You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@isis.apache.org by Pedro Alba <pe...@ticxar.com> on 2016/06/27 14:18:36 UTC
Question rest services apache isis
Hello Dan.
Dan, I have a question, I require implement OAuth authentication services
to the rest exposing apache isis; how I can configure apache isis
authentication OAUTH?
Thanks.
[image: Logo]
*Pedro Antonio Alba *
*Senior Development Analyst*
Tel: (57) 1 703 17 77
Cel: (57) 301 3379810
E-mail: pedro.alba@ticxar.com
Calle 93 # 19b - 66 Ofc 202
Bogotá D.C., Colombia
www.ticxar.com
[image: facebook]
<http://www.facebook.com/pages/Ticxar/446503822192581> [image:
twitter] <http://twitter.com/ticxar> [image: linkedIn]
<http://www.linkedin.com/company/ticxar>
AW: LinkageError
Posted by "Rade, Joerg / Kuehne + Nagel / Ham GI-DP" <Jo...@Kuehne-Nagel.com>.
Hi Dan,
it appears as if switching to the latest DCEVM (Java 8 update 92, build 1) [1] solved the issue.
-j
[1] https://dcevm.github.io/
[2] https://github.com/dcevm/dcevm/issues/94
-----Ursprüngliche Nachricht-----
Von: Dan Haywood [mailto:dan@haywood-associates.co.uk]
Gesendet: Dienstag, 19. Juli 2016 16:45
An: users
Betreff: Re: LinkageError
Um, I think it's in your code somehow.
It looks like ife.cfg.ConfigEntry is one of your entities (I see it's using ObjectContracts#compare), and that includes invoking ConfigEntry#getParameter(), of type ife.cfg.Parameter. It looks to me that you have two different copies of that class on your classpath, presumably in different JARs.
Not sure how to help further, other than using mvn dependency:tree and also use the mvn enforcer plugin to look these multiple versions.
-- Dan
java.lang.LinkageError
loader constraint violation: when resolving method "ife.cfg.ConfigEntry.
getParameter()Life/cfg/Parameter;" the class loader (instance of
sun/reflect/DelegatingClassLoader) of the current class, sun/reflect/GeneratedMethodAccessor164,
and the class loader (instance of org/eclipse/jetty/webapp/WebAppClassLoader)
for the method's defining class, ife/cfg/ConfigEntry, have different Class objects for the type ife/cfg/Parameter used in the signature
sun.reflect.GeneratedMethodAccessor164#invoke(null:-1)
sun.reflect.DelegatingMethodAccessorImpl#invoke(
DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method#invoke(Method.java:497)
org.apache.isis.applib.util.Clause#getValueOf(ObjectContracts.java:365)
org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:70)
org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:51)
ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:55)
On 19 July 2016 at 15:36, Rade, Joerg / Kuehne + Nagel / Ham GI-DP < Joerg.Rade@kuehne-nagel.com> wrote:
> Hi,
>
> I just finished migrating my SOA management tool to 1.13.0 and when
> invoking one of the (rarely used) functions I ran into
> java.lang.LinkageError (see stacktrace below). The usual explanation
> 'same jar loaded twice' doesn't ring a bell in my head.
>
> Looking at the output of 'mvn dependency:tree' didn't show anything
> suspicious either.
>
> Any ideas?
>
> Thanks in advance
> Jörg
> ---- 8<---- stacktrace ---- >-8 ---
> java.lang.LinkageError
> loader constraint violation: when resolving method
> "ife.cfg.ConfigEntry.getParameter()Life/cfg/Parameter;" the class
> loader (instance of sun/reflect/DelegatingClassLoader) of the current
> class, sun/reflect/GeneratedMethodAccessor164, and the class loader
> (instance of
> org/eclipse/jetty/webapp/WebAppClassLoader) for the method's defining
> class, ife/cfg/ConfigEntry, have different Class objects for the type
> ife/cfg/Parameter used in the signature
> sun.reflect.GeneratedMethodAccessor164#invoke(null:-1)
>
> sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccess
> orImpl.java:43)
> java.lang.reflect.Method#invoke(Method.java:497)
> org.apache.isis.applib.util.Clause#getValueOf(ObjectContracts.java:365
> )
>
> org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.ja
> va:70)
>
> org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.ja
> va:51)
> ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:55)
> ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:26)
> java.util.TreeMap#compare(TreeMap.java:1290)
> java.util.TreeMap#put(TreeMap.java:538)
> java.util.TreeSet#add(TreeSet.java:255)
>
> org.datanucleus.store.types.wrappers.backed.SortedSet#loadFromStore(So
> rtedSet.java:283)
>
> org.datanucleus.store.types.wrappers.backed.SortedSet#iterator(SortedS
> et.java:477)
> ife.cfg.Endpoints#listByRelease(Endpoints.java:151)
> ife.env.ProvidedEndpoints#referencedEndpoints(ProvidedEndpoints.java:1
> 91)
>
> ife.env.ProvidedEndpoints#checkReferencedEndpoins(ProvidedEndpoints.ja
> va:206)
>
> ife.env.ProvidedEndpoints#checkReleaseAndSendByMail(ProvidedEndpoints.
> java:220)
>
> sun.reflect.NativeMethodAccessorImpl#invoke0(NativeMethodAccessorImpl.
> java:-2)
>
> sun.reflect.NativeMethodAccessorImpl#invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccess
> orImpl.java:43)
> java.lang.reflect.Method#invoke(Method.java:497)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.Action
> InvocationFacetForDomainEventAbstract#invokeMethodElseFromCache(Action
> InvocationFacetForDomainEventAbstract.java:408)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.Action
> InvocationFacetForDomainEventAbstract$2#execute(ActionInvocationFacetF
> orDomainEventAbstract.java:262)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.Action
> InvocationFacetForDomainEventAbstract$2#execute(ActionInvocationFacetF
> orDomainEventAbstract.java:223)
>
> org.apache.isis.applib.services.iactn.Interaction#executeInternal(Inte
> raction.java:173)
>
> org.apache.isis.applib.services.iactn.Interaction#execute(Interaction.
> java:143)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.Action
> InvocationFacetForDomainEventAbstract#doInvoke(ActionInvocationFacetFo
> rDomainEventAbstract.java:311)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.Action
> InvocationFacetForDomainEventAbstract$1#execute(ActionInvocationFacetF
> orDomainEventAbstract.java:165)
>
> org.apache.isis.core.runtime.system.transaction.IsisTransactionManager
> #executeWithinTransaction(IsisTransactionManager.java:143)
>
> org.apache.isis.core.runtime.system.transaction.IsisTransactionManager
> #executeWithinTransaction(IsisTransactionManager.java:133)
>
> org.apache.isis.core.runtime.services.persistsession.PersistenceSessio
> nServiceInternalDefault#executeWithinTransaction(PersistenceSessionSer
> viceInternalDefault.java:179)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.Action
> InvocationFacetForDomainEventAbstract#invoke(ActionInvocationFacetForD
> omainEventAbstract.java:161)
>
> org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault
> #executeInternal(ObjectActionDefault.java:398)
>
> org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault
> #execute(ObjectActionDefault.java:387)
>
> org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault
> #executeWithRuleChecking(ObjectActionDefault.java:368)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#executeAction(A
> ctionModel.java:483)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#load(ActionMode
> l.java:462)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#load(ActionMode
> l.java:80)
>
> org.apache.wicket.model.LoadableDetachableModel#getObject(LoadableDeta
> chableModel.java:124)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#executeHandling
> ApplicationExceptions(ActionModel.java:568)
>
> org.apache.isis.viewer.wicket.ui.components.actions.ActionPanel#execut
> eActionOnTargetAndProcessResults(ActionPanel.java:255)
>
> org.apache.isis.viewer.wicket.ui.components.actions.ActionPanel#execut
> eAndProcessResults(ActionPanel.java:204)
>
> org.apache.isis.viewer.wicket.ui.components.actions.ActionParametersFo
> rmPanel$ActionParameterForm$1#onSubmit(ActionParametersFormPanel.java:
> 148)
>
> org.apache.wicket.ajax.markup.html.form.AjaxButton$1#onSubmit(AjaxButt
> on.java:108)
>
> org.apache.wicket.ajax.form.AjaxFormSubmitBehavior$AjaxFormSubmitter#o
> nSubmit(AjaxFormSubmitBehavior.java:215)
> org.apache.wicket.markup.html.form.Form#delegateSubmit(Form.java:1305)
> org.apache.wicket.markup.html.form.Form#process(Form.java:966)
> org.apache.wicket.markup.html.form.Form#onFormSubmitted(Form.java:788)
>
> org.apache.wicket.ajax.form.AjaxFormSubmitBehavior#onEvent(AjaxFormSub
> mitBehavior.java:171)
>
> org.apache.wicket.ajax.AjaxEventBehavior#respond(AjaxEventBehavior.jav
> a:146)
>
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior#onRequest(AbstractD
> efaultAjaxBehavior.java:641)
>
> sun.reflect.NativeMethodAccessorImpl#invoke0(NativeMethodAccessorImpl.
> java:-2)
>
> sun.reflect.NativeMethodAccessorImpl#invoke(NativeMethodAccessorImpl.j
> ava:62)
>
> sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccess
> orImpl.java:43)
> java.lang.reflect.Method#invoke(Method.java:497)
>
> org.apache.wicket.RequestListenerInterface#internalInvoke(RequestListe
> nerInterface.java:258)
>
> org.apache.wicket.RequestListenerInterface#invoke(RequestListenerInter
> face.java:241)
>
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler
> #invokeListener(ListenerInterfaceRequestHandler.java:250)
>
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler
> #respond(ListenerInterfaceRequestHandler.java:236)
>
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor#respond(R
> equestCycle.java:890)
>
> org.apache.wicket.request.RequestHandlerStack#execute(RequestHandlerSt
> ack.java:64)
> org.apache.wicket.request.cycle.RequestCycle#execute(RequestCycle.java
> :261)
>
> org.apache.wicket.request.cycle.RequestCycle#processRequest(RequestCyc
> le.java:218)
>
> org.apache.wicket.request.cycle.RequestCycle#processRequestAndDetach(R
> equestCycle.java:289)
>
> org.apache.wicket.protocol.http.WicketFilter#processRequestCycle(Wicke
> tFilter.java:259)
>
> org.apache.wicket.protocol.http.WicketFilter#processRequest(WicketFilt
> er.java:201)
>
> org.apache.wicket.protocol.http.WicketFilter#doFilter(WicketFilter.jav
> a:282)
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletH
> andler.java:1668)
>
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter#doFil
> ter(IsisLogOnExceptionFilter.java:52)
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletH
> andler.java:1668)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter#executeChain(Abstract
> ShiroFilter.java:449)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter$1#call(AbstractShiroF
> ilter.java:365)
>
> org.apache.shiro.subject.support.SubjectCallable#doCall(SubjectCallabl
> e.java:90)
>
> org.apache.shiro.subject.support.SubjectCallable#call(SubjectCallable.
> java:83)
>
> org.apache.shiro.subject.support.DelegatingSubject#execute(DelegatingS
> ubject.java:383)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter#doFilterInternal(Abst
> ractShiroFilter.java:362)
>
> org.apache.shiro.web.servlet.OncePerRequestFilter#doFilter(OncePerRequ
> estFilter.java:125)
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletH
> andler.java:1668)
> org.eclipse.jetty.servlet.ServletHandler#doHandle(ServletHandler.java:
> 581)
>
> org.eclipse.jetty.server.handler.ScopedHandler#handle(ScopedHandler.ja
> va:143)
> org.eclipse.jetty.security.SecurityHandler#handle(SecurityHandler.java
> :548)
>
> org.eclipse.jetty.server.session.SessionHandler#doHandle(SessionHandle
> r.java:226)
>
> org.eclipse.jetty.server.handler.ContextHandler#doHandle(ContextHandle
> r.java:1158)
> org.eclipse.jetty.servlet.ServletHandler#doScope(ServletHandler.java:5
> 11)
>
> org.eclipse.jetty.server.session.SessionHandler#doScope(SessionHandler
> .java:185)
>
> org.eclipse.jetty.server.handler.ContextHandler#doScope(ContextHandler
> .java:1090)
>
> org.eclipse.jetty.server.handler.ScopedHandler#handle(ScopedHandler.ja
> va:141)
>
> org.eclipse.jetty.server.handler.ContextHandlerCollection#handle(Conte
> xtHandlerCollection.java:213)
>
> org.eclipse.jetty.server.handler.HandlerCollection#handle(HandlerColle
> ction.java:109)
>
> org.eclipse.jetty.server.handler.HandlerWrapper#handle(HandlerWrapper.
