Camel CXFRS Demo (swagger v2.0) :: OIDC-secured :: A Red Hat JBoss Fuse 6.3.0 RESTful service that handles operations on an IP address or a hostname
This project can be deployed both in a Red Hat JBoss Fuse 6.3.0 standalone karaf container or in a Fabric8-managed cluster environment.
- Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf is installed and running in standalone mode
- Red Hat JBoss AMQ broker is either running inside in the Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf (embedded) or is running as a standalone instance
- A Red Hat Single Sign-On 7.5 or Keycloak 15 instance is installed and running
- The project has been built for a standalone deployment
- Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf is installed and running in standalone mode
- Red Hat JBoss AMQ broker is either running inside in the Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf (embedded) or is running as a standalone instance
- A Red Hat Single Sign-On 7.5 or Keycloak 15 instance is installed and running
- The project has been built for a standalone deployment
- Create the
org.jeannyil.fuse.demo.oidcsecured.ipservicecxfrsserver.cfgPersistent ID file in the<red_hat_fuse_install_directory>/etcdirectory with the following content:context.name.application=demo-oidcsecured_ipservice_cxfrs_server camel.name.route=demo-oidcsecured_ipservicecxfrsserver-route notif.amq.destination=queue://IPSERVICE.CXFRSSERVER.NOTIF.QUEUE error.amq.destination=queue://IPSERVICE.CXFRSSERVER.ERROR.QUEUE amqclient.ssl.truststore=/Users/jnyilimb/workdata/truststore/truststore.jks amqclient.ssl.truststore.password=secret broker.out.url=failover:(ssl://amq-standalone.lab.com:61443)?jms.useCompression=true broker.user.name=amq broker.user.password=amq@standalone broker.max.connections=1 broker.max.activesessionperconnection=500 output.message.ttl.inms=3600000 exposed.service.gateway.host=fuse-standalone.lab.com exposed.service.gateway.port=8443 http.client.connection.timeout.inms=60000 http.client.receive.timeout.inms=120000 keycloak.adapter.realm=fuse-fabric-demo keycloak.adapter.authServerUrl=https://sso.apps.cluster-wz2fb.wz2fb.sandbox649.opentlc.com/auth keycloak.adapter.sslRequired=EXTERNAL keycloak.adapter.verifyTokenAudience=true - Adapt the following properties according to your run-time environment:
amqclient.ssl.truststore: path to the truststore containing the AMQ broker public certificateamqclient.ssl.truststore.password: password of the truststorebroker.out.url: Red Hat JBoss AMQ broker connection url (openwire)broker.user.nameandbroker.user.password: credentials to connect to the Red Hat JBoss AMQ brokerexposed.service.gateway.hostandexposed.service.gateway.port: these are respectively the host and port where the RESTful service is exposed. They are used for the service dynamically-generatedswagger v2.0specification.- JBoss Fuse 6.3 Keyclaok Adapter configuration properties (see here for more details):
keycloak.adapter.realm: Name of the realm securing the application.keycloak.adapter.authServerUrl: The base URL of the Red Hat Single Sign-On server. It is usually of the formhttps://host:port/authkeycloak.adapter.sslRequired: Ensures that all communication to and from the Red Hat Single Sign-On server is over HTTPS. Valid values are 'all', 'external' and 'none'.keycloak.adapter.useResourceRoleMappings: If set to true, the adapter will look inside the token for application level role mappings for the user. If false, it will look at the realm level for user role mappings. The default value is false.keycloak.adapter.verifyTokenAudience: If set to true, then during authentication with the bearer token, the adapter will verify whether the token contains this client name (resource) as an audience. The default value is false.
- Log into the Red Hat Fuse Karaf terminal and deploy the
oidcsecured_ipservice_cxfrs_server_swaggerv2feature:$ features:addurl mvn:org.jeannyil.fuse/oidcsecured_ipservice_cxfrs_server_swaggerv2/1.0.0-SNAPSHOT/xml/features $ features:install oidcsecured_ipservice_cxfrs_server_swaggerv2
- A fabric8-managed cluster of Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) is running
- Red Hat JBoss AMQ broker is either running within the fabric8-managed cluster of Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) or as a standalone instance outside the fabric8 cluster
- The project has been built for a Red Hat Fuse fabric8-managed cluster deployment
- All the generated fabric8 profiles have been imported (See instructions here)
- Log into the Red Hat Fuse fabric8 terminal
- Use the
fabric:profile-editcommand (example:fabric:profile-edit -p org.jeannyil.fuse.cxfrs.demo/broker.user.name=amq org-jeannyil-fuse-cxfrs-demo) to adapt some Persistent ID properties as indicated for the following fabric8 profiles:org-jeannyil-fuse-cxfrs-demofabric8 profile- Adapt these
org.jeannyil.fuse.cxfrs.demoPersistent ID properties:amqclient.ssl.truststore: path to the truststore containing the AMQ broker public certificateamqclient.ssl.truststore.password: password of the truststorebroker.out.url: Red Hat JBoss AMQ broker connection url (openwire)broker.user.nameandbroker.user.password: credentials to connect to the Red Hat JBoss AMQ broker
- Below is an extract of my
org-jeannyil-fuse-cxfrs-demofabric8 profile:$ fabric:profile-display org-jeannyil-fuse-cxfrs-demo Profile id: org-jeannyil-fuse-cxfrs-demo [...] Configuration details ---------------------------- PID: org.jeannyil.fuse.cxfrs.demo broker.out.url discovery:(fabric://ssl-demo-broker) amqclient.ssl.truststore /Users/jnyilimb/workdata/truststore/truststore.jks broker.max.activesessionperconnection 500 broker.max.connections 1 broker.user.name amq broker.user.password ${crypt:AXwoRz+nwJEtZtayqOprP8VFTxMJl5EZ} amqclient.ssl.truststore.password ${crypt:/ynd1l0QTCcuaeJdcdAsrA==} output.message.ttl.inms 3600000 [...]
