I'm using Arquillian to deploy a Java EE WAR on Payara embedded for functional testing with Graphene. Everything works fine.
However, I'd like to know whether it's possible to test user authentication for #RolesAllowed protected RESTful methods. Afaik there's no way around creating users on the Java EE server and in GlassFish and Payara that's done in the web admin UI:
I didn't find anything about a Payara RESTful or similar API for Payara admin tasks.
There seems to be nothing created on the filesystem by the drone driver so that there's no access to the asadmin command.
According to sudo netstat -tupln | grep java the Payara embedded process only opens port 8181 (HTTP) and 8182 (can't be opened in browser).
My question is similar to How to test login with Arquillian - Java EE 7 whose answer doesn't work because CommandRunner isn't injected and a comment says the interface has changed - whatever that means.
The approach in Embedded Glassfish, security and Arquillian questions doesn't work because it's unclear which Server class is used and none of the available ones match all method names (I tried all that pop up in NetBeans autocompletion).
I'm aware of the possbility to replace the embedded with a remote instance, but that's not part of the question.
I'm using Payara 4.1.2.174.
The preferred way to configure the embedded GlassFish/Payara is to configure a standalone Payara Server instance interactivey first (using Admin console or asadmin commands), copy the configuration from the domain (domain1) into test resources and then point the Arquillian container to the configuration.
The documentation of the Arquillian GlassFish embedded container describes that you can use the property instanceRoot to point to the whole domain directory or configurationXml to just point to the domain.xml in that directory.
In fact, the answer in your last link (https://stackoverflow.com/a/24967309/784594) explains precisely this scenarios and provides a ste-by-step guide. You shouldn't be using any Server class to configure the server, you can skip that step - if you secure your REST endpoint using basic HTTP authentication, you just need to send user and password in request headers.
Related
I have a CPE Java API application using Spring Boot & running on Tomcat server and my CPE (5.5.2) is running in Container on WAS server. I am having a hard time setting up a security between the two. Can somebody please help me/guide me to setup security?
If you work with CPE through Java API (RMI over Corba, not WSI) you connect to WAS JVM and you need to use JEE ways to authenticate subject in WAS security context.
WAS as JEE-based container use JAAS spec to provide Authentication.
So you need to know how to enable support JAAS to Spring, read it
https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/jaas.html
After it, you need to know how to get a connection to FN ObjectStore through FN Java API (jace.jar). There is a samples you need to obtain security context and put created Subject and connect to FN after it https://www.ibm.com/support/knowledgecenter/en/SSNW2F_5.1.0/com.ibm.p8.ce.dev.ce.doc/sec_procedures.htm#sec_procedures_obtain_login_context
But also you need to configure your JVM in the right way to work with WAS JAAS configuration. How to enable JAAS configuration for your JVM, look at this link https://www.ibm.com/support/knowledgecenter/SSNW2F_5.1.0/com.ibm.p8.ce.dev.ce.doc/gs_concepts.htm#jaas_config_files
Good luck ˆ))
I built a simple Java web application. It provides a series of RESTful APIs for the user to carry out certain operations on a Java DB through a web interface. I used NetBeans environment during the development, and Glassfish for testing.
Now that I finished it, I would like to be able to deploy it on another machine using binaries (although as for now I use the same machine until I learn how to do it).
I installed Tomcat 7, and moved the .war file into Tomcat's webapp folder. The application deploys. Thereafter I try to read some data from the databse using a button I created just for this, but get the following error
I am not sure what went wrong, but I have two theories.
1) The web application cannot connect to the database. Yet when I attempted to run the application again, after starting JavaDB from NetBeans, there was no difference.
2) Somehow, the application cannot reach the Node service. I assumed that there will be no need to change the API links while moving the app, but perhaps I was wrong.
Or maybe there is some other issue I did not consider? I will be grateful for any advice about how to properly deploy such an application.
EDIT: The issue was solved by using TomEE.
The error is come from your application server of choice.
TomCat is only a servlet container (means it only support Servlet/JSP).
Any other feature (JAX-RS, CDI etc) require a Java EE certified server e.g. GlassFish, WildFly,Payara, WebLogic, OpenLiberty or TomEE.
TomEE could be your best bet if you want to use TomCat in your production or test environment, it is basically TomCat + Java EE other feature.
EDIT:
TomEE don't have a GUI for JNDI datasource configuration like GlassFish, you need to edit conf/tomee.xml
<Resource id="myDataSource" type="javax.sql.DataSource">
jdbcDriver = org.apache.derby.jdbc.ClientDriver
jdbcUrl = jdbc:derby://localhost:1527/dbname
userName = app
password = app
</Resource>
And in your java code:
#Path("resources")
#Stateless
public class MyResources{
#Resource(name="myDataSource")
DataSource dataSource;
#GET
public Response SomeMethod(){
//Do stuff here
}
}
You can check here for more detail configuration on data source.
i have a multiple domains on my centos vps (domains running on apache http server via virtual host configurations). and also same vps, i want to add my new domain but that domain will route my spring boot application (application is a jar file also inside embedded tomcat ). i couldn't find any configuration for embedded tomcat specific domains and ports.
standalone Tomcat i can make configuration via server.xml file like this image
also this short tutorial shows configuration for stadalone tomcat Tomcat Virtual Host Configuration
But how can i do that configuration for embedded Tomcat ? Any suggestion ?
With Spring Boot embedded Tomcat, you are hosting only one application per servlet container. So I don't believe that Tomcat's concept of Virtual Hosts make sense at all.
If you have to host your app on shared Tomcat instance, just build WAR without embedded container.
It depends. 2 ways to deploy your project.jar as you want to :
First way : You can use the "apache web server" and his own "mod_proxy" in order to serve as many Spring webapps you want to, each on a specific port configured with "php-fpm" and with a proxy defined to route requests from/to your namebased VirtualHost configuration.
Nowadays, with Spring Boot 2.5, all you have to do is to set the property server.port in your application.properties file, and use it accordingly with mod_proxy directives.
If you are using profile, you can either set one port to dev or prod or test or whatever properties file you need.
Another way to proceed : you can use the apache web server "mod_jk" bridge module to configure multiple load-balancers for your Virtualhosts too.
Choose your path, young Jedi ;)
This response is certainly not for the OP, 7 years later, but for other people whom are using any web search engine like Google. They will come here and see "something is impossible". It is not true.
I am a complete newbie, just starting with Spring.
I have developed a sample app which I want to deploy on a production environment. My problem is that my app serivces still look like that:
http://mydomain.com:8400/myserver/myapp/controller/view
I want to humanize this and turn it into something like that:
http://mydomain.com/controller/view
basically removing the port as well as the boilereplate /myserver/myapp/, since this domain will be used entirely for the purposes of that app
However, I still want to keep the existing url scheme as well.
How do I do that? do I have to configure server.xml (for the port), web.xml, .htaccess or something else?
To remove the port, you have at least 3 choices:
let the container server (Tomcat or what ever) run on port 80
use a Proxy Server (for example Apache Httpd) run on port 80 and forward the requests to your application Server (Tomcat)
use some Firewall constraints to forward the requests fron port 80 to 8080
To get rid of the log path: you can use a combination of that ideas:
(if you use an tomcat) rename the war to ROOT.war (uppercase) instead of myapp.war. Then you will get rid of the "myapp" part.
Use some java framework like tuckey UrlRewriteFilter to change the rest of the urls
This is related to Tomcat 6 with JAASRealm and a custom JAAS module for security.
Other Application Servers seem to support the mapping of application role names (in web.xml) to actual groups of the underlying security realm by using with server specific deployment descriptors - as mentioned in the Java EE 5 Tutorial.
Does Tomcat have a similar mechanism?
Edit: This thread seems to talk of the same requirement, but unfortunately doesn't have a definitive answer.
A request for enhancement to JBoss Web (with tomcat under the hood) has been made to address this same issue.
you can check $CATALINA_HOME/conf/tomcat-users.xml there you can add and manage roles .. you can use the GUI provided by tomcat you can check
GUI Administration
and Tomcat Roles Management