-
1. Re: OAuth to REST service in embedded server
rareddy May 14, 2015 9:23 AM (in response to jmeritt)Jamie,
Follow directions here OAuth Authentication With REST Based Services - Teiid 8.11 (draft) - Project Documentation Editor however for creating the resource adapter you do not need to follow that what is described there rather use webservice connection creation but you would need to pass the same values.
Ramesh..
-
2. Re: OAuth to REST service in embedded server
jmeritt May 27, 2015 2:16 PM (in response to rareddy)Thanks Ramesh. I have been able to get the OAusth20LoginModule configured and instantiated through JaaS and am manually creating the connection factory and configuring security type. However, I can't figure out how to associate the Subject with the Connection when I execute a statement. How do I set the security domain in embedded mode without having a resource adapter configuration file or any of the standalone-teiid.xml
Thanks,
Jaime
-
3. Re: OAuth to REST service in embedded server
shawkins May 27, 2015 4:21 PM (in response to jmeritt)You could look into using IronJacamar/Narayana with embedded to add JCA functionality. You can see this in the examples - from the beta2 kit or in git https://github.com/teiid/teiid/blob/teiid-parent-8.11.0.Beta2/build/kits/embedded/examples/embedded-portfolio/src/org/teiid/example/EmbeddedHelper.java
Otherwise, you can pick up the Teiid security-domain subject from the Teiid ExecutionContext, or you may need add your own JCA like logic to supply the Subject so that the handling in BasicManagedConnectionFactory / BasicManagedConnection / ConnectionContext is effective.
-
4. Re: OAuth to REST service in embedded server
jmeritt May 28, 2015 11:40 AM (in response to shawkins)Thanks Steve
Decided to cheat a bit for the interim and manually create the Authorization header and supply it to the invokeHttp method. This allows me to avoid some major surgery in exchange for a hack. However, looks like I uncovered a bug in OAuth credential handling with Google APIs in the process (which I will hit no matter which way I do the security as far as I can tell).
It appears that the expiration time of a token is sent back from Google with a space prior to the number - which causes a NumberFormatException every time I call getAuthorizationHeader on the credential - see stack trace below. I will likely submit a big to CXF to get this resolved but wanted to know if you guys want a tracking JIRA or anything for this as well?
Thanks,
JaimeException in thread "main" java.lang.NumberFormatException: For input string: " 3600"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:65)
at java.lang.Long.parseLong(Long.java:578)
at java.lang.Long.valueOf(Long.java:803)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.fromMapToClientToken(OAuthClientUtils.java:308)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:270)
at org.apache.cxf.rs.security.oauth2.client.OAuthClientUtils.getAccessToken(OAuthClientUtils.java:208)
at org.teiid.jboss.oauth.OAuth20CredentialImpl.getAccessToken(OAuth20CredentialImpl.java:53)
at org.teiid.jboss.oauth.OAuth20CredentialImpl.getAuthorizationHeader(OAuth20CredentialImpl.java:40)
at com.datadirect.connectivity.google.App.main(App.java:47)
-
5. Re: OAuth to REST service in embedded server
shawkins May 28, 2015 2:31 PM (in response to jmeritt)1 of 1 people found this helpfulIt looks like they need better json parsing routines. Looking at version 2.7.14, the source for org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider is doing the parsing to create the map where the invalid value comes from. It appears the values are always trimmed, which doesn't quite match what you are seeing - are you using all 2.7.14 jars? But it should be trimming quoted string values prior to stripping the quotes and not after. So I can't reproduce this with json using integer literals, but can with string literals:
{"a" : 3600 , "b" : "3600" }
"a" will be trimmed and can be converted to a long, but the "b" value won't have the quotes stripped and results in an exception. So yes, please log something in CXF and a corresponding Teiid JIRA will help us better track when this gets addressed on our side.
-
6. Re: OAuth to REST service in embedded server
jmeritt May 28, 2015 8:46 PM (in response to shawkins)Thanks Steven!
I was still using the 8.11.0.Beta1 build which referenced an older CXF (will upgrade to beta 2 tonight). After fixing my local version of OAuthClientUtils I then discovered the quote bug which you reference above. Once I worked around that it does appear to be generating the token and my hack of passing the auth header manually is also working.
Thanks for all the help!
Jaime
-
7. Re: OAuth to REST service in embedded server
shawkins May 29, 2015 10:17 AM (in response to jmeritt)That's good news. It also looks like newer version of CXF don't have the same issue - http://grepcode.com/file/repo1.maven.org/maven2/org.apache.cxf/cxf-rt-rs-security-oauth2/3.0.4/org/apache/cxf/rs/security/oauth2/provider/OAuthJSONProvider.java?av=f
Let us know if there is anything that needs done for 8.11
Thanks,
Steve