How can i integrate rest services in existing JSF application using jersey? - rest

I'm working on existing JSF application i need to implement rest service in this application so user can also consume data using rest api from existing jsf application.
I have tried
How can I integrate JSF with REST? but no response made on this question.
Calling REST service in my JSF application here requirement is opposite from my case.
How to redirect to JSF page from JAX-RS method? with this i have same issue.
I have follow this https://www.mkyong.com/webservices/jax-rs/restful-java-client-with-jersey-client/
downloaded jar of jersey-client-1.19.4.jar, added to library creating class
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
#Path("/rest")
public class JSONService {
#GET
#Path("/get")
#Produces(MediaType.APPLICATION_JSON)
public void test(#Context HttpServletRequest request, #Context HttpServletResponse response)
throws IOException {
String myJsfPage = "i am here";
response.getWriter().write(myJsfPage);
}
}
but it gives me 404 page not found, please help me.

Related

How to test a reasteasy client proxy

I developed a resteasy client for an external web service using RESTEasy Proxy Framework.
something like that:
public interface AnalyticsProvider {
#GET
#Path("/environments")
#Produces({ MediaType.APPLICATION_JSON})
List<String> getEnvironments();
#POST
#Path("/summary")
#Produces({ MediaType.APPLICATION_JSON})
#Consumes({ MediaType.APPLICATION_JSON})
List<CodeObjectSummary> getSummaries(CodeObjectSummaryRequest summaryRequest);
}
what are the ways to test it ? i mainly want to test serialisation and behaviour of the client code.
one option i found is using okhttp3.mockwebserver.MockWebServer to mock a web server.
any other options?

WebSphere Liberty - JWT - A JsonWebToken Principal can't be injected because one is not available

I'm trying to implement JWT on WebSphere Liberty but am running into an error when passing in the JWT in an Authorization header.
A JsonWebToken Principal can't be injected because one is not available. Protect the requesting resource so authentication occurs before the resource is accessed.
The same JWT is signed with a private key and can be validated successfully on jwt.io using the public key or public cert so I don't think validity is the problem.
This is the JAXRS web resource I'm passing the JWT into:
import org.eclipse.microprofile.jwt.Claim;
import org.eclipse.microprofile.jwt.Claims;
import org.eclipse.microprofile.jwt.JsonWebToken;
import javax.annotation.security.PermitAll;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.core.Response;
#Path("/jwtpoc")
#PermitAll
#RequestScoped
public class JwtPocResource {
#Inject
#Claim(standard = Claims.groups)
private Set<String> groups;
#Inject
private JsonWebToken token;
#GET
public Response getOK() {
return Response.ok().build();
}
}
When GET /jwtpoc is requested I can see the "A JsonWebToken Principal can't be injected because one is not available. Protect the requesting resource so authentication occurs before the resource is accessed." in messages.log so I think it's some injection or underlying configuration is the problem.
I have my key pair set up as a pkcs#12 keyStore, public certificate stored in a pkcs#12 truststore, both are referenced by an ssl configuration and reference to ssl configuration is configured in mpJwt server.xml element. I'm using microprofile 3.2 (mpjwt-1.1).
The application class referencing JwtPocResource has:
import org.eclipse.microprofile.auth.LoginConfig;
import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;
import java.util.HashSet;
import java.util.Set;
#LoginConfig(authMethod = "MP-JWT")
#ApplicationPath("/")
public class JwtPocApplication extends Application {
#Override
public Set<Class<?>> getClasses() {
Set<Class<?>> services = new HashSet<Class<?>>();
services.add(JwtPocResource.class);
}
}
Has anyone seen this before and can suggest a resolution?
In order for injection to happen, the resource must be protected. Per https://download.eclipse.org/microprofile/microprofile-jwt-auth-1.2/microprofile-jwt-auth-spec-1.2.html#_injection_of_code_jsonwebtoken_code, the injection is done for an authenticated caller.
Using #PermitAll for JAXRS will treat this resource as an unprotected resource and there will not be an authenticated caller, and the injection of the JsonWebToken will not happen.
To solve this, the resource can be protected using #RolesAllowed.
If the endpoint must use #PermitAll to handle its own authentication and authorization, then the following applies,
If a JWT is sent to an endpoint that does not require Authentication
and/or Authorization then it still must be verified before it can be
accessed via JsonWebToken interface.
Endpoints which need to control the authentication process themselves
can check if a token is available by calling a
JsonWebToken.getRawToken() method.
For 1.1, the authentication requirement applies as well per https://download.eclipse.org/microprofile/microprofile-jwt-auth-1.1/microprofile-jwt-auth-spec.html#_injection_of_code_jsonwebtoken_code,
An MP-JWT implementation must support the injection of the currently
authenticated caller as a JsonWebToken

