August 2015 - Apiman-user - Jboss List Archives

by Tim Dudgeon

Hi I've been looking into apiman and like what I see, but have a conceptual question about its usage. I need something to manage the end users of my applications, not just the people who are developing and managing those applications. Is apiman suitable for this? e.g. each actual user of the applications would register to apiman and use their own access keys. I need this as I will want to handle metrics and usage on the level of the individual user. Also, if this was to be a sensible approach how does one configure the registration process. I understand apiman is using keycloak for this, but I see no link in the UI to configure keycloak. And I would need a way that new users could automatically be assigned to an organisation (e.g. a default organisation, or a specific one based on their email address). Tim

8 years, 6 months

4
13
0 / 0

Creating resources using Docker image

by Arun Gupta

I've created a Dockerfile [1] that will attempt to create different resources. Is there any standard format where I can drop <organization>.yml in a pre-defined directory and API Man will read the resources defined there and create them? This will simplify how the resources are created using Docker. The samples at [2] do not show that. [1] https://github.com/arun-gupta/microservices/blob/master/microservice/dock... [2] https://registry.hub.docker.com/u/jboss/apiman-wildfly/ Arun -- http://blog.arungupta.me http://twitter.com/arungupta

8 years, 6 months

5
18
0 / 0

HTTP Methods

by Fadi Abdin

Hey Eric / Marc, Everything going good so far with the CORS fix but guessing there is something still, or maybe i'm doing something wrong ( it always happened to me ). I have setup my CORS Policy in API Man and included "Access-Control-Allow-Methods" : "OPTIONS","GET","POST","DELETE",'PUT". But i get a 403 and "CORS: Invalid preflight request; must use OPTIONS verb." on ANY service that is not GET. OPTIONS Header : 1. Remote Address: 172.26.209.66:443 2. Request URL: https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... 3. Request Method: OPTIONS 4. Status Code: 200 OK 1. Response Headersview source 1. Access-Control-Allow-Headers: Accept, Authorization, Head 2. Access-Control-Allow-Methods: OPTIONS, GET, POST, DELETE, PUT 3. Access-Control-Allow-Origin: http://localhost:8383 4. Access-Control-Max-Age: 0 5. Connection: keep-alive 6. Date: Thu, 27 Aug 2015 18:44:39 GMT 7. Server: WildFly/8 8. Transfer-Encoding: chunked 9. X-Powered-By: Undertow/1 2. Request Headersview source 1. Accept: */* 2. Accept-Encoding: gzip, deflate, sdch 3. Accept-Language: en-US,en;q=0.8,ar;q=0.6 4. Access-Control-Request-Headers: accept, authorization 5. Access-Control-Request-Method: POST 6. Cache-Control: no-cache 7. Connection: keep-alive 8. Host: dev-internal-api.expdev.local 9. Origin: http://localhost:8383 10. Pragma: no-cache 11. Referer: http://localhost:8383/keycloak-oauth/index.html?code=1SnLPvM2b4cuXeMp3w8s... POST HEADER 1. Remote Address: 172.26.209.66:443 2. Request URL: https://dev-internal-api.expdev.local/apiman-gateway/express/integration/... 3. Request Method: POST 4. Status Code: 403 Forbidden 1. Response Headersview source 1. Access-Control-Allow-Origin: http://localhost:8383 2. Connection: keep-alive 3. Content-Length: 195 4. Content-Type: application/json 5. Date: Thu, 27 Aug 2015 18:44:39 GMT 6. Server: WildFly/8 7. X-Policy-Failure-Code: 400 8. X-Policy-Failure-Message: CORS: Invalid preflight request; must use OPTIONS verb. 9. X-Policy-Failure-Type: Authorization 10. X-Powered-By: Undertow/1 2. Request Headersview source 1. Accept: application/json, text/plain, */* 2. Accept-Encoding: gzip, deflate 3. Accept-Language: en-US,en;q=0.8,ar;q=0.6 4. Authorization: Bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJkYTI.................................qoQRgKQ 5. Cache-Control: no-cache 6. Connection: keep-alive 7. Content-Length: 0 8. Host: dev-internal-api.expdev.local 9. Origin: http://localhost:8383 10. Pragma: no-cache 11. 12.

