From eric.wittmann at redhat.com Sat Apr 11 09:35:20 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Sat, 11 Apr 2015 09:35:20 -0400 Subject: [Apiman-user] New Release: 1.1.0.Final Message-ID: <55292318.90901@redhat.com> Hello everyone! Today we released apiman version 1.1.0.Final. There are many new features/changes in this release, including but not limited to: * Support for Elasticsearch as the storage provider for the API Manager * Support for Elasticsearch for various API Gateway components * New Keycloak based OAuth2 authentication policy * The UI is now written entirely in angularjs instead of GWT That last bullet point took a lot of work, which is why there was such a delay between our last 1.0.x release and this first 1.1.0.Final release. Now that the UI work is done, we can get back to the business of frequently releasing new incremental features! -Eric From mail at dekies.de Mon Apr 13 06:02:36 2015 From: mail at dekies.de (Dennis Kieselhorst) Date: Mon, 13 Apr 2015 12:02:36 +0200 Subject: [Apiman-user] Getting Started (Docker): Invalid redirect_uri Message-ID: <552B943C.1020709@dekies.de> Hi, I'd like to give apiman a try, so I pulled the docker image and started it as described here: http://www.apiman.io/latest/download.html The link to apiman UI seems to be wrong in the docs (http://localhost:8080/apimanui/ results in 404, http://localhost:8080/apiman/ is working). However a login screen doesn't appear, I'm redirected to /auth which results in: We're sorry... Invalid redirect_uri. Am I missing something? Cheers Dennis From marc.savy at redhat.com Mon Apr 13 06:18:23 2015 From: marc.savy at redhat.com (Marc Savy) Date: Mon, 13 Apr 2015 11:18:23 +0100 Subject: [Apiman-user] Getting Started (Docker): Invalid redirect_uri In-Reply-To: <552B943C.1020709@dekies.de> References: <552B943C.1020709@dekies.de> Message-ID: <552B97EF.7050602@redhat.com> Hi Dennis, With regards to your inability to find /apimanui/, it looks like a mistake has been made and the dockerhub image hasn't been uploaded for the latest release (i.e. it's still the 1.0.3 release, and hence the manager will be on the old address of /apiman-manager/). I'll do what I can to get this fixed ASAP; many thanks for letting us know! With regards to /apiman/ - that is the Manager's API REST endpoint. You can do everything you can achieve in the Manager UI directly via this REST API. Regards, Marc On 13/04/2015 11:02, Dennis Kieselhorst wrote: > Hi, > > I'd like to give apiman a try, so I pulled the docker image and started > it as described here: http://www.apiman.io/latest/download.html > > The link to apiman UI seems to be wrong in the docs > (http://localhost:8080/apimanui/ results in 404, > http://localhost:8080/apiman/ is working). However a login screen > doesn't appear, I'm redirected to /auth which results in: We're sorry... > Invalid redirect_uri. > > Am I missing something? > > Cheers > Dennis > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From marc.savy at redhat.com Mon Apr 13 09:59:03 2015 From: marc.savy at redhat.com (Marc Savy) Date: Mon, 13 Apr 2015 14:59:03 +0100 Subject: [Apiman-user] Getting Started (Docker): Invalid redirect_uri In-Reply-To: <552B97EF.7050602@redhat.com> References: <552B943C.1020709@dekies.de> <552B97EF.7050602@redhat.com> Message-ID: <552BCBA7.8050202@redhat.com> This has now been fixed, thanks for letting me know, Dennis. On 13/04/2015 11:18, Marc Savy wrote: > Hi Dennis, > > With regards to your inability to find /apimanui/, it looks like a > mistake has been made and the dockerhub image hasn't been uploaded for > the latest release (i.e. it's still the 1.0.3 release, and hence the > manager will be on the old address of /apiman-manager/). I'll do what I > can to get this fixed ASAP; many thanks for letting us know! > > With regards to /apiman/ - that is the Manager's API REST endpoint. You > can do everything you can achieve in the Manager UI directly via this > REST API. > > Regards, > Marc > > On 13/04/2015 11:02, Dennis Kieselhorst wrote: > > Hi, > > > > I'd like to give apiman a try, so I pulled the docker image and started > > it as described here: http://www.apiman.io/latest/download.html > > > > The link to apiman UI seems to be wrong in the docs > > (http://localhost:8080/apimanui/ results in 404, > > http://localhost:8080/apiman/ is working). However a login screen > > doesn't appear, I'm redirected to /auth which results in: We're sorry... > > Invalid redirect_uri. > > > > Am I missing something? > > > > Cheers > > Dennis > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From marc.savy at redhat.com Mon Apr 13 10:00:02 2015 From: marc.savy at redhat.com (Marc Savy) Date: Mon, 13 Apr 2015 15:00:02 +0100 Subject: [Apiman-user] Getting Started (Docker): Invalid redirect_uri In-Reply-To: <552BCBA7.8050202@redhat.com> References: <552B943C.1020709@dekies.de> <552B97EF.7050602@redhat.com> <552BCBA7.8050202@redhat.com> Message-ID: <552BCBE2.6090008@redhat.com> To clarify - if you do the same docker pull you'll get 1.1.0.Final now, the docker config has been updated :-). On 13/04/2015 14:59, Marc Savy wrote: > This has now been fixed, thanks for letting me know, Dennis. > > On 13/04/2015 11:18, Marc Savy wrote: > > Hi Dennis, > > > > With regards to your inability to find /apimanui/, it looks like a > > mistake has been made and the dockerhub image hasn't been uploaded for > > the latest release (i.e. it's still the 1.0.3 release, and hence the > > manager will be on the old address of /apiman-manager/). I'll do what I > > can to get this fixed ASAP; many thanks for letting us know! > > > > With regards to /apiman/ - that is the Manager's API REST endpoint. You > > can do everything you can achieve in the Manager UI directly via this > > REST API. > > > > Regards, > > Marc > > > > On 13/04/2015 11:02, Dennis Kieselhorst wrote: > > > Hi, > > > > > > I'd like to give apiman a try, so I pulled the docker image and started > > > it as described here: http://www.apiman.io/latest/download.html > > > > > > The link to apiman UI seems to be wrong in the docs > > > (http://localhost:8080/apimanui/ results in 404, > > > http://localhost:8080/apiman/ is working). However a login screen > > > doesn't appear, I'm redirected to /auth which results in: We're > > sorry... > > > Invalid redirect_uri. > > > > > > Am I missing something? > > > > > > Cheers > > > Dennis > > > > > > > > > _______________________________________________ > > > Apiman-user mailing list > > > Apiman-user at lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > From alex.kieling at gmail.com Mon Apr 13 20:04:56 2015 From: alex.kieling at gmail.com (Alexandre Kieling) Date: Mon, 13 Apr 2015 21:04:56 -0300 Subject: [Apiman-user] 403 Error when creating an organization Message-ID: Hi all, I'm getting a 403 error when trying to create an organization. I'm using the 'admin' user and the latest code from master. Could someone please have a look? Alexandre Kieling -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.jboss.org/pipermail/apiman-user/attachments/20150413/bcc1fbef/attachment.html From marc.savy at redhat.com Tue Apr 14 05:13:21 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 14 Apr 2015 10:13:21 +0100 Subject: [Apiman-user] 403 Error when creating an organization In-Reply-To: References: Message-ID: <552CDA31.9010400@redhat.com> Hi Alexandre, Does the error look similar to this? https://issues.jboss.org/browse/APIMAN-384 Are you using Chrome? Can you please try Firefox? It's definitely a bug, but it seems only to trigger with certain browsers. Regards, Marc On 14/04/2015 01:04, Alexandre Kieling wrote: > Hi all, > > I'm getting a 403 error when trying to create an organization. > I'm using the 'admin' user and the latest code from master. > > Could someone please have a look? > > Alexandre Kieling > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From marc.savy at redhat.com Tue Apr 14 08:18:20 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 14 Apr 2015 13:18:20 +0100 Subject: [Apiman-user] 403 Error when creating an organization In-Reply-To: <552CDA31.9010400@redhat.com> References: <552CDA31.9010400@redhat.com> Message-ID: <552D058C.9030600@redhat.com> Could you please try the following for a temporary work-around: Edit your standalone.xml file (whichever one you're using, might be apiman-standalone.xml) and change - true + false On 14/04/2015 10:13, Marc Savy wrote: > Hi Alexandre, > > Does the error look similar to this? https://issues.jboss.org/browse/APIMAN-384 > > Are you using Chrome? Can you please try Firefox? It's definitely a bug, but it seems only to trigger with certain browsers. > > Regards, > Marc > > On 14/04/2015 01:04, Alexandre Kieling wrote: > > Hi all, > > > > I'm getting a 403 error when trying to create an organization. > > I'm using the 'admin' user and the latest code from master. > > > > Could someone please have a look? > > > > Alexandre Kieling > > > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From marc.savy at redhat.com Tue Apr 14 09:53:30 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 14 Apr 2015 14:53:30 +0100 Subject: [Apiman-user] 403 Error when creating an organization In-Reply-To: <552D058C.9030600@redhat.com> References: <552CDA31.9010400@redhat.com> <552D058C.9030600@redhat.com> Message-ID: <552D1BDA.5070302@redhat.com> I should have said, depending which one you edit, there may be no KC prefix (e.g. using server-all's standalone.xml it won't have the kc prefix, but on standalone-apiman.xml it does): standalone/configuration/standalone.xml 381: false Let me know how it goes. On 14/04/2015 13:18, Marc Savy wrote: > Could you please try the following for a temporary work-around: > > Edit your standalone.xml file (whichever one you're using, might be apiman-standalone.xml) and change > > - true > + false > > On 14/04/2015 10:13, Marc Savy wrote: > > Hi Alexandre, > > > > Does the error look similar to this? https://issues.jboss.org/browse/APIMAN-384 > > > > Are you using Chrome? Can you please try Firefox? It's definitely a bug, but it seems only to trigger with certain browsers. > > > > Regards, > > Marc > > > > On 14/04/2015 01:04, Alexandre Kieling wrote: > >> Hi all, > >> > >> I'm getting a 403 error when trying to create an organization. > >> I'm using the 'admin' user and the latest code from master. > >> > >> Could someone please have a look? > >> > >> Alexandre Kieling > >> > >> > >> _______________________________________________ > >> Apiman-user mailing list > >> Apiman-user at lists.jboss.org > >> https://lists.jboss.org/mailman/listinfo/apiman-user > >> > > > > _______________________________________________ > > Apiman-user mailing list > > Apiman-user at lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/apiman-user > > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user > From marc.savy at redhat.com Tue Apr 14 16:29:00 2015 From: marc.savy at redhat.com (Marc Savy) Date: Tue, 14 Apr 2015 21:29:00 +0100 Subject: [Apiman-user] 1.1.0.Final - Workaround for 403 forbidden errors on WebKit browsers Message-ID: <552D788C.6080202@redhat.com> Hello All, If you're having 403 forbidden problems with 1.1.0.Final when doing create operations (create org, create plan, etc), please try the following fix for now (assuming you're using one of the quickstart methods, else please adapt for your setup): - Go to: http://localhost:8080/auth/admin/master/console/#/realms/apiman/applications/ - Log in using the admin user. - Select apimanui - Set 'web origin' to http://localhost:8080 - You must first log out of any active apimanui session, then log back in, and it should now work under Chrome. Regards, Marc From marc.savy at redhat.com Fri Apr 17 05:08:37 2015 From: marc.savy at redhat.com (Marc Savy) Date: Fri, 17 Apr 2015 10:08:37 +0100 Subject: [Apiman-user] Testing feedback: apiman Oauth2 with Keycloak roles authentication Message-ID: <5530CD95.4040806@redhat.com> Hi All, I've had a few questions about doing authorization against Keycloak roles. For any brave testers out there, I'm interested to get feedback on an initial implementation of that: How to: - Build master of http://github.com/apiman/apiman-plugins locally (`mvn clean install`) - Install the plugin via the UI (or API): G io.apiman.plugins A apiman-plugins-keycloak-oauth-policy V 1.1.1-SNAPSHOT - Set everything up in Keycloak. For instance, I added an application mapping role, apiman-service => apiman-gateway-user-role and a realm role `apiman-realm-role-example`. - Set up the Keycloak Oauth policy, including the realm and