How to set http headers in JBoss EAP 6.1

I want to set the http headers for x-frame options and Strict-Transport-Security in jboss 6.1.0.
I have been searching for the proper configuration file to add these headers, am able to see some procedures for jboss 6.4, jboss 7 but I didn't get anything for jboss 6.1
Configure Http Headers in JBoss EAP 7
This is in jboss 7, I need to do the same for jboss 6.1
I have tried a lot in identifyiing the proper confiurtion changes needed for this in jboss 6.1, but am helpless.
please let me knoe if someone is aware of doing this in jboss 6.1
Thanks in advance.
If you are using Apache HTTPD as a proxy to JBoss, it is very easy to add all these headers using the Header directive. Otherwise you can set all these headers in a custom filter and place in the corresponding web application’s lib folder.
This answer is present in RedHat Knowledgebase. As it requires RedHat credentials, I'm posting the same answer here.
Solution:
A servlet filter can be used to add the additional HTTP header to the response. Below is an example filter which uses Servlet 3.0 #WebFilter. Using annotation does not require to configure web.xml to enable the filter.
/*
* This is a sample servlet filter to set "X-Frame-Options" http header to
* http response.
*/
package com.redhat.jboss.support;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.annotation.WebFilter;
#WebFilter("/*")
public class AddCustomHeaderFilter implements Filter {
/**
* Take this filter out of service.
*/
public void destroy() {
}
/**
* #param request The servlet request we are processing
* #param result The servlet response we are creating
* #param chain The filter chain we are processing
*
* #exception IOException if an input/output error occurs
* #exception ServletException if a servlet error occurs
*/
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
((HttpServletResponse)response).setHeader("X-Frame-Options", "SAMEORIGIN");
chain.doFilter(request, response);
}
/**
* Place this filter into service.
*
* #param filterConfig The filter configuration object
*/
public void init(FilterConfig filterConfig) throws ServletException {
}
}
After compiling the AddCustomHeaderFilter.java, one package will be
creating named com.redhat.jboss.support with AddCustomHeaderFilter.class.
Create a jar for the AddCustomHeaderFilter.class using following
command. It will generate a jar AddCustomHeaderFilter.jar :
jar -cvf AddCustomHeaderFilter.jar com
Put this jar in your Web application's WEB-INF/lib folder. It will enable the Servlet filter in the web application.
NOTE:
The example given in AddCustomHeaderFilter.java class is for "SAMEORIGIN". There are below possible values for X-Frame-Options:
DENY: The page cannot be displayed in a frame, regardless of the
site attempting to do so.
SAMEORIGIN: The page can only be displayed in a frame on the same
origin as the page itself.

how to access the SOAP request in the groovy script - SOAP UI

I am writing a groovy script to consume the SOAP web service. First i imported my
WSDL in SOAP and created a project.
Then all the SOAP request are generated automatically.
Now am trying to write a groovy to call the SOAP service using the SOAP request generated.
Now here it is my groovy script
import org.apache.commons.httpclient.methods.PostMethod;
import org.w3c.dom.*;
class Example {
static void main(String[] args) {
String serviceInput="";
PostMethod post = new PostMethod("http://server:30280/so_ws/SO?WSDL");
post.setRequestHeader("Accept", "application/soap+xml,application/dime,multipart/related,text/*");
post.setRequestHeader("SOAPAction", "");
// access CreateNote SOAP request here to call PostMethod
}
}
I want to access the same SOAP request generated in SOAP UI - CreateNote.
How can I access it?
My actuall requirement is to access all SOAP request in the groovy script - so that i can write one single script to test all the SOAP services in one go and that too in the sequence as per required
Here is the Groovy Script which gets the request from its previous step of the same test case like you have your test case currently.
Script
def req = context.testCase.getTestStepAt(context.currentStepIndex - 1).httpRequest.requestContent
log.info req

How to avoid custome filter to run for non-secured urls in spring-security

I am building a REST based web application and i have applied the spring security to it successfully but my concern is that i have added a custom filter
http
.authorizeRequests()
.antMatchers("/mypro/userCont/signup").permitAll()
.and()
.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
.httpBasic();
i want that this filter should only run for secured urls not for unsecured urls if it get runs for non secured url then it should not interrupt me to get resource on non-secure url.
My scenerio is if user is not logged in for secured url custom filter should be run which check the Principal using below code:
Authentication auth = (Authentication) SecurityContextHolder.getContext().getAuthentication();
if the auth is null user should seen default spring security login popup
and if i hit the non secure url i should get to the resource.
Can anyone help me.
You can skip security entirely for particular resources by configuring WebSecurity. In this case, Spring security will totally ignore that URL pattern:
#Configuration
#EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
public void configure(WebSecurity webSecurity) throws Exception
{
webSecurity
.ignoring()
.antMatchers("/resources/**"); //skip security entirely
}
#Override
public void configure(HttpSecurity http) throws Exception {
http
.addFilter(mycustomFilter)
.authorizeRequests().anyRequest()
.and()
.httpBasic();
}
}
or, you can just simply use the permitAll() method to exclude the ones you need to allow anonymous access.
#Configuration
#EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
public void configure(HttpSecurity http) throws Exception {
http
.addFilter(mycustomFilter)
.authorizeRequests()
.antMatchers("/not-secured/**").permitAll()
.and()
.httpBasic();
}
}