org.forgerock / org.forgerock.openig

18 Mar, 2015

1 commit

  • c7e5d45c   OPENIG-489 Force to configure at startup ... Browse Dir » 
    Force the configuration to be parsed at startup rather than waiting for
the first request to come in. So we might know early if the
configuration is correct or not.

git-svn-id: https://svn.forgerock.org/openig/trunk@917 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    laurent.vaills
     

02 Mar, 2015

1 commit

24 Feb, 2015

1 commit

17 Feb, 2015

1 commit

05 Feb, 2015

1 commit

22 Jan, 2015

1 commit

  • b7229e8c   OPENIG-180 (CR-5830) Provide a baseURI decorator ... Browse Dir » 
    As the URI rebasing is done at different places in the code
we'd like to have a BaseUriHandler/Filter in order to factor
out the code.

Following the same scheme as the "Timer" decorator, the "baseURI"
decorator is created by default in the Gateway Servlet.
(Named "baseUri" and created at startup time in the top-level heap.)

* GatewayServlet.class, Route.class
The creation of the "baseUri" decorator means the attribute
class 'baseURI' is no longer needed as the URI rebasing is now
directly done by the decorator. In the other hand,
the heap initialization performed within both class constructors,
contained a list of reservedFieldNames where the 'baseURI'was present.
It has been removed from there as it is now a global decorator.

* RouteTest.java
Removed unit test 'testRouteIsRebasingTheRequestUri'(Duplicated
in the RouteBuilder test, and the RouteBuilder has the responsability
to apply decorators).

git-svn-id: https://svn.forgerock.org/openig/trunk@843 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    violette
     

03 Dec, 2014

1 commit

  • 1f12d68e   (CR-5558) Add an error message that can be displayed by the default router ... Browse Dir » 
    Only a `404` status code was returned when something goes wrong, nothing was
actually printed on screen if you accessed OpenIG from a browser.

This change add a JSON content (still machine parseable) with a descriptive
error message that is displayed by browser, making the client aware that
something was wrong for any reason.

This change was triggered with fix for OPENIG-411, that had the side effect of
not propagating route's exception to the user anymore

git-svn-id: https://svn.forgerock.org/openig/trunk@778 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

02 Dec, 2014

1 commit

01 Dec, 2014

1 commit

28 Nov, 2014

2 commits

  • 21ff5479   OPENIG-401 (CR-5498) Rework decorator configuration model ... Browse Dir » 
    The decorations are now applied in a more intuitive way:

  * Local decorations are declared inside of the heap object declaration (no changes here)
    ```
    {
      "type": "Something",
      "decorator-name": "configuration ..."
    }
    ```
  * Global decorations are declared in a top-level element called `globalDecorators`
    and are inherited by sub-heap.
    ```
    "globalDecorators": {
      "decorator-name": "configuration ...",
      ...
    }
    ```
  * Top-level handler decorations are declared as top-level attributes
  ```
  "handler": "NameOfHandler"
  "decorator-name": "configuration ..."
  ```

Decorators are applied in this order:
  1. local decorations
  2. global decorations (inherited first, up to the ones declared in the requester heap)
  3. top-level reference decorations (only if the heap object is the main `handler`
     object and retrieved with `HeapImpl.getHandler()`)

Default configuration is now using the top-level reference decoration style.

git-svn-id: https://svn.forgerock.org/openig/trunk@761 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • c41f480e   OPENIG-386 (CR-5503) Introduce per-tag monitoring endpoint ... Browse Dir » 
    This audit framework application maintains hit counters on a per-tag basis.