> java:119)
> org.eclipse.jetty.server.Server#handle(Server.java:517)
> org.eclipse.jetty.server.HttpChannel#handle(HttpChannel.java:306)
> org.eclipse.jetty.server.HttpConnection#onFillable(HttpConnection.java
> :242)
>
> org.eclipse.jetty.io.AbstractConnection$ReadCallback#succeeded(Abstrac
> tConnection.java:261)
> org.eclipse.jetty.io.FillInterest#fillable(FillInterest.java:95)
>
> org.eclipse.jetty.io.SelectChannelEndPoint$2#run(SelectChannelEndPoint
> .java:75)
>
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume#produceAn
> dRun(ExecuteProduceConsume.java:213)
>
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume#run(Execu
> teProduceConsume.java:147)
>
> org.eclipse.jetty.util.thread.QueuedThreadPool#runJob(QueuedThreadPool
> .java:654)
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$3#run(QueuedThreadPool.
> java:572)
> java.lang.Thread#run(Thread.java:745)
>
> Kühne + Nagel (AG & Co.) KG
> Rechtsform: Kommanditgesellschaft, Bremen HRA 21928, USt-IdNr.: DE
> 812773878.
> Geschäftsleitung Kühne + Nagel (AG & Co.) KG: Yngve Ruud (Vors.),
> Martin Brinkmann, Matthias Heimbach, Jan-Hendrik Köstergarten,
> Nicholas Minde, Michael Nebel, Lars Wedel.
> Persönlich haftende Gesellschafterin: Kühne & Nagel A.G., Rechtsform:
> Aktiengesellschaft nach luxemburgischem Recht, HR-Nr.: B 18745,
> Geschäftsführendes Verwaltungsratsmitglied: Karl Gernandt.
> Geschäftsleitung Region Westeuropa: Yngve Ruud (Vors.), Diederick de
> Vroet, Dominic Edmonds, Uwe Hött, Richard Huhn, Björn Johansson,
> Holger Ketz, Jan Kunze.
>
> Wir arbeiten ausschließlich auf Grundlage der Allgemeinen Deutschen
> Spediteurbedingungen 2016 (ADSp 2016). Die ADSp 2016 beschränken in
> Ziffer
> 23 die gesetzliche Haftung für Güterschäden in Höhe von 8,33 SZR/kg je
> Schadenfall bzw. je Schadenereignis auf 1 Million bzw. 2 Millionen
> Euro oder 2 SZR/kg, je nachdem, welcher Betrag höher ist, und bei
> multimodalen Transporten unter Einschluss einer Seebeförderung generell auf 2 SZR/kg.
> Den vollständigen Text der ADSp 2016 übersenden wir Ihnen gerne auf
> Anfrage und können Sie auch unter http://www.kuehne-nagel.com einsehen.
>
Kühne + Nagel (AG & Co.) KG
Rechtsform: Kommanditgesellschaft, Bremen HRA 21928, USt-IdNr.: DE 812773878.
Geschäftsleitung Kühne + Nagel (AG & Co.) KG: Yngve Ruud (Vors.), Martin Brinkmann, Matthias Heimbach, Jan-Hendrik Köstergarten, Nicholas Minde, Michael Nebel, Lars Wedel.
Persönlich haftende Gesellschafterin: Kühne & Nagel A.G., Rechtsform: Aktiengesellschaft nach luxemburgischem Recht, HR-Nr.: B 18745, Geschäftsführendes Verwaltungsratsmitglied: Karl Gernandt.
Geschäftsleitung Region Westeuropa: Yngve Ruud (Vors.), Diederick de Vroet, Dominic Edmonds, Uwe Hött, Richard Huhn, Björn Johansson, Holger Ketz, Jan Kunze.
Wir arbeiten ausschließlich auf Grundlage der Allgemeinen Deutschen Spediteurbedingungen 2016 (ADSp 2016). Die ADSp 2016 beschränken in Ziffer 23 die gesetzliche Haftung für Güterschäden in Höhe von 8,33 SZR/kg je Schadenfall bzw. je Schadenereignis auf 1 Million bzw. 2 Millionen Euro oder 2 SZR/kg, je nachdem, welcher Betrag höher ist, und bei multimodalen Transporten unter Einschluss einer Seebeförderung generell auf 2 SZR/kg. Den vollständigen Text der ADSp 2016 übersenden wir Ihnen gerne auf Anfrage und können Sie auch unter http://www.kuehne-nagel.com einsehen.
Re: LinkageError
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Um, I think it's in your code somehow.
It looks like ife.cfg.ConfigEntry is one of your entities (I see it's using
ObjectContracts#compare), and that includes invoking
ConfigEntry#getParameter(), of type ife.cfg.Parameter. It looks to me that
you have two different copies of that class on your classpath, presumably
in different JARs.
Not sure how to help further, other than using mvn dependency:tree and also
use the mvn enforcer plugin to look these multiple versions.
-- Dan
java.lang.LinkageError
loader constraint violation: when resolving method "ife.cfg.ConfigEntry.
getParameter()Life/cfg/Parameter;" the class loader (instance of
sun/reflect/DelegatingClassLoader) of the current class,
sun/reflect/GeneratedMethodAccessor164,
and the class loader (instance of org/eclipse/jetty/webapp/WebAppClassLoader)
for the method's defining class, ife/cfg/ConfigEntry, have different Class
objects for the type ife/cfg/Parameter used in the signature
sun.reflect.GeneratedMethodAccessor164#invoke(null:-1)
sun.reflect.DelegatingMethodAccessorImpl#invoke(
DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method#invoke(Method.java:497)
org.apache.isis.applib.util.Clause#getValueOf(ObjectContracts.java:365)
org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:70)
org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:51)
ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:55)
On 19 July 2016 at 15:36, Rade, Joerg / Kuehne + Nagel / Ham GI-DP <
Joerg.Rade@kuehne-nagel.com> wrote:
> Hi,
>
> I just finished migrating my SOA management tool to 1.13.0 and when
> invoking one of the (rarely used) functions I ran into
> java.lang.LinkageError (see stacktrace below). The usual explanation 'same
> jar loaded twice' doesn't ring a bell in my head.
>
> Looking at the output of 'mvn dependency:tree' didn't show anything
> suspicious either.
>
> Any ideas?
>
> Thanks in advance
> Jörg
> ---- 8<---- stacktrace ---- >-8 ---
> java.lang.LinkageError
> loader constraint violation: when resolving method
> "ife.cfg.ConfigEntry.getParameter()Life/cfg/Parameter;" the class loader
> (instance of sun/reflect/DelegatingClassLoader) of the current class,
> sun/reflect/GeneratedMethodAccessor164, and the class loader (instance of
> org/eclipse/jetty/webapp/WebAppClassLoader) for the method's defining
> class, ife/cfg/ConfigEntry, have different Class objects for the type
> ife/cfg/Parameter used in the signature
> sun.reflect.GeneratedMethodAccessor164#invoke(null:-1)
>
> sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccessorImpl.java:43)
> java.lang.reflect.Method#invoke(Method.java:497)
> org.apache.isis.applib.util.Clause#getValueOf(ObjectContracts.java:365)
>
> org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:70)
>
> org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:51)
> ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:55)
> ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:26)
> java.util.TreeMap#compare(TreeMap.java:1290)
> java.util.TreeMap#put(TreeMap.java:538)
> java.util.TreeSet#add(TreeSet.java:255)
>
> org.datanucleus.store.types.wrappers.backed.SortedSet#loadFromStore(SortedSet.java:283)
>
> org.datanucleus.store.types.wrappers.backed.SortedSet#iterator(SortedSet.java:477)
> ife.cfg.Endpoints#listByRelease(Endpoints.java:151)
> ife.env.ProvidedEndpoints#referencedEndpoints(ProvidedEndpoints.java:191)
>
> ife.env.ProvidedEndpoints#checkReferencedEndpoins(ProvidedEndpoints.java:206)
>
> ife.env.ProvidedEndpoints#checkReleaseAndSendByMail(ProvidedEndpoints.java:220)
>
> sun.reflect.NativeMethodAccessorImpl#invoke0(NativeMethodAccessorImpl.java:-2)
>
> sun.reflect.NativeMethodAccessorImpl#invoke(NativeMethodAccessorImpl.java:62)
>
> sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccessorImpl.java:43)
> java.lang.reflect.Method#invoke(Method.java:497)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract#invokeMethodElseFromCache(ActionInvocationFacetForDomainEventAbstract.java:408)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract$2#execute(ActionInvocationFacetForDomainEventAbstract.java:262)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract$2#execute(ActionInvocationFacetForDomainEventAbstract.java:223)
>
> org.apache.isis.applib.services.iactn.Interaction#executeInternal(Interaction.java:173)
>
> org.apache.isis.applib.services.iactn.Interaction#execute(Interaction.java:143)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract#doInvoke(ActionInvocationFacetForDomainEventAbstract.java:311)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract$1#execute(ActionInvocationFacetForDomainEventAbstract.java:165)
>
> org.apache.isis.core.runtime.system.transaction.IsisTransactionManager#executeWithinTransaction(IsisTransactionManager.java:143)
>
> org.apache.isis.core.runtime.system.transaction.IsisTransactionManager#executeWithinTransaction(IsisTransactionManager.java:133)
>
> org.apache.isis.core.runtime.services.persistsession.PersistenceSessionServiceInternalDefault#executeWithinTransaction(PersistenceSessionServiceInternalDefault.java:179)
>
> org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract#invoke(ActionInvocationFacetForDomainEventAbstract.java:161)
>
> org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault#executeInternal(ObjectActionDefault.java:398)
>
> org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault#execute(ObjectActionDefault.java:387)
>
> org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault#executeWithRuleChecking(ObjectActionDefault.java:368)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#executeAction(ActionModel.java:483)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#load(ActionModel.java:462)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#load(ActionModel.java:80)
>
> org.apache.wicket.model.LoadableDetachableModel#getObject(LoadableDetachableModel.java:124)
>
> org.apache.isis.viewer.wicket.model.models.ActionModel#executeHandlingApplicationExceptions(ActionModel.java:568)
>
> org.apache.isis.viewer.wicket.ui.components.actions.ActionPanel#executeActionOnTargetAndProcessResults(ActionPanel.java:255)
>
> org.apache.isis.viewer.wicket.ui.components.actions.ActionPanel#executeAndProcessResults(ActionPanel.java:204)
>
> org.apache.isis.viewer.wicket.ui.components.actions.ActionParametersFormPanel$ActionParameterForm$1#onSubmit(ActionParametersFormPanel.java:148)
>
> org.apache.wicket.ajax.markup.html.form.AjaxButton$1#onSubmit(AjaxButton.java:108)
>
> org.apache.wicket.ajax.form.AjaxFormSubmitBehavior$AjaxFormSubmitter#onSubmit(AjaxFormSubmitBehavior.java:215)
> org.apache.wicket.markup.html.form.Form#delegateSubmit(Form.java:1305)
> org.apache.wicket.markup.html.form.Form#process(Form.java:966)
> org.apache.wicket.markup.html.form.Form#onFormSubmitted(Form.java:788)
>
> org.apache.wicket.ajax.form.AjaxFormSubmitBehavior#onEvent(AjaxFormSubmitBehavior.java:171)
>
> org.apache.wicket.ajax.AjaxEventBehavior#respond(AjaxEventBehavior.java:146)
>
> org.apache.wicket.ajax.AbstractDefaultAjaxBehavior#onRequest(AbstractDefaultAjaxBehavior.java:641)
>
> sun.reflect.NativeMethodAccessorImpl#invoke0(NativeMethodAccessorImpl.java:-2)
>
> sun.reflect.NativeMethodAccessorImpl#invoke(NativeMethodAccessorImpl.java:62)
>
> sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccessorImpl.java:43)
> java.lang.reflect.Method#invoke(Method.java:497)
>
> org.apache.wicket.RequestListenerInterface#internalInvoke(RequestListenerInterface.java:258)
>
> org.apache.wicket.RequestListenerInterface#invoke(RequestListenerInterface.java:241)
>
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler#invokeListener(ListenerInterfaceRequestHandler.java:250)
>
> org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler#respond(ListenerInterfaceRequestHandler.java:236)
>
> org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor#respond(RequestCycle.java:890)
>
> org.apache.wicket.request.RequestHandlerStack#execute(RequestHandlerStack.java:64)
> org.apache.wicket.request.cycle.RequestCycle#execute(RequestCycle.java:261)
>
> org.apache.wicket.request.cycle.RequestCycle#processRequest(RequestCycle.java:218)
>
> org.apache.wicket.request.cycle.RequestCycle#processRequestAndDetach(RequestCycle.java:289)
>
> org.apache.wicket.protocol.http.WicketFilter#processRequestCycle(WicketFilter.java:259)
>
> org.apache.wicket.protocol.http.WicketFilter#processRequest(WicketFilter.java:201)
>
> org.apache.wicket.protocol.http.WicketFilter#doFilter(WicketFilter.java:282)
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletHandler.java:1668)
>
> org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter#doFilter(IsisLogOnExceptionFilter.java:52)
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletHandler.java:1668)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter#executeChain(AbstractShiroFilter.java:449)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter$1#call(AbstractShiroFilter.java:365)
>
> org.apache.shiro.subject.support.SubjectCallable#doCall(SubjectCallable.java:90)
>
> org.apache.shiro.subject.support.SubjectCallable#call(SubjectCallable.java:83)
>
> org.apache.shiro.subject.support.DelegatingSubject#execute(DelegatingSubject.java:383)
>
> org.apache.shiro.web.servlet.AbstractShiroFilter#doFilterInternal(AbstractShiroFilter.java:362)
>
> org.apache.shiro.web.servlet.OncePerRequestFilter#doFilter(OncePerRequestFilter.java:125)
>
> org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletHandler.java:1668)
> org.eclipse.jetty.servlet.ServletHandler#doHandle(ServletHandler.java:581)
>
> org.eclipse.jetty.server.handler.ScopedHandler#handle(ScopedHandler.java:143)
> org.eclipse.jetty.security.SecurityHandler#handle(SecurityHandler.java:548)
>
> org.eclipse.jetty.server.session.SessionHandler#doHandle(SessionHandler.java:226)
>
> org.eclipse.jetty.server.handler.ContextHandler#doHandle(ContextHandler.java:1158)
> org.eclipse.jetty.servlet.ServletHandler#doScope(ServletHandler.java:511)
>
> org.eclipse.jetty.server.session.SessionHandler#doScope(SessionHandler.java:185)
>
> org.eclipse.jetty.server.handler.ContextHandler#doScope(ContextHandler.java:1090)
>
> org.eclipse.jetty.server.handler.ScopedHandler#handle(ScopedHandler.java:141)
>
> org.eclipse.jetty.server.handler.ContextHandlerCollection#handle(ContextHandlerCollection.java:213)
>
> org.eclipse.jetty.server.handler.HandlerCollection#handle(HandlerCollection.java:109)
>
> org.eclipse.jetty.server.handler.HandlerWrapper#handle(HandlerWrapper.java:119)
> org.eclipse.jetty.server.Server#handle(Server.java:517)
> org.eclipse.jetty.server.HttpChannel#handle(HttpChannel.java:306)
> org.eclipse.jetty.server.HttpConnection#onFillable(HttpConnection.java:242)
>
> org.eclipse.jetty.io.AbstractConnection$ReadCallback#succeeded(AbstractConnection.java:261)
> org.eclipse.jetty.io.FillInterest#fillable(FillInterest.java:95)
>
> org.eclipse.jetty.io.SelectChannelEndPoint$2#run(SelectChannelEndPoint.java:75)
>
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume#produceAndRun(ExecuteProduceConsume.java:213)
>
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume#run(ExecuteProduceConsume.java:147)
>
> org.eclipse.jetty.util.thread.QueuedThreadPool#runJob(QueuedThreadPool.java:654)
>
> org.eclipse.jetty.util.thread.QueuedThreadPool$3#run(QueuedThreadPool.java:572)
> java.lang.Thread#run(Thread.java:745)
>
> Kühne + Nagel (AG & Co.) KG
> Rechtsform: Kommanditgesellschaft, Bremen HRA 21928, USt-IdNr.: DE
> 812773878.
