> commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 >> >> Author: Eric Wittmann < eric.wittmann at gmail.com > >> >> >> >> Date: Thu Sep 3 15:10:52 2015 -0400 >> >> >> >> >> >> >> >> also tried it with -DskipTests but get stuck or fail >> >> >> >> >> >> >> On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: >> >> >> Hi, >> >> Which version of Java? (java -version) >> >> Which OS? (uname -a) >> >> Which commit? (git log -n 1) >> >> I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. >> >> Regards, >> Marc >> >> ----- Original Message ----- >> From: "Fadi Abdin" < fadiabdeen at gmail.com > >> To: "apiman-user" < apiman-user at lists.jboss.org > >> Sent: Sunday, 6 September, 2015 12:45:57 PM >> Subject: [Apiman-user] apiman 1.1.x build >> >> is anyone able to build ? >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions >> >> starting with : >> 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex >> ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; >> javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr >> eady exists]; >> at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) >> at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From fadiabdeen at gmail.com Sun Sep 6 14:12:31 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Sun, 6 Sep 2015 14:12:31 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <55EC7415.7090308@redhat.com> References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> <55EC7415.7090308@redhat.com> Message-ID: I'm glad you found it .. is there a workaround i can do to get this to work somehow? On Sun, Sep 6, 2015 at 1:12 PM, Marc Savy wrote: > +1 - it's a pain, and we'll fix it in the pom at some point soon. > > https://issues.jboss.org/browse/APIMAN-619 > > On 06/09/2015 17:24, Brandon Gaisford wrote: > > > > Probably unrelated, but I also encountered build issues with the last > couple apiman releases and had to give maven additional memory via > maven_opts to complete a build: > > > > export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" > > > > Brandon > > > > On Sep 6, 2015, at 5:25 AM, Marc Savy wrote: > > > >> And FWIW, here's our CI - > https://travis-ci.org/apiman/apiman/builds/78634639 > >> > >> ----- Original Message ----- > >> From: "Fadi Abdin" > >> To: "Marc Savy" > >> Cc: "apiman-user" > >> Sent: Sunday, 6 September, 2015 3:41:11 PM > >> Subject: Re: [Apiman-user] apiman 1.1.x build > >> > >> i tried it on mac and windows > >> > >> > >> java version "1.7.0_71" > >> > >> its a clean clone : > >> > >> commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 > >> > >> Author: Eric Wittmann < eric.wittmann at gmail.com > > >> > >> > >> > >> Date: Thu Sep 3 15:10:52 2015 -0400 > >> > >> > >> > >> > >> > >> > >> > >> also tried it with -DskipTests but get stuck or fail > >> > >> > >> > >> > >> > >> > >> On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: > >> > >> > >> Hi, > >> > >> Which version of Java? (java -version) > >> > >> Which OS? (uname -a) > >> > >> Which commit? (git log -n 1) > >> > >> I wonder if the tests run during the build are actually connecting to > your production ES setup, which might explain some of your earlier issues. > I'll defer to Eric on that, as he's our resident ES expert. > >> > >> Regards, > >> Marc > >> > >> ----- Original Message ----- > >> From: "Fadi Abdin" < fadiabdeen at gmail.com > > >> To: "apiman-user" < apiman-user at lists.jboss.org > > >> Sent: Sunday, 6 September, 2015 12:45:57 PM > >> Subject: [Apiman-user] apiman 1.1.x build > >> > >> is anyone able to build ? > >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a > lot of exceptions > >> > >> starting with : > >> 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: > javax.servlet.ServletException: io.apiman.manager.api.core.ex > >> ceptions.StorageException: Failed to index document admin of type user: > RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300 > ]][index] > >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] > [user][admin]: document already exists]; > >> javax.servlet.ServletException: > io.apiman.manager.api.core.exceptions.StorageException: Failed to index > document admin of type user: RemoteTransportEx > >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; > nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: > document alr > >> eady exists]; > >> at > io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) > >> at > org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150906/18fe5fb0/attachment.html From msavy at redhat.com Sun Sep 6 14:18:06 2015 From: msavy at redhat.com (Marc Savy) Date: Sun, 6 Sep 2015 14:18:06 -0400 (EDT) Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> <55EC7415.7090308@redhat.com> Message-ID: <1417103928.26394851.1441563486784.JavaMail.zimbra@redhat.com> That was a reply to Brandon. Likely not your issue; unless you tried increasing the memory available to Maven, and the problem went away? ----- Original Message ----- From: "Fadi Abdin" To: "Marc Savy" Cc: "apiman-user" Sent: Sunday, 6 September, 2015 7:12:31 PM Subject: Re: [Apiman-user] apiman 1.1.x build I'm glad you found it .. is there a workaround i can do to get this to work somehow? On Sun, Sep 6, 2015 at 1:12 PM, Marc Savy < marc.savy at redhat.com > wrote: +1 - it's a pain, and we'll fix it in the pom at some point soon. https://issues.jboss.org/browse/APIMAN-619 On 06/09/2015 17:24, Brandon Gaisford wrote: > > Probably unrelated, but I also encountered build issues with the last couple apiman releases and had to give maven additional memory via maven_opts to complete a build: > > export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" > > Brandon > > On Sep 6, 2015, at 5:25 AM, Marc Savy < msavy at redhat.com > wrote: > >> And FWIW, here's our CI - https://travis-ci.org/apiman/apiman/builds/78634639 >> >> ----- Original Message ----- >> From: "Fadi Abdin" < fadiabdeen at gmail.com > >> To: "Marc Savy" < msavy at redhat.com > >> Cc: "apiman-user" < apiman-user at lists.jboss.org > >> Sent: Sunday, 6 September, 2015 3:41:11 PM >> Subject: Re: [Apiman-user] apiman 1.1.x build >> >> i tried it on mac and windows >> >> >> java version "1.7.0_71" >> >> its a clean clone : >> >> commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 >> >> Author: Eric Wittmann < eric.wittmann at gmail.com > >> >> >> >> Date: Thu Sep 3 15:10:52 2015 -0400 >> >> >> >> >> >> >> >> also tried it with -DskipTests but get stuck or fail >> >> >> >> >> >> >> On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: >> >> >> Hi, >> >> Which version of Java? (java -version) >> >> Which OS? (uname -a) >> >> Which commit? (git log -n 1) >> >> I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. >> >> Regards, >> Marc >> >> ----- Original Message ----- >> From: "Fadi Abdin" < fadiabdeen at gmail.com > >> To: "apiman-user" < apiman-user at lists.jboss.org > >> Sent: Sunday, 6 September, 2015 12:45:57 PM >> Subject: [Apiman-user] apiman 1.1.x build >> >> is anyone able to build ? >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions >> >> starting with : >> 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex >> ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; >> javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr >> eady exists]; >> at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) >> at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From fadiabdeen at gmail.com Sun Sep 6 21:05:56 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Sun, 6 Sep 2015 21:05:56 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <1417103928.26394851.1441563486784.JavaMail.zimbra@redhat.com> References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> <55EC7415.7090308@redhat.com> <1417103928.26394851.1441563486784.JavaMail.zimbra@redhat.com> Message-ID: Thanks Brandon, i've seen this error before , but it seems not related .. Its still not building for me On Sun, Sep 6, 2015 at 2:18 PM, Marc Savy wrote: > That was a reply to Brandon. Likely not your issue; unless you tried > increasing the memory available to Maven, and the problem went away? > > ----- Original Message ----- > From: "Fadi Abdin" > To: "Marc Savy" > Cc: "apiman-user" > Sent: Sunday, 6 September, 2015 7:12:31 PM > Subject: Re: [Apiman-user] apiman 1.1.x build > > I'm glad you found it .. is there a workaround i can do to get this to > work somehow? > > On Sun, Sep 6, 2015 at 1:12 PM, Marc Savy < marc.savy at redhat.com > wrote: > > > +1 - it's a pain, and we'll fix it in the pom at some point soon. > > https://issues.jboss.org/browse/APIMAN-619 > > On 06/09/2015 17:24, Brandon Gaisford wrote: > > > > Probably unrelated, but I also encountered build issues with the last > couple apiman releases and had to give maven additional memory via > maven_opts to complete a build: > > > > export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" > > > > Brandon > > > > On Sep 6, 2015, at 5:25 AM, Marc Savy < msavy at redhat.com > wrote: > > > >> And FWIW, here's our CI - > https://travis-ci.org/apiman/apiman/builds/78634639 > >> > >> ----- Original Message ----- > >> From: "Fadi Abdin" < fadiabdeen at gmail.com > > >> To: "Marc Savy" < msavy at redhat.com > > >> Cc: "apiman-user" < apiman-user at lists.jboss.org > > >> Sent: Sunday, 6 September, 2015 3:41:11 PM > >> Subject: Re: [Apiman-user] apiman 1.1.x build > >> > >> i tried it on mac and windows > >> > >> > >> java version "1.7.0_71" > >> > >> its a clean clone : > >> > >> commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 > >> > >> Author: Eric Wittmann < eric.wittmann at gmail.com > > >> > >> > >> > >> Date: Thu Sep 3 15:10:52 2015 -0400 > >> > >> > >> > >> > >> > >> > >> > >> also tried it with -DskipTests but get stuck or fail > >> > >> > >> > >> > >> > >> > >> On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: > >> > >> > >> Hi, > >> > >> Which version of Java? (java -version) > >> > >> Which OS? (uname -a) > >> > >> Which commit? (git log -n 1) > >> > >> I wonder if the tests run during the build are actually connecting to > your production ES setup, which might explain some of your earlier issues. > I'll defer to Eric on that, as he's our resident ES expert. > >> > >> Regards, > >> Marc > >> > >> ----- Original Message ----- > >> From: "Fadi Abdin" < fadiabdeen at gmail.com > > >> To: "apiman-user" < apiman-user at lists.jboss.org > > >> Sent: Sunday, 6 September, 2015 12:45:57 PM > >> Subject: [Apiman-user] apiman 1.1.x build > >> > >> is anyone able to build ? > >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a > lot of exceptions > >> > >> starting with : > >> 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: > javax.servlet.ServletException: io.apiman.manager.api.core.ex > >> ceptions.StorageException: Failed to index document admin of type user: > RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300 > ]][index] > >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] > [user][admin]: document already exists]; > >> javax.servlet.ServletException: > io.apiman.manager.api.core.exceptions.StorageException: Failed to index > document admin of type user: RemoteTransportEx > >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; > nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: > document alr > >> eady exists]; > >> at > io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) > >> at > org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150906/866ef978/attachment.html From fadiabdeen at gmail.com Mon Sep 7 07:19:54 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Mon, 7 Sep 2015 07:19:54 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> <55EC7415.7090308@redhat.com> <1417103928.26394851.1441563486784.JavaMail.zimbra@redhat.com> Message-ID: i was able to build on my macbook .. increasing the memory might have helped . On Sun, Sep 6, 2015 at 9:05 PM, Fadi Abdin wrote: > Thanks Brandon, i've seen this error before , but it seems not related .. > Its still not building for me > > On Sun, Sep 6, 2015 at 2:18 PM, Marc Savy wrote: > >> That was a reply to Brandon. Likely not your issue; unless you tried >> increasing the memory available to Maven, and the problem went away? >> >> ----- Original Message ----- >> From: "Fadi Abdin" >> To: "Marc Savy" >> Cc: "apiman-user" >> Sent: Sunday, 6 September, 2015 7:12:31 PM >> Subject: Re: [Apiman-user] apiman 1.1.x build >> >> I'm glad you found it .. is there a workaround i can do to get this to >> work somehow? >> >> On Sun, Sep 6, 2015 at 1:12 PM, Marc Savy < marc.savy at redhat.com > wrote: >> >> >> +1 - it's a pain, and we'll fix it in the pom at some point soon. >> >> https://issues.jboss.org/browse/APIMAN-619 >> >> On 06/09/2015 17:24, Brandon Gaisford wrote: >> > >> > Probably unrelated, but I also encountered build issues with the last >> couple apiman releases and had to give maven additional memory via >> maven_opts to complete a build: >> > >> > export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" >> > >> > Brandon >> > >> > On Sep 6, 2015, at 5:25 AM, Marc Savy < msavy at redhat.com > wrote: >> > >> >> And FWIW, here's our CI - >> https://travis-ci.org/apiman/apiman/builds/78634639 >> >> >> >> ----- Original Message ----- >> >> From: "Fadi Abdin" < fadiabdeen at gmail.com > >> >> To: "Marc Savy" < msavy at redhat.com > >> >> Cc: "apiman-user" < apiman-user at lists.jboss.org > >> >> Sent: Sunday, 6 September, 2015 3:41:11 PM >> >> Subject: Re: [Apiman-user] apiman 1.1.x build >> >> >> >> i tried it on mac and windows >> >> >> >> >> >> java version "1.7.0_71" >> >> >> >> its a clean clone : >> >> >> >> commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 >> >> >> >> Author: Eric Wittmann < eric.wittmann at gmail.com > >> >> >> >> >> >> >> >> Date: Thu Sep 3 15:10:52 2015 -0400 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> also tried it with -DskipTests but get stuck or fail >> >> >> >> >> >> >> >> >> >> >> >> >> >> On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: >> >> >> >> >> >> Hi, >> >> >> >> Which version of Java? (java -version) >> >> >> >> Which OS? (uname -a) >> >> >> >> Which commit? (git log -n 1) >> >> >> >> I wonder if the tests run during the build are actually connecting to >> your production ES setup, which might explain some of your earlier issues. >> I'll defer to Eric on that, as he's our resident ES expert. >> >> >> >> Regards, >> >> Marc >> >> >> >> ----- Original Message ----- >> >> From: "Fadi Abdin" < fadiabdeen at gmail.com > >> >> To: "apiman-user" < apiman-user at lists.jboss.org > >> >> Sent: Sunday, 6 September, 2015 12:45:57 PM >> >> Subject: [Apiman-user] apiman 1.1.x build >> >> >> >> is anyone able to build ? >> >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a >> lot of exceptions >> >> >> >> starting with : >> >> 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: >> javax.servlet.ServletException: io.apiman.manager.api.core.ex >> >> ceptions.StorageException: Failed to index document admin of type >> user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300 >> ]][index] >> >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] >> [user][admin]: document already exists]; >> >> javax.servlet.ServletException: >> io.apiman.manager.api.core.exceptions.StorageException: Failed to index >> document admin of type user: RemoteTransportEx >> >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; >> nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: >> document alr >> >> eady exists]; >> >> at >> io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) >> >> at >> org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) >> >> >> >> _______________________________________________ >> >> Apiman-user mailing list >> >> Apiman-user at lists.jboss.org >> >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> >> >> >> _______________________________________________ >> >> Apiman-user mailing list >> >> Apiman-user at lists.jboss.org >> >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> _______________________________________________ >> >> Apiman-user mailing list >> >> Apiman-user at lists.jboss.org >> >> https://lists.jboss.org/mailman/listinfo/apiman-user >> > >> > >> > _______________________________________________ >> > Apiman-user mailing list >> > Apiman-user at lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/apiman-user >> > >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150907/676a9e8c/attachment-0001.html From cmoulliard at redhat.com Mon Sep 7 12:18:16 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Mon, 7 Sep 2015 18:18:16 +0200 Subject: [Apiman-user] Question about OAuth2 (apiman & keycloak) Message-ID: <55EDB8C8.3040001@redhat.com> Hi, This blog post details how to use Oauth2 between APiman & Keycloak ("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"). I have some questions to ask you about where these requests are related to OAuth2 spec/protocol When we issue the request to get an access token for the client_id = apiman "curl -X POST http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token -H "Content-Type: application/x-www-form-urlencoded" -d "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d 'client_id=apiman'", does this request corresponds to Oauth 2 process where the client requests an access token to the authorization server (= keycloak) using as grant-type = password (http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) ? Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP Client will call the gateway to access a HTTP endpoint secured by the Api gateway ? Regards, Charles From marc.savy at redhat.com Mon Sep 7 14:30:12 2015 From: marc.savy at redhat.com (Marc Savy) Date: Mon, 7 Sep 2015 19:30:12 +0100 Subject: [Apiman-user] Question about OAuth2 (apiman & keycloak) In-Reply-To: <55EDB8C8.3040001@redhat.com> References: <55EDB8C8.3040001@redhat.com> Message-ID: <55EDD7B4.9050302@redhat.com> This is using openid-connect, which is layered on top of OAuth2 and provides a bunch of useful standardised fields for authentication purposes (to verify that the caller is who they claim to be; as opposed to authorization, which is talking more about what you are allowed to do). There are a couple of good StackExchange threads which will be helpful: - http://security.stackexchange.com/a/44614 - http://security.stackexchange.com/a/47136 On 07/09/2015 17:18, Charles Moulliard wrote: > Hi, > > This blog post details how to use Oauth2 between APiman & Keycloak > ("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"). > > I have some questions to ask you about where these requests are related > to OAuth2 spec/protocol > > When we issue the request to get an access token for the client_id = > apiman "curl -X POST > http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token > -H "Content-Type: application/x-www-form-urlencoded" -d > "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d > 'client_id=apiman'", does this request corresponds to Oauth 2 process > where the client requests an access token to the authorization server (= > keycloak) using as grant-type = password > (http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) ? > > Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP > Client will call the gateway to access a HTTP endpoint secured by the > Api gateway ? > > Regards, > > Charles > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From marc.savy at redhat.com Mon Sep 7 14:34:16 2015 From: marc.savy at redhat.com (Marc Savy) Date: Mon, 7 Sep 2015 19:34:16 +0100 Subject: [Apiman-user] Question about OAuth2 (apiman & keycloak) In-Reply-To: <55EDD7B4.9050302@redhat.com> References: <55EDB8C8.3040001@redhat.com> <55EDD7B4.9050302@redhat.com> Message-ID: <55EDD8A8.1030309@redhat.com> A point that really bears reinforcing is that openid-connect provides a standardised mechanism for authentication which is completely decentralised (i.e. no need for the server to speak to the token issuer every time it wants to verify a token) - all of the information required is encoded within the token (plus trusted key data stored on the gateway). On 07/09/2015 19:30, Marc Savy wrote: > This is using openid-connect, which is layered on top of OAuth2 and > provides a bunch of useful standardised fields for authentication > purposes (to verify that the caller is who they claim to be; as opposed > to authorization, which is talking more about what you are allowed to do). > > There are a couple of good StackExchange threads which will be helpful: > - http://security.stackexchange.com/a/44614 > - http://security.stackexchange.com/a/47136 > > On 07/09/2015 17:18, Charles Moulliard wrote: > > Hi, > > > > This blog post details how to use Oauth2 between APiman & Keycloak > > ("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"). > > > > > > I have some questions to ask you about where these requests are related > > to OAuth2 spec/protocol > > > > When we issue the request to get an access token for the client_id = > > apiman "curl -X POST > > http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token > > -H "Content-Type: application/x-www-form-urlencoded" -d > > "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d > > 'client_id=apiman'", does this request corresponds to Oauth 2 process > > where the client requests an access token to the authorization server (= > > keycloak) using as grant-type = password > > (http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) ? > > > > Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP > > Client will call the gateway to access a HTTP endpoint secured by the > > Api gateway ? > > > > Regards, > > > > Charles > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > From eric.wittmann at redhat.com Tue Sep 8 08:32:39 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Tue, 8 Sep 2015 08:32:39 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> References: <1401524107.26364097.1441550181744.JavaMail.zimbra@redhat.com> <1527899323.26367605.1441553104022.JavaMail.zimbra@redhat.com> <44ACF31B-8EC8-4D3D-9065-CB8D29BBF019@punagroup.com> Message-ID: <55EED567.8050109@redhat.com> Yeah this is currently required in most environments. I haven't yet investigated how to make maven automatically grant additional memory to the unit tests. If anyone out there knows offhand how to do that, we'd love a PR. :) -Eric On 9/6/2015 12:24 PM, Brandon Gaisford wrote: > > Probably unrelated, but I also encountered build issues with the last couple apiman releases and had to give maven additional memory via maven_opts to complete a build: > > export MAVEN_OPTS=?-Xmx1024m -XX:MaxPermSize=256M" > > Brandon > > On Sep 6, 2015, at 5:25 AM, Marc Savy wrote: > >> And FWIW, here's our CI - https://travis-ci.org/apiman/apiman/builds/78634639 >> >> ----- Original Message ----- >> From: "Fadi Abdin" >> To: "Marc Savy" >> Cc: "apiman-user" >> Sent: Sunday, 6 September, 2015 3:41:11 PM >> Subject: Re: [Apiman-user] apiman 1.1.x build >> >> i tried it on mac and windows >> >> >> java version "1.7.0_71" >> >> its a clean clone : >> >> commit 9cce3c7a29cb60fc20ae94dfd1418227426ed8a4 >> >> Author: Eric Wittmann < eric.wittmann at gmail.com > >> >> >> >> Date: Thu Sep 3 15:10:52 2015 -0400 >> >> >> >> >> >> >> >> also tried it with -DskipTests but get stuck or fail >> >> >> >> >> >> >> On Sun, Sep 6, 2015 at 10:36 AM, Marc Savy < msavy at redhat.com > wrote: >> >> >> Hi, >> >> Which version of Java? (java -version) >> >> Which OS? (uname -a) >> >> Which commit? (git log -n 1) >> >> I wonder if the tests run during the build are actually connecting to your production ES setup, which might explain some of your earlier issues. I'll defer to Eric on that, as he's our resident ES expert. >> >> Regards, >> Marc >> >> ----- Original Message ----- >> From: "Fadi Abdin" < fadiabdeen at gmail.com > >> To: "apiman-user" < apiman-user at lists.jboss.org > >> Sent: Sunday, 6 September, 2015 12:45:57 PM >> Subject: [Apiman-user] apiman 1.1.x build >> >> is anyone able to build ? >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a lot of exceptions >> >> starting with : >> 07:40:15,782 WARN FAILED o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: javax.servlet.ServletException: io.apiman.manager.api.core.ex >> ceptions.StorageException: Failed to index document admin of type user: RemoteTransportException[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index] >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document already exists]; >> javax.servlet.ServletException: io.apiman.manager.api.core.exceptions.StorageException: Failed to index document admin of type user: RemoteTransportEx >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: document alr >> eady exists]; >> at io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) >> at org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From eric.wittmann at redhat.com Tue Sep 8 09:49:23 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Tue, 8 Sep 2015 09:49:23 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: References: Message-ID: <55EEE763.7090407@redhat.com> Any chance you are trying to do the build on the same machine that is running apiman in some way? If not, could you provide the full output of your build? -Eric On 9/6/2015 7:45 AM, Fadi Abdin wrote: > is anyone able to build ? > i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a > lot of exceptions > > starting with : > 07:40:15,782 WARN FAILED > o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: > javax.servlet.ServletException: io.apiman.manager.api.core.ex > ceptions.StorageException: Failed to index document admin of type user: > RemoteTransportException[[Marsha > Rosenberg][inet[/172.26.209.73:19300]][index] > ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] > [user][admin]: document already exists]; > javax.servlet.ServletException: > io.apiman.manager.api.core.exceptions.StorageException: Failed to index > document admin of type user: RemoteTransportEx > ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: > DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: > document alr > eady exists]; > at > io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) > at > org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From eric.wittmann at redhat.com Tue Sep 8 09:50:53 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Tue, 8 Sep 2015 09:50:53 -0400 Subject: [Apiman-user] Failing Service In-Reply-To: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> References: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> Message-ID: <55EEE7BD.3010108@redhat.com> +1 - we definitely need more information here. :) On 9/6/2015 10:09 AM, Marc Savy wrote: > Will need a lot more information than this to understand what's going on. > > 1) Which version are you using (apiman & plugins) > 2) Gist your apiman.properties (feel free to delete any sensitive info) > 3) Provide a more detailed on your ES setup. Do you set it to delete old records (age-based reaping)? Could someone have reset the DB overnight? i.e. use a UI tool like https://mobz.github.io/elasticsearch-head/ to see what data is in there. > > ----- Original Message ----- > From: "Fadi Abdin" > To: "apiman-user" > Sent: Sunday, 6 September, 2015 12:56:11 PM > Subject: [Apiman-user] Failing Service > > Hey Guys, > > for one of the setup servers , i have woke up friday with a failing service .. nothing really changed overnight on Friday > > /3.1/.... > > All i did is create a new version of the service and publishing it > /3.2/.... > > and here is my exception, do you have any explanation or thinks might make this happened that i can investigate and avoid ? : > io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: Service not found. > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:415) > at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:407) > at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) > at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) > at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) > at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) > at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) > at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) > at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) > at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) > at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) > at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) > at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) > at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) > at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) > at java.lang.Thread.run(Thread.java:745) > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From fadiabdeen at gmail.com Tue Sep 8 13:47:36 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Tue, 8 Sep 2015 13:47:36 -0400 Subject: [Apiman-user] Failing Service In-Reply-To: <55EEE7BD.3010108@redhat.com> References: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> <55EEE7BD.3010108@redhat.com> Message-ID: here is it attached .. , do you see anything weird ? On Tue, Sep 8, 2015 at 9:50 AM, Eric Wittmann wrote: > +1 - we definitely need more information here. :) > > > On 9/6/2015 10:09 AM, Marc Savy wrote: > >> Will need a lot more information than this to understand what's going on. >> >> 1) Which version are you using (apiman & plugins) >> 2) Gist your apiman.properties (feel free to delete any sensitive info) >> 3) Provide a more detailed on your ES setup. Do you set it to delete old >> records (age-based reaping)? Could someone have reset the DB overnight? >> i.e. use a UI tool like https://mobz.github.io/elasticsearch-head/ to >> see what data is in there. >> >> ----- Original Message ----- >> From: "Fadi Abdin" >> To: "apiman-user" >> Sent: Sunday, 6 September, 2015 12:56:11 PM >> Subject: [Apiman-user] Failing Service >> >> Hey Guys, >> >> for one of the setup servers , i have woke up friday with a failing >> service .. nothing really changed overnight on Friday >> >> /3.1/.... >> >> All i did is create a new version of the service and publishing it >> /3.2/.... >> >> and here is my exception, do you have any explanation or thinks might >> make this happened that i can investigate and avoid ? : >> io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: >> Service not found. >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) >> at >> io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) >> at >> io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) >> at io.apiman.gateway.engine.es >> .ESRegistry$10.completed(ESRegistry.java:415) >> at io.apiman.gateway.engine.es >> .ESRegistry$10.completed(ESRegistry.java:407) >> at >> io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) >> at >> io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) >> at >> org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) >> at >> org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) >> at >> org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) >> at >> org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) >> at >> org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) >> at >> org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) >> at >> org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) >> at >> org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) >> at >> org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) >> at >> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) >> at >> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) >> at >> org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) >> at >> org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) >> at >> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) >> at java.lang.Thread.run(Thread.java:745) >> >> >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150908/1876e4f1/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: apiman.properties Type: application/octet-stream Size: 8023 bytes Desc: not available Url : http://lists.jboss.org/pipermail/apiman-user/attachments/20150908/1876e4f1/attachment-0001.obj From eric.wittmann at redhat.com Tue Sep 8 14:45:23 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Tue, 8 Sep 2015 14:45:23 -0400 Subject: [Apiman-user] Failing Service In-Reply-To: References: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> <55EEE7BD.3010108@redhat.com> Message-ID: <55EF2CC3.8080307@redhat.com> Hi Fadi. It looks like you're using all the apiman quickstart defaults, so that's OK. I wonder - are you trying to build apiman on the same machine? Also: it would be interesting to get the output from this: http://localhost:19200/apiman_gateway/service/_search?pretty=true -Eric PS: if this system is running in production you should refer to our production guide for help with a more appropriate configuration: http://www.apiman.io/latest/production-guide.html On 9/8/2015 1:47 PM, Fadi Abdin wrote: > here is it attached .. , do you see anything weird ? > > On Tue, Sep 8, 2015 at 9:50 AM, Eric Wittmann > wrote: > > +1 - we definitely need more information here. :) > > > On 9/6/2015 10:09 AM, Marc Savy wrote: > > Will need a lot more information than this to understand what's > going on. > > 1) Which version are you using (apiman & plugins) > 2) Gist your apiman.properties (feel free to delete any > sensitive info) > 3) Provide a more detailed on your ES setup. Do you set it to > delete old records (age-based reaping)? Could someone have reset > the DB overnight? i.e. use a UI tool like > https://mobz.github.io/elasticsearch-head/ to see what data is > in there. > > ----- Original Message ----- > From: "Fadi Abdin" > > To: "apiman-user" > > Sent: Sunday, 6 September, 2015 12:56:11 PM > Subject: [Apiman-user] Failing Service > > Hey Guys, > > for one of the setup servers , i have woke up friday with a > failing service .. nothing really changed overnight on Friday > > /3.1/.... > > All i did is create a new version of the service and publishing it > /3.2/.... > > and here is my exception, do you have any explanation or thinks > might make this happened that i can investigate and avoid ? : > io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: > Service not found. > at > io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) > at > io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) > at > io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) > at > io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.es > .ESRegistry$10.completed(ESRegistry.java:415) > at io.apiman.gateway.engine.es > .ESRegistry$10.completed(ESRegistry.java:407) > at > io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) > at > io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) > at > org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) > at > org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) > at > org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) > at > org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) > at > org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) > at > org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) > at > org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) > at > org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) > at > org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) > at > org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) > at > org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) > at > org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) > at > org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) > at > org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) > at java.lang.Thread.run(Thread.java:745) > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > > From cmoulliard at redhat.com Wed Sep 9 03:39:10 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Wed, 9 Sep 2015 09:39:10 +0200 Subject: [Apiman-user] Question about OAuth2 (apiman & keycloak) In-Reply-To: <55EDD7B4.9050302@redhat.com> References: <55EDB8C8.3040001@redhat.com> <55EDD7B4.9050302@redhat.com> Message-ID: <55EFE21E.1090905@redhat.com> Thx for the info. To be complete, these links are also very valuable to understand the JWT (Token issued by Keycloak) https://scotch.io/tutorials/the-anatomy-of-a-json-web-token https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html and to decode token based 64 to a more human readable http://jwt.io/ On 07/09/15 20:30, Marc Savy wrote: > This is using openid-connect, which is layered on top of OAuth2 and > provides a bunch of useful standardised fields for authentication > purposes (to verify that the caller is who they claim to be; as > opposed to authorization, which is talking more about what you are > allowed to do). > > There are a couple of good StackExchange threads which will be helpful: > - http://security.stackexchange.com/a/44614 > - http://security.stackexchange.com/a/47136 > > On 07/09/2015 17:18, Charles Moulliard wrote: >> Hi, >> >> This blog post details how to use Oauth2 between APiman & Keycloak >> ("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"). >> >> >> I have some questions to ask you about where these requests are related >> to OAuth2 spec/protocol >> >> When we issue the request to get an access token for the client_id = >> apiman "curl -X POST >> http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token >> -H "Content-Type: application/x-www-form-urlencoded" -d >> "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d >> 'client_id=apiman'", does this request corresponds to Oauth 2 process >> where the client requests an access token to the authorization server (= >> keycloak) using as grant-type = password >> (http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) >> ? >> >> Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP >> Client will call the gateway to access a HTTP endpoint secured by the >> Api gateway ? >> >> Regards, >> >> Charles >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> > From marc.savy at redhat.com Wed Sep 9 05:35:55 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 10:35:55 +0100 Subject: [Apiman-user] Question about OAuth2 (apiman & keycloak) In-Reply-To: <55EFE21E.1090905@redhat.com> References: <55EDB8C8.3040001@redhat.com> <55EDD7B4.9050302@redhat.com> <55EFE21E.1090905@redhat.com> Message-ID: <55EFFD7B.6020205@redhat.com> > and to decode token based 64 to a more human readable > > http://jwt.io/ Ah, that's very cool! Thanks for that, didn't know about it. Maybe I should integrate a reference to it in the blog. On 09/09/2015 08:39, Charles Moulliard wrote: > Thx for the info. To be complete, these links are also very valuable to > understand the JWT (Token issued by Keycloak) > > https://scotch.io/tutorials/the-anatomy-of-a-json-web-token > https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html > > > and to decode token based 64 to a more human readable > > http://jwt.io/ > > > On 07/09/15 20:30, Marc Savy wrote: >> This is using openid-connect, which is layered on top of OAuth2 and >> provides a bunch of useful standardised fields for authentication >> purposes (to verify that the caller is who they claim to be; as >> opposed to authorization, which is talking more about what you are >> allowed to do). >> >> There are a couple of good StackExchange threads which will be helpful: >> - http://security.stackexchange.com/a/44614 >> - http://security.stackexchange.com/a/47136 >> >> On 07/09/2015 17:18, Charles Moulliard wrote: >>> Hi, >>> >>> This blog post details how to use Oauth2 between APiman & Keycloak >>> ("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"). >>> >>> >>> I have some questions to ask you about where these requests are related >>> to OAuth2 spec/protocol >>> >>> When we issue the request to get an access token for the client_id = >>> apiman "curl -X POST >>> http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token >>> -H "Content-Type: application/x-www-form-urlencoded" -d >>> "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d >>> 'client_id=apiman'", does this request corresponds to Oauth 2 process >>> where the client requests an access token to the authorization server (= >>> keycloak) using as grant-type = password >>> (http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) >>> ? >>> >>> Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP >>> Client will call the gateway to access a HTTP endpoint secured by the >>> Api gateway ? >>> >>> Regards, >>> >>> Charles >>> _______________________________________________ >>> Apiman-user mailing list >>> Apiman-user at lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/apiman-user >>> >> > From cmoulliard at redhat.com Wed Sep 9 05:40:36 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Wed, 9 Sep 2015 11:40:36 +0200 Subject: [Apiman-user] Question about OAuth2 (apiman & keycloak) In-Reply-To: <55EFFD7B.6020205@redhat.com> References: <55EDB8C8.3040001@redhat.com> <55EDD7B4.9050302@redhat.com> <55EFE21E.1090905@redhat.com> <55EFFD7B.6020205@redhat.com> Message-ID: <55EFFE94.1060808@redhat.com> Blog and/or documentation to help the end user to figure out the token used between the client and APiman & Keycloak. On 09/09/15 11:35, Marc Savy wrote: >> and to decode token based 64 to a more human readable >> >> http://jwt.io/ > > Ah, that's very cool! Thanks for that, didn't know about it. Maybe I > should integrate a reference to it in the blog. > > On 09/09/2015 08:39, Charles Moulliard wrote: >> Thx for the info. To be complete, these links are also very valuable to >> understand the JWT (Token issued by Keycloak) >> >> https://scotch.io/tutorials/the-anatomy-of-a-json-web-token >> https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html >> >> >> >> and to decode token based 64 to a more human readable >> >> http://jwt.io/ >> >> >> On 07/09/15 20:30, Marc Savy wrote: >>> This is using openid-connect, which is layered on top of OAuth2 and >>> provides a bunch of useful standardised fields for authentication >>> purposes (to verify that the caller is who they claim to be; as >>> opposed to authorization, which is talking more about what you are >>> allowed to do). >>> >>> There are a couple of good StackExchange threads which will be helpful: >>> - http://security.stackexchange.com/a/44614 >>> - http://security.stackexchange.com/a/47136 >>> >>> On 07/09/2015 17:18, Charles Moulliard wrote: >>>> Hi, >>>> >>>> This blog post details how to use Oauth2 between APiman & Keycloak >>>> ("http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication/authorization/2015/06/09/keycloak-oauth2.html"). >>>> >>>> >>>> >>>> I have some questions to ask you about where these requests are >>>> related >>>> to OAuth2 spec/protocol >>>> >>>> When we issue the request to get an access token for the client_id = >>>> apiman "curl -X POST >>>> http://127.0.0.1:8080/auth/realms/stottie/protocol/openid-connect/token >>>> >>>> -H "Content-Type: application/x-www-form-urlencoded" -d >>>> "username=rincewind" -d 'password=apiman' -d 'grant_type=password' -d >>>> 'client_id=apiman'", does this request corresponds to Oauth 2 process >>>> where the client requests an access token to the authorization >>>> server (= >>>> keycloak) using as grant-type = password >>>> (http://oauthlib.readthedocs.org/en/latest/oauth2/grants/password.html) >>>> >>>> ? >>>> >>>> Is this request also issued by the "Apiman OAuth2 Policy" when a HTTP >>>> Client will call the gateway to access a HTTP endpoint secured by the >>>> Api gateway ? >>>> >>>> Regards, >>>> >>>> Charles >>>> _______________________________________________ >>>> Apiman-user mailing list >>>> Apiman-user at lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/apiman-user >>>> >>> >> > From cmoulliard at redhat.com Wed Sep 9 09:45:04 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Wed, 9 Sep 2015 15:45:04 +0200 Subject: [Apiman-user] apiman.properties file not used for elasticsearch (1.1.7.Final) Message-ID: <55F037E0.7050703@redhat.com> Hi, If I change the apiman.properties file located under standalone/configuration folder of wildfly (apiman-1.1.7.Final/wildfly-8.2.0.Final/standalone/configuration/apiman.properties), save it and restart wildfly # --------------------------------------------------------------------- # The following are settings for using elasticsearch for various # apiman components. # --------------------------------------------------------------------- apiman.es.protocol=http #apiman.es.host=localhost #apiman.es.port=19200 apiman.es.host=localhost apiman.es.port=9200 apiman.es.username= apiman.es.password= apiman continues to use the old setting of ElasticSearch (= port 19200 and not 9200 as changed). 15:19:20,637 INFO [org.wildfly.extension.undertow] (MSC service thread 1-9) JBAS017534: Registered web context: /auth 15:19:21,622 INFO [org.elasticsearch.cluster.service] (elasticsearch[Bobster][clusterService#updateTask][T#1]) [Bobster] new_master [Bobster][JzTqzlrTQtC5lsLhrjrPyQ][localhost][inet[/192.168.1.80:19300]]{local=false}, reason: zen-disco-join (elected_as_master) 15:19:21,649 INFO [org.elasticsearch.http] (MSC service thread 1-13) [Bobster] bound_address {inet[/0.0.0.0:19200]}, publish_address {inet[/192.168.1.80:19200]} 15:19:21,650 INFO [org.elasticsearch.node] (MSC service thread 1-13) [Bobster] started 15:19:21,650 INFO [stdout] (MSC service thread 1-13) ----------------------------- 15:19:21,651 INFO [stdout] (MSC service thread 1-13) apiman-es started! 15:19:21,651 INFO [stdout] (MSC service thread 1-13) ----------------------------- 15:19:21,655 INFO [org.wildfly.extension.undertow] (MSC service thread 1-13) JBAS017534: Registered web context: /apiman-es Is there something else to do ? Regards, -- Charles Moulliard Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - Belgium twitter: @cmoulliard | blog: cmoulliard.github.io committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm, deltaspike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150909/4c2d07f6/attachment.html From eric.wittmann at redhat.com Wed Sep 9 11:22:54 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Wed, 9 Sep 2015 11:22:54 -0400 Subject: [Apiman-user] apiman.properties file not used for elasticsearch (1.1.7.Final) In-Reply-To: <55F037E0.7050703@redhat.com> References: <55F037E0.7050703@redhat.com> Message-ID: <55F04ECE.602@redhat.com> That setting in apiman is for the client (when connecting apiman to the possibly remote elasticsearch instance). The apiman quickstart also comes with a built-in elasticsearch *server* which always runs on port 19200. If you no longer want to use the built-in apiman-es instance, then you can remove "apiman-es.war" from your deployments. -Eric On 9/9/2015 9:45 AM, Charles Moulliard wrote: > Hi, > > If I change the apiman.properties file located under > standalone/configuration folder of wildfly > (apiman-1.1.7.Final/wildfly-8.2.0.Final/standalone/configuration/apiman.properties), > save it and restart wildfly > > # --------------------------------------------------------------------- > # The following are settings for using elasticsearch for various > # apiman components. > # --------------------------------------------------------------------- > apiman.es.protocol=http > #apiman.es.host=localhost > #apiman.es.port=19200 > apiman.es.host=localhost > apiman.es.port=9200 > apiman.es.username= > apiman.es.password= > > apiman continues to use the old setting of ElasticSearch (= port 19200 > and not 9200 as changed). > > 15:19:20,637 INFO [org.wildfly.extension.undertow] (MSC service thread > 1-9) JBAS017534: Registered web context: /auth > 15:19:21,622 INFO [org.elasticsearch.cluster.service] > (elasticsearch[Bobster][clusterService#updateTask][T#1]) [Bobster] > new_master > [Bobster][JzTqzlrTQtC5lsLhrjrPyQ][localhost][inet[/192.168.1.80:19300]]{local=false}, > reason: zen-disco-join (elected_as_master) > 15:19:21,649 INFO [org.elasticsearch.http] (MSC service thread 1-13) > [Bobster] bound_address {inet[/0.0.0.0:19200]}, publish_address > {inet[/192.168.1.80:19200]} > 15:19:21,650 INFO [org.elasticsearch.node] (MSC service thread 1-13) > [Bobster] started > 15:19:21,650 INFO [stdout] (MSC service thread 1-13) > ----------------------------- > 15:19:21,651 INFO [stdout] (MSC service thread 1-13) apiman-es started! > 15:19:21,651 INFO [stdout] (MSC service thread 1-13) > ----------------------------- > 15:19:21,655 INFO [org.wildfly.extension.undertow] (MSC service thread > 1-13) JBAS017534: Registered web context: /apiman-es > > Is there something else to do ? > > Regards, > -- > Charles Moulliard > Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat > cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 > MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - > Belgium > twitter: @cmoulliard | blog: > cmoulliard.github.io > committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, > jbpm, deltaspike > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From fadiabdeen at gmail.com Wed Sep 9 13:32:49 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Wed, 9 Sep 2015 13:32:49 -0400 Subject: [Apiman-user] HTTP Methods In-Reply-To: References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> Message-ID: Hey Marc , There is still a problem. I just installed the latest version and tried a POST , the preflight passes but the acual post failes .. check this Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin wrote: > Hey Marc, > > Thanks for asking.. I did not try updating the new version to get other > the GET to work. > > Otherwise everything was perfect until Friday. and all the sudden some > services start giving 500 when calling them (only in one of the > environments setup). then i tried duplicating the the service and pumpup > the version and it worked .. that was weird. but the cors didnt work. I did > not fully invistigate whats going on but i was ready to send you an email > explaining what happened after collecting more information. i'm not sure > why i keep having some issues like this . but if i got a chance this > weekend i might send you details. > > Thanks, > Fadi > > > On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy wrote: > >> Fadi - Is this all working as expected? >> >> ----- Original Message ----- >> From: "Marc Savy" >> To: "Fadi Abdin" >> Cc: "apiman-user" >> Sent: Friday, 28 August, 2015 1:42:25 PM >> Subject: Re: [Apiman-user] HTTP Methods >> >> Should be 'apiman-plugins-cors-policy' ; repo is 'apiman-plugins' >> >> On 28/08/2015 13:40, Fadi Abdin wrote: >> > latest of cors-policy-plugin? >> > >> > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > > > wrote: >> > >> > I think there may have been some overzealous error detection going >> > on. Please try out the latest master/1.1.x. >> > >> > >> > On 27/08/2015 20:02, Eric Wittmann wrote: >> > >> > Hi Fadi. >> > >> > It's possible this is a bug in the CORS policy or a >> > mis-configuration. >> > Hopefully Marc can respond shortly. >> > >> > One thing I'll say is that you *probably* don't need to include >> > "OPTIONS" as one of the allowed CORS methods. >> > >> > -Eric >> > >> > On 8/27/2015 2:48 PM, Fadi Abdin wrote: >> > > Hey Eric / Marc, >> > > >> > > Everything going good so far with the CORS fix but guessing >> > there is >> > > something still, or maybe i'm doing something wrong ( it >> > always happened >> > > to me ). >> > > >> > > I have setup my CORS Policy in API Man and included >> > > "Access-Control-Allow-Methods" : >> > "OPTIONS","GET","POST","DELETE",'PUT". >> > > >> > > But i get a 403 and "CORS: Invalid preflight request; must >> > use OPTIONS >> > > verb." on ANY service that is not GET. >> > > >> > > OPTIONS Header : >> > > >> > > 1. >> > > Remote Address: >> > > 172.26.209.66:443 >> > >> > > 2. >> > > Request URL: >> > > >> > >> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post >> > > 3. >> > > Request Method: >> > > OPTIONS >> > > 4. >> > > Status Code: >> > > 200 OK >> > > 1. Response Headersview source >> > > 1. >> > > Access-Control-Allow-Headers: >> > > Accept, Authorization, Head >> > > 2. >> > > Access-Control-Allow-Methods: >> > > OPTIONS, GET, POST, DELETE, PUT >> > > 3. >> > > Access-Control-Allow-Origin: >> > > http://localhost:8383 >> > > 4. >> > > Access-Control-Max-Age: >> > > 0 >> > > 5. >> > > Connection: >> > > keep-alive >> > > 6. >> > > Date: >> > > Thu, 27 Aug 2015 18:44:39 GMT >> > > 7. >> > > Server: >> > > WildFly/8 >> > > 8. >> > > Transfer-Encoding: >> > > chunked >> > > 9. >> > > X-Powered-By: >> > > Undertow/1 >> > > 2. Request Headersview source >> > > 1. >> > > Accept: >> > > */* >> > > 2. >> > > Accept-Encoding: >> > > gzip, deflate, sdch >> > > 3. >> > > Accept-Language: >> > > en-US,en;q=0.8,ar;q=0.6 >> > > 4. >> > > Access-Control-Request-Headers: >> > > accept, authorization >> > > 5. >> > > Access-Control-Request-Method: >> > > POST >> > > 6. >> > > Cache-Control: >> > > no-cache >> > > 7. >> > > Connection: >> > > keep-alive >> > > 8. >> > > Host: >> > > dev-internal-api.expdev.local >> > > 9. >> > > Origin: >> > > http://localhost:8383 >> > > 10. >> > > Pragma: >> > > no-cache >> > > 11. >> > > Referer: >> > > >> > >> http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 >> > > >> > > >> > > >> > > >> > > POST HEADER >> > > >> > > 1. >> > > Remote Address: >> > > 172.26.209.66:443 >> > >> > > 2. >> > > Request URL: >> > > >> > >> https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post >> > > 3. >> > > Request Method: >> > > POST >> > > 4. >> > > Status Code: >> > > 403 Forbidden >> > > 1. Response Headersview source >> > > 1. >> > > Access-Control-Allow-Origin: >> > > http://localhost:8383 >> > > 2. >> > > Connection: >> > > keep-alive >> > > 3. >> > > Content-Length: >> > > 195 >> > > 4. >> > > Content-Type: >> > > application/json >> > > 5. >> > > Date: >> > > Thu, 27 Aug 2015 18:44:39 GMT >> > > 6. >> > > Server: >> > > WildFly/8 >> > > 7. >> > > X-Policy-Failure-Code: >> > > 400 >> > > 8. >> > > X-Policy-Failure-Message: >> > > CORS: Invalid preflight request; must use >> > OPTIONS verb. >> > > 9. >> > > X-Policy-Failure-Type: >> > > Authorization >> > > 10. >> > > X-Powered-By: >> > > Undertow/1 >> > > 2. Request Headersview source >> > > 1. >> > > Accept: >> > > application/json, text/plain, */* >> > > 2. >> > > Accept-Encoding: >> > > gzip, deflate >> > > 3. >> > > Accept-Language: >> > > en-US,en;q=0.8,ar;q=0.6 >> > > 4. >> > > Authorization: >> > > Bearer >> > > >> > >> eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ >> > > 5. >> > > Cache-Control: >> > > no-cache >> > > 6. >> > > Connection: >> > > keep-alive >> > > 7. >> > > Content-Length: >> > > 0 >> > > 8. >> > > Host: >> > > dev-internal-api.expdev.local >> > > 9. >> > > Origin: >> > > http://localhost:8383 >> > > 10. >> > > Pragma: >> > > no-cache >> > > 11. >> > > >> > > 12. >> > > >> > > >> > > >> > > >> > > _______________________________________________ >> > > Apiman-user mailing list >> > > Apiman-user at lists.jboss.org > Apiman-user at lists.jboss.org> >> > > https://lists.jboss.org/mailman/listinfo/apiman-user >> > > >> > _______________________________________________ >> > Apiman-user mailing list >> > Apiman-user at lists.jboss.org > > >> > https://lists.jboss.org/mailman/listinfo/apiman-user >> > >> > >> > >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150909/53b340c0/attachment-0001.html From marc.savy at redhat.com Wed Sep 9 13:35:50 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 18:35:50 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> Message-ID: <55F06DF6.2060800@redhat.com> I'll try to check it out - I thought this was the problem already fixed. Will attempt to verify and get back to you. On 09/09/2015 18:32, Fadi Abdin wrote: > Hey Marc , > > There is still a problem. I just installed the latest version and tried > a POST , the preflight passes but the acual post failes .. check this > > Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > > > > > On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin > wrote: > > Hey Marc, > > Thanks for asking.. I did not try updating the new version to get > other the GET to work. > > Otherwise everything was perfect until Friday. and all the sudden > some services start giving 500 when calling them (only in one of the > environments setup). then i tried duplicating the the service and > pumpup the version and it worked .. that was weird. but the cors > didnt work. I did not fully invistigate whats going on but i was > ready to send you an email explaining what happened after collecting > more information. i'm not sure why i keep having some issues like > this . but if i got a chance this weekend i might send you details. > > Thanks, > Fadi > > > On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy > wrote: > > Fadi - Is this all working as expected? > > ----- Original Message ----- > From: "Marc Savy" > > To: "Fadi Abdin" > > Cc: "apiman-user" > > Sent: Friday, 28 August, 2015 1:42:25 PM > Subject: Re: [Apiman-user] HTTP Methods > > Should be 'apiman-plugins-cors-policy' ; repo is 'apiman-plugins' > > On 28/08/2015 13:40, Fadi Abdin wrote: > > latest of cors-policy-plugin? > > > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > > > >> > wrote: > > > > I think there may have been some overzealous error > detection going > > on. Please try out the latest master/1.1.x. > > > > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > > > Hi Fadi. > > > > It's possible this is a bug in the CORS policy or a > > mis-configuration. > > Hopefully Marc can respond shortly. > > > > One thing I'll say is that you *probably* don't need > to include > > "OPTIONS" as one of the allowed CORS methods. > > > > -Eric > > > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > > Hey Eric / Marc, > > > > > > Everything going good so far with the CORS fix but > guessing > > there is > > > something still, or maybe i'm doing something > wrong ( it > > always happened > > > to me ). > > > > > > I have setup my CORS Policy in API Man and included > > > "Access-Control-Allow-Methods" : > > "OPTIONS","GET","POST","DELETE",'PUT". > > > > > > But i get a 403 and "CORS: Invalid preflight > request; must > > use OPTIONS > > > verb." on ANY service that is not GET. > > > > > > OPTIONS Header : > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > OPTIONS > > > 4. > > > Status Code: > > > 200 OK > > > 1. Response Headersview source > > > 1. > > > Access-Control-Allow-Headers: > > > Accept, Authorization, Head > > > 2. > > > Access-Control-Allow-Methods: > > > OPTIONS, GET, POST, DELETE, PUT > > > 3. > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 4. > > > Access-Control-Max-Age: > > > 0 > > > 5. > > > Connection: > > > keep-alive > > > 6. > > > Date: > > > Thu, 27 Aug 2015 18:44:39 GMT > > > 7. > > > Server: > > > WildFly/8 > > > 8. > > > Transfer-Encoding: > > > chunked > > > 9. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate, sdch > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Access-Control-Request-Headers: > > > accept, authorization > > > 5. > > > Access-Control-Request-Method: > > > POST > > > 6. > > > Cache-Control: > > > no-cache > > > 7. > > > Connection: > > > keep-alive > > > 8. > > > Host: > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > Referer: > > > > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > > > > > > POST HEADER > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > POST > > > 4. > > > Status Code: > > > 403 Forbidden > > > 1. Response Headersview source > > > 1. > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 2. > > > Connection: > > > keep-alive > > > 3. > > > Content-Length: > > > 195 > > > 4. > > > Content-Type: > > > application/json > > > 5. > > > Date: > > > Thu, 27 Aug 2015 18:44:39 GMT > > > 6. > > > Server: > > > WildFly/8 > > > 7. > > > X-Policy-Failure-Code: > > > 400 > > > 8. > > > X-Policy-Failure-Message: > > > CORS: Invalid preflight request; must use > > OPTIONS verb. > > > 9. > > > X-Policy-Failure-Type: > > > Authorization > > > 10. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > application/json, text/plain, */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Authorization: > > > Bearer > > > > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > > 5. > > > Cache-Control: > > > no-cache > > > 6. > > > Connection: > > > keep-alive > > > 7. > > > Content-Length: > > > 0 > > > 8. > > > Host: > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > > > > 12. > > > > > > > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org > > > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > > > From marc.savy at redhat.com Wed Sep 9 13:53:15 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 18:53:15 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> <55F06DF6.2060800@redhat.com> Message-ID: <55F0720B.30401@redhat.com> It seems to work for me on 1.2.0-SNAPSHOT for me. Maybe you're picking up an old version of the plugin somehow? :-( Is there any chance you can provide a reproducer script? Use something else other than the OAuth2 policy So have something like: CORS -> Rate Limiting Policy Then your script would be something that accesses that backend service using a POST request, and hopefully it'll reveal the issue (can just be a curl command with all the appropriate headers set). On 09/09/2015 18:41, Fadi Abdin wrote: > The problem is that CORS wont work for other than GET , i tried > POST,PUT,DELETE , all fail > > Thanks for looking into it. > > > On Wed, Sep 9, 2015 at 1:35 PM, Marc Savy > wrote: > > I'll try to check it out - I thought this was the problem already > fixed. Will attempt to verify and get back to you. > > On 09/09/2015 18:32, Fadi Abdin wrote: > > Hey Marc , > > There is still a problem. I just installed the latest version > and tried > a POST , the preflight passes but the acual post failes .. check > this > > Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > > > > > On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin > >> wrote: > > Hey Marc, > > Thanks for asking.. I did not try updating the new version > to get > other the GET to work. > > Otherwise everything was perfect until Friday. and all the > sudden > some services start giving 500 when calling them (only in > one of the > environments setup). then i tried duplicating the the > service and > pumpup the version and it worked .. that was weird. but the > cors > didnt work. I did not fully invistigate whats going on but > i was > ready to send you an email explaining what happened after > collecting > more information. i'm not sure why i keep having some > issues like > this . but if i got a chance this weekend i might send you > details. > > Thanks, > Fadi > > > On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy > >> wrote: > > Fadi - Is this all working as expected? > > ----- Original Message ----- > From: "Marc Savy" > >> > To: "Fadi Abdin" > >> > Cc: "apiman-user" > >> > Sent: Friday, 28 August, 2015 1:42:25 PM > Subject: Re: [Apiman-user] HTTP Methods > > Should be 'apiman-plugins-cors-policy' ; repo is > 'apiman-plugins' > > On 28/08/2015 13:40, Fadi Abdin wrote: > > latest of cors-policy-plugin? > > > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > > > > > >>> > > wrote: > > > > I think there may have been some overzealous error > detection going > > on. Please try out the latest master/1.1.x. > > > > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > > > Hi Fadi. > > > > It's possible this is a bug in the CORS > policy or a > > mis-configuration. > > Hopefully Marc can respond shortly. > > > > One thing I'll say is that you *probably* > don't need > to include > > "OPTIONS" as one of the allowed CORS methods. > > > > -Eric > > > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > > Hey Eric / Marc, > > > > > > Everything going good so far with the > CORS fix but > guessing > > there is > > > something still, or maybe i'm doing something > wrong ( it > > always happened > > > to me ). > > > > > > I have setup my CORS Policy in API Man > and included > > > "Access-Control-Allow-Methods" : > > "OPTIONS","GET","POST","DELETE",'PUT". > > > > > > But i get a 403 and "CORS: Invalid preflight > request; must > > use OPTIONS > > > verb." on ANY service that is not GET. > > > > > > OPTIONS Header : > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > OPTIONS > > > 4. > > > Status Code: > > > 200 OK > > > 1. Response Headersview source > > > 1. > > > Access-Control-Allow-Headers: > > > Accept, Authorization, Head > > > 2. > > > Access-Control-Allow-Methods: > > > OPTIONS, GET, POST, DELETE, PUT > > > 3. > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 4. > > > Access-Control-Max-Age: > > > 0 > > > 5. > > > Connection: > > > keep-alive > > > 6. > > > Date: > > > Thu, 27 Aug 2015 18:44:39 GMT > > > 7. > > > Server: > > > WildFly/8 > > > 8. > > > Transfer-Encoding: > > > chunked > > > 9. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate, sdch > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Access-Control-Request-Headers: > > > accept, authorization > > > 5. > > > Access-Control-Request-Method: > > > POST > > > 6. > > > Cache-Control: > > > no-cache > > > 7. > > > Connection: > > > keep-alive > > > 8. > > > Host: > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > Referer: > > > > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > > > > > > POST HEADER > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > POST > > > 4. > > > Status Code: > > > 403 Forbidden > > > 1. Response Headersview source > > > 1. > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 2. > > > Connection: > > > keep-alive > > > 3. > > > Content-Length: > > > 195 > > > 4. > > > Content-Type: > > > application/json > > > 5. > > > Date: > > > Thu, 27 Aug 2015 18:44:39 GMT > > > 6. > > > Server: > > > WildFly/8 > > > 7. > > > X-Policy-Failure-Code: > > > 400 > > > 8. > > > X-Policy-Failure-Message: > > > CORS: Invalid preflight > request; must use > > OPTIONS verb. > > > 9. > > > X-Policy-Failure-Type: > > > Authorization > > > 10. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > application/json, > text/plain, */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Authorization: > > > Bearer > > > > > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > > 5. > > > Cache-Control: > > > no-cache > > > 6. > > > Connection: > > > keep-alive > > > 7. > > > Content-Length: > > > 0 > > > 8. > > > Host: > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > > > > 12. > > > > > > > > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org > > > > > >> > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > > > > >> > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > From fadiabdeen at gmail.com Wed Sep 9 13:58:05 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Wed, 9 Sep 2015 13:58:05 -0400 Subject: [Apiman-user] apiman 1.1.x build In-Reply-To: <55EEE763.7090407@redhat.com> References: <55EEE763.7090407@redhat.com> Message-ID: i turn it off with the -DskipTests https://gist.github.com/fadiabdeen/77b112c1d16f1a1864a5 On Tue, Sep 8, 2015 at 9:49 AM, Eric Wittmann wrote: > Any chance you are trying to do the build on the same machine that is > running apiman in some way? > > If not, could you provide the full output of your build? > > -Eric > > > On 9/6/2015 7:45 AM, Fadi Abdin wrote: > >> is anyone able to build ? >> i do mvn clean install but i get stuck on 'apiman-distro-db-es' with a >> lot of exceptions >> >> starting with : >> 07:40:15,782 WARN FAILED >> o.e.j.s.ServletContextHandler at 62b54e9a{/apiman,null,STARTING}: >> javax.servlet.ServletException: io.apiman.manager.api.core.ex >> ceptions.StorageException: Failed to index document admin of type user: >> RemoteTransportException[[Marsha >> Rosenberg][inet[/172.26.209.73:19300]][index] >> ]; nested: DocumentAlreadyExistsException[[apiman_manager][2] >> [user][admin]: document already exists]; >> javax.servlet.ServletException: >> io.apiman.manager.api.core.exceptions.StorageException: Failed to index >> document admin of type user: RemoteTransportEx >> ception[[Marsha Rosenberg][inet[/172.26.209.73:19300]][index]]; nested: >> DocumentAlreadyExistsException[[apiman_manager][2] [user][admin]: >> document alr >> eady exists]; >> at >> >> io.apiman.manager.test.server.DatabaseSeedFilter.init(DatabaseSeedFilter.java:57) >> at >> org.eclipse.jetty.servlet.FilterHolder.initialize(FilterHolder.java:138) >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150909/64bd5a23/attachment.html From marc.savy at redhat.com Wed Sep 9 14:01:32 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 19:01:32 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> <55F06DF6.2060800@redhat.com> <55F0720B.30401@redhat.com> Message-ID: <55F073FC.8020403@redhat.com> It should be in 1.1.7.Final plugins :(. Please try 1.2.0-SNAPSHOT - it should still work just fine with 1.1.x On 09/09/2015 18:57, Fadi Abdin wrote: > I'm running 1.1.x with version 1.1.8-SNAPSHOT and the plugins are > 1.1.7.Final > > > > On Wed, Sep 9, 2015 at 1:53 PM, Marc Savy > wrote: > > It seems to work for me on 1.2.0-SNAPSHOT for me. Maybe you're > picking up an old version of the plugin somehow? :-( > > Is there any chance you can provide a reproducer script? Use > something else other than the OAuth2 policy > > So have something like: > > CORS -> Rate Limiting Policy > > Then your script would be something that accesses that backend > service using a POST request, and hopefully it'll reveal the issue > (can just be a curl command with all the appropriate headers set). > > > > > > On 09/09/2015 18:41, Fadi Abdin wrote: > > The problem is that CORS wont work for other than GET , i tried > POST,PUT,DELETE , all fail > > Thanks for looking into it. > > > On Wed, Sep 9, 2015 at 1:35 PM, Marc Savy > >> wrote: > > I'll try to check it out - I thought this was the problem > already > fixed. Will attempt to verify and get back to you. > > On 09/09/2015 18:32, Fadi Abdin wrote: > > Hey Marc , > > There is still a problem. I just installed the latest > version > and tried > a POST , the preflight passes but the acual post failes > .. check > this > > Pre-Flight : > https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > Post : > https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > > > > > On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin > > > > >>> wrote: > > Hey Marc, > > Thanks for asking.. I did not try updating the new > version > to get > other the GET to work. > > Otherwise everything was perfect until Friday. and > all the > sudden > some services start giving 500 when calling them > (only in > one of the > environments setup). then i