Here is an output sample:
```
  {
      "resources": {
          "completed": 1,
          "failed": 0,
          "flowing": 0
      },
      "main": {
          "completed": 12,
          "failed": 0,
          "flowing": 1
      },
      "monitor": {
          "completed": 11,
          "failed": 0,
          "flowing": 1
      }
  }
```
`resources`, `main` and `monitor` being "non-standard" (or user-provided) tags.

git-svn-id: https://svn.forgerock.org/openig/trunk@760 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

20 Nov, 2014

3 commits

  • e323e6df   Remove LogTimer on the GatewayServlet ... Browse Dir » 
    Timer values should always be obtained through `timer` decorations.

git-svn-id: https://svn.forgerock.org/openig/trunk@739 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 6e866493   OPENIG-359 (CR-5294) Introduce Audit Framework ... Browse Dir » 
    The audit framework is a new OpenIG API that gives to users a deeper view (and probably
a better understanding) of what's going on in the observed OpenIG system.

This is an initial version of the audit framework that only supports `Exchange` flow
observation: Filters and Handlers will send `AuditEvent` notifications both when an
Exchange enters or exists.

An `AuditEvent` is a notification that includes meta-information about the observed
component emitter of the notification (its `Name` in particular), a timestamp, the
exchange being captured and a set of tags that helps to qualify the event.

Four tags are supported out-of-the-box: `request`, `response`, `completed` and `exception`.
The user can add as many tags as wanted as part of the decoration configuration:

    "audit": "route-#1"  // add a single tag to the decorated component
    "audit": [ "super-tag", "route-#2" ] // add all of theses tags
    "audit": boolean, object, ... // any other format will be ignored

OpenIG provides a single `audit` decorator by default.

Consumers of AuditEvent are `AuditEventListener`, they have to provide their own Heaplet
implementation that extends `ConditionalListenerHeaplet`. They'll be automatically notified
of emitted AuditEvents and can (optionally) filter the received event using the `condition`
configuration attribute (condition is expressed as an `Expression` that needs to evaluate
to a boolean).

Examples of such event-filtering conditions:

    ${true}
    ${contains(tags, 'tag#1')}
    ${source.name.leaf == 'source'}

git-svn-id: https://svn.forgerock.org/openig/trunk@736 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 95f1d731   OPENIG-368 (CR-5326) Use exchange.originalUri in OAuth2ClientFilter ... Browse Dir » 
    The Client filter heavily use the `exchange.request.uri` property to compute URIs.

That was causing issues because, in the set of upstream filters/handlers, someone
could have rebased the request URI (usually to globally 'redirect' the message
to the protected application). That was causing wrong URI computations (like an
OAuth2 `redirect_uri` with the hostname of the protected application, instead of
the user-facing one of OpenIG).

This changes fix this behaviour with the introduction of an immutable
`exchange.originalUri` property that is the original request URI, as received by the
web container.

The Client filter is now using this instead of the mutable one (`exchange.request.uri`).

Updated the Nascar page sample of the documentation to limit copy/paste errors.

git-svn-id: https://svn.forgerock.org/openig/trunk@735 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

17 Nov, 2014

2 commits

07 Nov, 2014

2 commits

  • 2fd96997   OPENIG-371 (CR-5157) Expose the source Name to the Logger API ... Browse Dir » 
    In order to facilitate OPENIG-370 (log simplification), we now expose the Name
of the log source to the Logger. This has a number of implications:
 * `LogEntry.source` has been splited into the `source` and `type` attributes.
source being the original Name and type being the type of the entry (like
`log`, `started`, `elapsed`, ...). Log messages have the `log` type and
exception's messages have the `throwable` type.
 * Logger is no more a LogSink implementation
 * LogEntry has been adapted to directly use Logger instead of LogSink (this way
it can benefit of the Logger.source attribute's value automatically)
 * Logger do not "rebase" the source name anymore: can't do that since source
is not a String anymore.
 * That solves the source duplication issue of OPENIG-370

LogSink interface has been adapted to have a source Name instead of a source
String when trying to determine if something is legible.

