I am creating endpoint that is dependent on another endpoint,i have created interface and did all of that stuff but when i requested https://example.com to give me info it did not responded and request timeout exception came up.the quarkus is not supporting https request i also have added certificates kindly let me know what i am doing wrong or what i need to do.
quarkus.http.ssl.certificate.file=META-INF/dev.crt
quarkus.http.ssl.certificate.key-file=META-INF/dev.com.key
com.package.xyz/mp-rest/url=https://example.com
You need to specify some properties in your application.properties file:
quarkus.http.ssl-port=8443
quarkus.http.insecure-requests=enabled
quarkus.http.ssl.certificate.key-store-file=keystore.jks
quarkus.http.ssl.certificate.key-store-password=password
Documentation source I used for this was the Quarkus cookbook available from RedHat: https://developers.redhat.com/books/quarkus-cookbook see section 3.8
Related
I have the following code.If my url[0] is down/had any issue i.e !200 then i need to call another url
url[1].how can i code it effeciently.I am using spring boot and java 8.
url[0] = server1.8080/get/data
url[1] = server2.8080/get/data
ResponseEntity<MyPojo> response =restTemplate().exchange(url[0],HttpMethod.GET, request, MyPojo.class)
You could use Ribbon for client side load balancing with ribbon.
https://cloud.spring.io/spring-cloud-netflix/multi/multi_spring-cloud-ribbon.html
There are a few steps to make it work:
add the ribbon dependency to your pom.xml
configure the servers in the application.properties or
application.yaml.
Configure the Ribbon Client
Please find a complete tutorial here:
https://www.baeldung.com/spring-cloud-rest-client-with-netflix-ribbon
The Kafka guide from Quarkus works nicely when running Kafka locally in Docker. I'm trying to change this sample by replacing the local Kafka service with a hosted Kafka service in the cloud which requires TLS.
Does anyone know how I can configure this? In the Quarkus documentation and the Smallrye documentation I don't see any properties for this.
I'd like to use the Kafka service in the IBM Cloud. Based on the documentation I've tried the following configuration in application.properties:
kafka.bootstrap.servers=broker-0-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-4-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-3-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-5-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-2-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-1-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093
kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="...";
kafka.sasl.mechanism=PLAIN
kafka.security.protocol=SASL_SSL
kafka.ssl.protocol=TLSv1.2
Update:
I've also tried Gunnar's suggestion below, but it doesn't work. When I use the following application.properties ...
mp.messaging.outgoing.generated-price.connector=smallrye-kafka
mp.messaging.outgoing.generated-price.topic=prices
mp.messaging.outgoing.generated-price.value.serializer=org.apache.kafka.common.serialization.IntegerSerializer
mp.messaging.outgoing.generated-price.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="...";
mp.messaging.outgoing.generated-price.sasl.mechanism=PLAIN
mp.messaging.outgoing.generated-price.security.protocol=SASL_SSL
mp.messaging.outgoing.generated-price.ssl.protocol=TLSv1.2
mp.messaging.incoming.prices.connector=smallrye-kafka
mp.messaging.incoming.prices.topic=prices
mp.messaging.incoming.prices.value.deserializer=org.apache.kafka.common.serialization.IntegerDeserializer
mp.messaging.outgoing.prices.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="token" password="...";
mp.messaging.outgoing.prices.sasl.mechanism=PLAIN
mp.messaging.outgoing.prices.security.protocol=SASL_SSL
mp.messaging.outgoing.prices.ssl.protocol=TLSv1.2
kafka.bootstrap.servers=broker-0-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-4-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-3-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-5-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-2-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093,broker-1-8c8cph49mx2p2wqy.kafka.svc01.us-south.eventstreams.cloud.ibm.com:9093
... I get an error:
javax.enterprise.inject.spi.DeploymentException: java.lang.IllegalArgumentException: Invalid channel configuration - the connector attribute must be set for channel prices
at io.quarkus.smallrye.reactivemessaging.runtime.SmallRyeReactiveMessagingLifecycle.onApplicationStart(SmallRyeReactiveMessagingLifecycle.java:22)
Is TLS currently possible for Kafka in Quarkus?
Thanks
Have you tried specifying the relevant properties at the channel level? E.g.
mp.messaging.outgoing.generated-price.connector=smallrye-kafka
mp.messaging.outgoing.generated-price.topic=mytopic
mp.messaging.outgoing.generated-price.ssl.protocol=...
mp.messaging.outgoing.generated-price.ssl.keystore.location=...
mp.messaging.outgoing.generated-price.ssl.keystore.password=...
You also could refer to variables when requiring the same values for multiple topics.
One property is incorrect in the accepted answer by #Gunnar. It should be "security" instead of "ssl" in the property name.
mp.messaging.outgoing.generated-price.security.protocol=SSL
I am trying to add an exception for security rules in Spring but getting 401 meaning my mapping is not recognized. The uri is /test/acc#v1=1&v2=2...