- Adapt these
org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2fabric8 profile- Adapt these
org.jeannyil.fuse.demo.ipservicecxfrsserverPersistent ID properties:exposed.service.gateway.hostandexposed.service.gateway.port: these are respectively the host and port where the RESTful service is exposed. They are used for the service dynamically-generatedswagger v2.0specification.- JBoss Fuse 6.3 Keyclaok Adapter configuration properties (see here for more details):
keycloak.adapter.realm: Name of the realm securing the application.keycloak.adapter.authServerUrl: The base URL of the Red Hat Single Sign-On server. It is usually of the formhttps://host:port/authkeycloak.adapter.sslRequired: Ensures that all communication to and from the Red Hat Single Sign-On server is over HTTPS. Valid values are 'all', 'external' and 'none'.keycloak.adapter.useResourceRoleMappings: If set to true, the adapter will look inside the token for application level role mappings for the user. If false, it will look at the realm level for user role mappings. The default value is false.keycloak.adapter.verifyTokenAudience: If set to true, then during authentication with the bearer token, the adapter will verify whether the token contains this client name (resource) as an audience. The default value is false.
- Below is an extract of the
org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2fabric8 profile:$ fabric:profile-display org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 Profile id: org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 [...] Configuration details ---------------------------- PID: org.jeannyil.fuse.demo.oidcsecured.ipservicecxfrsserver error.amq.destination queue://IPSERVICE.CXFRSSERVER.ERROR.QUEUE broker.out.url ${profile:org.jeannyil.fuse.cxfrs.demo/broker.out.url} broker.max.activesessionperconnection ${profile:org.jeannyil.fuse.cxfrs.demo/broker.max.activesessionperconnection} broker.max.connections ${profile:org.jeannyil.fuse.cxfrs.demo/broker.max.connections} http.client.receive.timeout.inms 120000 keycloak.adapter.authServerUrl https://sso.apps.cluster-phxmk.phxmk.sandbox911.opentlc.com/auth keycloak.adapter.verifyTokenAudience true keycloak.adapter.sslRequired ALL notif.amq.destination queue://IPSERVICE.CXFRSSERVER.NOTIF.QUEUE broker.user.password ${profile:org.jeannyil.fuse.cxfrs.demo/broker.user.password} amqclient.ssl.truststore.password ${profile:org.jeannyil.fuse.cxfrs.demo/amqclient.ssl.truststore.password} exposed.service.gateway.host localhost amqclient.ssl.truststore ${profile:org.jeannyil.fuse.cxfrs.demo/amqclient.ssl.truststore} context.name.application demo-oidcsecured_ipservice_cxfrs_server broker.user.name ${profile:org.jeannyil.fuse.cxfrs.demo/broker.user.name} http.client.connection.timeout.inms 60000 exposed.service.gateway.port 9095 camel.name.route demo-oidcsecured_ipservicecxfrsserver-route keycloak.adapter.realm fuse-fabric-demo output.message.ttl.inms ${profile:org.jeannyil.fuse.cxfrs.demo/output.message.ttl.inms} keycloak.adapter.useResourceRoleMappings true [...]
- Adapt these
- Deploy the
org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2fabric8 profile:- On an existing fabric8 karaf container using the
fabric:container-add-profilecommand. Example:$ fabric:container-add-profile cxfrs_server-node org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 - Or, create a new fabric8 karaf container and assign the profile using the
fabric:container-create-childcommand. Example:$ fabric:container-create-child --profile org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 fuse-01-root cxfrs_server-node
- On an existing fabric8 karaf container using the
🚧 README TO BE COMPLETED with tests samples for both standalone and fabric8 deployments...