I'm embedding Jetty 9.1 from within a Java application. I'm configuring everything programmatically; I am not using web.xml or Spring or anything else. I have Wicket mapped to /* and a RestEASY JAX-RS API mapped to /rest/*. That's all working fine.
I wanted to add HTTP authentication, so I added the following (based upon as much Jetty documentation as I find):
HashLoginService loginService = new HashLoginService();
loginService.setName("My Realm");
loginService.setConfig("src/main/resources/realm.properties");
server.addBean(loginService);
I added a user with a role of admin to realm.properties. Then I tried to configure my REST service, putting the following annotation on my main JAX-RS resource:
#RolesAllowed({ "admin" })
Then I added the following annotation to my main Wicket page:
#AuthorizeInstantiation("admin")
None of these changes made any difference; I can still use my browser to navigate to my REST API and Wicket pages.
I'm guessing I need to turn on DIGEST authentication in Jetty. But how do I do that programmatically, without a web.xml file? What else do I need to do?
Another answer to a similar question, providing a link to a sample webapp, helped me immensely and got me up and running.
In Jetty v7, you chain the handlers together:
server.setHandler(securityHandler);
securityHandler.setHandler(resourceHandler);
Works on my machine! (tm)
Related
We have deployed our webservice in liberty server.Earlier it was on IBM WAS. After deploying in liberty, we came to know that Webservices is running on CXF webservice framework. In WAS, it was Axis framework.
Another difference is that , changes happened in wsdl url & content. The old wsdl url is http://localhost:8080/Hello/HelloServices/Helloservices.wsdl and it contains xsd schema definition.
In the liberty server above wsdl url is not working and throwing file not found. But if we try to invoke http://localhost:8080/Hello/HelloServices?wsdl it's working.
Could anyone tell why old url is not working in New server. Is it due to server or inbuilt cxf framework in server.
Another team is using wsdl url to consume this webservice, with this new url they are not able to achieve it.
Any thoughts or suggestions are appreciated..
Thanks in Advance
The main reason for this is the change in the JAX-WS implementations used by the different WebSphere profiles. CXF, unfortunately, hard codes the WSDL url to append ?wsdl in several locations and so this is something that is not possible to change in configuration. The easiest solution would to add a ServletFilter to check the incoming request url for http://localhost:8080/Hello/HelloServices/Helloservices.wsdl and then redirect the request to http://localhost:8080/Hello/HelloServices/Helloservices?wsdl.
There's a good SO post that shows how to write a ServletFilter to redirect here:
How to use a servlet filter in Java to change an incoming servlet request url?
The other option would be to have the client side update either their code or configuration to account for the change to the WSDL URL.
I am new in the area of SOAP Based web services. I am using TomEE server. The server is a bit customized according to my organization's need.
Few days back, when I was trying to run the web services example from TomEE website, I was able to generate the wsdl and calling the web service by a client.
Now, when I need to use the customized version of TomEE plus (by the organization), I can see that the request does reach to the server and hence there is a log entry also but my #WebMethod is not getting executed.
Does any one has any idea about any configuration which can prevent the request from reaching to the webservice method? Is there any pointer around how can I debug further to reach out to the root cause of this issue?
Without further information about what is customized it's like fishing in the dark.
I would guess that perhaps the global web.xml or the server.xml of tomee server is changed so that some URI context mappings are not forwarded or ignored. But it's only a lucky tip.
I am not a PEGA developer. But this question is for any PEGA developer/admin. This is about an issue which I noticed recently while trying to integrate my application (using REST service) with PEGA 7.
I created a REST service from my application and hosted it with OAuth 2.0 authentication. PEGA application has to consume my service.
To test the connectivity from PEGA to my application, I'd created an OAuth token myself and shared the same with PEGA developers asking them to call my service directly by skipping the authorization calls.
Using any REST testing tool such as Chrome's REST console, APIgee, etc., I was able to test my REST service by just passing the http-header param as [param name: Authorization & param value: OAuth ].
But PEGA had an issue in directly supplying the http-header parameter to test my service from PEGA PRPC application.