tried duplicating the the > service and > pumpup the version and it worked .. that was > weird. but the > cors > didnt work. I did not fully invistigate whats > going on but > i was > ready to send you an email explaining what > happened after > collecting > more information. i'm not sure why i keep having some > issues like > this . but if i got a chance this weekend i might > send you > details. > > Thanks, > Fadi > > > On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy > > > > > >>> wrote: > > Fadi - Is this all working as expected? > > ----- Original Message ----- > From: "Marc Savy" > > > > >>> > To: "Fadi Abdin" > > > > >>> > Cc: "apiman-user" > > > > > >>> > Sent: Friday, 28 August, 2015 1:42:25 PM > Subject: Re: [Apiman-user] HTTP Methods > > Should be 'apiman-plugins-cors-policy' ; repo is > 'apiman-plugins' > > On 28/08/2015 13:40, Fadi Abdin wrote: > > latest of cors-policy-plugin? > > > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > > > >> > > > > > >>>> > > wrote: > > > > I think there may have been some > overzealous error > detection going > > on. Please try out the latest master/1.1.x. > > > > > > On 27/08/2015 20:02, Eric Wittmann wrote: > > > > Hi Fadi. > > > > It's possible this is a bug in the CORS > policy or a > > mis-configuration. > > Hopefully Marc can respond shortly. > > > > One thing I'll say is that you > *probably* > don't need > to include > > "OPTIONS" as one of the allowed > CORS methods. > > > > -Eric > > > > On 8/27/2015 2:48 PM, Fadi Abdin wrote: > > > Hey Eric / Marc, > > > > > > Everything going good so far > with the > CORS fix but > guessing > > there is > > > something still, or maybe i'm > doing something > wrong ( it > > always happened > > > to me ). > > > > > > I have setup my CORS Policy in > API Man > and included > > > "Access-Control-Allow-Methods" : > > "OPTIONS","GET","POST","DELETE",'PUT". > > > > > > But i get a 403 and "CORS: > Invalid preflight > request; must > > use OPTIONS > > > verb." on ANY service that is > not GET. > > > > > > OPTIONS Header : > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > OPTIONS > > > 4. > > > Status Code: > > > 200 OK > > > 1. Response Headersview source > > > 1. > > > > Access-Control-Allow-Headers: > > > Accept, Authorization, Head > > > 2. > > > > Access-Control-Allow-Methods: > > > OPTIONS, GET, POST, > DELETE, PUT > > > 3. > > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 4. > > > Access-Control-Max-Age: > > > 0 > > > 5. > > > Connection: > > > keep-alive > > > 6. > > > Date: > > > Thu, 27 Aug 2015 > 18:44:39 GMT > > > 7. > > > Server: > > > WildFly/8 > > > 8. > > > Transfer-Encoding: > > > chunked > > > 9. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate, sdch > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > > Access-Control-Request-Headers: > > > accept, authorization > > > 5. > > > > Access-Control-Request-Method: > > > POST > > > 6. > > > Cache-Control: > > > no-cache > > > 7. > > > Connection: > > > keep-alive > > > 8. > > > Host: > > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > Referer: > > > > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > > > > > > POST HEADER > > > > > > 1. > > > Remote Address: > > > 172.26.209.66:443 > > > > > > > > 2. > > > Request URL: > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > 3. > > > Request Method: > > > POST > > > 4. > > > Status Code: > > > 403 Forbidden > > > 1. Response Headersview source > > > 1. > > > > Access-Control-Allow-Origin: > > > http://localhost:8383 > > > 2. > > > Connection: > > > keep-alive > > > 3. > > > Content-Length: > > > 195 > > > 4. > > > Content-Type: > > > application/json > > > 5. > > > Date: > > > Thu, 27 Aug 2015 > 18:44:39 GMT > > > 6. > > > Server: > > > WildFly/8 > > > 7. > > > X-Policy-Failure-Code: > > > 400 > > > 8. > > > > X-Policy-Failure-Message: > > > CORS: Invalid preflight > request; must use > > OPTIONS verb. > > > 9. > > > X-Policy-Failure-Type: > > > Authorization > > > 10. > > > X-Powered-By: > > > Undertow/1 > > > 2. Request Headersview source > > > 1. > > > Accept: > > > application/json, > text/plain, */* > > > 2. > > > Accept-Encoding: > > > gzip, deflate > > > 3. > > > Accept-Language: > > > en-US,en;q=0.8,ar;q=0.6 > > > 4. > > > Authorization: > > > Bearer > > > > > > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > > 5. > > > Cache-Control: > > > no-cache > > > 6. > > > Connection: > > > keep-alive > > > 7. > > > Content-Length: > > > 0 > > > 8. > > > Host: > > > > dev-internal-api.expdev.local > > > 9. > > > Origin: > > > http://localhost:8383 > > > 10. > > > Pragma: > > > no-cache > > > 11. > > > > > > 12. > > > > > > > > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org > > > > > >> > > > > > >>> > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > > > > >> > > > > > >>> > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > > > > >> > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > From marc.savy at redhat.com Wed Sep 9 14:02:13 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 19:02:13 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: <55F073FC.8020403@redhat.com> References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> <55F06DF6.2060800@redhat.com> <55F0720B.30401@redhat.com> <55F073FC.8020403@redhat.com> Message-ID: <55F07425.9080403@redhat.com> 1.2.0-SNAPSHOT plugins I mean (i.e. master of apiman/apiman-plugins) On 09/09/2015 19:01, Marc Savy wrote: > It should be in 1.1.7.Final plugins :(. > > Please try 1.2.0-SNAPSHOT - it should still work just fine with 1.1.x > > On 09/09/2015 18:57, Fadi Abdin wrote: > > I'm running 1.1.x with version 1.1.8-SNAPSHOT and the plugins are > > 1.1.7.Final > > > > > > > > On Wed, Sep 9, 2015 at 1:53 PM, Marc Savy > > wrote: > > > > It seems to work for me on 1.2.0-SNAPSHOT for me. Maybe you're > > picking up an old version of the plugin somehow? :-( > > > > Is there any chance you can provide a reproducer script? Use > > something else other than the OAuth2 policy > > > > So have something like: > > > > CORS -> Rate Limiting Policy > > > > Then your script would be something that accesses that backend > > service using a POST request, and hopefully it'll reveal the issue > > (can just be a curl command with all the appropriate headers set). > > > > > > > > > > > > On 09/09/2015 18:41, Fadi Abdin wrote: > > > > The problem is that CORS wont work for other than GET , i tried > > POST,PUT,DELETE , all fail > > > > Thanks for looking into it. > > > > > > On Wed, Sep 9, 2015 at 1:35 PM, Marc Savy > > > >> > > wrote: > > > > I'll try to check it out - I thought this was the problem > > already > > fixed. Will attempt to verify and get back to you. > > > > On 09/09/2015 18:32, Fadi Abdin wrote: > > > > Hey Marc , > > > > There is still a problem. I just installed the latest > > version > > and tried > > a POST , the preflight passes but the acual post failes > > .. check > > this > > > > Pre-Flight : > > https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > > Post : > > https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > > > > > > > > > > > On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin > > > > > > > > > > >>> wrote: > > > > Hey Marc, > > > > Thanks for asking.. I did not try updating the new > > version > > to get > > other the GET to work. > > > > Otherwise everything was perfect until Friday. and > > all the > > sudden > > some services start giving 500 when calling them > > (only in > > one of the > > environments setup). then i tried duplicating > > the the > > service and > > pumpup the version and it worked .. that was > > weird. but the > > cors > > didnt work. I did not fully invistigate whats > > going on but > > i was > > ready to send you an email explaining what > > happened after > > collecting > > more information. i'm not sure why i keep having > > some > > issues like > > this . but if i got a chance this weekend i might > > send you > > details. > > > > Thanks, > > Fadi > > > > > > On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy > > > > > > > > > >>> wrote: > > > > Fadi - Is this all working as expected? > > > > ----- Original Message ----- > > From: "Marc Savy" > > > > > > > > > > > >>> > > To: "Fadi Abdin" > > > > > > > > > > > >>> > > Cc: "apiman-user" > > > > > > > > > > > > > >>> > > Sent: Friday, 28 August, 2015 1:42:25 PM > > Subject: Re: [Apiman-user] HTTP Methods > > > > Should be 'apiman-plugins-cors-policy' ; > > repo is > > 'apiman-plugins' > > > > On 28/08/2015 13:40, Fadi Abdin wrote: > > > latest of cors-policy-plugin? > > > > > > On Fri, Aug 28, 2015 at 5:53 AM, Marc Savy > > > > > > > > > >> > > > > > > > > > > > > >>>> > > > > wrote: > > > > > > I think there may have been some > > overzealous error > > detection going > > > on. Please try out the latest > > master/1.1.x. > > > > > > > > > On 27/08/2015 20:02, Eric Wittmann > > wrote: > > > > > > Hi Fadi. > > > > > > It's possible this is a bug in > > the CORS > > policy or a > > > mis-configuration. > > > Hopefully Marc can respond shortly. > > > > > > One thing I'll say is that you > > *probably* > > don't need > > to include > > > "OPTIONS" as one of the allowed > > CORS methods. > > > > > > -Eric > > > > > > On 8/27/2015 2:48 PM, Fadi Abdin > > wrote: > > > > Hey Eric / Marc, > > > > > > > > Everything going good so far > > with the > > CORS fix but > > guessing > > > there is > > > > something still, or maybe i'm > > doing something > > wrong ( it > > > always happened > > > > to me ). > > > > > > > > I have setup my CORS Policy in > > API Man > > and included > > > > "Access-Control-Allow-Methods" : > > > > > "OPTIONS","GET","POST","DELETE",'PUT". > > > > > > > > But i get a 403 and "CORS: > > Invalid preflight > > request; must > > > use OPTIONS > > > > verb." on ANY service that is > > not GET. > > > > > > > > OPTIONS Header : > > > > > > > > 1. > > > > Remote Address: > > > > 172.26.209.66:443 > > > > > > > > > > > > > 2. > > > > Request URL: > > > > > > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > > > > 3. > > > > Request Method: > > > > OPTIONS > > > > 4. > > > > Status Code: > > > > 200 OK > > > > 1. Response Headersview source > > > > 1. > > > > > > Access-Control-Allow-Headers: > > > > Accept, > > Authorization, Head > > > > 2. > > > > > > Access-Control-Allow-Methods: > > > > OPTIONS, GET, POST, > > DELETE, PUT > > > > 3. > > > > > > Access-Control-Allow-Origin: > > > > http://localhost:8383 > > > > 4. > > > > Access-Control-Max-Age: > > > > 0 > > > > 5. > > > > Connection: > > > > keep-alive > > > > 6. > > > > Date: > > > > Thu, 27 Aug 2015 > > 18:44:39 GMT > > > > 7. > > > > Server: > > > > WildFly/8 > > > > 8. > > > > Transfer-Encoding: > > > > chunked > > > > 9. > > > > X-Powered-By: > > > > Undertow/1 > > > > 2. Request Headersview source > > > > 1. > > > > Accept: > > > > */* > > > > 2. > > > > Accept-Encoding: > > > > gzip, deflate, sdch > > > > 3. > > > > Accept-Language: > > > > en-US,en;q=0.8,ar;q=0.6 > > > > 4. > > > > > > Access-Control-Request-Headers: > > > > accept, authorization > > > > 5. > > > > > > Access-Control-Request-Method: > > > > POST > > > > 6. > > > > Cache-Control: > > > > no-cache > > > > 7. > > > > Connection: > > > > keep-alive > > > > 8. > > > > Host: > > > > > > dev-internal-api.expdev.local > > > > 9. > > > > Origin: > > > > http://localhost:8383 > > > > 10. > > > > Pragma: > > > > no-cache > > > > 11. > > > > Referer: > > > > > > > > > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > > > > > > > > > > > > > POST HEADER > > > > > > > > 1. > > > > Remote Address: > > > > 172.26.209.66:443 > > > > > > > > > > > > > 2. > > > > Request URL: > > > > > > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > > > > 3. > > > > Request Method: > > > > POST > > > > 4. > > > > Status Code: > > > > 403 Forbidden > > > > 1. Response Headersview > > source > > > > 1. > > > > > > Access-Control-Allow-Origin: > > > > http://localhost:8383 > > > > 2. > > > > Connection: > > > > keep-alive > > > > 3. > > > > Content-Length: > > > > 195 > > > > 4. > > > > Content-Type: > > > > application/json > > > > 5. > > > > Date: > > > > Thu, 27 Aug 2015 > > 18:44:39 GMT > > > > 6. > > > > Server: > > > > WildFly/8 > > > > 7. > > > > > > X-Policy-Failure-Code: > > > > 400 > > > > 8. > > > > > > X-Policy-Failure-Message: > > > > CORS: Invalid > > preflight > > request; must use > > > OPTIONS verb. > > > > 9. > > > > > > X-Policy-Failure-Type: > > > > Authorization > > > > 10. > > > > X-Powered-By: > > > > Undertow/1 > > > > 2. Request Headersview > > source > > > > 1. > > > > Accept: > > > > application/json, > > text/plain, */* > > > > 2. > > > > Accept-Encoding: > > > > gzip, deflate > > > > 3. > > > > Accept-Language: > > > > > > en-US,en;q=0.8,ar;q=0.6 > > > > 4. > > > > Authorization: > > > > Bearer > > > > > > > > > > > > > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > > > > > 5. > > > > Cache-Control: > > > > no-cache > > > > 6. > > > > Connection: > > > > keep-alive > > > > 7. > > > > Content-Length: > > > > 0 > > > > 8. > > > > Host: > > > > > > dev-internal-api.expdev.local > > > > 9. > > > > Origin: > > > > http://localhost:8383 > > > > 10. > > > > Pragma: > > > > no-cache > > > > 11. > > > > > > > > 12. > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Apiman-user mailing list > > > > Apiman-user at lists.jboss.org > > > > > > > > > > > > >> > > > > > > > > > > > > > >>> > > > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org > > > > > > > > > > > > >> > > > > > > > > > > > > > >>> > > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > > > > > > > > > >> > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > > > > > > > > From marc.savy at redhat.com Wed Sep 9 14:04:00 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 19:04:00 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> <55F06DF6.2060800@redhat.com> <55F0720B.30401@redhat.com> <55F073FC.8020403@redhat.com> <55F07425.9080403@redhat.com> Message-ID: <55F07490.5050207@redhat.com> If you can provide a reproducer script as mentioned before, I will debug it for you. On 09/09/2015 19:03, Fadi Abdin wrote: > :( ... you know this is not easy .. i wish i can just delete the plugin > and add another one . > > On Wed, Sep 9, 2015 at 2:02 PM, Marc Savy > wrote: > > 1.2.0-SNAPSHOT plugins I mean (i.e. master of apiman/apiman-plugins) > > > On 09/09/2015 19:01, Marc Savy wrote: > > It should be in 1.1.7.Final plugins :(. > > Please try 1.2.0-SNAPSHOT - it should still work just fine with > 1.1.x > > On 09/09/2015 18:57, Fadi Abdin wrote: > > I'm running 1.1.x with version 1.1.8-SNAPSHOT and the > plugins are > > 1.1.7.Final > > > > > > > > On Wed, Sep 9, 2015 at 1:53 PM, Marc Savy > > > >> > wrote: > > > > It seems to work for me on 1.2.0-SNAPSHOT for me. Maybe > you're > > picking up an old version of the plugin somehow? :-( > > > > Is there any chance you can provide a reproducer script? Use > > something else other than the OAuth2 policy > > > > So have something like: > > > > CORS -> Rate Limiting Policy > > > > Then your script would be something that accesses that > backend > > service using a POST request, and hopefully it'll reveal > the issue > > (can just be a curl command with all the appropriate > headers set). > > > > > > > > > > > > On 09/09/2015 18:41, Fadi Abdin wrote: > > > > The problem is that CORS wont work for other than GET > , i tried > > POST,PUT,DELETE , all fail > > > > Thanks for looking into it. > > > > > > On Wed, Sep 9, 2015 at 1:35 PM, Marc Savy > > > > > > >>> > > wrote: > > > > I'll try to check it out - I thought this was > the problem > > already > > fixed. Will attempt to verify and get back to you. > > > > On 09/09/2015 18:32, Fadi Abdin wrote: > > > > Hey Marc , > > > > There is still a problem. I just installed > the latest > > version > > and tried > > a POST , the preflight passes but the acual > post failes > > .. check > > this > > > > Pre-Flight : > > https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > > Post : > > https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > > > > > > > > > > > On Sat, Sep 5, 2015 at 7:29 AM, Fadi Abdin > > > > > > > > >> > > > > > > > >>>> wrote: > > > > Hey Marc, > > > > Thanks for asking.. I did not try > updating the new > > version > > to get > > other the GET to work. > > > > Otherwise everything was perfect until > Friday. and > > all the > > sudden > > some services start giving 500 when > calling them > > (only in > > one of the > > environments setup). then i tried > duplicating > > the the > > service and > > pumpup the version and it worked .. > that was > > weird. but the > > cors > > didnt work. I did not fully invistigate > whats > > going on but > > i was > > ready to send you an email explaining what > > happened after > > collecting > > more information. i'm not sure why i > keep having > > some > > issues like > > this . but if i got a chance this > weekend i might > > send you > > details. > > > > Thanks, > > Fadi > > > > > > On Sat, Sep 5, 2015 at 7:20 AM, Marc Savy > > > > > > >> > > > > > > >>>> wrote: > > > > Fadi - Is this all working as expected? > > > > ----- Original Message ----- > > From: "Marc Savy" > > > > > > > > >> > > > > > > > > > >>>> > > To: "Fadi Abdin" > > > > > > > > >> > > > > > > > > > >>>> > > Cc: "apiman-user" > > > > > > > > >> > > > > > > > > > > > >>>> > > Sent: Friday, 28 August, 2015 > 1:42:25 PM > > Subject: Re: [Apiman-user] HTTP Methods > > > > Should be > 'apiman-plugins-cors-policy' ; > > repo is > > 'apiman-plugins' > > > > On 28/08/2015 13:40, Fadi Abdin wrote: > > > latest of cors-policy-plugin? > > > > > > On Fri, Aug 28, 2015 at 5:53 AM, > Marc Savy > > > > > > > >> > > > > > > > >>> > > > > > > > > > > >> > > > > > > > >>>>> > > > > wrote: > > > > > > I think there may have been some > > overzealous error > > detection going > > > on. Please try out the latest > > master/1.1.x. > > > > > > > > > On 27/08/2015 20:02, Eric > Wittmann > > wrote: > > > > > > Hi Fadi. > > > > > > It's possible this is a > bug in > > the CORS > > policy or a > > > mis-configuration. > > > Hopefully Marc can > respond shortly. > > > > > > One thing I'll say is > that you > > *probably* > > don't need > > to include > > > "OPTIONS" as one of the > allowed > > CORS methods. > > > > > > -Eric > > > > > > On 8/27/2015 2:48 PM, > Fadi Abdin > > wrote: > > > > Hey Eric / Marc, > > > > > > > > Everything going good > so far > > with the > > CORS fix but > > guessing > > > there is > > > > something still, or > maybe i'm > > doing something > > wrong ( it > > > always happened > > > > to me ). > > > > > > > > I have setup my CORS > Policy in > > API Man > > and included > > > > > "Access-Control-Allow-Methods" : > > > > > "OPTIONS","GET","POST","DELETE",'PUT". > > > > > > > > But i get a 403 and > "CORS: > > Invalid preflight > > request; must > > > use OPTIONS > > > > verb." on ANY service > that is > > not GET. > > > > > > > > OPTIONS Header : > > > > > > > > 1. > > > > Remote Address: > > > > 172.26.209.66:443 > > > > > > > > > > > > > > > 2. > > > > Request URL: > > > > > > > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > > > > 3. > > > > Request Method: > > > > OPTIONS > > > > 4. > > > > Status Code: > > > > 200 OK > > > > 1. Response > Headersview source > > > > 1. > > > > > > Access-Control-Allow-Headers: > > > > Accept, > > Authorization, Head > > > > 2. > > > > > > Access-Control-Allow-Methods: > > > > OPTIONS, > GET, POST, > > DELETE, PUT > > > > 3. > > > > > > Access-Control-Allow-Origin: > > > > http://localhost:8383 > > > > 4. > > > > > Access-Control-Max-Age: > > > > 0 > > > > 5. > > > > Connection: > > > > keep-alive > > > > 6. > > > > Date: > > > > Thu, 27 Aug 2015 > > 18:44:39 GMT > > > > 7. > > > > Server: > > > > WildFly/8 > > > > 8. > > > > > Transfer-Encoding: > > > > chunked > > > > 9. > > > > X-Powered-By: > > > > Undertow/1 > > > > 2. Request > Headersview source > > > > 1. > > > > Accept: > > > > */* > > > > 2. > > > > Accept-Encoding: > > > > gzip, > deflate, sdch > > > > 3. > > > > Accept-Language: > > > > > en-US,en;q=0.8,ar;q=0.6 > > > > 4. > > > > > > Access-Control-Request-Headers: > > > > accept, > authorization > > > > 5. > > > > > > Access-Control-Request-Method: > > > > POST > > > > 6. > > > > Cache-Control: > > > > no-cache > > > > 7. > > > > Connection: > > > > keep-alive > > > > 8. > > > > Host: > > > > > > dev-internal-api.expdev.local > > > > 9. > > > > Origin: > > > > http://localhost:8383 > > > > 10. > > > > Pragma: > > > > no-cache > > > > 11. > > > > Referer: > > > > > > > > > > > > http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s-3ETKBuI7hyPFy6mRs3hMy4.677e4cee-3dd7-4d19-9268-5045d171327 > > > > > > > > > > > > > > > > > > > > > > POST HEADER > > > > > > > > 1. > > > > Remote > Address: > > > > 172.26.209.66:443 > > > > > > > > > > > > > > > 2. > > > > Request URL: > > > > > > > > > > > > https://dev-internal-api.expdev.local/apiman-gateway/express/integration/1.0/test/methods/post > > > > > > 3. > > > > Request > Method: > > > > POST > > > > 4. > > > > Status Code: > > > > 403 > Forbidden > > > > 1. Response > Headersview > > source > > > > 1. > > > > > > Access-Control-Allow-Origin: > > > > http://localhost:8383 > > > > 2. > > > > Connection: > > > > keep-alive > > > > 3. > > > > > Content-Length: > > > > 195 > > > > 4. > > > > > Content-Type: > > > > > application/json > > > > 5. > > > > Date: > > > > Thu, 27 > Aug 2015 > > 18:44:39 GMT > > > > 6. > > > > Server: > > > > WildFly/8 > > > > 7. > > > > > > X-Policy-Failure-Code: > > > > 400 > > > > 8. > > > > > > X-Policy-Failure-Message: > > > > CORS: > Invalid > > preflight > > request; must use > > > OPTIONS verb. > > > > 9. > > > > > > X-Policy-Failure-Type: > > > > > Authorization > > > > 10. > > > > > X-Powered-By: > > > > Undertow/1 > > > > 2. Request > Headersview > > source > > > > 1. > > > > Accept: > > > > > application/json, > > text/plain, */* > > > > 2. > > > > > Accept-Encoding: > > > > gzip, > deflate > > > > 3. > > > > > Accept-Language: > > > > > > en-US,en;q=0.8,ar;q=0.6 > > > > 4. > > > > > Authorization: > > > > Bearer > > > > > > > > > > > > > > > > eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ > > > > > > 5. > > > > > Cache-Control: > > > > no-cache > > > > 6. > > > > Connection: > > > > keep-alive > > > > 7. > > > > > Content-Length: > > > > 0 > > > > 8. > > > > Host: > > > > > > dev-internal-api.expdev.local > > > > 9. > > > > Origin: > > > > http://localhost:8383 > > > > 10. > > > > Pragma: > > > > no-cache > > > > 11. > > > > > > > > 12. > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > Apiman-user mailing list > > > > > Apiman-user at lists.jboss.org > > > > > > > >> > > > > > > > > > >>> > > > > > > > > > >> > > > > > > > > > >>>> > > > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org > > > > > > > > >> > > > > > > > > > >>> > > > > > > > > > >> > > > > > > > > > >>>> > > > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > > > > > > >> > > > > > > > > > >>> > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > > > > > > > > > > > From marc.savy at redhat.com Wed Sep 9 16:41:35 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 21:41:35 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> <55F06DF6.2060800@redhat.com> <55F0720B.30401@redhat.com> <55F073FC.8020403@redhat.com> <55F07425.9080403@redhat.com> <55F07490.5050207@redhat.com> <55F07685.8030007@redhat.com> Message-ID: <55F0997F.2000101@redhat.com> Fadi, I've double checked the git log, and just to reiterate... - For the `1.1.x` series you need to build the latest HEAD of apiman-plugins (i.e. git checkout remotes/origin/1.1.x && mvn clean install) - For the `1.2.x` series you can use release `1.2.0.Alpha1` (this should work fine with 1.1.x) The error message you're seeing is never generated in the fixed versions. Regards, Marc On 09/09/2015 20:14, Fadi Abdin wrote: > i'm surprized to see it passing on the curl request > > but with the browser its complaining > > Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > any idea what is > > 1. > > > > > > X-Policy-Failure-Type: > > > > > Authorization > > > > > 10. > > > > > > From marc.savy at redhat.com Wed Sep 9 16:42:09 2015 From: marc.savy at redhat.com (Marc Savy) Date: Wed, 9 Sep 2015 21:42:09 +0100 Subject: [Apiman-user] HTTP Methods In-Reply-To: <55F09766.7000808@redhat.com> References: <55DF5ED5.5070007@redhat.com> <55E02F81.6040902@redhat.com> <55E05731.7090708@redhat.com> <119305891.26178515.1441452017574.JavaMail.zimbra@redhat.com> <55F06DF6.2060800@redhat.com> <55F0720B.30401@redhat.com> <55F073FC.8020403@redhat.com> <55F07425.9080403@redhat.com> <55F07490.5050207@redhat.com> <55F07685.8030007@redhat.com> <55F09766.7000808@redhat.com> Message-ID: <55F099A1.6080206@redhat.com> And, I know plugin iteration is a pain at the moment, but we're working to fix that as soon as is practicable. In the meanwhile, I want to share with you a quick-and-easy way of replacing the plugin before an official way comes along. Note I'm assuming here that you are running a simple all-in-one wildfly setup. - First, terminate your server - In the server directory, do a `find . -name "*.war" | grep cors` - You'll see something like: $ find . -name "*.war" | grep cors ./target/wildfly-8.2.0.Final/standalone/data/apiman/plugins/io.apiman.plugins/apiman-plugins-cors-policy/1.2.0-SNAPSHOT/apiman-plugins-cors-policy.war ./target/wildfly-8.2.0.Final/standalone/data/apiman/plugins/io.apiman.plugins/apiman-plugins-cors-policy/1.2.0-SNAPSHOT/apiman-plugins-cors-policy.war/plugin.war - Build the latest apiman plugins - Copy the CORS plugin from the target directory and overwrite '/apiman-plugins-cors-policy.war/plugin.war' as above (e.g. cp target/apiman-plugins-cors-policy-1.2.0-SNAPSHOT.war ) - Start your server again Hope that helps. If you have a more complex setup, you may need to do a bit more work. Regards, Marc On 09/09/2015 21:32, Marc Savy wrote: > Fadi, > > I've double checked the git log, and just to reiterate... > - For the `1.1.x` series you need to build the latest HEAD of > apiman-plugins (i.e. git checkout remotes/origin/1.1.x && mvn clean > install) > - For the `1.2.x` series you can use release > `1.2.0.Alpha1` > (this should work fine with 1.1.x) > > The error message you're seeing is never generated in the fixed versions. > > Regards, > Marc > On 09/09/2015 20:14, Fadi Abdin wrote: > > i'm surprized to see it passing on the curl request > > > > but with the browser its complaining > > > > Pre-Flight : https://gist.github.com/fadiabdeen/fad62e55a3fa161f8b82 > > Post : https://gist.github.com/fadiabdeen/6990954142c936e3c54a > > > > any idea what is > > > > 1. > > X-Policy-Failure-Message: > > > > > > Authorization > > > > > > > 10. > > > > > > > > > > From eric.wittmann at redhat.com Thu Sep 10 14:05:01 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Thu, 10 Sep 2015 14:05:01 -0400 Subject: [Apiman-user] Announcement: apiman 1.1.8.Final Message-ID: <55F1C64D.4000904@redhat.com> Hey everyone. Today we released apiman version 1.1.8.Final. This release is primarily a bug-fix release (no new significant features are planned for 1.1.x). You can see the release notes here: http://red.ht/1igFSrj We're continuing to work on the 1.2.x branch of apiman, where we should have some cool new features coming soon. -Eric From fadiabdeen at gmail.com Mon Sep 14 11:35:08 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Mon, 14 Sep 2015 11:35:08 -0400 Subject: [Apiman-user] Exceptions Message-ID: Things get to work for a while and break .. Is anyone using apiman in production yet ?? I'm wondering how reliable it is to be used yet .. i can not get it to be stable for a week without problems .. java.lang.ClassCastException: io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean cannot be cast to io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean at io.apiman.plugins.keycloak_oauth_policy.KeycloakOauthPolicy.doApply(KeycloakOauthPolicy.java:48) at io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) at io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) at io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:88) at io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:40) at io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) at io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:247) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:198) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:392) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:362) at io.apiman.gateway.engine.policy.PolicyFactoryImpl.loadPolicy(PolicyFactoryImpl.java:81) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.loadPolicies(ServiceRequestExecutorImpl.java:362) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.access$1400(ServiceRequestExecutorImpl.java:77) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:270) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) at io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegistry.java:175) at io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRegistryWrapper.java:97) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(ServiceRequestExecutorImpl.java:254) at io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServlet.java:236) at io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet.java:82) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150914/b31c116f/attachment.html From eric.wittmann at redhat.com Mon Sep 14 12:31:48 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Mon, 14 Sep 2015 12:31:48 -0400 Subject: [Apiman-user] Exceptions In-Reply-To: References: Message-ID: <55F6F674.5050905@redhat.com> Can you provide any more context/details around this error? Are you reporting that your server was running for a week before you encountered this? You didn't restart the server? What version of apiman? What version of the KC OAuth plugin? Do you have multiple versions of the KC OAuth plugin all in use at the same time perhaps? I'll do some testing and see what I can reproduce... -Eric On 9/14/2015 11:35 AM, Fadi Abdin wrote: > Things get to work for a while and break .. Is anyone using apiman in > production yet ?? I'm wondering how reliable it is to be used yet .. i > can not get it to be stable for a week without problems .. > > java.lang.ClassCastException: io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean cannot be cast to io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean > at io.apiman.plugins.keycloak_oauth_policy.KeycloakOauthPolicy.doApply(KeycloakOauthPolicy.java:48) > at io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) > at io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) > at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) > at io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:88) > at io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:40) > at io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) > at io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) > at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:247) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:198) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:392) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:362) > at io.apiman.gateway.engine.policy.PolicyFactoryImpl.loadPolicy(PolicyFactoryImpl.java:81) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.loadPolicies(ServiceRequestExecutorImpl.java:362) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.access$1400(ServiceRequestExecutorImpl.java:77) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:270) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegistry.java:175) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(ServiceRequestExecutorImpl.java:254) > at io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServlet.java:236) > at io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet.java:82) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) > at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From eric.wittmann at redhat.com Wed Sep 16 12:19:18 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Wed, 16 Sep 2015 12:19:18 -0400 Subject: [Apiman-user] Exceptions In-Reply-To: References: Message-ID: <55F99686.3090603@redhat.com> Update: I have been able to reproduce this bug. The root cause is that two versions of the same plugin policy are being use at the same time in the same gateway. There shouldn't be any issue/problem with that, and the fact that an error occurs in this scenario is simply a bug in how we are caching the policy configuration info. Should be an easy fix and will be included in 1.1.9.Final. -Eric On 9/14/2015 11:35 AM, Fadi Abdin wrote: > Things get to work for a while and break .. Is anyone using apiman in > production yet ?? I'm wondering how reliable it is to be used yet .. i > can not get it to be stable for a week without problems .. > > java.lang.ClassCastException: io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean cannot be cast to io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean > at io.apiman.plugins.keycloak_oauth_policy.KeycloakOauthPolicy.doApply(KeycloakOauthPolicy.java:48) > at io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) > at io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) > at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) > at io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:88) > at io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:40) > at io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) > at io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) > at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:247) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:198) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:392) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:362) > at io.apiman.gateway.engine.policy.PolicyFactoryImpl.loadPolicy(PolicyFactoryImpl.java:81) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.loadPolicies(ServiceRequestExecutorImpl.java:362) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.access$1400(ServiceRequestExecutorImpl.java:77) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:270) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.es.CachingESRegistry.getService(CachingESRegistry.java:175) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(ServiceRequestExecutorImpl.java:254) > at io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServlet.java:236) > at io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet.java:82) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) > at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) > at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) > at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) > at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) > at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) > at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) > at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) > at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) > at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) > at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) > at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) > at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) > at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) > at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) > at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > at java.lang.Thread.run(Thread.java:745) > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From fadiabdeen at gmail.com Wed Sep 16 12:41:55 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Wed, 16 Sep 2015 12:41:55 -0400 Subject: [Apiman-user] Exceptions In-Reply-To: <55F99686.3090603@redhat.com> References: <55F99686.3090603@redhat.com> Message-ID: I'm glad you found it . Sorry i did not reply to your email before . On Wed, Sep 16, 2015 at 12:19 PM, Eric Wittmann wrote: > Update: I have been able to reproduce this bug. > > The root cause is that two versions of the same plugin policy are being > use at the same time in the same gateway. There shouldn't be any > issue/problem with that, and the fact that an error occurs in this scenario > is simply a bug in how we are caching the policy configuration info. > > Should be an easy fix and will be included in 1.1.9.Final. > > -Eric > > On 9/14/2015 11:35 AM, Fadi Abdin wrote: > >> Things get to work for a while and break .. Is anyone using apiman in >> production yet ?? I'm wondering how reliable it is to be used yet .. i >> can not get it to be stable for a week without problems .. >> >> java.lang.ClassCastException: >> io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean >> cannot be cast to >> io.apiman.plugins.keycloak_oauth_policy.beans.KeycloakOauthConfigBean >> at >> io.apiman.plugins.keycloak_oauth_policy.KeycloakOauthPolicy.doApply(KeycloakOauthPolicy.java:48) >> at >> io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) >> at >> io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) >> at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) >> at >> io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:88) >> at >> io.apiman.plugins.cors_policy.CorsPolicy.doApply(CorsPolicy.java:40) >> at >> io.apiman.gateway.engine.policies.AbstractMappedPolicy.apply(AbstractMappedPolicy.java:71) >> at >> io.apiman.gateway.engine.policy.RequestChain.applyPolicy(RequestChain.java:65) >> at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:148) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:247) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$2.handle(ServiceRequestExecutorImpl.java:198) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:392) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$5.handle(ServiceRequestExecutorImpl.java:362) >> at >> io.apiman.gateway.engine.policy.PolicyFactoryImpl.loadPolicy(PolicyFactoryImpl.java:81) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.loadPolicies(ServiceRequestExecutorImpl.java:362) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.access$1400(ServiceRequestExecutorImpl.java:77) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:270) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) >> at >> io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) >> at >> io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) >> at io.apiman.gateway.engine.es >> .CachingESRegistry.getService(CachingESRegistry.java:175) >> at >> io.apiman.gateway.engine.impl.SecureRegistryWrapper.getService(SecureRegistryWrapper.java:97) >> at >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl.execute(ServiceRequestExecutorImpl.java:254) >> at >> io.apiman.gateway.platforms.servlet.GatewayServlet.doAction(GatewayServlet.java:236) >> at >> io.apiman.gateway.platforms.servlet.GatewayServlet.doGet(GatewayServlet.java:82) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) >> at >> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85) >> at >> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61) >> at >> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) >> at >> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78) >> at >> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> at >> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131) >> at >> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56) >> at >> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> at >> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45) >> at >> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63) >> at >> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58) >> at >> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70) >> at >> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76) >> at >> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> at >> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61) >> at >> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> at >> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> at >> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261) >> at >> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247) >> at >> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76) >> at >> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166) >> at >> io.undertow.server.Connectors.executeRootHandler(Connectors.java:197) >> at >> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759) >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) >> at java.lang.Thread.run(Thread.java:745) >> >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150916/376b590d/attachment.html From fadiabdeen at gmail.com Wed Sep 16 14:10:33 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Wed, 16 Sep 2015 14:10:33 -0400 Subject: [Apiman-user] Production guide Message-ID: Hi Eric, I have been following your documentation for production setup http://www.apiman.io/latest/production-guide.html# .. and it worked successfully. i want to clarify something. Now i have API Manager data stored in the apiman database , which is great , i can copy it and all that .. but from how i see , when you publish an api , it will be published to the gateway and the gateway stores the data in elastic search !! ? I might be missing something. How do i force a refresh from the apiman to gateway ? or do i need to clear elastic search data ! Sorry if i completely missunderstand something. Thanks, Fadi -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150916/fb4ad81c/attachment.html From eric.wittmann at redhat.com Wed Sep 16 14:53:29 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Wed, 16 Sep 2015 14:53:29 -0400 Subject: [Apiman-user] Production guide In-Reply-To: References: Message-ID: <55F9BAA9.2050409@redhat.com> Hi Fadi. You are right - the API Gateway stores its configuration in elasticsearch (by default). This is a persistent data store, so barring some sort of catastrophic crash resulting in data loss in the Gateway, you shouldn't need to force a resync between the API Manager and the API Gateway. Perhaps I have misunderstood your question. :) -Eric On 9/16/2015 2:10 PM, Fadi Abdin wrote: > Hi Eric, > > I have been following your documentation for production setup > http://www.apiman.io/latest/production-guide.html# .. > and it worked successfully. i want to clarify something. > > Now i have API Manager data stored in the apiman database , which is > great , i can copy it and all that .. but from how i see , when you > publish an api , it will be published to the gateway and the gateway > stores the data in elastic search !! ? I might be missing something. > > How do i force a refresh from the apiman to gateway ? or do i need to > clear elastic search data ! > > Sorry if i completely missunderstand something. > > Thanks, > Fadi From fadiabdeen at gmail.com Wed Sep 16 15:02:15 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Wed, 16 Sep 2015 15:02:15 -0400 Subject: [Apiman-user] Production guide In-Reply-To: <55F9BAA9.2050409@redhat.com> References: <55F9BAA9.2050409@redhat.com> Message-ID: Well , I have seen an issue sometimes where the service is not available anymore in the gateway check issue label "Failing Service" on this mailing list : basically i get this exception below but if i change the version number it works fine . The other use-case , is where i backup my database and load it again , how do i publish everything again ? io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: Service not found. at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:415) at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:407) at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) at java.lang.Thread.run(Thread.java:745) On Wed, Sep 16, 2015 at 2:53 PM, Eric Wittmann wrote: > Hi Fadi. > > You are right - the API Gateway stores its configuration in elasticsearch > (by default). This is a persistent data store, so barring some sort of > catastrophic crash resulting in data loss in the Gateway, you shouldn't > need to force a resync between the API Manager and the API Gateway. > > Perhaps I have misunderstood your question. :) > > -Eric > > > On 9/16/2015 2:10 PM, Fadi Abdin wrote: > >> Hi Eric, >> >> I have been following your documentation for production setup >> http://www.apiman.io/latest/production-guide.html# .. >> and it worked successfully. i want to clarify something. >> >> Now i have API Manager data stored in the apiman database , which is >> great , i can copy it and all that .. but from how i see , when you >> publish an api , it will be published to the gateway and the gateway >> stores the data in elastic search !! ? I might be missing something. >> >> How do i force a refresh from the apiman to gateway ? or do i need to >> clear elastic search data ! >> >> Sorry if i completely missunderstand something. >> >> Thanks, >> Fadi >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150916/d5c95264/attachment.html From fadiabdeen at gmail.com Wed Sep 16 18:00:34 2015 From: fadiabdeen at gmail.com (Fadi Abdin) Date: Wed, 16 Sep 2015 18:00:34 -0400 Subject: [Apiman-user] Failing Service In-Reply-To: <55EF2CC3.8080307@redhat.com> References: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> <55EEE7BD.3010108@redhat.com> <55EF2CC3.8080307@redhat.com> Message-ID: Hi Marc, I followed your recommendation and installed apiman database everything is connected and i'm able to create a new services and i see them in the database and the apiman gateway in Elastic search. is that what you was saying ? I also noticed that the Elastic Search UI plugin you was recommended was working fine in the previous version 1.1.8-SNAPSHOT , but recently i installed 1.1.8.Final and i'm getting a cors issue . I'm using the standalone elastic search ui and not the plugin. When i googled it a bit , it seems there are some properties need to be added to the elasticsearch.yml to enable cors. On Tue, Sep 8, 2015 at 2:45 PM, Eric Wittmann wrote: > Hi Fadi. > > It looks like you're using all the apiman quickstart defaults, so that's > OK. I wonder - are you trying to build apiman on the same machine? > > Also: it would be interesting to get the output from this: > > http://localhost:19200/apiman_gateway/service/_search?pretty=true > > -Eric > > PS: if this system is running in production you should refer to our > production guide for help with a more appropriate configuration: > > http://www.apiman.io/latest/production-guide.html > > On 9/8/2015 1:47 PM, Fadi Abdin wrote: > >> here is it attached .. , do you see anything weird ? >> >> On Tue, Sep 8, 2015 at 9:50 AM, Eric Wittmann > > wrote: >> >> +1 - we definitely need more information here. :) >> >> >> On 9/6/2015 10:09 AM, Marc Savy wrote: >> >> Will need a lot more information than this to understand what's >> going on. >> >> 1) Which version are you using (apiman & plugins) >> 2) Gist your apiman.properties (feel free to delete any >> sensitive info) >> 3) Provide a more detailed on your ES setup. Do you set it to >> delete old records (age-based reaping)? Could someone have reset >> the DB overnight? i.e. use a UI tool like >> https://mobz.github.io/elasticsearch-head/ to see what data is >> in there. >> >> ----- Original Message ----- >> From: "Fadi Abdin" > > >> To: "apiman-user" > > >> Sent: Sunday, 6 September, 2015 12:56:11 PM >> Subject: [Apiman-user] Failing Service >> >> Hey Guys, >> >> for one of the setup servers , i have woke up friday with a >> failing service .. nothing really changed overnight on Friday >> >> /3.1/.... >> >> All i did is create a new version of the service and publishing it >> /3.2/.... >> >> and here is my exception, do you have any explanation or thinks >> might make this happened that i can investigate and avoid ? : >> io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: >> Service not found. >> at >> >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) >> at >> >> io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) >> at >> >> io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) >> at >> >> io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) >> at io.apiman.gateway.engine.es >> > >.ESRegistry$10.completed(ESRegistry.java:415) >> at io.apiman.gateway.engine.es >> > >.ESRegistry$10.completed(ESRegistry.java:407) >> >> at >> >> io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) >> at >> >> io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) >> at >> >> org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) >> at >> >> org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) >> at >> >> org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) >> at >> >> org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) >> at >> >> org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) >> at >> >> org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) >> at >> >> org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) >> at >> >> org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) >> at >> >> org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) >> at >> >> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) >> at >> >> org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) >> at >> >> org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) >> at >> >> org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) >> at >> >> org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) >> at java.lang.Thread.run(Thread.java:745) >> >> >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150916/4e1621dc/attachment-0001.html From eric.wittmann at redhat.com Thu Sep 17 08:03:44 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Thu, 17 Sep 2015 08:03:44 -0400 Subject: [Apiman-user] Production guide In-Reply-To: References: <55F9BAA9.2050409@redhat.com> Message-ID: <55FAAC20.9070005@redhat.com> Marc is currently working on an export/import feature that should solve the use-case of backing up and restoring. There is currently no way to force a re-publish of a service, so if you back up your DB but not the data in Elastic, you'll have a problem. I am planning on adding such a feature (force a re-publish) but it doesn't exist yet. -Eric On 9/16/2015 3:02 PM, Fadi Abdin wrote: > Well , I have seen an issue sometimes where the service is not available > anymore in the gateway check issue label "Failing Service" on this > mailing list : > > basically i get this exception below but if i change the version number > it works fine . > > The other use-case , is where i backup my database and load it again , > how do i publish everything again ? > > > > > > io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: > Service not found. > > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) > at io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) > at io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:415) > at io.apiman.gateway.engine.es.ESRegistry$10.completed(ESRegistry.java:407) > at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) > at io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) > at org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) > at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) > at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) > at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) > at org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) > at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) > at org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) > at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) > at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) > at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) > at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) > at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) > at java.lang.Thread.run(Thread.java:745) > > > > On Wed, Sep 16, 2015 at 2:53 PM, Eric Wittmann > wrote: > > Hi Fadi. > > You are right - the API Gateway stores its configuration in > elasticsearch (by default). This is a persistent data store, so > barring some sort of catastrophic crash resulting in data loss in > the Gateway, you shouldn't need to force a resync between the API > Manager and the API Gateway. > > Perhaps I have misunderstood your question. :) > > -Eric > > > On 9/16/2015 2:10 PM, Fadi Abdin wrote: > > Hi Eric, > > I have been following your documentation for production setup > http://www.apiman.io/latest/production-guide.html# .. > and it worked successfully. i want to clarify something. > > Now i have API Manager data stored in the apiman database , which is > great , i can copy it and all that .. but from how i see , when you > publish an api , it will be published to the gateway and the gateway > stores the data in elastic search !! ? I might be missing something. > > How do i force a refresh from the apiman to gateway ? or do i > need to > clear elastic search data ! > > Sorry if i completely missunderstand something. > > Thanks, > Fadi > > From eric.wittmann at redhat.com Thu Sep 17 08:05:17 