> Geschäftsleitung Kühne + Nagel (AG & Co.) KG: Yngve Ruud (Vors.), Martin
> Brinkmann, Matthias Heimbach, Jan-Hendrik Köstergarten, Nicholas Minde,
> Michael Nebel, Lars Wedel.
> Persönlich haftende Gesellschafterin: Kühne & Nagel A.G., Rechtsform:
> Aktiengesellschaft nach luxemburgischem Recht, HR-Nr.: B 18745,
> Geschäftsführendes Verwaltungsratsmitglied: Karl Gernandt.
> Geschäftsleitung Region Westeuropa: Yngve Ruud (Vors.), Diederick de
> Vroet, Dominic Edmonds, Uwe Hött, Richard Huhn, Björn Johansson, Holger
> Ketz, Jan Kunze.
>
> Wir arbeiten ausschließlich auf Grundlage der Allgemeinen Deutschen
> Spediteurbedingungen 2016 (ADSp 2016). Die ADSp 2016 beschränken in Ziffer
> 23 die gesetzliche Haftung für Güterschäden in Höhe von 8,33 SZR/kg je
> Schadenfall bzw. je Schadenereignis auf 1 Million bzw. 2 Millionen Euro
> oder 2 SZR/kg, je nachdem, welcher Betrag höher ist, und bei multimodalen
> Transporten unter Einschluss einer Seebeförderung generell auf 2 SZR/kg.
> Den vollständigen Text der ADSp 2016 übersenden wir Ihnen gerne auf Anfrage
> und können Sie auch unter http://www.kuehne-nagel.com einsehen.
>
LinkageError
Posted by "Rade, Joerg / Kuehne + Nagel / Ham GI-DP" <Jo...@Kuehne-Nagel.com>.
Hi,
I just finished migrating my SOA management tool to 1.13.0 and when invoking one of the (rarely used) functions I ran into java.lang.LinkageError (see stacktrace below). The usual explanation 'same jar loaded twice' doesn't ring a bell in my head.
Looking at the output of 'mvn dependency:tree' didn't show anything suspicious either.
Any ideas?
Thanks in advance
Jörg
---- 8<---- stacktrace ---- >-8 ---
java.lang.LinkageError
loader constraint violation: when resolving method "ife.cfg.ConfigEntry.getParameter()Life/cfg/Parameter;" the class loader (instance of sun/reflect/DelegatingClassLoader) of the current class, sun/reflect/GeneratedMethodAccessor164, and the class loader (instance of org/eclipse/jetty/webapp/WebAppClassLoader) for the method's defining class, ife/cfg/ConfigEntry, have different Class objects for the type ife/cfg/Parameter used in the signature
sun.reflect.GeneratedMethodAccessor164#invoke(null:-1)
sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method#invoke(Method.java:497)
org.apache.isis.applib.util.Clause#getValueOf(ObjectContracts.java:365)
org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:70)
org.apache.isis.applib.util.ObjectContracts#compare(ObjectContracts.java:51)
ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:55)
ife.cfg.ConfigEntry#compareTo(ConfigEntry.java:26)
java.util.TreeMap#compare(TreeMap.java:1290)
java.util.TreeMap#put(TreeMap.java:538)
java.util.TreeSet#add(TreeSet.java:255)
org.datanucleus.store.types.wrappers.backed.SortedSet#loadFromStore(SortedSet.java:283)
org.datanucleus.store.types.wrappers.backed.SortedSet#iterator(SortedSet.java:477)
ife.cfg.Endpoints#listByRelease(Endpoints.java:151)
ife.env.ProvidedEndpoints#referencedEndpoints(ProvidedEndpoints.java:191)
ife.env.ProvidedEndpoints#checkReferencedEndpoins(ProvidedEndpoints.java:206)
ife.env.ProvidedEndpoints#checkReleaseAndSendByMail(ProvidedEndpoints.java:220)
sun.reflect.NativeMethodAccessorImpl#invoke0(NativeMethodAccessorImpl.java:-2)
sun.reflect.NativeMethodAccessorImpl#invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method#invoke(Method.java:497)
org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract#invokeMethodElseFromCache(ActionInvocationFacetForDomainEventAbstract.java:408)
org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract$2#execute(ActionInvocationFacetForDomainEventAbstract.java:262)
org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract$2#execute(ActionInvocationFacetForDomainEventAbstract.java:223)
org.apache.isis.applib.services.iactn.Interaction#executeInternal(Interaction.java:173)
org.apache.isis.applib.services.iactn.Interaction#execute(Interaction.java:143)
org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract#doInvoke(ActionInvocationFacetForDomainEventAbstract.java:311)
org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract$1#execute(ActionInvocationFacetForDomainEventAbstract.java:165)
org.apache.isis.core.runtime.system.transaction.IsisTransactionManager#executeWithinTransaction(IsisTransactionManager.java:143)
org.apache.isis.core.runtime.system.transaction.IsisTransactionManager#executeWithinTransaction(IsisTransactionManager.java:133)
org.apache.isis.core.runtime.services.persistsession.PersistenceSessionServiceInternalDefault#executeWithinTransaction(PersistenceSessionServiceInternalDefault.java:179)
org.apache.isis.core.metamodel.facets.actions.action.invocation.ActionInvocationFacetForDomainEventAbstract#invoke(ActionInvocationFacetForDomainEventAbstract.java:161)
org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault#executeInternal(ObjectActionDefault.java:398)
org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault#execute(ObjectActionDefault.java:387)
org.apache.isis.core.metamodel.specloader.specimpl.ObjectActionDefault#executeWithRuleChecking(ObjectActionDefault.java:368)
org.apache.isis.viewer.wicket.model.models.ActionModel#executeAction(ActionModel.java:483)
org.apache.isis.viewer.wicket.model.models.ActionModel#load(ActionModel.java:462)
org.apache.isis.viewer.wicket.model.models.ActionModel#load(ActionModel.java:80)
org.apache.wicket.model.LoadableDetachableModel#getObject(LoadableDetachableModel.java:124)
org.apache.isis.viewer.wicket.model.models.ActionModel#executeHandlingApplicationExceptions(ActionModel.java:568)
org.apache.isis.viewer.wicket.ui.components.actions.ActionPanel#executeActionOnTargetAndProcessResults(ActionPanel.java:255)
org.apache.isis.viewer.wicket.ui.components.actions.ActionPanel#executeAndProcessResults(ActionPanel.java:204)
org.apache.isis.viewer.wicket.ui.components.actions.ActionParametersFormPanel$ActionParameterForm$1#onSubmit(ActionParametersFormPanel.java:148)
org.apache.wicket.ajax.markup.html.form.AjaxButton$1#onSubmit(AjaxButton.java:108)
org.apache.wicket.ajax.form.AjaxFormSubmitBehavior$AjaxFormSubmitter#onSubmit(AjaxFormSubmitBehavior.java:215)
org.apache.wicket.markup.html.form.Form#delegateSubmit(Form.java:1305)
org.apache.wicket.markup.html.form.Form#process(Form.java:966)
org.apache.wicket.markup.html.form.Form#onFormSubmitted(Form.java:788)
org.apache.wicket.ajax.form.AjaxFormSubmitBehavior#onEvent(AjaxFormSubmitBehavior.java:171)
org.apache.wicket.ajax.AjaxEventBehavior#respond(AjaxEventBehavior.java:146)
org.apache.wicket.ajax.AbstractDefaultAjaxBehavior#onRequest(AbstractDefaultAjaxBehavior.java:641)
sun.reflect.NativeMethodAccessorImpl#invoke0(NativeMethodAccessorImpl.java:-2)
sun.reflect.NativeMethodAccessorImpl#invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl#invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method#invoke(Method.java:497)
org.apache.wicket.RequestListenerInterface#internalInvoke(RequestListenerInterface.java:258)
org.apache.wicket.RequestListenerInterface#invoke(RequestListenerInterface.java:241)
org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler#invokeListener(ListenerInterfaceRequestHandler.java:250)
org.apache.wicket.core.request.handler.ListenerInterfaceRequestHandler#respond(ListenerInterfaceRequestHandler.java:236)
org.apache.wicket.request.cycle.RequestCycle$HandlerExecutor#respond(RequestCycle.java:890)
org.apache.wicket.request.RequestHandlerStack#execute(RequestHandlerStack.java:64)
org.apache.wicket.request.cycle.RequestCycle#execute(RequestCycle.java:261)
org.apache.wicket.request.cycle.RequestCycle#processRequest(RequestCycle.java:218)
org.apache.wicket.request.cycle.RequestCycle#processRequestAndDetach(RequestCycle.java:289)
org.apache.wicket.protocol.http.WicketFilter#processRequestCycle(WicketFilter.java:259)
org.apache.wicket.protocol.http.WicketFilter#processRequest(WicketFilter.java:201)
org.apache.wicket.protocol.http.WicketFilter#doFilter(WicketFilter.java:282)
org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletHandler.java:1668)
org.apache.isis.core.webapp.diagnostics.IsisLogOnExceptionFilter#doFilter(IsisLogOnExceptionFilter.java:52)
org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletHandler.java:1668)
org.apache.shiro.web.servlet.AbstractShiroFilter#executeChain(AbstractShiroFilter.java:449)
org.apache.shiro.web.servlet.AbstractShiroFilter$1#call(AbstractShiroFilter.java:365)
org.apache.shiro.subject.support.SubjectCallable#doCall(SubjectCallable.java:90)
org.apache.shiro.subject.support.SubjectCallable#call(SubjectCallable.java:83)
org.apache.shiro.subject.support.DelegatingSubject#execute(DelegatingSubject.java:383)
org.apache.shiro.web.servlet.AbstractShiroFilter#doFilterInternal(AbstractShiroFilter.java:362)
org.apache.shiro.web.servlet.OncePerRequestFilter#doFilter(OncePerRequestFilter.java:125)
org.eclipse.jetty.servlet.ServletHandler$CachedChain#doFilter(ServletHandler.java:1668)
org.eclipse.jetty.servlet.ServletHandler#doHandle(ServletHandler.java:581)
org.eclipse.jetty.server.handler.ScopedHandler#handle(ScopedHandler.java:143)
org.eclipse.jetty.security.SecurityHandler#handle(SecurityHandler.java:548)
org.eclipse.jetty.server.session.SessionHandler#doHandle(SessionHandler.java:226)
org.eclipse.jetty.server.handler.ContextHandler#doHandle(ContextHandler.java:1158)
org.eclipse.jetty.servlet.ServletHandler#doScope(ServletHandler.java:511)
org.eclipse.jetty.server.session.SessionHandler#doScope(SessionHandler.java:185)
org.eclipse.jetty.server.handler.ContextHandler#doScope(ContextHandler.java:1090)
org.eclipse.jetty.server.handler.ScopedHandler#handle(ScopedHandler.java:141)
org.eclipse.jetty.server.handler.ContextHandlerCollection#handle(ContextHandlerCollection.java:213)
org.eclipse.jetty.server.handler.HandlerCollection#handle(HandlerCollection.java:109)
org.eclipse.jetty.server.handler.HandlerWrapper#handle(HandlerWrapper.java:119)
org.eclipse.jetty.server.Server#handle(Server.java:517)
org.eclipse.jetty.server.HttpChannel#handle(HttpChannel.java:306)
org.eclipse.jetty.server.HttpConnection#onFillable(HttpConnection.java:242)
org.eclipse.jetty.io.AbstractConnection$ReadCallback#succeeded(AbstractConnection.java:261)
org.eclipse.jetty.io.FillInterest#fillable(FillInterest.java:95)
org.eclipse.jetty.io.SelectChannelEndPoint$2#run(SelectChannelEndPoint.java:75)
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume#produceAndRun(ExecuteProduceConsume.java:213)
org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume#run(ExecuteProduceConsume.java:147)
org.eclipse.jetty.util.thread.QueuedThreadPool#runJob(QueuedThreadPool.java:654)
org.eclipse.jetty.util.thread.QueuedThreadPool$3#run(QueuedThreadPool.java:572)
java.lang.Thread#run(Thread.java:745)
Kühne + Nagel (AG & Co.) KG
Rechtsform: Kommanditgesellschaft, Bremen HRA 21928, USt-IdNr.: DE 812773878.