8 years, 7 months

4
8
0 / 0

Apiman & Keycloak

by Charles Moulliard

Hi, I have already asked this question but I need some help to figure out what are the steps required to setup Oauth 2 with Keycloak as I'm preparing a demo (https://github.com/FuseByExample/rest-dsl-in-action) covering the point about how to secure & govern Camel REST DSL endpoints on JBoss Fuse using Apiman & Keycloak ? I just need the list of the steps to perform from the Web Site. Base on the input, I will take some screenshots and include the instructions within the demo content. Such input could be reused to write a blog article too ;-) Regards, Charles

8 years, 7 months

4
6
0 / 0

Help with ApiMan oAuth2 plugin tutorial

by Rafael Soares

Hello all! I'm trying to follow the tutorial for the oAuth2 plugin [1] but I had some issues. The authentication policy worked fine! After adding the second policy (Authorization) I get the following response error HTTP/1.1 500 Internal Server Error Connection: keep-alive Content-Length: 238 Content-Type: application/json Date: Tue, 25 Aug 2015 21:12:31 GMT Server: WildFly/8 X-Policy-Failure-Code: 10010 X-Policy-Failure-Message: No roles have been extracted during authentication. Make sure the authorization policy comes *after* a compatible authentication policy in your configuration. X-Policy-Failure-Type: Other X-Powered-By: Undertow/1 { "failureCode": 10010, "headers": {}, "message": *"No roles have been extracted during authentication. Make sure the authorization policy comes *after* a compatible authentication policy in your configuration.*", "responseCode": 0, "type": "Other" } but my JWT access_token appears to be right. I mean, I can see the roles in it. See my access_toke decoded: { "preferred_username": "rincewind", "name": "", "resource_access": { "account": { "roles": [ "manage-account", "view-profile" ] } }, "*realm_access": { * * "roles": [ * * "echomeister"* * ] * * }*, "allowed-origins": [], "client_session": "b25536e6-4331-46fd-afe1-b0adf766b533", "session_state": "213e75e1-bf8b-4f0c-808e-683fb3a4c1de", "jti": "43c59d9a-b659-4708-a1da-968ea23004d7", "exp": 1440536956, "nbf": 0, "iat": 1440536656, "iss": "http://127.0.0.1:8080/auth/realms/stottie", "aud": "apiman", "sub": "de4af322-85b2-4dbe-8d53-6a2ee29e4080", "azp": "apiman" } As you can see the "*echomeister*" realm_role is there... What this response message means? [1] http://www.apiman.io/blog/gateway/security/oauth2/keycloak/authentication... ________________________ Rafael Torres Coelho Soares

8 years, 8 months

2
2
0 / 0

PKI Compatibility

by Brooks Isoldi

Hi all, Does APIMan have the ability to validate inbound HTTPS requests with custom signed certificates to consume a service via a PKI service? So...a network where all internal traffic is encrypted with SSL, signed via an internal PKI service. The request to APIMan to consume the service would be via HTTPS and I am hoping APIMan can: - Validate the request based on the certificate and PKI service - Validate the request based on the rate limiting rules - Consume the service or reject the request accordingly Thanks! -- Brooks Isoldi, Software Developer Traversed 7164 Columbia Gateway Drive, Suite 120A Columbia, MD 21046

8 years, 8 months

2
1
0 / 0

Announce: Release 1.1.7.Final

by Eric Wittmann

Hi everyone. From now on we're only going to be fixing bugs in the 1.1.x line of apiman. To that end, a new release just went out today (1.1.7.Final): http://www.apiman.io/latest/ All feature work going forward will be put on the 1.2.x line. How many more 1.1.x releases will there be? Great question! I guess that depends on how many bugs we find! Get some eyeballs on there and let's shake them all out. -Eric

8 years, 8 months

1
0
0 / 0

Plugins

by Fadi Abdin

I have setup the DEV server with 1.1.7-SNAPSHOT. but for some reason , i can not install plugins on apimanui . Before mvn clean install , i cleaned up my .m2 folder then built the apiman and the apiman-plugns , then got everything configured and started it , everything seems to be working fine but when installing the plugins i get 404 .. here are snapshots Any idea what should i do ??

8 years, 8 months

3
8
0 / 0

Re: [Apiman-user] CORS

by Eric Wittmann

https://issues.jboss.org/browse/APIMAN-624 On 8/19/2015 2:19 PM, Fadi Abdin wrote: > Yes, i'm using just the defaults. > I wont be able to wait .. I'm getting a lot of pressure to have > something stable asap.

8 years, 8 months

1
0
0 / 0

Re: [Apiman-user] CORS

by Eric Wittmann

What database are you using? The default h2 database? If you're going into production with apiman I would not recommend using h2. I'm currently working on a "apiman in production" guide that should be available this week. Ultimately it's likely going to be rather challenging to migrate existing data from older versions to newer ones until we support such a feature directly in apiman. Also note - version 1.1.7.Final should get released next week I think - so you may be able to wait for that rather than build everything yourself from scratch. -Eric On 8/19/2015 2:05 PM, Fadi Abdin wrote: > Yup , that was it .. Thanks for your help Marc ... .. > > I think i'm good now. But i still need an advice. > > I need to get everything to work on our DEV and QA environments and > since the fix is on 1.1.7-SNAPSHOT , i will need to do the same on the > environments. and then later i need to upgrade to the new version. > > Now, the servers got 1.1.3-Final, and everything configured . > > What would you do ? its a lot of re-work since there is no import export > , and also a lot of work for the developers if they going to change > their code to update their keys and service endpoints. > >

8 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Apiman-user August 2015