application mappings you're interested in. - You might want to disable "Require Transport Security" to make your testing easier. I'm interested to hear feedback - does this fulfil your requirements, are there any additional features that are required? Regards, Marc From eric.wittmann at redhat.com Wed Apr 22 13:32:14 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Wed, 22 Apr 2015 13:32:14 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! Message-ID: <5537DB1E.2070505@redhat.com> Hey everyone. We released apiman version 1.1.1.Final. There are a few news things in this release, but the big reason to do it now was to fix a CORS problem that was causing the UI to fail in certain browsers. Some users were seeing 403 errors when creating Organizations! Thanks to Marc for tracking that down - it was a tough one. Additionally we have a new policy plugin that turns any JSON REST endpoint into a JSONP endpoint: https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy Thanks to Alexandre Kieling for contributing that to us. Much appreciated. And finally the Keycloak OAuth2 security policy now supports role based authorization. When configuring the policy you can now say what roles are required for a user to be able to access the service. Thanks to Marc for this one as well - good stuff! -Eric From christinalau28 at icloud.com Thu Apr 23 12:38:02 2015 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 23 Apr 2015 12:38:02 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: <5537DB1E.2070505@redhat.com> References: <5537DB1E.2070505@redhat.com> Message-ID: <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? Christina > On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: > > Hey everyone. We released apiman version 1.1.1.Final. There are a few > news things in this release, but the big reason to do it now was to fix > a CORS problem that was causing the UI to fail in certain browsers. > Some users were seeing 403 errors when creating Organizations! Thanks > to Marc for tracking that down - it was a tough one. > > Additionally we have a new policy plugin that turns any JSON REST > endpoint into a JSONP endpoint: > > https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy > > Thanks to Alexandre Kieling for contributing that to us. Much appreciated. > > And finally the Keycloak OAuth2 security policy now supports role based > authorization. When configuring the policy you can now say what roles > are required for a user to be able to access the service. Thanks to > Marc for this one as well - good stuff! > > -Eric > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user From eric.wittmann at redhat.com Thu Apr 23 13:07:08 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Thu, 23 Apr 2015 13:07:08 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> References: <5537DB1E.2070505@redhat.com> <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> Message-ID: <553926BC.7000609@redhat.com> All you need to do is add the plugin to apiman via the API Manager UI (as an admin). Assuming you are starting from a fresh apiman install. Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies. -Eric PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins. On 4/23/2015 12:38 PM, Christina Lau wrote: > Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? > > Christina > >> On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: >> >> Hey everyone. We released apiman version 1.1.1.Final. There are a few >> news things in this release, but the big reason to do it now was to fix >> a CORS problem that was causing the UI to fail in certain browsers. >> Some users were seeing 403 errors when creating Organizations! Thanks >> to Marc for tracking that down - it was a tough one. >> >> Additionally we have a new policy plugin that turns any JSON REST >> endpoint into a JSONP endpoint: >> >> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy >> >> Thanks to Alexandre Kieling for contributing that to us. Much appreciated. >> >> And finally the Keycloak OAuth2 security policy now supports role based >> authorization. When configuring the policy you can now say what roles >> are required for a user to be able to access the service. Thanks to >> Marc for this one as well - good stuff! >> >> -Eric >> _______________________________________________ >> Apiman-user mailing list >> Apiman-user at lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/apiman-user > From christinalau28 at icloud.com Thu Apr 23 13:39:35 2015 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 23 Apr 2015 13:39:35 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: <553926BC.7000609@redhat.com> References: <5537DB1E.2070505@redhat.com> <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> <553926BC.7000609@redhat.com> Message-ID: It didn?t seem to work, I got 404 not found error. I just entered the GAV info in the UI. {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237 )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56 )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59 )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61 )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions .InvalidPluginException: Could not find plugin. (Not found locally and could not download from remote maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java :103)\n\t... 60 more\n"} > On Apr 23, 2015, at 1:07 PM, Eric Wittmann wrote: > > All you need to do is add the plugin to apiman via the API Manager UI (as an admin). Assuming you are starting from a fresh apiman install. > > Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies. > > -Eric > > PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins. > > On 4/23/2015 12:38 PM, Christina Lau wrote: >> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? >> >> Christina >> >>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: >>> >>> Hey everyone. We released apiman version 1.1.1.Final. There are a few >>> news things in this release, but the big reason to do it now was to fix >>> a CORS problem that was causing the UI to fail in certain browsers. >>> Some users were seeing 403 errors when creating Organizations! Thanks >>> to Marc for tracking that down - it was a tough one. >>> >>> Additionally we have a new policy plugin that turns any