August 2015 - Apiman-user - Jboss List Archives

by Marc Savy

The error information implies you need to add 'Accept' as well as 'Authorization' in Access-Control-Allow-Headers Also ensure GET is allowed in Access-Control-Allow-Methods That's what I'd infer from the response your browser gave On 19/08/2015 18:22, Fadi Abdin wrote: > The authorization header seems got cut off .. here is it attached > > On Wed, Aug 19, 2015 at 1:20 PM, Fadi Abdin <fadiabdeen(a)gmail.com > <mailto:fadiabdeen@gmail.com>> wrote: > > Hey Marc, > > Still no luck :( , i just got a fresh setup : > > XMLHttpRequest cannot load > http://localhost:8080/apiman-gateway/express/testcors/1.0. No > 'Access-Control-Allow-Origin' header is present on the requested > resource. Origin 'http://fadiabdeen.github.io' is therefore not > allowed access. The response had HTTP status code 403. > > Here is snapshots .. is there anything you see wrong ? > > > > > > 1. > Remote Address: > 127.0.0.1:8080 <http://127.0.0.1:8080> > 2. > Request URL: > http://localhost:8080/apiman-gateway/express/testcors/1.0 > 3. > Request Method: > OPTIONS > 4. > Status Code: > 403 Forbidden > 1. Response Headersview source > 1. > Access-Control-Max-Age: > 0 > 2. > Connection: > keep-alive > 3. > Content-Length: > 149 > 4. > Content-Type: > application/json > 5. > Date: > Wed, 19 Aug 2015 17:15:34 GMT > 6. > Server: > WildFly/8 > 7. > X-Policy-Failure-Code: > 400 > 8. > X-Policy-Failure-Message: > CORS: Requested header not allowed > 9. > X-Policy-Failure-Type: > Authorization > 10. > X-Powered-By: > Undertow/1 > 2. Request Headersview source > 1. > Accept: > */* > 2. > Accept-Encoding: > gzip, deflate, sdch > 3. > Accept-Language: > en-US,en;q=0.8,ar;q=0.6 > 4. > Access-Control-Request-Headers: > accept, authorization > 5. > Access-Control-Request-Method: > GET > 6. > Connection: > keep-alive > 7. > Host: > localhost:8080 > 8. > Origin: > http://fadiabdeen.github.io > 9. > Referer: > http://fadiabdeen.github.io/keycloak-oauth/public_html/?code=P9o9yTC1ZiZQ... > 10. > User-Agent: > Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.155 > Safari/537.36 > > Name > > > > > refresh > 1.0 > > > > > > > > > On Wed, Aug 19, 2015 at 12:45 PM, Marc Savy <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com>> wrote: > > In many cases people are using non-browser applications (e.g. > mobile, B2B, Java app...) which don't use CORS, so I don't think > they are necessarily concomitant in all circumstances. > > Certainly makes sense to document things if people are unaware. > > On 19/08/2015 17:36, Fadi Abdin wrote: > > I think there is no need to relay on the API for the cors > since it can > be handled in the APIMan , but maybe something need to be > indicated that > the CORS Plugin must be installed and setup . at least in > the UI , and > ideally get installed with the Oauth plugin (keycloak) if > its not there. > > > > On Wed, Aug 19, 2015 at 11:58 AM, Marc Savy > <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>>> > wrote: > > I agree - I don't see any compelling reason to add that > kind of > complexity for that case. I'm willing to be convinced, > though. > > On 19/08/2015 16:55, Eric Wittmann wrote: > > That is exactly what I was getting at. If you have > apiman performing > > authentication, then apiman MUST ALSO perform CORS > for you. > Specifically > > for the reason you say: we don't want to skip > authentication for > > OPTIONS requests. > > > > That said, we *could* add another option to all the > authentication > > policies, allowing auth to be skipped for specific > VERBs. That > could be > > a reasonable feature. I don't think I'm in favor of > it though. > > > > Instead, CORS functionality should be moved out of > the back-end > system > > and handled in apiman. > > > > -Eric > > > > On 8/19/2015 11:23 AM, Marc Savy wrote: > > > I think case being suggested here is slightly > different - > > > > > > This is one where someone has selected an Auth > policy on the > gateway, > > > but *not* a CORS policy - instead their back-end > service > supports CORS > > > and they want the service to handle the preflight > request directly. > > > Should we pipeline the CORS preflight request > through to the > backend in > > > that case (i.e. bypass auth)? I'd say no, probably. > > > > > > Perhaps that's what you were getting at already! > > > > > > On 19/08/2015 14:16, Eric Wittmann wrote: > > >> I think that if apiman is being asked to do > Authentication > *and* CORS is > > >> required by the client, then apiman will have to > do both. > > >> > > >> I think that's desirable anyway - it allows the > back end service > > >> implementation to not worry about supporting > CORS. It's a > win-win. > > >> > > >> -Eric > > >> > > >> On 8/19/2015 9:09 AM, Marc Savy wrote: > > >> > What you're doing will always require a CORS > preflight > request (due to > > >> > the non-simple headers), and I'm not sure it > makes sense for > us as an > > >> > API gateway to funnel through CORS Preflight > requests to the > service > > >> > by default. It complicates things when you > start thinking about > > >> > metering, security, etc. > > >> > > > >> > Eric, what do you think? > > >> > > > >> > On 19/08/2015 14:02, Fadi Abdin wrote: > > >> >> So what it seems like is that we have to use > CORS Policy > and add it > > >> >> before the Keycloak authentication policy in > order for my > > >> preflight to > > >> >> pass .. thats the part i was missing > completely . i'm not > sure if its > > >> >> should be considered a bug or flexibility to > do what we > want .. But > > >> >> thanks for the explaination Marc. > > >> >> > > >> >> Anyway .. i'm still having a problem with CORS > Policy, > probably I > > >> just > > >> >> dont have the latest code. i added some > details to the JIRA > ticket > > >> >> > > >> >> On Wed, Aug 19, 2015 at 5:53 AM, Marc Savy > <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>> wrote: > > >> >> > > >> >> I replicated your set up as far as I > could, and I couldn't > > >> >> replicate > > >> >> your issue (perhaps your CORS setup is > wrong?). Please > see the > > >> JIRA > > >> >> comments and screenshots - > > >> >> https://issues.jboss.org/browse/APIMAN-516 > > >> >> > > >> >> Either way, I also fixed a bug unrelated > to your > problem, so > > >> please > > >> >> re-build the plugins before trying again :-). > > >> >> > > >> >> On 18/08/2015 19:25, Fadi Abdin wrote: > > >> >> > > >> >> It did not work . > > >> >> > > >> >> I setup everything they way you told > me Marc and i'm > > >> testing it > > >> >> on my > > >> >> local. > > >> >> It seems its sending that preflight > OPTIONS and > coming back > > >> >> with > > >> >> 401 still > > >> >> > > >> >> On Tue, Aug 18, 2015 at 10:48 AM, > Fadi Abdin > > >> >> <fadiabdeen(a)gmail.com > <mailto:fadiabdeen@gmail.com> > <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com>> <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com> > <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com>>> > > >> >> <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com> > <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com>> <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com> > <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com>>>>> > > >> >> wrote: > > >> >> > > >> >> I'm still working on it :( .. i > had to give > the network > > >> >> guys few ip > > >> >> addresses to whitelist so i can > mvn install > .. ... > > >> almost > > >> >> there. > > >> >> > > >> >> On Tue, Aug 18, 2015 at 9:46 AM, > Marc Savy > > >> >> <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>>> wrote: > > >> >> > > >> >> My pleasure! Did it work? > > >> >> > > >> >> On 17/08/2015 16:38, Fadi > Abdin wrote: > > >> >> > > >> >> cool .. you're the man ;) > > >> >> > > >> >> > > >> >> On Mon, Aug 17, 2015 at > 11:37 AM, > Marc Savy > > >> >> <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>> > > >> >> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>>>> > > >> >> wrote: > > >> >> > > >> >> I'm actually > testing the fix > right now. It > > >> >> will land > > >> >> both on the 1.2.x > > >> >> branch and the > 1.1.x branch > shortly. You > > >> >> should be able > > >> >> to test it out > > >> >> in a short while: > I'll send you > an email > > >> >> when it's > > >> >> available. > > >> >> > > >> >> On 17/08/2015 > 16:23, Fadi Abdin > wrote: > > >> >> > > >> >> Thank you Marc, > > >> >> Is there a work > around that > you can > > >> >> think of ? > > >> >> I'm doing it > with angularjs > , very > > >> >> simple > > >> >> > > >> >> $http({method: > 'GET', url: > > >> >> > 'http://server/apiman-gateway/service', > > >> >> headers: { > > >> >> > 'Authorization': 'Bearer > > >> >> XXXXXXXXXXXXX'} > > >> >> }); > > >> >> > > >> >> I assume you > will fix it in > the new > > >> >> version , right? > > >> >> > > >> >> > > >> >> > > >> >> On Mon, Aug 17, > 2015 at > 10:52 AM, Marc > > >> >> Savy > > >> >> > <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>> > > >> >> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>>> > > >> >> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> > > >> >> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> > > >> >> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>>>>> wrote: > > >> >> > > >> >> Hi, > > >> >> > > >> >> This is > related to the > JIRA I > > >> linked > > >> >> you to > > >> >> > > >> >> > (https://issues.jboss.org/browse/APIMAN-516). > > >> >> Because of > > >> >> the way the > > >> >> policy > chain currently > works the > > >> >> behaviour of > > >> >> CORS is > > >> >> invalid in a > > >> >> few very > specific cases > (e.g. > > >> when > > >> >> you stack > > >> >> it with an auth > > >> >> policy). > I'll let you > know when > > >> it's > > >> >> fixed. > > >> >> > > >> >> Regards, > > >> >> Marc > > >> >> > > >> >> On > 17/08/2015 15:44, > Fadi Abdin > > >> >> wrote: > > >> >> > > >> >> I have > a problem in > calling a > > >> >> service in > > >> >> apiman-gateway > > >> >> with the > > >> >> > Authorization: Bearer > > >> <token> in > > >> >> the header. > > >> >> > > >> >> It > seems to > preflight OPTIONS > > >> >> and > > >> >> return > > >> >> > > >> >> 1. > > >> >> > > >> X-Policy-Failure-Message: > > >> >> > OAuth2 > 'Authorization' > > >> >> header or > > >> >> 'access_token' query > > >> >> > parameter must > > >> >> > be provided. > > >> >> > > >> >> I am > sending the > bearer token > > >> >> with the > > >> >> request and i > > >> >> make sure > > >> >> in the > > >> >> > preflight its sent > in the > > >> >> request. > > >> >> > > >> >> 1. > > >> >> > > >> >> Access-Control-Request-Headers: > > >> >> > accept, > authorization > > >> >> > > >> >> Does > anyone know if > there Is > > >> >> something i'm > > >> >> missing ? > > >> >> do i need > > >> >> to get > > >> >> > authorization > enabled or > > >> added > > >> >> anywhere ? > > >> >> as a side > > >> >> note i have > > >> >> below in > > >> >> my api > as well: > > >> >> > > >> >> > > >> >> > > >> >> response.setHeader("Access-Control-Allow-Headers", > > >> >> "Authorization"); > > >> >> > > >> >> > > >> >> > > >> >> > > >> _______________________________________________ > > >> >> > Apiman-user mailing > list > > >> >> Apiman-user(a)lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>>>>> > > >> >> > https://lists.jboss.org/mailman/listinfo/apiman-user > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> > > > >> > _______________________________________________ > > >> > Apiman-user mailing list > > >> > Apiman-user(a)lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> > > https://lists.jboss.org/mailman/listinfo/apiman-user > > >> > > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > >

10 years, 4 months

1
0
0 / 0

Re: [Apiman-user] CORS

by Marc Savy

In many cases people are using non-browser applications (e.g. mobile, B2B, Java app...) which don't use CORS, so I don't think they are necessarily concomitant in all circumstances. Certainly makes sense to document things if people are unaware. On 19/08/2015 17:36, Fadi Abdin wrote: > I think there is no need to relay on the API for the cors since it can > be handled in the APIMan , but maybe something need to be indicated that > the CORS Plugin must be installed and setup . at least in the UI , and > ideally get installed with the Oauth plugin (keycloak) if its not there. > > > > On Wed, Aug 19, 2015 at 11:58 AM, Marc Savy <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com>> wrote: > > I agree - I don't see any compelling reason to add that kind of > complexity for that case. I'm willing to be convinced, though. > > On 19/08/2015 16:55, Eric Wittmann wrote: > > That is exactly what I was getting at. If you have apiman performing > > authentication, then apiman MUST ALSO perform CORS for you. > Specifically > > for the reason you say: we don't want to skip authentication for > > OPTIONS requests. > > > > That said, we *could* add another option to all the authentication > > policies, allowing auth to be skipped for specific VERBs. That > could be > > a reasonable feature. I don't think I'm in favor of it though. > > > > Instead, CORS functionality should be moved out of the back-end > system > > and handled in apiman. > > > > -Eric > > > > On 8/19/2015 11:23 AM, Marc Savy wrote: > > > I think case being suggested here is slightly different - > > > > > > This is one where someone has selected an Auth policy on the > gateway, > > > but *not* a CORS policy - instead their back-end service > supports CORS > > > and they want the service to handle the preflight request directly. > > > Should we pipeline the CORS preflight request through to the > backend in > > > that case (i.e. bypass auth)? I'd say no, probably. > > > > > > Perhaps that's what you were getting at already! > > > > > > On 19/08/2015 14:16, Eric Wittmann wrote: > > >> I think that if apiman is being asked to do Authentication > *and* CORS is > > >> required by the client, then apiman will have to do both. > > >> > > >> I think that's desirable anyway - it allows the back end service > > >> implementation to not worry about supporting CORS. It's a > win-win. > > >> > > >> -Eric > > >> > > >> On 8/19/2015 9:09 AM, Marc Savy wrote: > > >> > What you're doing will always require a CORS preflight > request (due to > > >> > the non-simple headers), and I'm not sure it makes sense for > us as an > > >> > API gateway to funnel through CORS Preflight requests to the > service > > >> > by default. It complicates things when you start thinking about > > >> > metering, security, etc. > > >> > > > >> > Eric, what do you think? > > >> > > > >> > On 19/08/2015 14:02, Fadi Abdin wrote: > > >> >> So what it seems like is that we have to use CORS Policy > and add it > > >> >> before the Keycloak authentication policy in order for my > > >> preflight to > > >> >> pass .. thats the part i was missing completely . i'm not > sure if its > > >> >> should be considered a bug or flexibility to do what we > want .. But > > >> >> thanks for the explaination Marc. > > >> >> > > >> >> Anyway .. i'm still having a problem with CORS Policy, > probably I > > >> just > > >> >> dont have the latest code. i added some details to the JIRA > ticket > > >> >> > > >> >> On Wed, Aug 19, 2015 at 5:53 AM, Marc Savy > <marc.savy(a)redhat.com <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> wrote: > > >> >> > > >> >> I replicated your set up as far as I could, and I couldn't > > >> >> replicate > > >> >> your issue (perhaps your CORS setup is wrong?). Please > see the > > >> JIRA > > >> >> comments and screenshots - > > >> >> https://issues.jboss.org/browse/APIMAN-516 > > >> >> > > >> >> Either way, I also fixed a bug unrelated to your > problem, so > > >> please > > >> >> re-build the plugins before trying again :-). > > >> >> > > >> >> On 18/08/2015 19:25, Fadi Abdin wrote: > > >> >> > > >> >> It did not work . > > >> >> > > >> >> I setup everything they way you told me Marc and i'm > > >> testing it > > >> >> on my > > >> >> local. > > >> >> It seems its sending that preflight OPTIONS and > coming back > > >> >> with > > >> >> 401 still > > >> >> > > >> >> On Tue, Aug 18, 2015 at 10:48 AM, Fadi Abdin > > >> >> <fadiabdeen(a)gmail.com > <mailto:fadiabdeen@gmail.com> <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com>> > > >> >> <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com> <mailto:fadiabdeen@gmail.com > <mailto:fadiabdeen@gmail.com>>>> > > >> >> wrote: > > >> >> > > >> >> I'm still working on it :( .. i had to give > the network > > >> >> guys few ip > > >> >> addresses to whitelist so i can mvn install > .. ... > > >> almost > > >> >> there. > > >> >> > > >> >> On Tue, Aug 18, 2015 at 9:46 AM, Marc Savy > > >> >> <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>> wrote: > > >> >> > > >> >> My pleasure! Did it work? > > >> >> > > >> >> On 17/08/2015 16:38, Fadi Abdin wrote: > > >> >> > > >> >> cool .. you're the man ;) > > >> >> > > >> >> > > >> >> On Mon, Aug 17, 2015 at 11:37 AM, > Marc Savy > > >> >> <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>>> > > >> >> wrote: > > >> >> > > >> >> I'm actually testing the fix > right now. It > > >> >> will land > > >> >> both on the 1.2.x > > >> >> branch and the 1.1.x branch > shortly. You > > >> >> should be able > > >> >> to test it out > > >> >> in a short while: I'll send you > an email > > >> >> when it's > > >> >> available. > > >> >> > > >> >> On 17/08/2015 16:23, Fadi Abdin > wrote: > > >> >> > > >> >> Thank you Marc, > > >> >> Is there a work around that > you can > > >> >> think of ? > > >> >> I'm doing it with angularjs > , very > > >> >> simple > > >> >> > > >> >> $http({method: 'GET', url: > > >> >> 'http://server/apiman-gateway/service', > > >> >> headers: { > > >> >> 'Authorization': 'Bearer > > >> >> XXXXXXXXXXXXX'} > > >> >> }); > > >> >> > > >> >> I assume you will fix it in > the new > > >> >> version , right? > > >> >> > > >> >> > > >> >> > > >> >> On Mon, Aug 17, 2015 at > 10:52 AM, Marc > > >> >> Savy > > >> >> <marc.savy(a)redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com> > > >> >> <mailto:marc.savy@redhat.com > <mailto:marc.savy@redhat.com>>>>>> wrote: > > >> >> > > >> >> Hi, > > >> >> > > >> >> This is related to the > JIRA I > > >> linked > > >> >> you to > > >> >> > > >> >> (https://issues.jboss.org/browse/APIMAN-516). > > >> >> Because of > > >> >> the way the > > >> >> policy chain currently > works the > > >> >> behaviour of > > >> >> CORS is > > >> >> invalid in a > > >> >> few very specific cases > (e.g. > > >> when > > >> >> you stack > > >> >> it with an auth > > >> >> policy). I'll let you > know when > > >> it's > > >> >> fixed. > > >> >> > > >> >> Regards, > > >> >> Marc > > >> >> > > >> >> On 17/08/2015 15:44, > Fadi Abdin > > >> >> wrote: > > >> >> > > >> >> I have a problem in > calling a > > >> >> service in > > >> >> apiman-gateway > > >> >> with the > > >> >> Authorization: Bearer > > >> <token> in > > >> >> the header. > > >> >> > > >> >> It seems to > preflight OPTIONS > > >> >> and > > >> >> return > > >> >> > > >> >> 1. > > >> >> > > >> X-Policy-Failure-Message: > > >> >> OAuth2 > 'Authorization' > > >> >> header or > > >> >> 'access_token' query > > >> >> parameter must > > >> >> be provided. > > >> >> > > >> >> I am sending the > bearer token > > >> >> with the > > >> >> request and i > > >> >> make sure > > >> >> in the > > >> >> preflight its sent > in the > > >> >> request. > > >> >> > > >> >> 1. > > >> >> > > >> >> Access-Control-Request-Headers: > > >> >> accept, > authorization > > >> >> > > >> >> Does anyone know if > there Is > > >> >> something i'm > > >> >> missing ? > > >> >> do i need > > >> >> to get > > >> >> authorization > enabled or > > >> added > > >> >> anywhere ? > > >> >> as a side > > >> >> note i have > > >> >> below in > > >> >> my api as well: > > >> >> > > >> >> > > >> >> > > >> >> response.setHeader("Access-Control-Allow-Headers", > > >> >> "Authorization"); > > >> >> > > >> >> > > >> >> > > >> >> > > >> _______________________________________________ > > >> >> Apiman-user mailing > list > > >> >> Apiman-user(a)lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>> > > >> >> > <mailto:Apiman-user@lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org> > > >> >> <mailto:Apiman-user@lists.jboss.org > <mailto:Apiman-user@lists.jboss.org>>>>> > > >> >> https://lists.jboss.org/mailman/listinfo/apiman-user > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> >> > > >> > > > >> > _______________________________________________ > > >> > Apiman-user mailing list > > >> > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > > >> > https://lists.jboss.org/mailman/listinfo/apiman-user > > >> > > > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user(a)lists.jboss.org <mailto:Apiman-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/apiman-user > >