Geschäftsleitung Kühne + Nagel (AG & Co.) KG: Yngve Ruud (Vors.), Martin Brinkmann, Matthias Heimbach, Jan-Hendrik Köstergarten, Nicholas Minde, Michael Nebel, Lars Wedel.
Persönlich haftende Gesellschafterin: Kühne & Nagel A.G., Rechtsform: Aktiengesellschaft nach luxemburgischem Recht, HR-Nr.: B 18745, Geschäftsführendes Verwaltungsratsmitglied: Karl Gernandt.
Geschäftsleitung Region Westeuropa: Yngve Ruud (Vors.), Diederick de Vroet, Dominic Edmonds, Uwe Hött, Richard Huhn, Björn Johansson, Holger Ketz, Jan Kunze.
Wir arbeiten ausschließlich auf Grundlage der Allgemeinen Deutschen Spediteurbedingungen 2016 (ADSp 2016). Die ADSp 2016 beschränken in Ziffer 23 die gesetzliche Haftung für Güterschäden in Höhe von 8,33 SZR/kg je Schadenfall bzw. je Schadenereignis auf 1 Million bzw. 2 Millionen Euro oder 2 SZR/kg, je nachdem, welcher Betrag höher ist, und bei multimodalen Transporten unter Einschluss einer Seebeförderung generell auf 2 SZR/kg. Den vollständigen Text der ADSp 2016 übersenden wir Ihnen gerne auf Anfrage und können Sie auch unter http://www.kuehne-nagel.com einsehen.
Re: Question rest services apache isis
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
thx, will also add to docs...
On 19 July 2016 at 12:21, Erik de Hair <e....@pocos.nl> wrote:
> The problem of multiple RestEasy applications is described here:
> http://stackoverflow.com/questions/20687251/multiple-endpoints-with-resteasy
>
>
>
> On 07/19/2016 12:45 PM, Dan Haywood wrote:
>
>> Many thanks for this info, Erik.
>>
>> I'll also take a note to add to docs, all great stuff.
>>
>> Cheers
>> Dan
>>
>>
>> On 19 July 2016 at 11:42, Erik de Hair <e....@pocos.nl> wrote:
>>
>> On 07/19/2016 12:20 PM, Dan Haywood wrote:
>>>
>>> Willie,
>>>>
>>>> thanks very much for taking the time to document all this; great to know
>>>> it's doable.
>>>>
>>>> It *is* in fact possible to add additional endpoints to the RO viewer;
>>>> you
>>>> need to subclass RestfulObjectsApplication [1] to add your additional
>>>> endpoints and then to register in web.xml [2]
>>>>
>>>> Our application uses this approach to make it easier to configure
>>> firewalls to access certain paths on the web server by different parties
>>> and because we use xml webservices of suppliers that deliver xml-messages
>>> to our application (because they dictate that).
>>>
>>> We added a servlet(mapping) to web.xml
>>>
>>> <servlet>
>>> <servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
>>>
>>>
>>> <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
>>> <init-param>
>>> <param-name>resteasy.servlet.mapping.prefix</param-name>
>>> <param-value>/ws/</param-value>
>>> </init-param>
>>> <!-- used by RestEasy to determine the JAX-RS resources and
>>> other
>>> related
>>> configuration -->
>>> <init-param>
>>> <param-name>javax.ws.rs.Application</param-name>
>>> <param-value>webapp.PortalRestfulObjectsApplication</param-value>
>>> </init-param>
>>> </servlet>
>>> ...
>>> <servlet-mapping>
>>> <servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
>>> <url-pattern>/ws/*</url-pattern>
>>> </servlet-mapping>
>>>
>>> The implementation of webapp.PortalRestfulObjectsApplication:
>>>
>>> public class PortalRestfulObjectsApplication extends
>>> AbstractJaxRsApplication {
>>>
>>> public PortalRestfulObjectsApplication() {
>>> addSingleton(new RestfulObjectsApplicationExceptionMapper());
>>> addSingleton(new RuntimeExceptionMapper());
>>> // add services
>>> addClass(AccessAvailabilityService.class);
>>> addClass(PortingXSService.class);
>>> }
>>> }
>>>
>>> But I believe we had a problem starting multiple RestEasy applications
>>> and
>>> I think we had to add a filter to the web application to make sure they
>>> both start.
>>>
>>> public class ResteasyCleanupFilter implements Filter {
>>> private FilterConfig config;
>>>
>>> @Override
>>> public void init(FilterConfig filterConfig) throws ServletException
>>> {
>>> this.config = filterConfig;
>>> }
>>>
>>> @Override
>>> public void doFilter(ServletRequest request, ServletResponse
>>> response,
>>> FilterChain chain) throws IOException, ServletException {
>>>
>>> config.getServletContext().setAttribute(ResteasyProviderFactory.class.getName(),
>>> null);
>>> config.getServletContext().setAttribute(Dispatcher.class.getName(),
>>> null);
>>> chain.doFilter(request, response);
>>> }
>>>
>>> @Override
>>> public void destroy() {
>>> // TODO Auto-generated method stub
>>> }
>>> }
>>>
>>> filter-config in web.xml
>>>
>>> <filter>
>>> <filter-name>CleanupFilter</filter-name>
>>> <filter-class>webapp.restful.ResteasyCleanupFilter</filter-class>
>>> </filter>
>>> <filter-mapping>
>>> <filter-name>CleanupFilter</filter-name>
>>> <url-pattern>/*</url-pattern>
>>> </filter-mapping>
>>>
>>> Part of implementation of PortingXSService.class (in this case it's a xml
>>> web service):
>>>
>>> @Path("portingxs")
>>> public class PortingXSService extends AbstractIsisSessionTemplate {
>>> @Context
>>> HttpHeaders httpHeaders;
>>> @Context
>>> UriInfo uriInfo;
>>> @Context
>>> Request request;
>>> @Context
>>> HttpServletRequest httpServletRequest;
>>> @Context
>>> HttpServletResponse httpServletResponse;
>>> @Context
>>> SecurityContext securityContext;
>>>
>>> @POST
>>> @Path("/")
>>> @Consumes(MediaType.TEXT_XML)
>>> @Produces({ MediaType.TEXT_XML })
>>> public Response receive(final String input) {
>>> final ObjectAdapter serviceAdapter =
>>> getServiceAdapter("nl.pocos.portingxs.PortingXSService");
>>> nl.pocos.portingxs.PortingXSService service =
>>> (nl.pocos.portingxs.PortingXSService) serviceAdapter.getObject();
>>> Object response = ...;
>>> ResponseBuilder rb = Response.status(200).entity(response);
>>> return rb.build();
>>> }
>>>
>>> protected ObjectAdapter getServiceAdapter(final String serviceId) {
>>> final List<ObjectAdapter> serviceAdapters =
>>> getPersistenceSession().getServices();
>>> for (final ObjectAdapter serviceAdapter : serviceAdapters) {
>>> final Object servicePojo = serviceAdapter.getObject();
>>> final String id = ServiceUtil.id(servicePojo);
>>> if (serviceId.equals(id)) {
>>> return serviceAdapter;
>>> }
>>> }
>>> throw
>>>
>>> RestfulObjectsApplicationException.createWithMessage(HttpStatusCode.NOT_FOUND,
>>> "Could not locate service '%s'", serviceId);
>>> }
>>> }
>>>
>>> I'll take a note to add this detail into the "ro viewer" guide [3], and
>>>> also to add your longer recipe as to how oauth can be added into the
>>>> "beyond the basics" guide [4]
>>>>
>>>> Or, if you/anyone else has the time, PRs on docs gratefully received!
>>>>
>>>> Thx again
>>>> Dan
>>>>
>>>>
>>>> [1]
>>>>
>>>>
>>>> https://github.com/apache/isis/blob/master/core/viewer-restfulobjects-server/src/main/java/org/apache/isis/viewer/restfulobjects/server/RestfulObjectsApplication.java#L36
>>>> [2]
>>>>
>>>>
>>>> https://github.com/apache/isis/blob/master/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L272
>>>> [3]
>>>>
>>>>
>>>> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugvro.adoc
>>>> [4]
>>>>
>>>>
>>>> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugbtb.adoc
>>>>
>>>> On 28 June 2016 at 08:44, Willie Loyd Tandingan <
>>>> tandingan.wlb@gmail.com>
>>>> wrote:
>>>>
>>>> Hi Pedro and Dan,
>>>>
>>>>> I've already opened the topic on open-sourcing the OAuth2 module we've
>>>>> implemented but I don't think it can be done sooner.
>>>>>
>>>>> What we did was basically find an implementation of OAuth2 and
>>>>> integrate
>>>>> it with Apache Isis. There are some suggested in [1] but are not well
>>>>> maintained. I have considered replacing Shiro with Spring Security but
>>>>> thought that it would take too much effort and time.
>>>>>
>>>>> In the end, we also had a hard time creating another JAX-RS application
>>>>> since resteasy used by RO viewer unfortunately doesn't support multiple
>>>>> applications. We wanted the OAuth2 module to be a detachable module on
>>>>> top
>>>>> of RO while maintaining no modifications to RO code, and with no
>>>>> changes
>>>>> to
>>>>> the existing wicket viewer. Due to these requirements, we had decided
>>>>> to
>>>>> use Restlet with its oauth extension, and integrated it with Shiro, RO,
>>>>> and
>>>>> Apache Isis. This also allowed us to create endpoints outside of RO. At
>>>>> the
>>>>> moment, we are needing only the password grant flow so the tokens are
>>>>> actually persisted but the client manager is in-memory.
>>>>>
>>>>> Basically we did the following to integrate Restlet with RO and Apache
>>>>> Isis:
>>>>>
>>>>> 1. Implement org.restlet.ext.oauth.internal.Token as domain object.
>>>>> 2. Implement org.restlet.ext.oauth.internal.TokenManager as domain
>>>>> service.
>>>>> 3. Implement org.restlet.ext.oauth.internal.Client. We implemented this
>>>>> in-memory.
>>>>> 4. Setup the Restlet OAuth2 token endpoint using the implementations
>>>>> above. Note they must be running under Isis context. We referred to the
>>>>> the
>>>>> security addon for integration patterns, and used similar techniques
>>>>> e.g.
>>>>> IsisContext to open session, execute closures using transaction
>>>>> manager,
>>>>> and close session.
>>>>> 5. Create transaction filter for this endpoint.
>>>>>
>>>>> Above will implement token generation, verification, and revocation.
>>>>> For
>>>>> integration with Shiro:
>>>>>
>>>>> 6. Implement org.restlet.ext.oauth.internal.ResourceOwnerManager. This
>>>>> creates wraps the username and password given for password grant flow
>>>>> in
>>>>> a
>>>>> AuthenticationRequestPassword, and passes it to Apache Isis
>>>>> AuthenticationManager.