JSON REST >>> endpoint into a JSONP endpoint: >>> >>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy >>> >>> Thanks to Alexandre Kieling for contributing that to us. Much appreciated. >>> >>> And finally the Keycloak OAuth2 security policy now supports role based >>> authorization. When configuring the policy you can now say what roles >>> are required for a user to be able to access the service. Thanks to >>> Marc for this one as well - good stuff! >>> >>> -Eric >>> _______________________________________________ >>> Apiman-user mailing list >>> Apiman-user at lists.jboss.org >>> https://lists.jboss.org/mailman/listinfo/apiman-user >> From eric.wittmann at redhat.com Thu Apr 23 13:51:36 2015 From: eric.wittmann at redhat.com (Eric Wittmann) Date: Thu, 23 Apr 2015 13:51:36 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: References: <5537DB1E.2070505@redhat.com> <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> <553926BC.7000609@redhat.com> Message-ID: <55393128.2010700@redhat.com> What version did you type into the UI? It should be: 1.1.1.Final If you try to use the -SNAPSHOT version it will likely not find it unless you compile and install it locally. -Eric On 4/23/2015 1:39 PM, Christina Lau wrote: > It didn?t seem to work, I got 404 not found error. I just entered the GAV info in the UI. > > {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy > :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions > .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n > \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io > .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl > .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl > .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl > .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget > (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker > .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237 > )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org > .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy > .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat > org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56 > )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher > .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet > .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl > .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter > .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter > (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler > .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59 > )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet > .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet > .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter > (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler > .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61 > )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet > .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers > .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler > .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler > .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler > .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler > .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler > .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security > .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow > .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler > .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java > :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat > io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler > .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler > .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest > (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler > .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler > .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler > .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler > .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest > (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest > (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler > .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler > .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) > \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java > :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler > .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler > .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler > .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow > .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor > .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor > .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions > .InvalidPluginException: Could not find plugin. (Not found locally and could not download from remote > maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry > .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin > (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java > :103)\n\t... 60 more\n"} > >> On Apr 23, 2015, at 1:07 PM, Eric Wittmann wrote: >> >> All you need to do is add the plugin to apiman via the API Manager UI (as an admin). Assuming you are starting from a fresh apiman install. >> >> Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies. >> >> -Eric >> >> PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins. >> >> On 4/23/2015 12:38 PM, Christina Lau wrote: >>> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? >>> >>> Christina >>> >>>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: >>>> >>>> Hey everyone. We released apiman version 1.1.1.Final. There are a few >>>> news things in this release, but the big reason to do it now was to fix >>>> a CORS problem that was causing the UI to fail in certain browsers. >>>> Some users were seeing 403 errors when creating Organizations! Thanks >>>> to Marc for tracking that down - it was a tough one. >>>> >>>> Additionally we have a new policy plugin that turns any JSON REST >>>> endpoint into a JSONP endpoint: >>>> >>>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy >>>> >>>> Thanks to Alexandre Kieling for contributing that to us. Much appreciated. >>>> >>>> And finally the Keycloak OAuth2 security policy now supports role based >>>> authorization. When configuring the policy you can now say what roles >>>> are required for a user to be able to access the service. Thanks to >>>> Marc for this one as well - good stuff! >>>> >>>> -Eric >>>> _______________________________________________ >>>> Apiman-user mailing list >>>> Apiman-user at lists.jboss.org >>>> https://lists.jboss.org/mailman/listinfo/apiman-user >>> > From christinalau28 at icloud.com Thu Apr 23 14:57:55 2015 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 23 Apr 2015 14:57:55 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: <55393128.2010700@redhat.com> References: <5537DB1E.2070505@redhat.com> <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> <553926BC.7000609@redhat.com> <55393128.2010700@redhat.com> Message-ID: Thanks, I changed it to 1.1.1.Final and it works. But now I have a new problem. It seems the new policy requires SSL. I get this error: >> OAuth2 token was transmitted without required transport security (TLS, SSL). Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing? > On Apr 23, 2015, at 1:51 PM, Eric Wittmann wrote: > > What version did you type into the UI? It should be: > > 1.1.1.Final > > If you try to use the -SNAPSHOT version it will likely not find it unless you compile and install it locally. > > -Eric > > On 4/23/2015 1:39 PM, Christina Lau wrote: >> It didn?t seem to work, I got 404 not found error. I just entered the GAV info in the UI. >> >> {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy >> :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions >> .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n >> \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io >> .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl >> .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl >> .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl >> .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget >> (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker >> .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237 >> )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org >> .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy >> .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat >> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56 >> )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher >> .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet >> .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl >> .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter >> .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter >> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler >> .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59 >> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet >> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet >> .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter >> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler >> .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61 >> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet >> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers >> .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler >> .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler >> .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler >> .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler >> .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler >> .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security >> .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow >> .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler >> .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java >> :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat >> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler >> .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler >> .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest >> (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler >> .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler >> .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler >> .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler >> .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest >> (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest >> (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler >> .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler >> .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java >> :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler >> .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler >> .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler >> .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow >> .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor >> .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor >> .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions >> .InvalidPluginException: Could not find plugin. (Not found locally and could not download from remote >> maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry >> .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin >> (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java >> :103)\n\t... 60 more\n"} >> >>> On Apr 23, 2015, at 1:07 PM, Eric Wittmann wrote: >>> >>> All you need to do is add the plugin to apiman via the API Manager UI (as an admin). Assuming you are starting from a fresh apiman install. >>> >>> Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies. >>> >>> -Eric >>> >>> PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins. >>> >>> On 4/23/2015 12:38 PM, Christina Lau wrote: >>>> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? >>>> >>>> Christina >>>> >>>>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: >>>>> >>>>> Hey everyone. We released apiman version 1.1.1.Final. There are a few >>>>> news things in this release, but the big reason to do it now was to fix >>>>> a CORS problem that was causing the UI to fail in certain browsers. >>>>> Some users were seeing 403 errors when creating Organizations! Thanks >>>>> to Marc for tracking that down - it was a tough one. >>>>> >>>>> Additionally we have a new policy plugin that turns any JSON REST >>>>> endpoint into a JSONP endpoint: >>>>> >>>>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy >>>>> >>>>> Thanks to Alexandre Kieling for contributing that to us. Much appreciated. >>>>> >>>>> And finally the Keycloak OAuth2 security policy now supports role based >>>>> authorization. When configuring the policy you can now say what roles >>>>> are required for a user to be able to access the service. Thanks to >>>>> Marc for this one as well - good stuff! >>>>> >>>>> -Eric >>>>> _______________________________________________ >>>>> Apiman-user mailing list >>>>> Apiman-user at lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >>>> >> From msavy at redhat.com Thu Apr 23 16:39:13 2015 From: msavy at redhat.com (Marc Savy) Date: Thu, 23 Apr 2015 16:39:13 -0400 (EDT) Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: References: <5537DB1E.2070505@redhat.com> <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> <553926BC.7000609@redhat.com> <55393128.2010700@redhat.com> Message-ID: <1211399103.4273604.1429821553601.JavaMail.zimbra@redhat.com> Hi Christina, > Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing? You'll be glad to know this is a trivial one to change; simply turn it off in the plugin's configuration page - change "Require Transport Security" to false and you should be good to go. Regards, Marc ----- Original Message ----- From: "Christina Lau" To: "Eric Wittmann" Cc: apiman-user at lists.jboss.org Sent: Thursday, 23 April, 2015 7:57:55 PM Subject: Re: [Apiman-user] News: apiman 1.1.1.Final released! Thanks, I changed it to 1.1.1.Final and it works. But now I have a new problem. It seems the new policy requires SSL. I get this error: >> OAuth2 token was transmitted without required transport security (TLS, SSL). Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing? > On Apr 23, 2015, at 1:51 PM, Eric Wittmann wrote: > > What version did you type into the UI? It should be: > > 1.1.1.Final > > If you try to use the -SNAPSHOT version it will likely not find it unless you compile and install it locally. > > -Eric > > On 4/23/2015 1:39 PM, Christina Lau wrote: >> It didn?t seem to work, I got 404 not found error. I just entered the GAV info in the UI. >> >> {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy >> :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions >> .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n >> \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io >> .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat >> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl >> .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl >> .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl >> .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget >> (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker >> .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237 >> )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org >> .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy >> .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat >> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56 >> )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher >> .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet >> .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl >> .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter >> .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter >> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler >> .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59 >> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet >> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet >> .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter >> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler >> .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61 >> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet >> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers >> .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler >> .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler >> .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler >> .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler >> .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler >> .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security >> .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow >> .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler >> .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java >> :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat >> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler >> .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler >> .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest >> (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler >> .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler >> .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler >> .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler >> .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest >> (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest >> (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler >> .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler >> .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >> \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java >> :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler >> .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler >> .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler >> .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow >> .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor >> .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor >> .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions >> .InvalidPluginException: Could not find plugin. (Not found locally and could not download from remote >> maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry >> .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin >> (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java >> :103)\n\t... 60 more\n"} >> >>> On Apr 23, 2015, at 1:07 PM, Eric Wittmann wrote: >>> >>> All you need to do is add the plugin to apiman via the API Manager UI (as an admin). Assuming you are starting from a fresh apiman install. >>> >>> Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies. >>> >>> -Eric >>> >>> PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins. >>> >>> On 4/23/2015 12:38 PM, Christina Lau wrote: >>>> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? >>>> >>>> Christina >>>> >>>>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: >>>>> >>>>> Hey everyone. We released apiman version 1.1.1.Final. There are a few >>>>> news things in this release, but the big reason to do it now was to fix >>>>> a CORS problem that was causing the UI to fail in certain browsers. >>>>> Some users were seeing 403 errors when creating Organizations! Thanks >>>>> to Marc for tracking that down - it was a tough one. >>>>> >>>>> Additionally we have a new policy plugin that turns any JSON REST >>>>> endpoint into a JSONP endpoint: >>>>> >>>>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy >>>>> >>>>> Thanks to Alexandre Kieling for contributing that to us. Much appreciated. >>>>> >>>>> And finally the Keycloak OAuth2 security policy now supports role based >>>>> authorization. When configuring the policy you can now say what roles >>>>> are required for a user to be able to access the service. Thanks to >>>>> Marc for this one as well - good stuff! >>>>> >>>>> -Eric >>>>> _______________________________________________ >>>>> Apiman-user mailing list >>>>> Apiman-user at lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >>>> >> _______________________________________________ Apiman-user mailing list Apiman-user at lists.jboss.org https://lists.jboss.org/mailman/listinfo/apiman-user From christinalau28 at icloud.com Thu Apr 23 17:55:56 2015 From: christinalau28 at icloud.com (Christina Lau) Date: Thu, 23 Apr 2015 17:55:56 -0400 Subject: [Apiman-user] News: apiman 1.1.1.Final released! In-Reply-To: <1211399103.4273604.1429821553601.JavaMail.zimbra@redhat.com> References: <5537DB1E.2070505@redhat.com> <4BF731DD-AAF1-4D52-A3F2-B9377AB2002D@icloud.com> <553926BC.7000609@redhat.com> <55393128.2010700@redhat.com> <1211399103.4273604.1429821553601.JavaMail.zimbra@redhat.com> Message-ID: Hi Marc, yes that works. Thanks.. Looking good, will do more testing :-). > On Apr 23, 2015, at 4:39 PM, Marc Savy wrote: > > Hi Christina, > >> Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing? > > You'll be glad to know this is a trivial one to change; simply turn it off in the plugin's configuration page - change "Require Transport Security" to false and you should be good to go. > > Regards, > Marc > > ----- Original Message ----- > From: "Christina Lau" > To: "Eric Wittmann" > Cc: apiman-user at lists.jboss.org > Sent: Thursday, 23 April, 2015 7:57:55 PM > Subject: Re: [Apiman-user] News: apiman 1.1.1.Final released! > > Thanks, I changed it to 1.1.1.Final and it works. But now I have a new problem. It seems the new policy requires SSL. I get this error: > >>> OAuth2 token was transmitted without required transport security (TLS, SSL). > > Is there a way to make this optional as we do not have this yet set up in our dev and pre-production env so cannot do testing? > > >> On Apr 23, 2015, at 1:51 PM, Eric Wittmann wrote: >> >> What version did you type into the UI? It should be: >> >> 1.1.1.Final >> >> If you try to use the -SNAPSHOT version it will likely not find it unless you compile and install it locally. >> >> -Eric >> >> On 4/23/2015 1:39 PM, Christina Lau wrote: >>> It didn?t seem to work, I got 404 not found error. I just entered the GAV info in the UI. >>> >>> {"type":"PluginNotFoundException","errorCode":12002,"message":"io.apiman.plugins:apiman-plugins-keycloak-oauth-policy >>> :1.1.1-SNAPSHOT:war","moreInfoUrl":null,"stacktrace":"io.apiman.manager.api.rest.contract.exceptions >>> .PluginNotFoundException: io.apiman.plugins:apiman-plugins-keycloak-oauth-policy:1.1.1-SNAPSHOT:war\n >>> \tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java:107)\n\tat io >>> .apiman.manager.api.rest.impl.PluginResourceImpl$Proxy$_$$_WeldClientProxy.create(Unknown Source)\n\tat >>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)\n\tat sun.reflect.NativeMethodAccessorImpl >>> .invoke(NativeMethodAccessorImpl.java:57)\n\tat sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl >>> .java:43)\n\tat java.lang.reflect.Method.invoke(Method.java:606)\n\tat org.jboss.resteasy.core.MethodInjectorImpl >>> .invoke(MethodInjectorImpl.java:137)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget >>> (ResourceMethodInvoker.java:296)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker >>> .java:250)\n\tat org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:237 >>> )\n\tat org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)\n\tat org >>> .jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)\n\tat org.jboss.resteasy >>> .plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)\n\tat >>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56 >>> )\n\tat org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher >>> .java:51)\n\tat javax.servlet.http.HttpServlet.service(HttpServlet.java:790)\n\tat io.undertow.servlet >>> .handlers.ServletHandler.handleRequest(ServletHandler.java:85)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl >>> .doFilter(FilterHandler.java:130)\n\tat io.apiman.manager.api.security.impl.DefaultSecurityContextFilter >>> .doFilter(DefaultSecurityContextFilter.java:56)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter >>> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler >>> .java:132)\n\tat io.apiman.common.servlet.DisableCachingFilter.doFilter(DisableCachingFilter.java:59 >>> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet >>> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.apiman.common.servlet >>> .ApimanCorsFilter.doFilter(ApimanCorsFilter.java:71)\n\tat io.undertow.servlet.core.ManagedFilter.doFilter >>> (ManagedFilter.java:60)\n\tat io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler >>> .java:132)\n\tat org.overlord.commons.i18n.server.filters.LocaleFilter.doFilter(LocaleFilter.java:61 >>> )\n\tat io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)\n\tat io.undertow.servlet >>> .handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)\n\tat io.undertow.servlet.handlers >>> .FilterHandler.handleRequest(FilterHandler.java:85)\n\tat io.undertow.servlet.handlers.security.ServletSecurityRoleHandler >>> .handleRequest(ServletSecurityRoleHandler.java:61)\n\tat io.undertow.servlet.handlers.ServletDispatchingHandler >>> .handleRequest(ServletDispatchingHandler.java:36)\n\tat org.wildfly.extension.undertow.security.SecurityContextAssociationHandler >>> .handleRequest(SecurityContextAssociationHandler.java:78)\n\tat io.undertow.server.handlers.PredicateHandler >>> .handleRequest(PredicateHandler.java:43)\n\tat org.keycloak.adapters.undertow.UndertowAuthenticatedActionsHandler >>> .handleRequest(UndertowAuthenticatedActionsHandler.java:66)\n\tat io.undertow.servlet.handlers.security >>> .SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)\n\tat io.undertow >>> .servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler >>> .java:56)\n\tat io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java >>> :33)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)\n\tat >>> io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler >>> .java:51)\n\tat io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler >>> .java:45)\n\tat io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest >>> (ServletConfidentialityConstraintHandler.java:63)\n\tat io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler >>> .handleRequest(ServletSecurityConstraintHandler.java:56)\n\tat io.undertow.security.handlers.AuthenticationMechanismsHandler >>> .handleRequest(AuthenticationMechanismsHandler.java:58)\n\tat io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler >>> .handleRequest(CachedAuthenticatedSessionHandler.java:70)\n\tat io.undertow.security.handlers.SecurityInitialHandler >>> .handleRequest(SecurityInitialHandler.java:76)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest >>> (PredicateHandler.java:43)\n\tat org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest >>> (JACCContextIdHandler.java:61)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler >>> .java:43)\n\tat org.keycloak.adapters.undertow.ServletPreAuthActionsHandler.handleRequest(ServletPreAuthActionsHandler >>> .java:69)\n\tat io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) >>> \n\tat io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java >>> :261)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler >>> .java:247)\n\tat io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler >>> .java:76)\n\tat io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler >>> .java:166)\n\tat io.undertow.server.Connectors.executeRootHandler(Connectors.java:197)\n\tat io.undertow >>> .server.HttpServerExchange$1.run(HttpServerExchange.java:759)\n\tat java.util.concurrent.ThreadPoolExecutor >>> .runWorker(ThreadPoolExecutor.java:1145)\n\tat java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor >>> .java:615)\n\tat java.lang.Thread.run(Thread.java:745)\nCaused by: io.apiman.manager.api.core.exceptions >>> .InvalidPluginException: Could not find plugin. (Not found locally and could not download from remote >>> maven repositories)\n\tat io.apiman.manager.api.core.plugin.AbstractPluginRegistry.loadPlugin(AbstractPluginRegistry >>> .java:85)\n\tat io.apiman.manager.api.war.wildfly8.Wildfly8PluginRegistry$Proxy$_$$_WeldClientProxy.loadPlugin >>> (Unknown Source)\n\tat io.apiman.manager.api.rest.impl.PluginResourceImpl.create(PluginResourceImpl.java >>> :103)\n\t... 60 more\n"} >>> >>>> On Apr 23, 2015, at 1:07 PM, Eric Wittmann wrote: >>>> >>>> All you need to do is add the plugin to apiman via the API Manager UI (as an admin). Assuming you are starting from a fresh apiman install. >>>> >>>> Once the plugin has been added (no need to download anything separately - apiman will do that for you) then the OAuth2 policy should be available when configuring app, service, and plan policies. >>>> >>>> -Eric >>>> >>>> PS: I know that typing in the GAV information for the plugins is a bit of a pain - it's on the roadmap to improve this, at least for the "official" plugins. >>>> >>>> On 4/23/2015 12:38 PM, Christina Lau wrote: >>>>> Eric, do we need to built the OAuth2 policy ourselves? I just downloaded it but did not see it included in the UI. Thanks? >>>>> >>>>> Christina >>>>> >>>>>> On Apr 22, 2015, at 1:32 PM, Eric Wittmann wrote: >>>>>> >>>>>> Hey everyone. We released apiman version 1.1.1.Final. There are a few >>>>>> news things in this release, but the big reason to do it now was to fix >>>>>> a CORS problem that was causing the UI to fail in certain browsers. >>>>>> Some users were seeing 403 errors when creating Organizations! Thanks >>>>>> to Marc for tracking that down - it was a tough one. >>>>>> >>>>>> Additionally we have a new policy plugin that turns any JSON REST >>>>>> endpoint into a JSONP endpoint: >>>>>> >>>>>> https://github.com/apiman/apiman-plugins/tree/master/jsonp-policy >>>>>> >>>>>> Thanks to Alexandre Kieling for contributing that to us. Much appreciated. >>>>>> >>>>>> And finally the Keycloak OAuth2 security policy now supports role based >>>>>> authorization. When configuring the policy you can now say what roles >>>>>> are required for a user to be able to access the service. Thanks to >>>>>> Marc for this one as well - good stuff! >>>>>> >>>>>> -Eric >>>>>> _______________________________________________ >>>>>> Apiman-user mailing list >>>>>> Apiman-user at lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/apiman-user >>>>> >>> > > > _______________________________________________ > Apiman-user mailing list > Apiman-user at lists.jboss.org > https://lists.jboss.org/mailman/listinfo/apiman-user From mail at dekies.de Mon Apr 27 09:11:53 2015 From: mail at dekies.de (Dennis Kieselhorst) Date: Mon, 27 Apr 2015 15:11:53 +0200 Subject: [Apiman-user] Getting Started (Docker): Invalid redirect_uri In-Reply-To: References: Message-ID: <553E3599.2090708@dekies.de> Hi Marc! > This has now been fixed, thanks for letting me know, Dennis. > > On 13/04/2015 11:18, Marc Savy wrote: >> With regards to your inability to find /apimanui/, it looks like a >> mistake has been made and the dockerhub image hasn't been uploaded for >> the latest release (i.e. it's still the 1.0.3 release, and hence the >> manager will be on the old address of /apiman-manager/). I'll do what I >> can to get this fixed ASAP; many thanks for letting us know! >> It's working now, thanks! Regards Dennis