10 years, 4 months

1
0
0 / 0

CORS

by Fadi Abdin

I have a problem in calling a service in apiman-gateway with the Authorization: Bearer <token> in the header. It seems to preflight OPTIONS and return 1. X-Policy-Failure-Message: OAuth2 'Authorization' header or 'access_token' query parameter must be provided. I am sending the bearer token with the request and i make sure in the preflight its sent in the request. 1. Access-Control-Request-Headers: accept, authorization Does anyone know if there Is something i'm missing ? do i need to get authorization enabled or added anywhere ? as a side note i have below in my api as well: response.setHeader("Access-Control-Allow-Headers", "Authorization");

10 years, 4 months

3
20
0 / 0

Upgrade APIMan version

by Fadi Abdin

Hello, Is there a way to update apiman version without losing keycloak and apiman configuration ? I follow the instructions on http://www.apiman.io/latest/download.html to install apiman , currently i'm on 1.1.3. I have keycloak setup with my custom realm which include LDAP connections and clients setup with their own secrets. For APIMan , i have my custom organization , services and keycloak plugin. I would like to upgrade without losing all this setup . Thanks, Fadi

10 years, 4 months

3
6
0 / 0

Note: DDL problems with apiman 1.1.6.Final

by Eric Wittmann

Hey everyone. There are a couple minor DDL problems (primarily in the postgres DDL) which snuck into version 1.1.6.Final. I will fix these and get them committed to git so you can pull them down. The ones that come with the 1.1.6.Final distribution will not work without some tweaks. FYI! -Eric

10 years, 4 months

1
0
0 / 0

Token is not active.

by Fadi Abdin

I keep getting occasional "Token is not active." on they keycloak side occasionally . its really frustrating , i cant figure out what could cause this to happen. everything seems correct. Is there caching between API Man and Keycloak i can turn off ? Have anyone seeen this behavior ? Thanks, Fadi Express.com

10 years, 4 months

5
21
0 / 0

Announcement: apiman 1.1.6.Final released

by Eric Wittmann

What's new in this release? * Quota policy (# of requests) * Transfer quota policy (# of bytes) * URL Rewriting policy * Caching policy (use with care) * Tech Preview: Vert.x 3 Gateway Impl (you'll need to build this yourself to try it!) * Application Metrics * (Optional) Send the Service Version in an HTTP Header instead of in the managed endpoint path Of course we fixed a bunch of bugs too! Have a look at the release notes: https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12314121&versi... Or as always go to the project site: http://www.apiman.io/ -Eric

10 years, 4 months

4
3
0 / 0

how apiman handles errors

by Ijlal EL HAZITI

Good morning, I'd like to know how Apiman handles errors coming from the APIs. I have Rest web Services, a ESB and Apiman on the top, no matter what the error generated by the Rest web service (404, 416, 412...) , Apiman always displays an error code 500. Why Apiman behaves this way? How can I have on apiman the same error codes as those generated by the web service? Thank you -- Cordialement IjlaL EL HAZITI *Etudiant Ingénieur Etudes et Développement* *UBO - Master Professionnel de développement à l'offshore des SI* *FSK - Master Spécialisé Qualité du Logiciel*

10 years, 4 months

2
1
0 / 0

@timestamp field

by Charles Moulliard

Hi, Do we have a @timestamp field into Elasticsearch db to plot histogram of the requests - https://www.dropbox.com/s/pnd7zh0rierbt9d/Screenshot%202015-08-07%2011.06... in Kibana ? Regards, -- Charles Moulliard Principal Solution Architect / JBoss Fuse Expert - Global Enablement @redhat cmoulliard(a)redhat.com | work: +31 205 65 12 84 | mobile: +32 473 604 014 MC-Square Business "Stockholm", Leonardo Da Vincilaan 19, Diegem 1831 - Belgium twitter: @cmoulliard <http://twitter.com/cmoulliard> | blog: cmoulliard.github.io <http://cmoulliard.github.io> committer: apache camel, karaf, servicemix, hawtio, fabric8, drools, jbpm, deltaspike

10 years, 4 months

3
2
0 / 0

ApiMan & Swagger Doc

by Charles Moulliard

Hi, The APiman GUI Web Interface allows to add the Swagger JSON/YAML - Service Defintion (https://www.dropbox.com/s/rakl089j6ylzwg9/Screenshot%202015-08-06%2013.21...). Is it used by Apiman or only present for doc purpose ? Response [13:23:04] <jcechace> ch007m, currently the late AFAIK [13:23:07] <jcechace> later * [13:34:33] <msavy> ch007m: presently it'll show you nice API docs based upon the swagger doc - however, we're looking at how we might evolve that in future [13:34:56] <msavy> e.g. testing the api Question : Where can I see from the ApiMan the API docs based upon the swagger doc ? Idea : As Swagger API allows to define authorization, that could be interesting to import the Swagger Doc of a service in order to generate the services. Regards, Charles

10 years, 4 months

3
3
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Apiman-user August 2015