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Thu, 17 Sep 2015 08:05:17 -0400 Subject: [Apiman-user] Failing Service In-Reply-To: References: <790347600.26362340.1441548556031.JavaMail.zimbra@redhat.com> <55EEE7BD.3010108@redhat.com> <55EF2CC3.8080307@redhat.com> Message-ID: <55FAAC7D.2010908@redhat.com> Are you using a standalone instance of elastic or the one that comes with the apiman quickstart. The quickstart is only intended as a way to get started evaluating apiman. The production guide describes how better to configure apiman for prod. -Eric On 9/16/2015 6:00 PM, Fadi Abdin wrote: > Hi Marc, > > I followed your recommendation and installed apiman database everything > is connected and i'm able to create a new services and i see them in the > database and the apiman gateway in Elastic search. is that what you was > saying ? > > I also noticed that the Elastic Search UI plugin you was recommended was > working fine in the previous version 1.1.8-SNAPSHOT , but recently i > installed 1.1.8.Final and i'm getting a cors issue . I'm using the > standalone elastic search ui and not the plugin. When i googled it a bit > , it seems there are some properties need to be added to the > elasticsearch.yml to enable cors. > > > > On Tue, Sep 8, 2015 at 2:45 PM, Eric Wittmann > wrote: > > Hi Fadi. > > It looks like you're using all the apiman quickstart defaults, so > that's OK. I wonder - are you trying to build apiman on the same > machine? > > Also: it would be interesting to get the output from this: > > http://localhost:19200/apiman_gateway/service/_search?pretty=true > > -Eric > > PS: if this system is running in production you should refer to our > production guide for help with a more appropriate configuration: > > http://www.apiman.io/latest/production-guide.html > > On 9/8/2015 1:47 PM, Fadi Abdin wrote: > > here is it attached .. , do you see anything weird ? > > On Tue, Sep 8, 2015 at 9:50 AM, Eric Wittmann > > >> wrote: > > +1 - we definitely need more information here. :) > > > On 9/6/2015 10:09 AM, Marc Savy wrote: > > Will need a lot more information than this to > understand what's > going on. > > 1) Which version are you using (apiman & plugins) > 2) Gist your apiman.properties (feel free to delete any > sensitive info) > 3) Provide a more detailed on your ES setup. Do you > set it to > delete old records (age-based reaping)? Could someone > have reset > the DB overnight? i.e. use a UI tool like > https://mobz.github.io/elasticsearch-head/ to see what data is > in there. > > ----- Original Message ----- > From: "Fadi Abdin" > >> > To: "apiman-user" > >> > Sent: Sunday, 6 September, 2015 12:56:11 PM > Subject: [Apiman-user] Failing Service > > Hey Guys, > > for one of the setup servers , i have woke up friday with a > failing service .. nothing really changed overnight on > Friday > > /3.1/.... > > All i did is create a new version of the service and > publishing it > /3.2/.... > > and here is my exception, do you have any explanation > or thinks > might make this happened that i can investigate and > avoid ? : > > io.apiman.gateway.engine.beans.exceptions.InvalidServiceException: > Service not found. > at > > io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:261) > at > > io.apiman.gateway.engine.impl.ServiceRequestExecutorImpl$3.handle(ServiceRequestExecutorImpl.java:255) > at > > io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:107) > at > > io.apiman.gateway.engine.impl.SecureRegistryWrapper$1.handle(SecureRegistryWrapper.java:97) > at io.apiman.gateway.engine.es > > > .ESRegistry$10.completed(ESRegistry.java:415) > at io.apiman.gateway.engine.es > > > .ESRegistry$10.completed(ESRegistry.java:407) > > at > > io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:195) > at > > io.searchbox.client.http.JestHttpClient$DefaultCallback.completed(JestHttpClient.java:178) > at > > org.apache.http.concurrent.BasicFuture.completed(BasicFuture.java:119) > at > > org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.responseCompleted(DefaultClientExchangeHandlerImpl.java:177) > at > > org.apache.http.nio.protocol.HttpAsyncRequestExecutor.processResponse(HttpAsyncRequestExecutor.java:412) > at > > org.apache.http.nio.protocol.HttpAsyncRequestExecutor.inputReady(HttpAsyncRequestExecutor.java:305) > at > > org.apache.http.impl.nio.DefaultNHttpClientConnection.consumeInput(DefaultNHttpClientConnection.java:267) > at > > org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:81) > at > > org.apache.http.impl.nio.client.InternalIODispatch.onInputReady(InternalIODispatch.java:39) > at > > org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:116) > at > > org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:164) > at > > org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:339) > at > > org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:317) > at > > org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:278) > at > > org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:106) > at > > org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:590) > at java.lang.Thread.run(Thread.java:745) > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/apiman-user > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > From cmoulliard at redhat.com Mon Sep 21 08:41:18 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Mon, 21 Sep 2015 14:41:18 +0200 Subject: [Apiman-user] Issue with basic authentication policy - version 1.1.7.Final Message-ID: <55FFFAEE.8040600@redhat.com> Hi, When I try to add a new security policy using Basic Authentication with ApiMan 1.1.7.Final , the button "add the policy" is disabled (see screenshot attached) within this screen "http://localhost:8080/apimanui/api-manager/orgs/fuse/services/blog-service/2.0/new-policy" even if a static user has been added. Is it a known issue solved within 1.1.8.Final ? Regards, -- Charles Moulliard Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - Belgium twitter: @cmoulliard | blog: cmoulliard.github.io committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm, deltaspike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150921/4e6ce783/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: Screenshot 2015-09-21 14.35.43.png Type: image/png Size: 129272 bytes Desc: not available Url : http://lists.jboss.org/pipermail/apiman-user/attachments/20150921/4e6ce783/attachment-0001.png From eric.wittmann at redhat.com Mon Sep 21 08:44:52 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Mon, 21 Sep 2015 08:44:52 -0400 Subject: [Apiman-user] Issue with basic authentication policy - version 1.1.7.Final In-Reply-To: <55FFFAEE.8040600@redhat.com> References: <55FFFAEE.8040600@redhat.com> Message-ID: <55FFFBC4.8000500@redhat.com> Did you try setting the Realm? On 9/21/2015 8:41 AM, Charles Moulliard wrote: > Hi, > > When I try to add a new security policy using Basic Authentication with > ApiMan 1.1.7.Final , the button "add the policy" is disabled (see > screenshot attached) within this screen > "http://localhost:8080/apimanui/api-manager/orgs/fuse/services/blog-service/2.0/new-policy" > even if a static user has been added. Is it a known issue solved within > 1.1.8.Final ? > > Regards, > -- > Charles Moulliard > Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat > cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 > MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - > Belgium > twitter: @cmoulliard | blog: > cmoulliard.github.io > committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, > jbpm, deltaspike > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From cmoulliard at redhat.com Mon Sep 21 08:55:45 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Mon, 21 Sep 2015 14:55:45 +0200 Subject: [Apiman-user] Issue with basic authentication policy - version 1.1.7.Final In-Reply-To: <55FFFBC4.8000500@redhat.com> References: <55FFFAEE.8040600@redhat.com> <55FFFBC4.8000500@redhat.com> Message-ID: <55FFFE51.9050704@redhat.com> Sorry for the mistake. That works fine. On 21/09/15 14:44, Eric Wittmann wrote: > Did you try setting the Realm? > > On 9/21/2015 8:41 AM, Charles Moulliard wrote: >> Hi, >> >> When I try to add a new security policy using Basic Authentication with >> ApiMan 1.1.7.Final , the button "add the policy" is disabled (see >> screenshot attached) within this screen >> "http://localhost:8080/apimanui/api-manager/orgs/fuse/services/blog-service/2.0/new-policy" >> >> even if a static user has been added. Is it a known issue solved within >> 1.1.8.Final ? >> >> Regards, >> -- >> Charles Moulliard >> Principal Solution Architect / JBoss Fuse Expert - Global Enablement >> @redhat >> cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 >> MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - >> Belgium >> twitter: @cmoulliard | blog: >> cmoulliard.github.io >> committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, >> jbpm, deltaspike >> >> >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user >> From cmoulliard at redhat.com Mon Sep 21 09:04:11 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Mon, 21 Sep 2015 15:04:11 +0200 Subject: [Apiman-user] Apiman & Swagger error (Version 1.1.8.Final) Message-ID: <5600004B.90401@redhat.com> Hi, I have added a Swagger Spec Document - version 2.0 (json) - https://github.com/FuseByExample/rest-dsl-in-action/blob/master/swagger/src/main/resources/services.json but I don't see it at this address (http://localhost:8080/apimanui/api-manager/browse/orgs/fuse/blog-service/1.0) within the Web UI of Apiman. Instead this message is reported " This service does not have a service definition file. Contact the service provider and ask them to supply a valid service definition!" This error is generated within the console of the web browser TypeError: window.swaggerUi is not defined at Object.window.authorizations.add (swagger-ui.js:230) at apiman-manager.js:2252 at apiman-manager.js:1123 at processQueue (angular.js:13300) at angular.js:13316 at Scope.$eval (angular.js:14552) at Scope.$digest (angular.js:14368) at Scope.$apply (angular.js:14657) at done (angular.js:9734) at completeRequest (angular.js:9924) What is the problem as the service defintion (= json file) works very well in a Swagger UI standalone Web Server ? Regards, -- Charles Moulliard Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - Belgium twitter: @cmoulliard | blog: cmoulliard.github.io committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm, deltaspike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150921/6e501d7a/attachment.html From eric.wittmann at redhat.com Mon Sep 21 09:20:31 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Mon, 21 Sep 2015 09:20:31 -0400 Subject: [Apiman-user] Apiman & Swagger error (Version 1.1.8.Final) In-Reply-To: <5600004B.90401@redhat.com> References: <5600004B.90401@redhat.com> Message-ID: <5600041F.1020109@redhat.com> That is perhaps a UI regression due to an update to swagger-ui. Can you add a JIRA for this? -Eric On 9/21/2015 9:04 AM, Charles Moulliard wrote: > Hi, > > I have added a Swagger Spec Document - version 2.0 (json) - > https://github.com/FuseByExample/rest-dsl-in-action/blob/master/swagger/src/main/resources/services.json > but I don't see it at this address > (http://localhost:8080/apimanui/api-manager/browse/orgs/fuse/blog-service/1.0) > within the Web UI of Apiman. Instead this message is reported " This > service does not have a service definition file. Contact the service > provider and ask them to supply a valid service definition!" > > This error is generated within the console of the web browser > > TypeError: window.swaggerUi is not defined > at Object.window.authorizations.add (swagger-ui.js:230) > at apiman-manager.js:2252 > at apiman-manager.js:1123 > at processQueue (angular.js:13300) > at angular.js:13316 > at Scope.$eval (angular.js:14552) > at Scope.$digest (angular.js:14368) > at Scope.$apply (angular.js:14657) > at done (angular.js:9734) > at completeRequest (angular.js:9924) > > What is the problem as the service defintion (= json file) works very > well in a Swagger UI standalone Web Server ? > > Regards, > > -- > Charles Moulliard > Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat > cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 > MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - > Belgium > twitter: @cmoulliard | blog: > cmoulliard.github.io > committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, > jbpm, deltaspike > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From eric.wittmann at redhat.com Mon Sep 21 09:42:02 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Mon, 21 Sep 2015 09:42:02 -0400 Subject: [Apiman-user] Issue with basic authentication policy - version 1.1.7.Final In-Reply-To: <55FFFE51.9050704@redhat.com> References: <55FFFAEE.8040600@redhat.com> <55FFFBC4.8000500@redhat.com> <55FFFE51.9050704@redhat.com> Message-ID: <5600092A.7010809@redhat.com> No that's ok - we need to do a better job in the UI of indicating the required fields on various forms. There are some challenges inherent in doing that well, however. :) -Eric On 9/21/2015 8:55 AM, Charles Moulliard wrote: > Sorry for the mistake. That works fine. > > On 21/09/15 14:44, Eric Wittmann wrote: >> Did you try setting the Realm? >> >> On 9/21/2015 8:41 AM, Charles Moulliard wrote: >>> Hi, >>> >>> When I try to add a new security policy using Basic Authentication with >>> ApiMan 1.1.7.Final , the button "add the policy" is disabled (see >>> screenshot attached) within this screen >>> "http://localhost:8080/apimanui/api-manager/orgs/fuse/services/blog-service/2.0/new-policy" >>> >>> even if a static user has been added. Is it a known issue solved within >>> 1.1.8.Final ? >>> >>> Regards, >>> -- >>> Charles Moulliard >>> Principal Solution Architect / JBoss Fuse Expert - Global Enablement >>> @redhat >>> cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 >>> MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - >>> Belgium >>> twitter: @cmoulliard | blog: >>> cmoulliard.github.io >>> committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, >>> jbpm, deltaspike >>> >>> >>> _______________________________________________ >>> Apiman-user mailing list >>> Apiman-user at lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/apiman-user >>> > From cmoulliard at redhat.com Mon Sep 21 12:40:01 2015 From: cmoulliard at redhat.com (Charles Moulliard) Date: Mon, 21 Sep 2015 18:40:01 +0200 Subject: [Apiman-user] Demo - use case covering Apiman/Keycloak with Apache Camel Message-ID: <560032E1.7000109@redhat.com> Hi, Finally, I have been able to finish to develop a demo/lab (step by step guide) covering Apiman/Keycloak to secure Apache Camel REST Endpoints according to different scenari deployed within JBoss Fuse. The project is available here : https://github.com/FuseByExample/rest-dsl-in-action#security-governance-with-apiman--keycloak Some info about the project : - Expose CRUD REST Services using the new Apache Camel REST DSL Syntax - Upload data from a CSV file to create blog articles using camel bindy component and ElasticSearch Service - Collect the data received (= JSon Blog Article) and save the data using the insight-eleasticsearch no sql database available with JBoss Fuse Fabric - Display the data and query them using the Kibana Web Dashboard - https://github.com/FuseByExample/rest-dsl-in-action/blob/master/images/dashboard4.png - Document the REST Services using Swagger API - https://github.com/FuseByExample/rest-dsl-in-action/blob/master/images/swagger1.png - Authenticate and authorize the incoming HTTP requests using ApiMan (Security Management Platform) according to these use cases; No authentication (pass through), Basic Authentication - https://github.com/FuseByExample/rest-dsl-in-action/blob/master/readme.adoc#use-case---basic-authentication, Oauth2 Authentication, Oauth2 & Role based - https://github.com/FuseByExample/rest-dsl-in-action/blob/master/readme.adoc#use-case---add-roles Your remarks and comments are welcome Regards, -- Charles Moulliard Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat cmoulliard at redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - Belgium twitter: @cmoulliard | blog: cmoulliard.github.io committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm, deltaspike -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150921/b93bd0d2/attachment.html From guydavis.ca at gmail.com Wed Sep 30 15:20:09 2015 From: guydavis.ca at gmail.com (Guy Davis) Date: Wed, 30 Sep 2015 13:20:09 -0600 Subject: [Apiman-user] Apiman 1.1.8 and Wildfly 9? Message-ID: Good day, I'm currently using Keycloak 1.5.0 (on Wildfly 9) and am wondering whether APIman 1.1.8 overlay will work on Wildfly 9? Any known issues here? Thanks in advance, Guy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150930/206c0ac0/attachment-0001.html From eric.wittmann at redhat.com Wed Sep 30 16:45:21 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Wed, 30 Sep 2015 16:45:21 -0400 Subject: [Apiman-user] Apiman 1.1.8 and Wildfly 9? In-Reply-To: References: Message-ID: <560C49E1.1080206@redhat.com> There aren't any known issues.....because I haven't tried it yet. :) That said, it shouldn't be too hard to add support for WF9, and it's going to happen sooner rather than later. Would be happy to accept a PR if you wanted to give it a try! -Eric On 9/30/2015 3:20 PM, Guy Davis wrote: > Good day, > > I'm currently using Keycloak 1.5.0 (on Wildfly 9) and am wondering > whether APIman 1.1.8 overlay will work on Wildfly 9? Any known issues here? > > Thanks in advance, > Guy > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user >