>>>>> 7. Create implementations of AuthenticationRequestToken (we extended
>>>>> AuthenticationRequestPassword) and AuthenticationToken. This shall
>>>>> support
>>>>> token authentications while still maintaining username/password
>>>>> authentications (used in wicket and RO basic auth; since we still need
>>>>> to
>>>>> support both for prototyping and development).
>>>>> 8. Implement
>>>>> org.apache.isis.core.runtime.authentication.standard.Authenticator, and
>>>>> org.apache.isis.core.runtime.authorization.standard.Authorizer. We
>>>>> extended
>>>>> ShiroAuthenticatorOrAuthorizor to support token authentications.
>>>>> 9. Extend IsisModuleSecurityRealm to support getting authentication
>>>>> info
>>>>> for OAuth2 tokens. We had our own additions here since we need to
>>>>> support
>>>>> some forms of decoupled authentication vetos from other modules e.g. if
>>>>> tenant of the ApplicationUser is disabled then disallow login, password
>>>>> lockout policies, etc.
>>>>> 10. Extend AuthorizationManagerStandardInstallerAbstract and create
>>>>> the
>>>>> new authorizer.
>>>>> 11. Create an AuthenticationSessionStrategy supported token
>>>>> authentication
>>>>> to be used in RO. Here, we parse the token from the HTTP header, create
>>>>> AuthenticationRequestToken, and pass to the Apache Isis
>>>>> AuthenticationManager.
>>>>>
>>>>> To use in your app:
>>>>>
>>>>> 12. In your AppManifest, return the installer class name created in #10
>>>>> for getAuthenticationMechanism and getAuthorizationMechanism.
>>>>> 13. In shiro.ini, set securityManager.realms to the security realm in
>>>>> #9
>>>>> 14. In web.xml, for the IsisSessionFilterForRestfulObjects, use the
>>>>> authentication session strategy created in 11 for the
>>>>> authenticationSessionStrategy init param. We also set whenNoSession to
>>>>> continue since we needed to provide different error messages on
>>>>> authentication failures by letting AuthenticationException propagate up
>>>>> to
>>>>> the authentication session strategy, and prettify the messages through
>>>>> another filter.
>>>>> 15. In web.xml, setup the Restlet servlet and the transaction filter in
>>>>> #5.
>>>>>
>>>>>
>>>>> I hope above makes sense. This was implemented a year ago and it's
>>>>> already
>>>>> a bit blurry to remember everything. I would advise to observe and
>>>>> study
>>>>> the authentication flow from viewer to the authentication realms, as
>>>>> well
>>>>> as the security addon. This helps in determining integration or
>>>>> customization points to adhere to your project's requirements.
>>>>>
>>>>> Best regards,
>>>>> Willie
>>>>>
>>>>> [1] https://issues.apache.org/jira/browse/SHIRO-119
>>>>>
>>>>> On Tue, Jun 28, 2016 at 5:35 AM, Dan Haywood <
>>>>> dan@haywood-associates.co.uk
>>>>>
>>>>> wrote:
>>>>>> Hi Pedro,
>>>>>> Apache Isis doesn't ship with oauth out of the box, but I recall
>>>>>> Willie
>>>>>> mentioning in passing [1] that they had extended Isis in this
>>>>>> direction.
>>>>>>
>>>>>> @Willie, would you be able to share any code around this?
>>>>>>
>>>>>> Thx
>>>>>> Dan
>>>>>>
>>>>>> http://markmail.org/message/ia76ut3mwuppdqow
>>>>>>
>>>>>> On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
>>>>>>
>>>>>> Hello Dan.
>>>>>>
>>>>>>> Dan, I have a question, I require implement OAuth authentication
>>>>>>> services to the rest exposing apache isis; how I can configure apache
>>>>>>> isis
>>>>>>> authentication OAUTH?
>>>>>>>
>>>>>>> Thanks.
>>>>>>>
>>>>>>> [image: Logo]
>>>>>>>
>>>>>>> *Pedro Antonio Alba *
>>>>>>> *Senior Development Analyst*
>>>>>>> Tel: (57) 1 703 17 77
>>>>>>> Cel: (57) 301 3379810
>>>>>>> E-mail: pedro.alba@ticxar.com
>>>>>>> Calle 93 # 19b - 66 Ofc 202
>>>>>>> Bogotá D.C., Colombia
>>>>>>> www.ticxar.com
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> [image: facebook]
>>>>>>> <http://www.facebook.com/pages/Ticxar/446503822192581> [image:
>>>>>>> twitter]
>>>>>>> <http://twitter.com/ticxar> [image: linkedIn]
>>>>>>> <http://www.linkedin.com/company/ticxar>
>>>>>>>
>>>>>>>
>>>>>>>
>
Re: Question rest services apache isis
Posted by Erik de Hair <e....@pocos.nl>.
The problem of multiple RestEasy applications is described here:
http://stackoverflow.com/questions/20687251/multiple-endpoints-with-resteasy
On 07/19/2016 12:45 PM, Dan Haywood wrote:
> Many thanks for this info, Erik.
>
> I'll also take a note to add to docs, all great stuff.
>
> Cheers
> Dan
>
>
> On 19 July 2016 at 11:42, Erik de Hair <e....@pocos.nl> wrote:
>
>> On 07/19/2016 12:20 PM, Dan Haywood wrote:
>>
>>> Willie,
>>>
>>> thanks very much for taking the time to document all this; great to know
>>> it's doable.
>>>
>>> It *is* in fact possible to add additional endpoints to the RO viewer; you
>>> need to subclass RestfulObjectsApplication [1] to add your additional
>>> endpoints and then to register in web.xml [2]
>>>
>> Our application uses this approach to make it easier to configure
>> firewalls to access certain paths on the web server by different parties
>> and because we use xml webservices of suppliers that deliver xml-messages
>> to our application (because they dictate that).
>>
>> We added a servlet(mapping) to web.xml
>>
>> <servlet>
>> <servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
>>
>> <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
>> <init-param>
>> <param-name>resteasy.servlet.mapping.prefix</param-name>
>> <param-value>/ws/</param-value>
>> </init-param>
>> <!-- used by RestEasy to determine the JAX-RS resources and other
>> related
>> configuration -->
>> <init-param>
>> <param-name>javax.ws.rs.Application</param-name>
>> <param-value>webapp.PortalRestfulObjectsApplication</param-value>
>> </init-param>
>> </servlet>
>> ...
>> <servlet-mapping>
>> <servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
>> <url-pattern>/ws/*</url-pattern>
>> </servlet-mapping>
>>
>> The implementation of webapp.PortalRestfulObjectsApplication:
>>
>> public class PortalRestfulObjectsApplication extends
>> AbstractJaxRsApplication {
>>
>> public PortalRestfulObjectsApplication() {
>> addSingleton(new RestfulObjectsApplicationExceptionMapper());
>> addSingleton(new RuntimeExceptionMapper());
>> // add services
>> addClass(AccessAvailabilityService.class);
>> addClass(PortingXSService.class);
>> }
>> }
>>
>> But I believe we had a problem starting multiple RestEasy applications and
>> I think we had to add a filter to the web application to make sure they
>> both start.
>>
>> public class ResteasyCleanupFilter implements Filter {
>> private FilterConfig config;
>>
>> @Override
>> public void init(FilterConfig filterConfig) throws ServletException {
>> this.config = filterConfig;
>> }
>>
>> @Override
>> public void doFilter(ServletRequest request, ServletResponse response,
>> FilterChain chain) throws IOException, ServletException {
>> config.getServletContext().setAttribute(ResteasyProviderFactory.class.getName(),
>> null);
>> config.getServletContext().setAttribute(Dispatcher.class.getName(), null);
>> chain.doFilter(request, response);
>> }
>>
>> @Override
>> public void destroy() {
>> // TODO Auto-generated method stub
>> }
>> }
>>
>> filter-config in web.xml
>>
>> <filter>
>> <filter-name>CleanupFilter</filter-name>
>> <filter-class>webapp.restful.ResteasyCleanupFilter</filter-class>
>> </filter>
>> <filter-mapping>
>> <filter-name>CleanupFilter</filter-name>
>> <url-pattern>/*</url-pattern>
>> </filter-mapping>
>>
>> Part of implementation of PortingXSService.class (in this case it's a xml
>> web service):
>>
>> @Path("portingxs")
>> public class PortingXSService extends AbstractIsisSessionTemplate {
>> @Context
>> HttpHeaders httpHeaders;
>> @Context
>> UriInfo uriInfo;
>> @Context
>> Request request;
>> @Context
>> HttpServletRequest httpServletRequest;
>> @Context
>> HttpServletResponse httpServletResponse;
>> @Context
>> SecurityContext securityContext;
>>
>> @POST
>> @Path("/")
>> @Consumes(MediaType.TEXT_XML)
>> @Produces({ MediaType.TEXT_XML })
>> public Response receive(final String input) {
>> final ObjectAdapter serviceAdapter =
>> getServiceAdapter("nl.pocos.portingxs.PortingXSService");
>> nl.pocos.portingxs.PortingXSService service =
>> (nl.pocos.portingxs.PortingXSService) serviceAdapter.getObject();
>> Object response = ...;
>> ResponseBuilder rb = Response.status(200).entity(response);
>> return rb.build();
>> }
>>
>> protected ObjectAdapter getServiceAdapter(final String serviceId) {
>> final List<ObjectAdapter> serviceAdapters =
>> getPersistenceSession().getServices();
>> for (final ObjectAdapter serviceAdapter : serviceAdapters) {
>> final Object servicePojo = serviceAdapter.getObject();
>> final String id = ServiceUtil.id(servicePojo);
>> if (serviceId.equals(id)) {
>> return serviceAdapter;
>> }
>> }
>> throw
>> RestfulObjectsApplicationException.createWithMessage(HttpStatusCode.NOT_FOUND,
>> "Could not locate service '%s'", serviceId);
>> }
>> }
>>
>>> I'll take a note to add this detail into the "ro viewer" guide [3], and
>>> also to add your longer recipe as to how oauth can be added into the
>>> "beyond the basics" guide [4]
>>>
>>> Or, if you/anyone else has the time, PRs on docs gratefully received!
>>>
>>> Thx again
>>> Dan
>>>
>>>
>>> [1]
>>>
>>> https://github.com/apache/isis/blob/master/core/viewer-restfulobjects-server/src/main/java/org/apache/isis/viewer/restfulobjects/server/RestfulObjectsApplication.java#L36
>>> [2]
>>>
>>> https://github.com/apache/isis/blob/master/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L272
>>> [3]
>>>
>>> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugvro.adoc
>>> [4]
>>>
>>> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugbtb.adoc
>>>
>>> On 28 June 2016 at 08:44, Willie Loyd Tandingan <ta...@gmail.com>
>>> wrote:
>>>
>>> Hi Pedro and Dan,
>>>> I've already opened the topic on open-sourcing the OAuth2 module we've
>>>> implemented but I don't think it can be done sooner.
>>>>
>>>> What we did was basically find an implementation of OAuth2 and integrate
>>>> it with Apache Isis. There are some suggested in [1] but are not well
>>>> maintained. I have considered replacing Shiro with Spring Security but
>>>> thought that it would take too much effort and time.
>>>>
>>>> In the end, we also had a hard time creating another JAX-RS application
>>>> since resteasy used by RO viewer unfortunately doesn't support multiple
>>>> applications. We wanted the OAuth2 module to be a detachable module on
>>>> top
>>>> of RO while maintaining no modifications to RO code, and with no changes
>>>> to
>>>> the existing wicket viewer. Due to these requirements, we had decided to
>>>> use Restlet with its oauth extension, and integrated it with Shiro, RO,
>>>> and
>>>> Apache Isis. This also allowed us to create endpoints outside of RO. At
>>>> the
>>>> moment, we are needing only the password grant flow so the tokens are
>>>> actually persisted but the client manager is in-memory.
>>>>
>>>> Basically we did the following to integrate Restlet with RO and Apache
>>>> Isis:
>>>>
>>>> 1. Implement org.restlet.ext.oauth.internal.Token as domain object.
>>>> 2. Implement org.restlet.ext.oauth.internal.TokenManager as domain
>>>> service.
>>>> 3. Implement org.restlet.ext.oauth.internal.Client. We implemented this
>>>> in-memory.
>>>> 4. Setup the Restlet OAuth2 token endpoint using the implementations
>>>> above. Note they must be running under Isis context. We referred to the
>>>> the
>>>> security addon for integration patterns, and used similar techniques e.g.
>>>> IsisContext to open session, execute closures using transaction manager,
>>>> and close session.
>>>> 5. Create transaction filter for this endpoint.
>>>>
>>>> Above will implement token generation, verification, and revocation. For
>>>> integration with Shiro:
>>>>
>>>> 6. Implement org.restlet.ext.oauth.internal.ResourceOwnerManager. This
>>>> creates wraps the username and password given for password grant flow in
>>>> a
>>>> AuthenticationRequestPassword, and passes it to Apache Isis
>>>> AuthenticationManager.
>>>> 7. Create implementations of AuthenticationRequestToken (we extended
>>>> AuthenticationRequestPassword) and AuthenticationToken. This shall
>>>> support
>>>> token authentications while still maintaining username/password
>>>> authentications (used in wicket and RO basic auth; since we still need to
>>>> support both for prototyping and development).
>>>> 8. Implement
>>>> org.apache.isis.core.runtime.authentication.standard.Authenticator, and
>>>> org.apache.isis.core.runtime.authorization.standard.Authorizer. We
>>>> extended
>>>> ShiroAuthenticatorOrAuthorizor to support token authentications.
>>>> 9. Extend IsisModuleSecurityRealm to support getting authentication info
>>>> for OAuth2 tokens. We had our own additions here since we need to support
>>>> some forms of decoupled authentication vetos from other modules e.g. if
>>>> tenant of the ApplicationUser is disabled then disallow login, password
>>>> lockout policies, etc.
>>>> 10. Extend AuthorizationManagerStandardInstallerAbstract and create the
>>>> new authorizer.
>>>> 11. Create an AuthenticationSessionStrategy supported token
>>>> authentication
>>>> to be used in RO. Here, we parse the token from the HTTP header, create
>>>> AuthenticationRequestToken, and pass to the Apache Isis
>>>> AuthenticationManager.
>>>>
>>>> To use in your app:
>>>>
>>>> 12. In your AppManifest, return the installer class name created in #10
>>>> for getAuthenticationMechanism and getAuthorizationMechanism.
>>>> 13. In shiro.ini, set securityManager.realms to the security realm in #9
>>>> 14. In web.xml, for the IsisSessionFilterForRestfulObjects, use the
>>>> authentication session strategy created in 11 for the
>>>> authenticationSessionStrategy init param. We also set whenNoSession to
>>>> continue since we needed to provide different error messages on
>>>> authentication failures by letting AuthenticationException propagate up
>>>> to
>>>> the authentication session strategy, and prettify the messages through
>>>> another filter.
>>>> 15. In web.xml, setup the Restlet servlet and the transaction filter in
>>>> #5.
>>>>
>>>>
>>>> I hope above makes sense. This was implemented a year ago and it's
>>>> already
>>>> a bit blurry to remember everything. I would advise to observe and study
>>>> the authentication flow from viewer to the authentication realms, as well
>>>> as the security addon. This helps in determining integration or
>>>> customization points to adhere to your project's requirements.
>>>>
>>>> Best regards,
>>>> Willie
>>>>
>>>> [1] https://issues.apache.org/jira/browse/SHIRO-119
>>>>
>>>> On Tue, Jun 28, 2016 at 5:35 AM, Dan Haywood <
>>>> dan@haywood-associates.co.uk
>>>>
>>>>> wrote:
>>>>> Hi Pedro,
>>>>> Apache Isis doesn't ship with oauth out of the box, but I recall Willie
>>>>> mentioning in passing [1] that they had extended Isis in this direction.
>>>>>
>>>>> @Willie, would you be able to share any code around this?
>>>>>
>>>>> Thx
>>>>> Dan
>>>>>
>>>>> http://markmail.org/message/ia76ut3mwuppdqow
>>>>>
>>>>> On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
>>>>>
>>>>> Hello Dan.
>>>>>> Dan, I have a question, I require implement OAuth authentication
>>>>>> services to the rest exposing apache isis; how I can configure apache
>>>>>> isis
>>>>>> authentication OAUTH?
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> [image: Logo]
>>>>>>
>>>>>> *Pedro Antonio Alba *
>>>>>> *Senior Development Analyst*
>>>>>> Tel: (57) 1 703 17 77
>>>>>> Cel: (57) 301 3379810
>>>>>> E-mail: pedro.alba@ticxar.com
>>>>>> Calle 93 # 19b - 66 Ofc 202
>>>>>> Bogot� D.C., Colombia
>>>>>> www.ticxar.com
>>>>>>
>>>>>>
>>>>>>
>>>>>> [image: facebook]
>>>>>> <http://www.facebook.com/pages/Ticxar/446503822192581> [image:
>>>>>> twitter]
>>>>>> <http://twitter.com/ticxar> [image: linkedIn]
>>>>>> <http://www.linkedin.com/company/ticxar>
>>>>>>
>>>>>>
Re: Question rest services apache isis
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Many thanks for this info, Erik.
I'll also take a note to add to docs, all great stuff.
Cheers
Dan
On 19 July 2016 at 11:42, Erik de Hair <e....@pocos.nl> wrote:
>
> On 07/19/2016 12:20 PM, Dan Haywood wrote:
>
>> Willie,
>>
>> thanks very much for taking the time to document all this; great to know
>> it's doable.
>>
>> It *is* in fact possible to add additional endpoints to the RO viewer; you
>> need to subclass RestfulObjectsApplication [1] to add your additional
>> endpoints and then to register in web.xml [2]
>>
> Our application uses this approach to make it easier to configure
> firewalls to access certain paths on the web server by different parties
> and because we use xml webservices of suppliers that deliver xml-messages
> to our application (because they dictate that).
>
> We added a servlet(mapping) to web.xml
>
> <servlet>
> <servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
>
> <servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
> <init-param>
> <param-name>resteasy.servlet.mapping.prefix</param-name>
> <param-value>/ws/</param-value>
> </init-param>
> <!-- used by RestEasy to determine the JAX-RS resources and other
> related
> configuration -->
> <init-param>
> <param-name>javax.ws.rs.Application</param-name>
> <param-value>webapp.PortalRestfulObjectsApplication</param-value>
> </init-param>
> </servlet>
> ...
> <servlet-mapping>
> <servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
> <url-pattern>/ws/*</url-pattern>
> </servlet-mapping>
>
> The implementation of webapp.PortalRestfulObjectsApplication:
>
> public class PortalRestfulObjectsApplication extends
> AbstractJaxRsApplication {
>
> public PortalRestfulObjectsApplication() {
> addSingleton(new RestfulObjectsApplicationExceptionMapper());
> addSingleton(new RuntimeExceptionMapper());
> // add services
> addClass(AccessAvailabilityService.class);
> addClass(PortingXSService.class);
> }
> }
>
> But I believe we had a problem starting multiple RestEasy applications and
> I think we had to add a filter to the web application to make sure they
> both start.
>
> public class ResteasyCleanupFilter implements Filter {
> private FilterConfig config;
>
> @Override
> public void init(FilterConfig filterConfig) throws ServletException {
> this.config = filterConfig;
> }
>
> @Override
> public void doFilter(ServletRequest request, ServletResponse response,
> FilterChain chain) throws IOException, ServletException {
> config.getServletContext().setAttribute(ResteasyProviderFactory.class.getName(),
> null);
> config.getServletContext().setAttribute(Dispatcher.class.getName(), null);
> chain.doFilter(request, response);
> }
>
> @Override
> public void destroy() {
> // TODO Auto-generated method stub
> }
> }
>
> filter-config in web.xml
>
> <filter>
> <filter-name>CleanupFilter</filter-name>
> <filter-class>webapp.restful.ResteasyCleanupFilter</filter-class>
> </filter>
> <filter-mapping>
> <filter-name>CleanupFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> Part of implementation of PortingXSService.class (in this case it's a xml
> web service):
>
> @Path("portingxs")
> public class PortingXSService extends AbstractIsisSessionTemplate {
> @Context
> HttpHeaders httpHeaders;
> @Context
> UriInfo uriInfo;
> @Context
> Request request;
> @Context
> HttpServletRequest httpServletRequest;
> @Context
> HttpServletResponse httpServletResponse;
> @Context
> SecurityContext securityContext;
>
> @POST
> @Path("/")
> @Consumes(MediaType.TEXT_XML)
> @Produces({ MediaType.TEXT_XML })
> public Response receive(final String input) {
> final ObjectAdapter serviceAdapter =
> getServiceAdapter("nl.pocos.portingxs.PortingXSService");
> nl.pocos.portingxs.PortingXSService service =
> (nl.pocos.portingxs.PortingXSService) serviceAdapter.getObject();
> Object response = ...;
> ResponseBuilder rb = Response.status(200).entity(response);
> return rb.build();
> }
>
> protected ObjectAdapter getServiceAdapter(final String serviceId) {
> final List<ObjectAdapter> serviceAdapters =
> getPersistenceSession().getServices();
> for (final ObjectAdapter serviceAdapter : serviceAdapters) {
> final Object servicePojo = serviceAdapter.getObject();
> final String id = ServiceUtil.id(servicePojo);
> if (serviceId.equals(id)) {
> return serviceAdapter;
> }
> }
> throw
> RestfulObjectsApplicationException.createWithMessage(HttpStatusCode.NOT_FOUND,
> "Could not locate service '%s'", serviceId);
> }
> }
>
>>
>> I'll take a note to add this detail into the "ro viewer" guide [3], and
>> also to add your longer recipe as to how oauth can be added into the
>> "beyond the basics" guide [4]
>>
>> Or, if you/anyone else has the time, PRs on docs gratefully received!
>>
>> Thx again
>> Dan
>>
>>
>> [1]
>>
>> https://github.com/apache/isis/blob/master/core/viewer-restfulobjects-server/src/main/java/org/apache/isis/viewer/restfulobjects/server/RestfulObjectsApplication.java#L36
>> [2]
>>
>> https://github.com/apache/isis/blob/master/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L272
>> [3]
>>
>> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugvro.adoc
>> [4]
>>
>> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugbtb.adoc
>>
>> On 28 June 2016 at 08:44, Willie Loyd Tandingan <ta...@gmail.com>
>> wrote:
>>
>> Hi Pedro and Dan,
>>>
>>> I've already opened the topic on open-sourcing the OAuth2 module we've
>>> implemented but I don't think it can be done sooner.
>>>
>>> What we did was basically find an implementation of OAuth2 and integrate
>>> it with Apache Isis. There are some suggested in [1] but are not well
>>> maintained. I have considered replacing Shiro with Spring Security but
>>> thought that it would take too much effort and time.
>>>
>>> In the end, we also had a hard time creating another JAX-RS application
>>> since resteasy used by RO viewer unfortunately doesn't support multiple
>>> applications. We wanted the OAuth2 module to be a detachable module on
>>> top
>>> of RO while maintaining no modifications to RO code, and with no changes
>>> to
>>> the existing wicket viewer. Due to these requirements, we had decided to
>>> use Restlet with its oauth extension, and integrated it with Shiro, RO,
>>> and
>>> Apache Isis. This also allowed us to create endpoints outside of RO. At
>>> the
>>> moment, we are needing only the password grant flow so the tokens are
>>> actually persisted but the client manager is in-memory.
>>>
>>> Basically we did the following to integrate Restlet with RO and Apache
>>> Isis:
>>>
>>> 1. Implement org.restlet.ext.oauth.internal.Token as domain object.
>>> 2. Implement org.restlet.ext.oauth.internal.TokenManager as domain
>>> service.
>>> 3. Implement org.restlet.ext.oauth.internal.Client. We implemented this
>>> in-memory.
>>> 4. Setup the Restlet OAuth2 token endpoint using the implementations
>>> above. Note they must be running under Isis context. We referred to the
>>> the
>>> security addon for integration patterns, and used similar techniques e.g.
>>> IsisContext to open session, execute closures using transaction manager,
>>> and close session.
>>> 5. Create transaction filter for this endpoint.
>>>
>>> Above will implement token generation, verification, and revocation. For
>>> integration with Shiro:
>>>
>>> 6. Implement org.restlet.ext.oauth.internal.ResourceOwnerManager. This
>>> creates wraps the username and password given for password grant flow in
>>> a
>>> AuthenticationRequestPassword, and passes it to Apache Isis
>>> AuthenticationManager.
>>> 7. Create implementations of AuthenticationRequestToken (we extended
>>> AuthenticationRequestPassword) and AuthenticationToken. This shall
>>> support
>>> token authentications while still maintaining username/password
>>> authentications (used in wicket and RO basic auth; since we still need to
>>> support both for prototyping and development).
>>> 8. Implement
>>> org.apache.isis.core.runtime.authentication.standard.Authenticator, and
>>> org.apache.isis.core.runtime.authorization.standard.Authorizer. We
>>> extended
>>> ShiroAuthenticatorOrAuthorizor to support token authentications.
>>> 9. Extend IsisModuleSecurityRealm to support getting authentication info
>>> for OAuth2 tokens. We had our own additions here since we need to support
>>> some forms of decoupled authentication vetos from other modules e.g. if
>>> tenant of the ApplicationUser is disabled then disallow login, password
>>> lockout policies, etc.
>>> 10. Extend AuthorizationManagerStandardInstallerAbstract and create the
>>> new authorizer.
>>> 11. Create an AuthenticationSessionStrategy supported token
>>> authentication
>>> to be used in RO. Here, we parse the token from the HTTP header, create
>>> AuthenticationRequestToken, and pass to the Apache Isis
>>> AuthenticationManager.
