I have a REST service I've set up using OSGI (running in Karaf).
<jaxrs:server address="http://localhost:9001/rest" id="myFileService" >
<jaxrs:serviceBeans>
<ref component-id="FileServicesImpl" />
</jaxrs:serviceBeans>
</jaxrs:server>
When I browse to http://localhost:8181/cxf, if lists my services, and I can successfully connect to my service at http://localhost:9001/rest . If I go to http://MyMachineName:8181/cxf, I get the service list, but if I go to http://MyMachineName:9001/rest the address is not found.
For what it's worth, when I browse to the /cxf link using MyMachineName, it still lists the endpoint as localhost.
Is there a way to configure the endpoint address in the blueprint config so that it responds the both localhost and the machine name? Or to just specific the port? Or do I have to hardcode the machine name or incorporate it into a config file and force it to the machine name?
You have two options here. The first is using http://0.0.0.0:9001/rest as url. This will tell cxf to bind to all ip adresses the server has.
The other option which I prefer is to just user /rest as url. In this case cxf will bind to the OSGi http service which is implemented by pax web in karaf. So you can setup the port and eventually https settings on the pax web level.
Related
I am using Spring, Spring Security, CAS login and Maven in my web application.
At the time of CAS (central authentication service) login I need service URL in config file.
Can I get server URL or base URL of my application in Spring Security XML config file without hard code on any other place?
If I understand the Spring Security Reference right, you have to write the URL into the configuration:
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service" value="https://localhost:8443/cas-sample/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/>
</bean>
If I understand ServiceProperties#getService right, it don't support relativ URLs.
Represents the service the user is authenticating to.
This service is the callback URL belonging to the local Spring Security System for Spring secured application. For example,
https://www.mycompany.com/application/login/cas
In general, you don't know the URL until you get a request, see ServletRequest#getLocalName:
Returns the host name of the Internet Protocol (IP) interface on which the request was received.
I have a .net 4.0 web app which needs to connect to a customer's web service, written in Java (it has cxf in the service endpoint)
Their service endpoint is https, and ultimately I will need to supply an x509 credential, but not yet.
They do not allow discovery, they dont expose a mex endpoint, they have supplied us with a wsdl and xsds, and I've managed to create a client proxy.
I'm struggling to set the right wcf client configuration. What I have so far is this: (names changed for obvious reasons).
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="CUSwsBinding" />
</basicHttpsBinding>
</bindings>
<client>
<endpoint address="https://customer.com/cxf/customerMaintenance/"
binding="basicHttpsBinding" bindingConfiguration="CUSwsBinding"
contract="CUSCustomer.Customerxxx" name="CUSCustomerWS" />
</client>
</system.serviceModel>
When I try and execute, it says the basicHttpBinding extension is not recognised. I see there are some bindings that only are supported in .net 4.5, however my manager has Fear, Uncertainty and Doubt, and our web app has to stay on 4.0
Not an expert in WCF, so any help welcome.
As someone suggested, one can create an instance of the proxy class:
var client = new proxy.ClientClass();
At this line it throws a Configuration binding extension 'system.serviceModel/bindings/basicHttpsBinding' could not be found.
The endpointaddress needs to be in config, as its currently pointing at a test environment, will be poiting at production
i have the following setup.
server1: i am using spring security v3.1.4 in one application. this application is running on its own server (e.g. tomcat at server1.mydomain.com).
server2: i have another 3rd party web application running on a different server (e.g. tomcat at server2.mydomain.com). this applicaton is pluggable in that it allows me to install jars to dynamically modify behavior at runtime. its purpose is to serve content.
users and resource access are managed on server1. content is delivered by server2. on server2, if a resource request comes in, i need to ask server1 if the user is logged in. is this possible to do with spring security? i imagine i would pass in the username with the resource request (e.g. http://server2.mydomain.com?getFileId=1&username=johndoe#gmail.com).
i read a little bit on the spring security website and SSO seems to be the way to go (e.g. using Central Authentication Service). but that seems like an overkill. our architecture already has several servers running.
integration (e.g. the webapp using spring security)
media (e.g. the 3rd party webapp)
elastic search (a cluster)
mysql (a cluster)
if possible we would like to have a minimalist system (but our system isn't small, given our investments and assumptions using rdbms/IR clusters).
any help is appreciated.