LogSink implementations (ConsoleLogSink and FileLogSink) have been changed to
keep an output as close as possible as what we have previously (don't want to
work on OPEN-370 yet).

git-svn-id: https://svn.forgerock.org/openig/trunk@689 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 46839327   OPENIG-371 (CR-5157) Support hierarchical names to uniquely identify heap objects ... Browse Dir » 
    A Name is a recursive object based on a leaf name and a parent Name.

Each Heap as a unique Name used to scope names of the managed heap objects.
Each heap object has a unique Name whose parent is the container Heap.

The Heaplet interface has been updated to give the Name instead of just a String.

The name of each created heap is based on the resource name.

git-svn-id: https://svn.forgerock.org/openig/trunk@688 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

04 Nov, 2014

1 commit

30 Oct, 2014

3 commits

  • 79382cfe   OPENIG-301 Add an option to dump the exchange as part of the capture ... Browse Dir » 
    The CaptureDecorator can now be configured to additionally capture the content
of the Exchange being intercepted.

If specified, it will print the full content of the Exchange instance, excluding
the `response` and the `request` since they should be captured by another mean.
The output contains a deep view of the exchange obtained through introspection
of the class structure (this is done by the Groovy JsonOutput class).
It appears that this class doesn't support cycles very well, so, depending on
the content of the exchange, it may throw exceptions.
By default we're doing our best to remove known cycles.

By default (in the system provided `capture` decorator), this option is disabled
since it adds a lot of cruft in the logs.

git-svn-id: https://svn.forgerock.org/openig/trunk@672 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 1c809a6d   OPENIG-328 Enable the default HttpClient instance to use the TemporaryStorage co… ... Browse Dir » 
    …nfigured in the config.json

Instead of creating manually the HttpClient instance and giving it the
(also manually) created TemporaryStorage instance, we now declare an
equivalent object declaration in the heap, letting the HttpClient heaplet
resolves properly its dependencies.

git-svn-id: https://svn.forgerock.org/openig/trunk@670 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 2deda15c   OPENIG-333 (CR-5066) Expose client information in the exchange ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@668 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

23 Oct, 2014

1 commit

21 Oct, 2014

2 commits

15 Oct, 2014

2 commits

  • 98500dfe   CR-4828 OPENIG-312 ... Browse Dir » 
    Consider using Jackson for parsing the JSON configuration
- Renamed JsonValueUtil to Json.
- Renamed JsonValueUtilTest to JsonTest.

git-svn-id: https://svn.forgerock.org/openig/trunk@622 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    violette
     
  • 77bed597   CR-4763 CR-4828 OPENIG-312 Consider using Jackson for parsing the JSON ... Browse Dir » 
    configuration

- Remove json simple from openig pom file configuration. (added com.fasterxml.jackson.core / databind)
- Jackson throws now IOExceptions instead of json exceptions.
- Added unit tests.
- Fixed javadoc.

git-svn-id: https://svn.forgerock.org/openig/trunk@621 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    violette
     

15 Sep, 2014

4 commits

  • eb870fb6   Simplify default configuration with the help of inline declarations ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@574 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 11201158   Fix location of default-config.json ... Browse Dir » 
    It was misplaced in the openig-core module where it was used in openig-war module.

git-svn-id: https://svn.forgerock.org/openig/trunk@573 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 18535edc   OPENIG-316 (CR-4524) Improve Heap interface usability ... Browse Dir » 
    Heap.get(String):Object gains type safety

    Heap.get(String, Class<T>):T

Heap.getRequiredObject(JsonValue, Class<T>) has a shorter name

    Heap.resolve(JsonValue, Class<T>):T

Heap.getObject(JsonValue, Class<T>) is replaced by a resolve
variant that supports optional dependencies:

    Heap.resolve(JsonValue, Class<T>, boolean):T

git-svn-id: https://svn.forgerock.org/openig/trunk@572 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • a6e0cd60   OPENIG-311 OPENIG-316 (CR-4524) Support inlined declaration in the JSON configuration ... Browse Dir » 
    Inline object declarations are a mean to ease understanding of
Exchange processing.
They permit to describe anonymously, inner objects when a reference to
another heap object is required. That introduce, in the configuration
files, some hierarchical support, easing the user to mentally
represents his processing chain.

