apiman and OAuth
by Eric Wittmann
Hi Michael,
Len DiMaggio forwarded me your question about OAuth and apiman. The short answer is that we have a plugin (targeted for apiman 1.1.0) that adds support for authenticating via Keycloak OAuth bearer token. Some links:
The plugin: https://github.com/apiman/apiman-plugins/tree/master/keycloak-oauth-policy
Keycloak: http://keycloak.jboss.org/
Once we release version 1.1 in a month or so, you will be able to simply add the Keycloak OAuth Policy Plugin to apiman via the apiman admin UI using the official version of the plugin. For now you would need to built it from source (mvn clean install) so that the SNAPSHOT version is available in your .m2 directory. If you do that, you can add it to your apiman installation to try it out:
GroupId: io.apiman.plugins
ArtifactId: apiman-plugins-keycloak-oauth-policy
Version: 1.1.0-SNAPSHOT
This policy works with keycloak - so all it does is validate the OAuth bearer token in the request, using the Keycloak Realm Name and Realm Key (which is configured when the policy is set up in apiman).
apiman does not issue OAuth tokens - we rely on keycloak for that.
If you have an existing OAuth solution, you would need to write a custom plugin to authenticate the OAuth bearer token issued by your OAuth solution of choice. It should be easy to do that by following the example in github.
I hope that helps!
-Eric
9 years, 10 months
Help with migrating to use postgres v2
by Anton Hughes
Hi all
This is following on from a previous thread related to migrating from h2 to
postgres.
Thanks to Ruben who answered my previous question, related to roles.
I now see that there is a lot of setup to do, such as setting up:
- gateway
- plugins
- policy definitions.
Does anyone know of a simply way to migrate data from h2 to postgres?
Or is there away to populate postgres with the above, default,
values/settings?
Thanks and regards
Anton
9 years, 10 months
Announcement: New Release - 1.0.3.Final
by Eric Wittmann
Hey everyone. We're happy to announce that we have released apiman
version 1.0.3.Final. This release is primarily a bug-fix release, but
it does have a couple of interesting new features as well.
In particular there is now back-end support for storing a Service
Definition Document with each Service. This is not yet supported in the
UI, unfortunately. But the idea is that a Service Provider will be able
to store, for example, a Swagger spec or a WSDL with their service.
That file can serve as documentation for the service, eventually with UI
support for browsing the Service Definition.
Additionally we have a new CORS policy available as a plugin:
Group ID: io.apiman.plugins
Artifact ID: apiman-plugins-cors-policy
Version: 1.0.3.Final
You can add that plugin to your apiman installation and then enable CORS
support for your services by adding the CORS policy!
Full release notes can be found here:
https://issues.jboss.org/secure/ReleaseNote.jspa?projectId=12314121&versi...
And of course as always, you can find the latest apiman release here:
http://www.apiman.io/latest/
9 years, 10 months
Help with migrating to use postgres
by Anton Hughes
Hi
We have been testing Apiman - and are really impressed with it!
We are now looking to move to use postgres db.
We are following the documentation on
http://www.apiman.io/latest/installation-guide.html#_api_manager_database -
and it looks like database and all tables are created correctly.
However, when I login as admin, and try to add an organization, I get the
following, below error.
Does anyone know the cause - and how to solve this?
Thanks and regards
Server Error!
Oh boy. This one is totally on us. Something really unexpected happened on
the server and caused an error. It's not you, it's me. Really. You could
probably just try it again and see what happens. If it keeps on happening
you may need to contact someone about it.
Error Message
Error Details
io.apiman.manager.api.rest.contract.exceptions.SystemErrorException:
No auto-grant roles have been configured. Please create at least one
auto-grant role.
at io.apiman.manager.api.rest.impl.OrganizationResourceImpl.create(OrganizationResourceImpl.java:180)
at io.apiman.manager.api.rest.impl.OrganizationResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown
Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
at io.apiman.manager.api.security.impl.DefaultSecurityContextFilter.doFilter(DefaultSecurityContextFilter.java:56)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at org.overlord.commons.gwt.server.filters.SimpleCorsFilter.doFilter(SimpleCorsFilter.java:71)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:61)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler.handleRequest(UndertowAuthenticatedActionsHandler.java:66)
at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:56)
at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:45)
at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:63)
at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:70)
at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler.java:69)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:261)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:247)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:76)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:166)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:759)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
--
*Anton Hughes*
9 years, 10 months