January 2017 - Apiman-user - Jboss List Archives

by Marc Savy

Hi, I just pushed a (very simple) generic JWT plugin policy to master. To try it out right now you will need to build it. Just check out the apiman/apiman-plugins repo and execute `mvn clean install`. The plugin coordinates will be G: io.apiman.plugins A: apiman-plugins-jwt-policy V: 1.2.9-SNAPSHOT. It isn't yet as feature-rich as the Keycloak plugin, but you can: - Require JWT. - Require claims (e.g. sub = foo). - Require transport security (TLS, SSL). - Require JWT be cryptographically signed (aka. JWS). - Validate JWT against a provided public key. - Remove auth tokens (prevent them reaching the backend). - Set maximum clock skew. I'll expand on this shortly to add something that will hopefully add some commonly-used features from the Keycloak plugin: - Allow extraction of roles for authorization - Forward token fields as headers (e.g. X-Sub = sub) Regards, Marc

7 years, 4 months

1
2
0 / 0

Stream closed / Broken Pipe issues with custom plugin

by David Rush

Good afternoon, I'm having issues with on a production API which has started to receive high volumes of traffic. At peak volume times I see many exceptions being thrown in the logs. The stack is indicating that an error occurred in the policy chain, but when it tries to write the error to the response the connection has been closed. There seems to be a couple of flavors of IOException (broken pipe or stream closed from undertow). My plugin is calling chain.doApply(request) when it succeeds but the stack trace is indicating there is then an exception being caught in doApply(Chain.java:153). I am on version 1.2.2-Final. 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) java.io.IOException: UT010029: Stream is closed 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.undertow.servlet.spec.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:136) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.undertow.servlet.spec.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:128) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$4.write(GatewayServlet.java:406) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$4.write(GatewayServlet.java:395) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.impl.DefaultPolicyErrorWriter.write(DefaultPolicyErrorWriter.java:87) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet.writeError(GatewayServlet.java:392) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$1.handle(GatewayServlet.java:210) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$1.handle(GatewayServlet.java:157) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$wrapResultHandler$0(ApiRequestExecutorImpl.java:159) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$createPolicyErrorHandler$17(ApiRequestExecutorImpl.java:614) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.policy.Chain.throwError(Chain.java:249) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:153) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.doSuccess(PingFedOauthPolicy.java:114) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.access$100(PingFedOauthPolicy.java:38) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy$2.handle(PingFedOauthPolicy.java:193) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy$2.handle(PingFedOauthPolicy.java:174) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.components.HttpClientRequestImpl.end(HttpClientRequestImpl.java:140) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.retrieveAccessTokenFromPing(PingFedOauthPolicy.java:232) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.retrieveAccessTokenFromPing(PingFedOauthPolicy.java:174) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.doApply(PingFedOauthPolicy.java:83) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.doApply(PingFedOauthPolicy.java:38) My plugin is making either an external request to ElasticSearch or an HTTP request using IHttpClientComponent and then calling chain.doApply or chain.doFailure from within the IAsyncResultHandler handle method. Is there a problem with that pattern? Any help you can provide would be great. Thanks, [IHS Markit]<https://ihsmarkit.com/> David Rush Director, API Development | Markit Digital 5775 Flatiron Parkway | Boulder, CO 80301 P: +1 303 583 4244 Main: +1 303 417 9999 david.rush(a)ihsmarkit.com<mailto:david.rush@ihsmarkit.com> ________________________________ This e-mail, including accompanying communications and attachments, is strictly confidential and only for the intended recipient. Any retention, use or disclosure not expressly authorised by Markit is prohibited. This email is subject to all waivers and other terms at the following link: http://www.markit.com/en/about/legal/email-disclaimer.page Please visit http://www.markit.com/en/about/contact/contact-us.page for contact information on our offices worldwide.