I have security configured:
http.authorizeExchange().pathMatchers("/test/acc*{v:.+}")
and
http.authorizeExchange().pathMatchers("/test/acc*")
And my controller annotation is:
#GetMapping("/test/acc{suffix:.+}")
None of it works, I keep on getting 401. Can someone help me out here?
It is a general consensus that Server does not receive the URL fragmentation details and it is applicable for all major servers java based servers like tomcat, jetty..etc please refer for more details
I am trying to connect to kafka server via spring integration module with SASL config and get error
java.lang.IllegalArgumentException: Could not find a 'KafkaClient' entry in the JAAS configuration. System property 'java.security.auth.login.config' is not set
but when I construct simple consumer and poll messages everything works fine. Can someone tell me how to turn off JAAS authorization or connect via it properly.
Here is my KafkaConfig.java
and SaslConfiguration.java. Thanks for answer!
There is a KafkaConsumerFactory which simply can accept the same set of properties you are mentioning in you gist: https://docs.spring.io/spring-kafka/docs/2.1.10.RELEASE/reference/html/_reference.html#_receiving_messages
Summary: I have an SAAJ Client that calls a remote Web Service over HTTPS. Both Client and Server authentication via certificates is required. I can successfully invoke the service when running a JUnit test in my IDE, but fail to connect when running in JBoss.
Keystore/Truststore Configuration Details: In both the IDE and JBoss, I'm setting the keystore and truststore via system properties: javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword, javax.net.ssl.trustStore, javax.net.ssl.trustStorePassword
Logging Configuration: In JBoss, I've enabled SSL Debug logging via the system property: javax.net.debug=SSL. I've also enabled CXF logging via a logging.properties file.
JBoss SSL Logging Output Summary:
SSL logging shows no WARN or ERROR logs
SSL logging shows a session is established at the time of the call to the remote service
JBoss CXF Logging Output Summary:
CXF logging shows that the POST is sent to the service via Conduit null.http-conduit
CXF logging shows this conduit is "configured for plain http", has "No Trust Decider", and has "No Auth Supplier" (I'm not entirely sure what all of this means, but it sounds relevant)
Stack Trace: Here's the actual stack trace I'm getting
Caused by: javax.xml.soap.SOAPException: JBWS024004: SOAP message could not be sent
at org.jboss.wsf.stack.cxf.saaj.SOAPConnectionImpl.call(SOAPConnectionImpl.java:124)
at my.client.soap.MySAAJClient.invoke(MySAAJClient.java:37) [my-client-0.0.1-SNAPSHOT.jar:]
... 17 more
Caused by: org.apache.cxf.transport.http.HTTPException: HTTP response '403: Forbidden' when communicating with https://remote.service.url.here/
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1542)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1502)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1309)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:627)
at org.jboss.wsf.stack.cxf.saaj.SOAPConnectionImpl.call(SOAPConnectionImpl.java:120)
... 19 more
Other Information
I don't have direct access to the logs of the remote web service, but I'm told that they "don't show anything"
CXF comes into play because it is used by JBoss. I don't have any CXF dependencies included in my project and it's not in play when I run the code in my IDE.
What I've Tried: I've been focused on CXF because again, this all runs fine when executed in my IDE where CXF is not in play and the CXF log that says the conduit has been "configured for plain http" scares me. I've tried including a jboss-cxf.xml, jbossws-cxf.xml, or cxf.xml configuration file in my WAR that includes the keystore and truststore configuration. This has not worked and I can't even tell that CXF is seeing these files.
My Questions (Updated)
Is there any way to get JBoss/CXF to see that this is a secure connection and use the keystore/truststore configured via system properties?
Is there any way for me to direct JBoss (via jboss-deployment-structur.xml maybe?) to use a different SAAJ implementation for my deployment?
Do you have any thoughts on other things I should be looking into?
Update 1
I believe I've confirmed that the JBoss-CXF integration is the issue. I was able to remove JBoss's SOAPConnectionImpl by modifying the file {JBOSS_HOME}/modules/system/layers/base/org/jboss/ws/saaj-impl/main/module.xml. I commented out the module dependency <module name="org.jboss.ws.jaxws-client" services="import"/>.
After making this change, my application was able to connect to the remote service with no issues.
Although this shows that the JBoss-CXF integration is this issue, I can't modify the deployment environment in this way. I need to identify another solution.
I'd go for system properties (or at least knowing the configuration of the system) as they might override whatever you specify in your deployment.
What version of cxf is used on the deployment environment? Do you have any info on the configuration of cxf on your deployment environment? From the documentation (http://cxf.apache.org/docs/ws-security.html), I can see you need to configure WSS4J interceptors for cxf 2.0.x or earlier, so you could check if this is okay on your deployment environment.