RootServices Lyo OAuth Web App

Michael.C · November 26, 2021, 11:55am

Hello, I m trying to implement a Jazz Root Services.

I’m using Lyo 4.0.0.
I added in the web.xml :

<filter>

    <display-name>CredentialsFilter</display-name>

    <filter-name>CredentialsFilter</filter-name>

    <filter-class>com.sample.rm.servlet.CredentialsFilter</filter-class>

  </filter>

  <filter-mapping>

    <filter-name>CredentialsFilter</filter-name>

    <url-pattern>/services/*</url-pattern>

  </filter-mapping>
<servlet-mapping>

    <servlet-name>JAX-RS Servlet</servlet-name>

    <url-pattern>/services/*</url-pattern>

  </servlet-mapping>

  <servlet>

    <servlet-name>RootServicesService</servlet-name>

    <servlet-class>com.sample.rm.services.RootServicesService</servlet-class>

</servlet>

And I added

RESOURCE_SHAPE_PATH_TO_RESOURCE_CLASS_MAP.put(OslcConstants.PATH_OAUTH_CONFIGURATION,      OAuthConfiguration.class);
        try
        {
        RESOURCE_CLASSES.add(Class.forName("org.eclipse.lyo.server.oauth.webapp.services.ConsumersService"));
        RESOURCE_CLASSES.add(Class.forName("org.eclipse.lyo.server.oauth.webapp.services.OAuthService"));
        } catch (ClassNotFoundException e)
        {
            e.printStackTrace();
            System.err.println("Application failed to initialize");
        }

In the Application.java

I also added the rootservices_rdfxml.jsp file.

So far I can acces http://localhost:8081/adaptor-rm/rootservices
I also can acces this directory http://localhost:8081/adaptor-rm/oauth/ and the pages inside.

I took the adaptor-rm-webapp project as a base.

I can’t acces the REST endpoints :
http://localhost:8081/adaptor-rm/oauth/requestKey
http://localhost:8081/adaptor-rm/oauth/approveKey
http://localhost:8081/adaptor-rm/oauth/requestToken
http://localhost:8081/adaptor-rm/oauth/authorize
http://localhost:8081/adaptor-rm/oauth/accessToken

I got a 404 error.

Thanks for reading

andrew · November 26, 2021, 12:35pm

Hello @Michael.C,

You should check in CredentialsFilter if the paths you are trying to access are protected or not. Those two you are talking about should be whitelisted. Example:

github.com

oslc-op/refimpl/blob/80c51d39e6bddf71ded8a701a02eca1b61c1a808/src/server-cm/src/main/java/co/oslc/refimpl/cm/gen/servlet/CredentialsFilter.java#L69

    
      
          
          
// Start of user code class_methods
          // End of user code
          
          
/**
           * Check if the resource is protected
           * 
           * @param requestUri the uri of the resource which will be checked
           * @return true - the resource is protected, otherwise false
           */
          private boolean isProtectedResource(HttpServletRequest httpRequest) {
              if (ignoreResourceProtection) {
                  return false;
              }
              String pathInfo = httpRequest.getPathInfo();
          
          
    //'protectedResource' defines the basic set of requests that needs to be protected. 
              //You can override this defintion in the user protected code block below.
              boolean protectedResource = !pathInfo.startsWith("/rootservices") && !pathInfo.startsWith("/oauth");
              // Start of user code isProtectedResource
              // End of user code

As you can see, that code is designed for no-context deployment, where you don’t have the adaptor-rm context. I suggest you put some logging into the isProtectedResource method and tweak it if necessary.

@jad we may need to tweak this line to check for the context or strip it before the check: generateCredentialsFilter.mtl#L109

Cheers,
Andrew

Michael.C · November 26, 2021, 12:49pm

Hello Andrew.

My filter is empty for now.

public class CredentialsFilter implements Filter {

    @Override

    public void destroy() {

    }

    @Override

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,

            FilterChain chain) throws IOException, ServletException {

                chain.doFilter(servletRequest, servletResponse);

}

    

    @Override

    public void init(FilterConfig arg0) throws ServletException {

        

    }

I did not find if it was possible to generate the rootService with Lyo designer. So I took the files from the adaptor-bugzilla.

Michael.C · November 26, 2021, 1:58pm

I was accessing the wrong urls. They are like this http://localhost:8081/adaptor-rm/services/oauth/requestKey
So I changed the content of rootservices_rdfxml.jsp to reflect the correct urls but I don’t know how to change them in the imported jsp files from oauth-webapp

Michael.C · November 29, 2021, 1:23pm

So your hint was helpfull. I modified the context with / and my urls are fine now.
I also had to set an aplication and a consumer store for OAuthConfiguration.

I mostly return true for testing purpose.

I’m now able to link my serveur to Polarion, I also can see the list of services.

But when I click on “Select Work Item From Linked Data Friend Server” I got a popup with the following warning : “Friend server configuration is missing”.

Does anyone know what it means ?

Michael.C · January 11, 2022, 10:23am

I managed to solve my issues by having Polarion and the OSLC serveur on the same machine.

andrew · January 18, 2022, 9:26pm

If having both apps on the same machine helps, you should look at CSP/CORS settings that prevent website data to be stolen by hackers but may make integration work harder. Polarion also had problems with overly restrictive use of SameSite=Strict cookie attribute, preventing it from being sent when a Polarion page is loaded in an iframe, even after you type your login and password.