My Questions for PEGA developers/Admins are,
is it difficult from PEGA to add a header param in http calls
On request, PEGA screen was shared with me while a developer attempted to test my service from PEGA. During which I noticed that PEGA did not have any trace logs to
capture the exact http request that was generated. Is it true that we could not see the http request (header/body) that was generated from the REST connector tool?
Adding a header parameter is relatively simple. To get information from a REST API in PEGA you define a Connect-REST rule. Sadly, I don't have enough reputation to post images in my answer but I uploaded a shot of the headers area to imgur which you can see here http://imgur.com/vWBm6dD. Make sure you tell your PEGA developers choose "Constant" as Map From and put the token in quotes in the "Map From Key" field like I did in the image.
Unfortunately, it is not possible to log the complete outgoing packet. If you set the logging level to DEBUG for the activity Rule-Connect-REST.pyInvokeRESTConnector it log a lot more information during the connection process, including the complete outgoing URL, but not the headers. For your PEGA developers, to change the logging level of this activity go to the Main Menu (click on DesignerStudio) -> System -> Tools -> Logs -> Logging Level Settings. There set the logger name to "Rule_Obj_Activity.pyInvokeRESTConnector.Rule_Connect_REST.Action" and the level to DEBUG.
If that's not enough to solve the problem your PEGA developers do have the option of adding in their own logging. Connector rules in PEGA are invoked rather than assembled, the code that creates the packet and makes the call to the remote service is in step 5 of that activity, pyInvokeRESTConnector. That activity can be private checked-out like any other so you could add in your own custom logging to make sure everything is being set up correctly there. However I would strongly advise them against overriding that activity in an application ruleset. Private checkouts are temporary so they are fine but an override is permanent and will also override all future updates if they decide to upgrade to another version of PRPC.
You could use the Tool Fiddler to see what exactly goes out of Pega to invoke your service.
For OAuth Authentication , make sure the Pega Authentication Profile is set to OAuth and the token is extracted properly.
Fiddler will help you see whats going on.
I'm refering to the following article
http://wso2.com/library/articles/2010/10/using-xacml-fine-grained-authorization-wso2-platform/
I would like to use the sample echoService from the WSO2 AS over a secured proxy in WSO2 ESB in combination with the Identity Server for fine-grained authorization. All the settings mentioned on this page seem to work, however I am stuck concerning the client part. I use NetBeans and the given client code, but the .jars in the classpath there have older versions then the ones in the current version of WSO2 IS, so I started to exchange them manually. Now I get some exceptions like
Exception in thread "main" java.lang.NoSuchMethodError: org.apache.xml.security.transforms.Transform.init()V
and I am stuck again. I just want to test the echoService in this constellation and send some string over the ESB via IS and receive the response(if I have the appropriate role) from the AS, is there not another client or how could I test it else?
Thank you!
I can suggest you 3 options:
Use SoapUI to test the service which is the easiest way to test a web service.
Generate the stub for the service and have stub as the dependency in your client. You can use the WSDL2Java tool that ship with AS. Loging to AS --> Tools in left pane --> WSDL2Java --> Provide the wsdl URL and generate the stub jar.
Generate correct dependency libs. Go to [IS-Home]/bin folder, and issue that command "ant" to run the build.xml, this will copy all required libs to [IS-HOME]/repository/lib/ folder. Have them in your class path.
I'm using jetty as an osgi bundle with paxweb.
I would like to be sure that all the servlets and resources registered thanks to the OSGI HttpService are secured by one common SecurityHandler (moreover I would like to use the JAASLoginService).
I also want to redirect all unauthenticated requests to a single login page.
Is it possible to configure this scenario?
If all Servlets use the same HttpContext it's possible.
As a runtime-container with a working Jaas I suggest using Apache Karaf.
It provides all that is needed, including Pax Web as HTTPService including the HttpWhiteboard Extender.
Look at Apache Felix whiteboard HTTP support. You can just register filters in the registry and they are used by the underlying Jetty: http://felix.apache.org/site/apache-felix-http-service.html
Filter service properties that are supported for filters:
pattern - Regular expression pattern to register filter with.
contextId - Id of context to register with.
service.ranking - Where in the chain this filter should be placed.
init.* - Filter initialization values.
I have not tried this myself yet but will soon ...