One possible way of achieving this - although it's not something I've tried myself - could be to expose Spring Security's SessionRegistry in server1 via a simple REST based controller. That would then allow server2 to remotely query authenticated users in server1 by making a simple HTTP GET request.
It's probably worth having a read of the Session Management section of the Spring Security docs to determine how to access the SessionRegistry. The basic setup I think is to specify a <session-management> tag inside the <http> section of your config on server1.
<security:session-management>
<security:concurrency-control session-registry-ref="sessionRegistry"/>
</security:session-management>
<bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
You would also need to add a listener to the web.xml of server1
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
The controller that you would need to create on server1 could then be autowired with the SessionRegistry
#Autowired
private SessionRegistry sessionRegistry
From there, you can use sessionRegistry.getAllSessions() to determine whether a username (principal) passed in a request to the controller is logged in on server1.
More of an idea than a concrete answer - but may give you an avenue to explore.
I managed to create simple Websocket application with Spring 4 and Stomp. See my last question here
Then I tried to use remote message broker(ActiveMQ). I just started the broker and changed
registry.enableSimpleBroker("/topic");
to
registry.enableStompBrokerRelay("/topic");
and it worked.
The question is how the broker is configured? I understand that in this case the application automagicaly finds the broker on localhost:defaultport, bu what if I need to point the app to some other broker on other machine?
The enableStompBrokerRelay method returns a convenient Registration instance that exposes a fluent API.
You can use this fluent API to configure your Broker relay:
registry.enableStompBrokerRelay("/topic").setRelayHost("host").setRelayPort("1234");
You can also configure various properties, like login/pass credentials for your broker, etc.
Same with XML Configuration:
<websocket:message-broker>
<websocket:stomp-endpoint path="/foo">
<websocket:handshake-handler ref="myHandler"/>
<websocket:sockjs/>
</websocket:stomp-endpoint>
<websocket:stomp-broker-relay prefix="/topic,/queue"
relay-host="relayhost" relay-port="1234"
client-login="clientlogin" client-passcode="clientpass"
system-login="syslogin" system-passcode="syspass"
heartbeat-send-interval="5000" heartbeat-receive-interval="5000"
virtual-host="example.org"/>
</websocket:message-broker>
See the StompBrokerRelayRegistration javadoc for more details on properties and default values.
I have a question about Spring Security HTTPS redirect strategy.
First of all, the configuration:
Spring 3 Java Web App
tomcat after apache connected with jk
Spring Security 3
Using a configuration where the client connects directly to tomcat (i.e. no jk), I see that the https is managed using secure port redirect by configuring the security.xml file as follows:
<http>
<intercept-url pattern="/secure/**" access="ROLE_USER" requires-channel="https"/>
...
</http>
now, here's the question: using tomcat after apache (with jk) the secured section is on a different host so that I have the following
http (not secured host): www.myhost.com
https (secured host): ssl.myhost.com
I'd like to know if is it possible to configure spring security to redirect to the secured host in case of https is required.
I see that there's a port-mapping configuration availbale, but I don't see something similar for the host.
<http>
...
<port-mappings>
<port-mapping http="9080" https="9443"/>
</port-mappings>
</http>
Thanks in advance.
PS. the twofold hosts configuration is imposed by the hosting service.
The implementation of the default behavior is a simple redirection to the same URI with https prefix, which is done in RetryWithHttpsEntryPoint invoked by the SecureChannelProcessor. You could easily implement the desired behavior by writing your custom AbstractRetryEntryPoint that not only changes the protocol, but also the host name.
Once you've implemented that class, configure the ChannelProcessingFilter with it, based on the sample given in its javadoc: http://static.springsource.org/spring-security/site/docs/3.1.3/apidocs/org/springframework/security/web/access/channel/ChannelProcessingFilter.html