This is done in a fully backward compatible way, without requiring any
changes to existing object declarations (the one that requires other
objects through references or names).

The idea is to automatically extract inline declaration when the Heaplet
is calling the get***Object() methods: if the provided JsonValue is a
String, traditional object lookup is performed, but when the JsonValue
represents a JSONObject (a Map), we try to turn this into a normal
object declaration (just like what is done during heap initialisation).
If the given JsonValue does not describe a valid declaration, a
JsonValueException is thrown (again, just like the heap init process
is doing).

Notice that inline declarations do not require a 'name' attribute to
be specified (like anonymous Java classes), so we generate a unique name
based on the JsonPointer (represents the location of the node in
the JSON structure).

Notice that OPENIG-316 is partly resolved in this commit: HeapUtil methods
have only been moved into the Heap interface: no additional type safety,
no renaming.

git-svn-id: https://svn.forgerock.org/openig/trunk@571 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

10 Sep, 2014

2 commits

  • 4e2323f5   OPENIG-279 Fix javadoc that was still referring to 'handlerObject' ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@566 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 6e705541   OPENIG-278 CR-4474 Implement OpenIG Session using JWT and stores it in a cookie ... Browse Dir » 
    OpenIG used to provide a default Session implementation based on the
underlying Servlet container's HttpSession. This changeset intends to
gives to the user the ability to change the session persistence
strategy (in other words: changing the Session implementation).

This can be done at the global level (in the config.json, declaring a
SessionFactory object named 'Session') or on a per-route basis (with the
new 'session' attribute).
When an Exchanges comes into a route that declares a new session type, a new
session is build (no existing session items are propagated) and replace
the old session. When the exchange exits the route, the new session is closed
(notify the session that it's time to persist its content) and is replaced
by the old one. Really like a push/pop stack mechanism.

Notice that the 2 sessions are completely separated (cannot access the old
content from the new and vis-versa). First, that would defeat the purpose of
different session persistence modes (if items are propagated, where should
I persist them ?). Secondly, Session is not intended to share data between
handlers/filters: the Exchange is basically a request-scoped Map that is
designed for that purpose.

The JWT based session is a session implementation whose persistence is done
using an HTTP Cookie, the session's content being serialized as JSON (usable
types are constrained, see list below) and used as the payload of an
encrypted JSON Web Token (JWT).

The use of the JWT session has a few constraints:
 * HTTP Cookies are size-limited to 4K -> Small objects can be stored
 * Only JSON compatible types are supported:
    * null
    * Java primitive types + their boxed equivalent
    * Strings (and any CharSequence)
    * List and Map (of the supported types, recursively)
 * Same client performing concurrent HTTP invocations (so within the
   same HTTP session) that will modify their own session content will
   see inconsistencies in the session. This is due to the fact that the JWT
   session is not shared, each concurrent Thread has its own instance and
   can modify it at will. At the end of the processing, each Thread will
   serialize its own session's content regardless of other Threads.

git-svn-id: https://svn.forgerock.org/openig/trunk@565 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

08 Sep, 2014

1 commit

03 Aug, 2014

4 commits

01 Aug, 2014

1 commit

31 Jul, 2014

1 commit

  • b44ad43f   Partial fix for OPENIG-235: Add better encapsulation of exchange object model in… ... Browse Dir » 
    … order to add addition "enhanced" getters and setters for fields

* perform mechanical changes to encapsulate fields for Message, Request, and Response
* added Javadoc for getters and setters
* Message no longer extends FieldMap since the expression library leverages the BeanResolver.

Remaining non-mechanical changes (e.g. adding enhanced getters/setters) will be performed as separate changes.


git-svn-id: https://svn.forgerock.org/openig/trunk@430 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew