I'm following the basic steps to add security to my app with a keycloak jetty adapter (9.3 and 9.4 tested) but I'm getting an error. The issue is the keycloak adapter because my jetty server starts with no problem from another jetty_base (One without the keycloak adapter)
Tomas#DESIGN MINGW64 ${JETTY_HOME}/jetty_base java -jar ../start.jar --create-startd --add-to-start=keycloak
INFO: server initialised (transitively) in {jetty.base}\start.ini
INFO: keycloak initialised in ${jetty.base}\start.ini
INFO: Base directory was modified
Tomas#DESIGN MINGW64 ${JETTY_HOME}/jetty_base
$ java -jar …/start.jar
java.nio.file.InvalidPathException: Illegal char <:> at index 6: ~ http:\www.apache.org\licenses
at sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182)
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153)
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77)
at sun.nio.fs.WindowsPath.parse(WindowsPath.java:94)
at sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:255)
at java.io.File.toPath(File.java:2234)
at org.eclipse.jetty.start.PathMatchers.asPath(PathMatchers.java:73)
at org.eclipse.jetty.start.PathMatchers.getSearchRoot(PathMatchers.java:191)
at org.eclipse.jetty.start.PathMatchers.isAbsolute(PathMatchers.java:221)
at org.eclipse.jetty.start.BaseHome.getPaths(BaseHome.java:356)
at org.eclipse.jetty.start.StartArgs.expandModules(StartArgs.java:485)
at org.eclipse.jetty.start.Main.processCommandLine(Main.java:333)
at org.eclipse.jetty.start.Main.main(Main.java:75)
Usage: java -jar start.jar [options] [properties] [configs]
java -jar start.jar --help # for more information
The keycloak.mod you have has typos and/or bad syntax.
It appears to be searching for a file called http:\www.apache.org\licenses, which obviously wouldn't be valid on Windows FileSystem.
This is the keycloak.mod that comes with the Jetty adapter in the keycloak website. Look at the comments using # and the ones using XML comment notation <!--
I just removed the Xml comment section and Jetty comes up with no issues. Thank you #Joakim Erdfelt
#
# Keycloak Jetty Adapter
#
[depend]
server
security
[lib]
<!--
~ Copyright 2016 Red Hat, Inc. and/or its affiliates
~ and other contributors as indicated by the #author tags.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
lib/keycloak/*.jar
Related
I am trying to install minishift on my Windows 10 Enterprise laptop.
The commands I execute in powershell are:
minishfit config set vm-driver hyperv
minishift start
The trace is:
-- Starting profile 'minishift'
-- Check if deprecated options are used ... OK
-- Checking if https://github.com is reachable ... OK
-- Checking if requested OpenShift version 'v3.11.0' is valid ... OK
-- Checking if requested OpenShift version 'v3.11.0' is supported ... OK
-- Checking if requested hypervisor 'virtualbox' is supported on this platform ... OK
-- Checking if VirtualBox is installed ... OK
-- Checking the ISO URL ... OK
-- Checking if provided oc flags are supported ... OK
-- Starting the OpenShift cluster using 'virtualbox' hypervisor ...
-- Starting Minishift VM ............................ FAIL E0130 16:57:39.360592 1632 start.go:494] Error starting the VM: Error configuring authorization on host: Could not find matching IP for MAC address XXXXXXX. Retrying.
Error starting the VM: Error configuring authorization on host: Could not find matching IP for MAC address XXXXXXX
Can anyone please help resolve this issue. Thanks.
So you first set "hyperv" as vm-driver for Minishift, but then when the machine starts the Minishift reports to use "virtualbox"? This seems suspicious and could be the reason for problems.
If your plan is to use virtualbox, then set it as vm-driver in Minishift and make sure that Hyper-V functionality is disabled on the machine (needs restart to disable).
If your plan is to start Minishift with Hyper-V (and you have also VB installed on the machine), then run "minishift config view" to see whether hyperv was really set up as vm-driver - strangely the Minishift start reports as if hyperv was not set. Make sure Hyper-V is enabled (needs restart to enable). Start minishift and check that it reports hyperv to be used:
-- Starting the OpenShift cluster using 'hyperv' hypervisor ...
I'm trying to generate a certificate in my local (MacBook) environment which I can package in my Docker image and deploy into my AWS environment via Kubernetes.
I've scoured sources online for a solution to this but I'm unable to find the details I need.
From my macbook:
sudo certbot certonly -a standalone -d my.domain
Gives me this error:
Failed authorization procedure. my.domain (http-01): urn:acme:error:unauthorized ::
The client lacks sufficient authorization :: Invalid response from
http://my.domain/.well-known/acme-challenge/T8jtGQswRuMgHKIhGvb-
QD73kytTZnHfH5mK5lEZUJc: "{"timestamp":"2018-04-22T22:33:40.845+0000","status":404,
"error":"Not Found","message":"No message available","path":"/.well-kno"
Clearly, I need a way to prove that I own my own domain. How can I do this locally?
In order to verify ownership of the domain from your macbook you have these two options as stated in the certbot docs:
Use a DNS plugin - https://certbot.eff.org/docs/using.html#dns-plugins
Use the manual method - https://certbot.eff.org/docs/using.html#manual
While the standalone option does not require web server software it does require that it is run on the target web server - it is therefore not what you need to do and will result in the failure reported in your question.
So, I have an ubuntu ec2 instance running, and wanted to establish an ssh(I am an Ubuntu 16.04 user). However, I do not think that I get the right response when I try to:
huzeyfekiran#huzeyfekiran-ThinkPad-L450:~/Downloads$ chmod 400 mykeypair.pem
huzeyfekiran#huzeyfekiran-ThinkPad-L450:~/Downloads$ ssh -i mykeypair.pem ubuntu#ec2-18-219-42-124.us-east-2.compute.amazonaws.com
The authenticity of host 'ec2-18-219-42-124.us-east-2.compute.amazonaws.com (18.219.42.124)' can't be established.
ECDSA key fingerprint is SHA256:T9J5/BH9RmALnv/6n4rUu0tw8nIFHn8zYvM9BwwP3fA.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ec2-18-219-42-124.us-east-2.compute.amazonaws.com,18.219.42.124' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-1047-aws x86_64)
* Documentation:
* Management:
* Support:
Get cloud support with Ubuntu Advantage Cloud Guest:
0 packages can be updated.
0 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
I think that I do not get the right respond because when I try to connect to ec2 instance via jupyter notebook, the browser cant establish a connection and I am sure that I have firewall turned off. So, is there a problem with the SSH?
I have been getting server access denied error.Unable to find the fix.Investigated through web.But none of them worked well.I am using windows7.
C:\Users\thathine>sbt
Java HotSpot(TM) 64-Bit Server VM warning: ignoring option MaxPermSize=256m; sup
port was removed in 8.0
[info] Loading project definition from C:\Users\thathine\project
[info] Updating {file:/C:/Users/thathine/project/}thathine-build...
[info] Resolving org.scala-lang#scala-library;2.11.8 ...
[error] Server access Error: Received fatal alert: access_denied url=https://rep
o.typesafe.com/typesafe/ivy-releases/org.scala-lang/scala-library/2.11.8/ivys/iv
y.xml
[error] Server access Error: Received fatal alert: access_denied url=https://rep
o.scala-sbt.org/scalasbt/sbt-plugin-releases/org.scala-lang/scala-library/2.11.8
/ivys/ivy.xml
my buld.sbtis as follows:
name := "spark_codebase"
version := "1.0"
scalaVersion := "2.11.8"
I am in need to fix this as soon as possible. Please suggest any solution.Thanks in advance.
Please find the versions of scala, java, sbt:
C:\Users\thathine>javac -version
javac 1.8.0_131
C:\Users\thathine>scala -version
Scala code runner version 2.11.8 -- Copyright 2002-2016, LAMP/EPFL
and sbt version is sbt-0.13.15.
After some struggle, found that this issue is because of our company network used some proxy to give restricted access to employees like a firewall. As i was behind a proxy, Maven would fail to download any dependencies.
I got the proxy setings from my companie's IT helpdesk. After using them, It worked finally.I am using windows 7.use the following command line options before using sbt for that session,by replacing [your-ProxyServer] and <port-number> with your actual proxy server and port details.
set JAVA_OPTS=-Dhttp.proxySet=true -Dhttp.proxyHost=[your-ProxyServer] -Dhttp.proxyPort=<port-number> -Dhttps.proxyHost=[your-ProxyServer] -Dhttps.proxyPort=<port-number> -Dftp.proxyHost=[your-ProxyServer] -Dftp.proxyPort=<port-number>
If you are using IDE like IntelliJ or Eclipse:
use the same options under -VM parameters while creating/importing the project.
Update:
I've noticed that if I'don't deploy the WAR file i can do it as Joakim Erdfelt says, i'll investigate what changes I've done to the war that causes the failure at root context.
I know how to deploy static content to any context :
sudo java -cp jetty-runner-9.2.13.v20150730.jar org.eclipse.jetty.runner.Runner --port 80 MYAPP.war --path /context1 site/MyStaticWebSite
//will deploy mysite in
//127.0.0.1/context1/index.html
but I want to deploy it in the root
127.0.0.1/index.html
And there's no reference in the docs nor in google.
https://webtide.com/downloads/
If I do :
sudo java -cp jetty-runner-9.2.13.v20150730.jar org.eclipse.jetty.runner.Runner --port 80 MYAPP.war --path / site/MyStaticWebSite
I get :
2015-11-11 21:05:27.498:INFO::main: Logging initialized #121ms
2015-11-11 21:05:27.513:INFO:oejr.Runner:main: Runner
2015-11-11 21:05:27.618:INFO:oejs.Server:main: jetty-9.2.13.v20150730
Nov 11, 2015 9:05:34 PM org.glassfish.jersey.server.ApplicationHandler initialize
INFO: Initiating Jersey application, version Jersey: 2.6 2014-02-18 21:52:53...
2015-11-11 21:05:35.323:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext#33833882{/,file:/tmp/jetty-0.0.0.0-80-MYAPP.war-_-any-4618238315169821839.dir/webapp/,AVAILABLE}{file:/home/ubuntu/MYAPP.war}
2015-11-11 21:05:35.744:WARN:oeja.AnnotationConfiguration:main: ServletContainerInitializers: detected. Class hierarchy: empty
2015-11-11 21:05:35.871:INFO:oejsh.ContextHandler:main: Started o.e.j.w.WebAppContext#200a570f{/,file:site/MyStaticWebSite/,AVAILABLE}{/root/MyStaticWebSite/}
2015-11-11 21:05:35.872:WARN:oejsh.RequestLogHandler:main: !RequestLog
2015-11-11 21:05:35.890:INFO:oejs.ServerConnector:main: Started ServerConnector#2504eefd{HTTP/1.1}{0.0.0.0:80}
2015-11-11 21:05:35.891:INFO:oejs.Server:main: Started #8517ms
And root webpage shows the following:
First, upgrade!
9.1.0.M0 is an unstable/beta milestone build.
Use something a bit more recent and stable (how about 9.2.13.v20150730 of jetty-runner?)
If you want it deployed on the root context, use --path / (not --path /context1)
Update:
Ah, you have 2 webapps, and Jersey in the mix, didn't realize.
WebApp 1: context:/ path:MYAPP.war
WebApp 2: context:/ path:site/MyStaticWebSite
No you can't have both on the same context path, that's not supported by the servlet spec.
This is because every webapp MUST terminate once it is entered.
Scenario:
So since the context path is /, both webapps will match
First one entered will service the request
If a servlet has a matching url-pattern, that servlet is called
If no servlet matches, then the DefaultServlet is used.
DefaultServlet will look for a static resource matching the url-pattern/pathInfo
If no static resource matches, then DefaultServlet produces an error.
That webapp must produce a response. There is no opportunity to skip the webapp and move into the next one.
However, this behavior is further complicated by Jersey, its default configuration takes over all static resource serving itself, never allowing Jetty to even have the opportunity to serve those static resources.
What you'll need to do.
your MYAPP.war must have the static resources.
if you have "external" static resources, those must be served by something in MYAPP.war - either a formal servlet that does it, or something in Jersey. Suggestion is to set that external behavior up at a different url-pattern like /external/* or /static/*, not /*.
I've finally found how I could do it,
Instead of:
sudo java -cp jetty-runner-9.2.13.v20150730.jar org.eclipse.jetty.runner.Runner --port 80 MYAPP.war --path / site/MyStaticWebSite
Do:
sudo java -cp jetty-runner-9.2.13.v20150730.jar org.eclipse.jetty.runner.Runner --port 80 --path /MYAPP MYAPP.war --path / site/MyStaticWebSite
MYAPP was deploying itself to /MYAPP context as specified in web.xml but didn't allow to deploy any content in the root context, by spec.
Then the problem was that /MYAPP couldn't be reached, but /MYAPP/MYAPP could, that was because the web.xml was saying to deploy the service into /MYAPP so I had to change it
from:
<servlet-mapping>
<servlet-name>MY_SERVLET_NAME</servlet-name>
<url-pattern>/MYAPP/*</url-pattern>
</servlet-mapping>
to:
<servlet-mapping>
<servlet-name>MY_SERVLET_NAME</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
Now it works.