7 years, 4 months

3
3
0 / 0

Stream closed / Broken Pipe issues with custom plugin

by David Rush

Good afternoon, I'm having issues with on a production API which has started to receive high volumes of traffic. At peak volume times I see many exceptions being thrown in the logs. The stack is indicating that an error occurred in the policy chain, but when it tries to write the error to the response the connection has been closed. There seems to be a couple of flavors of IOException (broken pipe or stream closed from undertow). My plugin is calling chain.doApply(request) when it succeeds but the stack trace is indicating there is then an exception being caught in doApply(Chain.java:153). I am on version 1.2.2-Final. 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) java.io.IOException: UT010029: Stream is closed 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.undertow.servlet.spec.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:136) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.undertow.servlet.spec.ServletOutputStreamImpl.write(ServletOutputStreamImpl.java:128) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$4.write(GatewayServlet.java:406) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$4.write(GatewayServlet.java:395) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.impl.DefaultPolicyErrorWriter.write(DefaultPolicyErrorWriter.java:87) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet.writeError(GatewayServlet.java:392) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$1.handle(GatewayServlet.java:210) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.GatewayServlet$1.handle(GatewayServlet.java:157) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$wrapResultHandler$0(ApiRequestExecutorImpl.java:159) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.impl.ApiRequestExecutorImpl.lambda$createPolicyErrorHandler$17(ApiRequestExecutorImpl.java:614) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.policy.Chain.throwError(Chain.java:249) 2017-01-05 18:28:49,095 ERROR [stderr] (default task-17) at io.apiman.gateway.engine.policy.Chain.doApply(Chain.java:153) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.doSuccess(PingFedOauthPolicy.java:114) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.access$100(PingFedOauthPolicy.java:38) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy$2.handle(PingFedOauthPolicy.java:193) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy$2.handle(PingFedOauthPolicy.java:174) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at io.apiman.gateway.platforms.servlet.components.HttpClientRequestImpl.end(HttpClientRequestImpl.java:140) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.retrieveAccessTokenFromPing(PingFedOauthPolicy.java:232) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.retrieveAccessTokenFromPing(PingFedOauthPolicy.java:174) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.doApply(PingFedOauthPolicy.java:83) 2017-01-05 18:28:49,096 ERROR [stderr] (default task-17) at com.markit.ondemand.auth.apiman.plugins.pingfed_oauth_policy.PingFedOauthPolicy.doApply(PingFedOauthPolicy.java:38) My plugin is making either an external request to ElasticSearch or an HTTP request using IHttpClientComponent and then calling chain.doApply or chain.doFailure from within the IAsyncResultHandler handle method. Is there a problem with that pattern? Any help you can provide would be great. Thanks, [IHS Markit]<https://ihsmarkit.com/> David Rush Director, API Development | Markit Digital 5775 Flatiron Parkway | Boulder, CO 80301 P: +1 303 583 4244 Main: +1 303 417 9999 david.rush(a)ihsmarkit.com<mailto:david.rush@ihsmarkit.com> ________________________________ This e-mail, including accompanying communications and attachments, is strictly confidential and only for the intended recipient. Any retention, use or disclosure not expressly authorised by Markit is prohibited. This email is subject to all waivers and other terms at the following link: http://www.markit.com/en/about/legal/email-disclaimer.page Please visit http://www.markit.com/en/about/contact/contact-us.page for contact information on our offices worldwide.

7 years, 4 months

1
0
0 / 0

How to configure CORS in APIMan? Problems with Headers in ajax

by Celso Agra

Hi all, It's me again! So, I was looking for some solutions about my issue, and I found this: https://issues.jboss.org/browse/APIMAN-516 It seems this issue still occurs with me. I tries to send some headers via ajax, and get this response: > XMLHttpRequest cannot load https://apiman.url. Response to preflight > request doesn't pass access control check: No 'Access-Control-Allow-Origin' > header is present on the requested resource. Origin ' > http://192.168.56.22:8080' is therefore not allowed access. The response > had HTTP status code 500. Here is the Response Headers: > Connection:close > Content-Type:application/json > Date:Wed, 28 Dec 2016 13:54:08 GMT > Server:Apache/2.4.18 (Ubuntu) > Transfer-Encoding:chunked > X-Gateway-Error:API not public. > X-Powered-By:Undertow/1 and Here is the Request Headers: > Accept:*/* > Accept-Encoding:gzip, deflate, sdch, br > Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4 > Access-Control-Request-Headers:authorization, x-api-key > Access-Control-Request-Method:GET > Connection:keep-alive > Host: apiman.url > Origin:http://192.168.56.22:8080 > Referer:http://192.168.56.22:8080/app > User-Agent:Mozilla/5.0 ... > Query String Parameters > view source > view URL encoded Does anyone has the same problem? Best regards, -- --- *Celso Agra*

7 years, 4 months

2
1
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Apiman-user January 2017