>>>
>>> To use in your app:
>>>
>>> 12. In your AppManifest, return the installer class name created in #10
>>> for getAuthenticationMechanism and getAuthorizationMechanism.
>>> 13. In shiro.ini, set securityManager.realms to the security realm in #9
>>> 14. In web.xml, for the IsisSessionFilterForRestfulObjects, use the
>>> authentication session strategy created in 11 for the
>>> authenticationSessionStrategy init param. We also set whenNoSession to
>>> continue since we needed to provide different error messages on
>>> authentication failures by letting AuthenticationException propagate up
>>> to
>>> the authentication session strategy, and prettify the messages through
>>> another filter.
>>> 15. In web.xml, setup the Restlet servlet and the transaction filter in
>>> #5.
>>>
>>>
>>> I hope above makes sense. This was implemented a year ago and it's
>>> already
>>> a bit blurry to remember everything. I would advise to observe and study
>>> the authentication flow from viewer to the authentication realms, as well
>>> as the security addon. This helps in determining integration or
>>> customization points to adhere to your project's requirements.
>>>
>>> Best regards,
>>> Willie
>>>
>>> [1] https://issues.apache.org/jira/browse/SHIRO-119
>>>
>>> On Tue, Jun 28, 2016 at 5:35 AM, Dan Haywood <
>>> dan@haywood-associates.co.uk
>>>
>>>> wrote:
>>>> Hi Pedro,
>>>> Apache Isis doesn't ship with oauth out of the box, but I recall Willie
>>>> mentioning in passing [1] that they had extended Isis in this direction.
>>>>
>>>> @Willie, would you be able to share any code around this?
>>>>
>>>> Thx
>>>> Dan
>>>>
>>>> http://markmail.org/message/ia76ut3mwuppdqow
>>>>
>>>> On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
>>>>
>>>> Hello Dan.
>>>>>
>>>>> Dan, I have a question, I require implement OAuth authentication
>>>>> services to the rest exposing apache isis; how I can configure apache
>>>>> isis
>>>>> authentication OAUTH?
>>>>>
>>>>> Thanks.
>>>>>
>>>>> [image: Logo]
>>>>>
>>>>> *Pedro Antonio Alba *
>>>>> *Senior Development Analyst*
>>>>> Tel: (57) 1 703 17 77
>>>>> Cel: (57) 301 3379810
>>>>> E-mail: pedro.alba@ticxar.com
>>>>> Calle 93 # 19b - 66 Ofc 202
>>>>> Bogotá D.C., Colombia
>>>>> www.ticxar.com
>>>>>
>>>>>
>>>>>
>>>>> [image: facebook]
>>>>> <http://www.facebook.com/pages/Ticxar/446503822192581> [image:
>>>>> twitter]
>>>>> <http://twitter.com/ticxar> [image: linkedIn]
>>>>> <http://www.linkedin.com/company/ticxar>
>>>>>
>>>>>
>>>>
>
Re: Question rest services apache isis
Posted by Erik de Hair <e....@pocos.nl>.
On 07/19/2016 12:20 PM, Dan Haywood wrote:
> Willie,
>
> thanks very much for taking the time to document all this; great to know
> it's doable.
>
> It *is* in fact possible to add additional endpoints to the RO viewer; you
> need to subclass RestfulObjectsApplication [1] to add your additional
> endpoints and then to register in web.xml [2]
Our application uses this approach to make it easier to configure
firewalls to access certain paths on the web server by different parties
and because we use xml webservices of suppliers that deliver
xml-messages to our application (because they dictate that).
We added a servlet(mapping) to web.xml
<servlet>
<servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
<init-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
<param-value>/ws/</param-value>
</init-param>
<!-- used by RestEasy to determine the JAX-RS resources and
other related
configuration -->
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>webapp.PortalRestfulObjectsApplication</param-value>
</init-param>
</servlet>
...
<servlet-mapping>
<servlet-name>RestfulObjectsWebServiceDispatcher</servlet-name>
<url-pattern>/ws/*</url-pattern>
</servlet-mapping>
The implementation of webapp.PortalRestfulObjectsApplication:
public class PortalRestfulObjectsApplication extends
AbstractJaxRsApplication {
public PortalRestfulObjectsApplication() {
addSingleton(new RestfulObjectsApplicationExceptionMapper());
addSingleton(new RuntimeExceptionMapper());
// add services
addClass(AccessAvailabilityService.class);
addClass(PortingXSService.class);
}
}
But I believe we had a problem starting multiple RestEasy applications
and I think we had to add a filter to the web application to make sure
they both start.
public class ResteasyCleanupFilter implements Filter {
private FilterConfig config;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
@Override
public void doFilter(ServletRequest request, ServletResponse
response, FilterChain chain) throws IOException, ServletException {
config.getServletContext().setAttribute(ResteasyProviderFactory.class.getName(),
null);
config.getServletContext().setAttribute(Dispatcher.class.getName(), null);
chain.doFilter(request, response);
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
}
filter-config in web.xml
<filter>
<filter-name>CleanupFilter</filter-name>
<filter-class>webapp.restful.ResteasyCleanupFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CleanupFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Part of implementation of PortingXSService.class (in this case it's a
xml web service):
@Path("portingxs")
public class PortingXSService extends AbstractIsisSessionTemplate {
@Context
HttpHeaders httpHeaders;
@Context
UriInfo uriInfo;
@Context
Request request;
@Context
HttpServletRequest httpServletRequest;
@Context
HttpServletResponse httpServletResponse;
@Context
SecurityContext securityContext;
@POST
@Path("/")
@Consumes(MediaType.TEXT_XML)
@Produces({ MediaType.TEXT_XML })
public Response receive(final String input) {
final ObjectAdapter serviceAdapter =
getServiceAdapter("nl.pocos.portingxs.PortingXSService");
nl.pocos.portingxs.PortingXSService service =
(nl.pocos.portingxs.PortingXSService) serviceAdapter.getObject();
Object response = ...;
ResponseBuilder rb = Response.status(200).entity(response);
return rb.build();
}
protected ObjectAdapter getServiceAdapter(final String serviceId) {
final List<ObjectAdapter> serviceAdapters =
getPersistenceSession().getServices();
for (final ObjectAdapter serviceAdapter : serviceAdapters) {
final Object servicePojo = serviceAdapter.getObject();
final String id = ServiceUtil.id(servicePojo);
if (serviceId.equals(id)) {
return serviceAdapter;
}
}
throw
RestfulObjectsApplicationException.createWithMessage(HttpStatusCode.NOT_FOUND,
"Could not locate service '%s'", serviceId);
}
}
>
> I'll take a note to add this detail into the "ro viewer" guide [3], and
> also to add your longer recipe as to how oauth can be added into the
> "beyond the basics" guide [4]
>
> Or, if you/anyone else has the time, PRs on docs gratefully received!
>
> Thx again
> Dan
>
>
> [1]
> https://github.com/apache/isis/blob/master/core/viewer-restfulobjects-server/src/main/java/org/apache/isis/viewer/restfulobjects/server/RestfulObjectsApplication.java#L36
> [2]
> https://github.com/apache/isis/blob/master/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L272
> [3]
> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugvro.adoc
> [4]
> https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugbtb.adoc
>
> On 28 June 2016 at 08:44, Willie Loyd Tandingan <ta...@gmail.com>
> wrote:
>
>> Hi Pedro and Dan,
>>
>> I've already opened the topic on open-sourcing the OAuth2 module we've
>> implemented but I don't think it can be done sooner.
>>
>> What we did was basically find an implementation of OAuth2 and integrate
>> it with Apache Isis. There are some suggested in [1] but are not well
>> maintained. I have considered replacing Shiro with Spring Security but
>> thought that it would take too much effort and time.
>>
>> In the end, we also had a hard time creating another JAX-RS application
>> since resteasy used by RO viewer unfortunately doesn't support multiple
>> applications. We wanted the OAuth2 module to be a detachable module on top
>> of RO while maintaining no modifications to RO code, and with no changes to
>> the existing wicket viewer. Due to these requirements, we had decided to
>> use Restlet with its oauth extension, and integrated it with Shiro, RO, and
>> Apache Isis. This also allowed us to create endpoints outside of RO. At the
>> moment, we are needing only the password grant flow so the tokens are
>> actually persisted but the client manager is in-memory.
>>
>> Basically we did the following to integrate Restlet with RO and Apache
>> Isis:
>>
>> 1. Implement org.restlet.ext.oauth.internal.Token as domain object.
>> 2. Implement org.restlet.ext.oauth.internal.TokenManager as domain service.
>> 3. Implement org.restlet.ext.oauth.internal.Client. We implemented this
>> in-memory.
>> 4. Setup the Restlet OAuth2 token endpoint using the implementations
>> above. Note they must be running under Isis context. We referred to the the
>> security addon for integration patterns, and used similar techniques e.g.
>> IsisContext to open session, execute closures using transaction manager,
>> and close session.
>> 5. Create transaction filter for this endpoint.
>>
>> Above will implement token generation, verification, and revocation. For
>> integration with Shiro:
>>
>> 6. Implement org.restlet.ext.oauth.internal.ResourceOwnerManager. This
>> creates wraps the username and password given for password grant flow in a
>> AuthenticationRequestPassword, and passes it to Apache Isis
>> AuthenticationManager.
>> 7. Create implementations of AuthenticationRequestToken (we extended
>> AuthenticationRequestPassword) and AuthenticationToken. This shall support
>> token authentications while still maintaining username/password
>> authentications (used in wicket and RO basic auth; since we still need to
>> support both for prototyping and development).
>> 8. Implement
>> org.apache.isis.core.runtime.authentication.standard.Authenticator, and
>> org.apache.isis.core.runtime.authorization.standard.Authorizer. We extended
>> ShiroAuthenticatorOrAuthorizor to support token authentications.
>> 9. Extend IsisModuleSecurityRealm to support getting authentication info
>> for OAuth2 tokens. We had our own additions here since we need to support
>> some forms of decoupled authentication vetos from other modules e.g. if
>> tenant of the ApplicationUser is disabled then disallow login, password
>> lockout policies, etc.
>> 10. Extend AuthorizationManagerStandardInstallerAbstract and create the
>> new authorizer.
>> 11. Create an AuthenticationSessionStrategy supported token authentication
>> to be used in RO. Here, we parse the token from the HTTP header, create
>> AuthenticationRequestToken, and pass to the Apache Isis
>> AuthenticationManager.
>>
>> To use in your app:
>>
>> 12. In your AppManifest, return the installer class name created in #10
>> for getAuthenticationMechanism and getAuthorizationMechanism.
>> 13. In shiro.ini, set securityManager.realms to the security realm in #9
>> 14. In web.xml, for the IsisSessionFilterForRestfulObjects, use the
>> authentication session strategy created in 11 for the
>> authenticationSessionStrategy init param. We also set whenNoSession to
>> continue since we needed to provide different error messages on
>> authentication failures by letting AuthenticationException propagate up to
>> the authentication session strategy, and prettify the messages through
>> another filter.
>> 15. In web.xml, setup the Restlet servlet and the transaction filter in #5.
>>
>>
>> I hope above makes sense. This was implemented a year ago and it's already
>> a bit blurry to remember everything. I would advise to observe and study
>> the authentication flow from viewer to the authentication realms, as well
>> as the security addon. This helps in determining integration or
>> customization points to adhere to your project's requirements.
>>
>> Best regards,
>> Willie
>>
>> [1] https://issues.apache.org/jira/browse/SHIRO-119
>>
>> On Tue, Jun 28, 2016 at 5:35 AM, Dan Haywood <dan@haywood-associates.co.uk
>>> wrote:
>>> Hi Pedro,
>>> Apache Isis doesn't ship with oauth out of the box, but I recall Willie
>>> mentioning in passing [1] that they had extended Isis in this direction.
>>>
>>> @Willie, would you be able to share any code around this?
>>>
>>> Thx
>>> Dan
>>>
>>> http://markmail.org/message/ia76ut3mwuppdqow
>>>
>>> On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
>>>
>>>> Hello Dan.
>>>>
>>>> Dan, I have a question, I require implement OAuth authentication
>>>> services to the rest exposing apache isis; how I can configure apache isis
>>>> authentication OAUTH?
>>>>
>>>> Thanks.
>>>>
>>>> [image: Logo]
>>>>
>>>> *Pedro Antonio Alba *
>>>> *Senior Development Analyst*
>>>> Tel: (57) 1 703 17 77
>>>> Cel: (57) 301 3379810
>>>> E-mail: pedro.alba@ticxar.com
>>>> Calle 93 # 19b - 66 Ofc 202
>>>> Bogot� D.C., Colombia
>>>> www.ticxar.com
>>>>
>>>>
>>>>
>>>> [image: facebook]
>>>> <http://www.facebook.com/pages/Ticxar/446503822192581> [image: twitter]
>>>> <http://twitter.com/ticxar> [image: linkedIn]
>>>> <http://www.linkedin.com/company/ticxar>
>>>>
>>>
Re: Question rest services apache isis
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Willie,
thanks very much for taking the time to document all this; great to know
it's doable.
It *is* in fact possible to add additional endpoints to the RO viewer; you
need to subclass RestfulObjectsApplication [1] to add your additional
endpoints and then to register in web.xml [2]
I'll take a note to add this detail into the "ro viewer" guide [3], and
also to add your longer recipe as to how oauth can be added into the
"beyond the basics" guide [4]
Or, if you/anyone else has the time, PRs on docs gratefully received!
Thx again
Dan
[1]
https://github.com/apache/isis/blob/master/core/viewer-restfulobjects-server/src/main/java/org/apache/isis/viewer/restfulobjects/server/RestfulObjectsApplication.java#L36
[2]
https://github.com/apache/isis/blob/master/example/application/simpleapp/webapp/src/main/webapp/WEB-INF/web.xml#L272
[3]
https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugvro.adoc
[4]
https://github.com/apache/isis/blob/master/adocs/documentation/src/main/asciidoc/guides/ugbtb.adoc
On 28 June 2016 at 08:44, Willie Loyd Tandingan <ta...@gmail.com>
wrote:
> Hi Pedro and Dan,
>
> I've already opened the topic on open-sourcing the OAuth2 module we've
> implemented but I don't think it can be done sooner.
>
> What we did was basically find an implementation of OAuth2 and integrate
> it with Apache Isis. There are some suggested in [1] but are not well
> maintained. I have considered replacing Shiro with Spring Security but
> thought that it would take too much effort and time.
>
> In the end, we also had a hard time creating another JAX-RS application
> since resteasy used by RO viewer unfortunately doesn't support multiple
> applications. We wanted the OAuth2 module to be a detachable module on top
> of RO while maintaining no modifications to RO code, and with no changes to
> the existing wicket viewer. Due to these requirements, we had decided to
> use Restlet with its oauth extension, and integrated it with Shiro, RO, and
> Apache Isis. This also allowed us to create endpoints outside of RO. At the
> moment, we are needing only the password grant flow so the tokens are
> actually persisted but the client manager is in-memory.
>
> Basically we did the following to integrate Restlet with RO and Apache
> Isis:
>
> 1. Implement org.restlet.ext.oauth.internal.Token as domain object.
> 2. Implement org.restlet.ext.oauth.internal.TokenManager as domain service.
> 3. Implement org.restlet.ext.oauth.internal.Client. We implemented this
> in-memory.
> 4. Setup the Restlet OAuth2 token endpoint using the implementations
> above. Note they must be running under Isis context. We referred to the the
> security addon for integration patterns, and used similar techniques e.g.
> IsisContext to open session, execute closures using transaction manager,
> and close session.
> 5. Create transaction filter for this endpoint.
>
> Above will implement token generation, verification, and revocation. For
> integration with Shiro:
>
> 6. Implement org.restlet.ext.oauth.internal.ResourceOwnerManager. This
> creates wraps the username and password given for password grant flow in a
> AuthenticationRequestPassword, and passes it to Apache Isis
> AuthenticationManager.
> 7. Create implementations of AuthenticationRequestToken (we extended
> AuthenticationRequestPassword) and AuthenticationToken. This shall support
> token authentications while still maintaining username/password
> authentications (used in wicket and RO basic auth; since we still need to
> support both for prototyping and development).
> 8. Implement
> org.apache.isis.core.runtime.authentication.standard.Authenticator, and
> org.apache.isis.core.runtime.authorization.standard.Authorizer. We extended
> ShiroAuthenticatorOrAuthorizor to support token authentications.
> 9. Extend IsisModuleSecurityRealm to support getting authentication info
> for OAuth2 tokens. We had our own additions here since we need to support
> some forms of decoupled authentication vetos from other modules e.g. if
> tenant of the ApplicationUser is disabled then disallow login, password
> lockout policies, etc.
> 10. Extend AuthorizationManagerStandardInstallerAbstract and create the
> new authorizer.
> 11. Create an AuthenticationSessionStrategy supported token authentication
> to be used in RO. Here, we parse the token from the HTTP header, create
> AuthenticationRequestToken, and pass to the Apache Isis
> AuthenticationManager.
>
> To use in your app:
>
> 12. In your AppManifest, return the installer class name created in #10
> for getAuthenticationMechanism and getAuthorizationMechanism.
> 13. In shiro.ini, set securityManager.realms to the security realm in #9
> 14. In web.xml, for the IsisSessionFilterForRestfulObjects, use the
> authentication session strategy created in 11 for the
> authenticationSessionStrategy init param. We also set whenNoSession to
> continue since we needed to provide different error messages on
> authentication failures by letting AuthenticationException propagate up to
> the authentication session strategy, and prettify the messages through
> another filter.
> 15. In web.xml, setup the Restlet servlet and the transaction filter in #5.
>
>
> I hope above makes sense. This was implemented a year ago and it's already
> a bit blurry to remember everything. I would advise to observe and study
> the authentication flow from viewer to the authentication realms, as well
> as the security addon. This helps in determining integration or
> customization points to adhere to your project's requirements.
>
> Best regards,
> Willie
>
> [1] https://issues.apache.org/jira/browse/SHIRO-119
>
> On Tue, Jun 28, 2016 at 5:35 AM, Dan Haywood <dan@haywood-associates.co.uk
> > wrote:
>
>> Hi Pedro,
>> Apache Isis doesn't ship with oauth out of the box, but I recall Willie
>> mentioning in passing [1] that they had extended Isis in this direction.
>>
>> @Willie, would you be able to share any code around this?
>>
>> Thx
>> Dan
>>
>> http://markmail.org/message/ia76ut3mwuppdqow
>>
>> On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
>>
>>> Hello Dan.
>>>
>>> Dan, I have a question, I require implement OAuth authentication
>>> services to the rest exposing apache isis; how I can configure apache isis
>>> authentication OAUTH?
>>>
>>> Thanks.
>>>
>>> [image: Logo]
>>>
>>> *Pedro Antonio Alba *
>>> *Senior Development Analyst*
>>> Tel: (57) 1 703 17 77
>>> Cel: (57) 301 3379810
>>> E-mail: pedro.alba@ticxar.com
>>> Calle 93 # 19b - 66 Ofc 202
>>> Bogotá D.C., Colombia
>>> www.ticxar.com
>>>
>>>
>>>
>>> [image: facebook]
>>> <http://www.facebook.com/pages/Ticxar/446503822192581> [image: twitter]
>>> <http://twitter.com/ticxar> [image: linkedIn]
>>> <http://www.linkedin.com/company/ticxar>
>>>
>>
>>
>
Re: Question rest services apache isis
Posted by Willie Loyd Tandingan <ta...@gmail.com>.
Hi Pedro and Dan,
I've already opened the topic on open-sourcing the OAuth2 module we've
implemented but I don't think it can be done sooner.
What we did was basically find an implementation of OAuth2 and integrate it
with Apache Isis. There are some suggested in [1] but are not well
maintained. I have considered replacing Shiro with Spring Security but
thought that it would take too much effort and time.
In the end, we also had a hard time creating another JAX-RS application
since resteasy used by RO viewer unfortunately doesn't support multiple
applications. We wanted the OAuth2 module to be a detachable module on top
of RO while maintaining no modifications to RO code, and with no changes to
the existing wicket viewer. Due to these requirements, we had decided to
use Restlet with its oauth extension, and integrated it with Shiro, RO, and
Apache Isis. This also allowed us to create endpoints outside of RO. At the
moment, we are needing only the password grant flow so the tokens are
actually persisted but the client manager is in-memory.
Basically we did the following to integrate Restlet with RO and Apache Isis:
1. Implement org.restlet.ext.oauth.internal.Token as domain object.
2. Implement org.restlet.ext.oauth.internal.TokenManager as domain service.
3. Implement org.restlet.ext.oauth.internal.Client. We implemented this
in-memory.
4. Setup the Restlet OAuth2 token endpoint using the implementations above.
Note they must be running under Isis context. We referred to the the
security addon for integration patterns, and used similar techniques e.g.
IsisContext to open session, execute closures using transaction manager,
and close session.
5. Create transaction filter for this endpoint.
Above will implement token generation, verification, and revocation. For
integration with Shiro:
6. Implement org.restlet.ext.oauth.internal.ResourceOwnerManager. This
creates wraps the username and password given for password grant flow in a
AuthenticationRequestPassword, and passes it to Apache Isis
AuthenticationManager.
7. Create implementations of AuthenticationRequestToken (we extended
AuthenticationRequestPassword) and AuthenticationToken. This shall support
token authentications while still maintaining username/password
authentications (used in wicket and RO basic auth; since we still need to
support both for prototyping and development).
8. Implement
org.apache.isis.core.runtime.authentication.standard.Authenticator, and
org.apache.isis.core.runtime.authorization.standard.Authorizer. We extended
ShiroAuthenticatorOrAuthorizor to support token authentications.
9. Extend IsisModuleSecurityRealm to support getting authentication info
for OAuth2 tokens. We had our own additions here since we need to support
some forms of decoupled authentication vetos from other modules e.g. if
tenant of the ApplicationUser is disabled then disallow login, password
lockout policies, etc.
10. Extend AuthorizationManagerStandardInstallerAbstract and create the
new authorizer.
11. Create an AuthenticationSessionStrategy supported token authentication
to be used in RO. Here, we parse the token from the HTTP header, create
AuthenticationRequestToken, and pass to the Apache Isis
AuthenticationManager.
To use in your app:
12. In your AppManifest, return the installer class name created in #10 for
getAuthenticationMechanism and getAuthorizationMechanism.
13. In shiro.ini, set securityManager.realms to the security realm in #9
14. In web.xml, for the IsisSessionFilterForRestfulObjects, use the
authentication session strategy created in 11 for the
authenticationSessionStrategy init param. We also set whenNoSession to
continue since we needed to provide different error messages on
authentication failures by letting AuthenticationException propagate up to
the authentication session strategy, and prettify the messages through
another filter.
15. In web.xml, setup the Restlet servlet and the transaction filter in #5.
I hope above makes sense. This was implemented a year ago and it's already
a bit blurry to remember everything. I would advise to observe and study
the authentication flow from viewer to the authentication realms, as well
as the security addon. This helps in determining integration or
customization points to adhere to your project's requirements.
Best regards,
Willie
[1] https://issues.apache.org/jira/browse/SHIRO-119
On Tue, Jun 28, 2016 at 5:35 AM, Dan Haywood <da...@haywood-associates.co.uk>
wrote:
> Hi Pedro,
> Apache Isis doesn't ship with oauth out of the box, but I recall Willie
> mentioning in passing [1] that they had extended Isis in this direction.
>
> @Willie, would you be able to share any code around this?
>
> Thx
> Dan
>
> http://markmail.org/message/ia76ut3mwuppdqow
>
> On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
>
>> Hello Dan.
>>
>> Dan, I have a question, I require implement OAuth authentication services
>> to the rest exposing apache isis; how I can configure apache isis
>> authentication OAUTH?
>>
>> Thanks.
>>
>> [image: Logo]
>>
>> *Pedro Antonio Alba *
>> *Senior Development Analyst*
>> Tel: (57) 1 703 17 77
>> Cel: (57) 301 3379810
>> E-mail: pedro.alba@ticxar.com
>> Calle 93 # 19b - 66 Ofc 202
>> Bogotá D.C., Colombia
>> www.ticxar.com
>>
>>
>>
>> [image: facebook]
>> <http://www.facebook.com/pages/Ticxar/446503822192581> [image: twitter]
>> <http://twitter.com/ticxar> [image: linkedIn]
>> <http://www.linkedin.com/company/ticxar>
>>
>
>
Re: Question rest services apache isis
Posted by Dan Haywood <da...@haywood-associates.co.uk>.
Hi Pedro,
Apache Isis doesn't ship with oauth out of the box, but I recall Willie
mentioning in passing [1] that they had extended Isis in this direction.
@Willie, would you be able to share any code around this?
Thx
Dan
http://markmail.org/message/ia76ut3mwuppdqow
On 27 June 2016 at 15:18, Pedro Alba <pe...@ticxar.com> wrote:
> Hello Dan.
>
> Dan, I have a question, I require implement OAuth authentication services
> to the rest exposing apache isis; how I can configure apache isis
> authentication OAUTH?
>
> Thanks.
>
> [image: Logo]
>
> *Pedro Antonio Alba *
> *Senior Development Analyst*
> Tel: (57) 1 703 17 77
> Cel: (57) 301 3379810
> E-mail: pedro.alba@ticxar.com
> Calle 93 # 19b - 66 Ofc 202
> Bogotá D.C., Colombia
> www.ticxar.com
>
>
>
> [image: facebook] <http://www.facebook.com/pages/Ticxar/446503822192581>
> [image: twitter] <http://twitter.com/ticxar> [image: linkedIn]
> <http://www.linkedin.com/company/ticxar>
>