Merge pull request #135 from dixyushi/httpRestClient

devon4j_http_rest_client

Author: EduardKrieger

devon4j-http-rest-client/files/BaseWebSecurityConfig.txt

@@ -0,0 +1,116 @@
+package com.example.application.httprestserver.general.service.impl.config;
+
+import javax.inject.Inject;
+import javax.servlet.Filter;
+
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.logout.LogoutFilter;
+import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import com.devonfw.module.security.common.api.config.WebSecurityConfigurer;
+import com.devonfw.module.security.common.impl.rest.AuthenticationSuccessHandlerSendingOkHttpStatusCode;
+import com.devonfw.module.security.common.impl.rest.JsonUsernamePasswordAuthenticationFilter;
+import com.devonfw.module.security.common.impl.rest.LogoutSuccessHandlerReturningOkHttpStatusCode;
+
+/**
+ * This type serves as a base class for extensions of the {@code WebSecurityConfigurerAdapter} and provides a default
+ * configuration. <br/>
+ * Security configuration is based on {@link WebSecurityConfigurerAdapter}. This configuration is by purpose designed
+ * most simple for two channels of authentication: simple login form and rest-url.
+ */
+public abstract class BaseWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+  @Inject
+  private UserDetailsService userDetailsService;
+
+  @Inject
+  private PasswordEncoder passwordEncoder;
+
+  @Inject
+  private WebSecurityConfigurer webSecurityConfigurer;
+
+  /**
+   * Configure spring security to enable a simple webform-login + a simple rest login.
+   */
+  @Override
+  public void configure(HttpSecurity http) throws Exception {
+
+    String[] unsecuredResources = new String[] { "/login", "/security/**", "/services/rest/login",
+    "/services/rest/logout" };
+
+    // disable CSRF protection by default, use csrf starter to override.
+    http = http.csrf().disable();
+    // load starters as pluggins.
+    http = this.webSecurityConfigurer.configure(http);
+
+    http.httpBasic().and()
+        //
+        .userDetailsService(this.userDetailsService)
+        // define all urls that are not to be secured
+        .authorizeRequests().antMatchers(unsecuredResources).permitAll().anyRequest().authenticated().and()
+        // configure parameters for simple form login (and logout)
+        .formLogin().successHandler(new SimpleUrlAuthenticationSuccessHandler()).defaultSuccessUrl("/")
+        .failureUrl("/login.html?error").loginProcessingUrl("/j_spring_security_login").usernameParameter("username")
+        .passwordParameter("password").and()
+        // logout via POST is possible
+        .logout().logoutSuccessUrl("/login.html").and()
+        // register login and logout filter that handles rest logins
+        .addFilterAfter(getSimpleRestAuthenticationFilter(), BasicAuthenticationFilter.class)
+        .addFilterAfter(getSimpleRestLogoutFilter(), LogoutFilter.class);
+  }
+
+  /**
+   * Create a simple filter that allows logout on a REST Url /services/rest/logout and returns a simple HTTP status 200
+   * ok.
+   *
+   * @return the filter.
+   */
+  protected Filter getSimpleRestLogoutFilter() {
+
+    LogoutFilter logoutFilter = new LogoutFilter(new LogoutSuccessHandlerReturningOkHttpStatusCode(),
+        new SecurityContextLogoutHandler());
+
+    // configure logout for rest logouts
+    logoutFilter.setLogoutRequestMatcher(new AntPathRequestMatcher("/services/rest/logout"));
+
+    return logoutFilter;
+  }
+
+  /**
+   * Create a simple authentication filter for REST logins that reads user-credentials from a json-parameter and returns
+   * status 200 instead of redirect after login.
+   *
+   * @return the {@link JsonUsernamePasswordAuthenticationFilter}.
+   * @throws Exception if something goes wrong.
+   */
+  protected JsonUsernamePasswordAuthenticationFilter getSimpleRestAuthenticationFilter() throws Exception {
+
+    JsonUsernamePasswordAuthenticationFilter jsonFilter = new JsonUsernamePasswordAuthenticationFilter(
+        new AntPathRequestMatcher("/services/rest/login"));
+    jsonFilter.setPasswordParameter("j_password");
+    jsonFilter.setUsernameParameter("j_username");
+    jsonFilter.setAuthenticationManager(authenticationManager());
+    // set failurehandler that uses no redirect in case of login failure; just HTTP-status: 401
+    jsonFilter.setAuthenticationManager(authenticationManagerBean());
+    jsonFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler());
+    // set successhandler that uses no redirect in case of login success; just HTTP-status: 200
+    jsonFilter.setAuthenticationSuccessHandler(new AuthenticationSuccessHandlerSendingOkHttpStatusCode());
+    return jsonFilter;
+  }
+
+  @SuppressWarnings("javadoc")
+  @Inject
+  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+
+    auth.inMemoryAuthentication().withUser("admin").password(this.passwordEncoder.encode("admin")).roles("Admin");
+  }
+
+}

devon4j-http-rest-client/files/Devon4jRestClient.java

@@ -0,0 +1,21 @@
+package com.sample.application.httprestclient.general.service.api.rest;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+@Path("/devon4jrestclient")
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+public interface Devon4jRestClient {
+
+  @GET
+  @Path("/response")
+  public String showResponse();
+
+  @GET
+  @Path("/clientService")
+  public String returnServiceDetail();
+}

devon4j-http-rest-client/files/Devon4jRestClientImpl.java

@@ -0,0 +1,38 @@
+package com.sample.application.httprestclient.general.service.impl.rest;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+import com.sample.application.httprestclient.general.service.api.rest.Devon4jRestClient;
+import com.sample.application.httprestclient.general.service.api.rest.VisitormanagementRestService;
+import com.devonfw.module.service.common.api.client.ServiceClientFactory;
+
+@Named("Devon4jRestClient")
+public class Devon4jRestClientImpl implements Devon4jRestClient {
+
+  @Inject
+  private ServiceClientFactory serviceClientFactory;
+
+  @Override
+  public String showResponse() {
+
+    String result = callSynchronous();
+    System.out.println(result);
+    return result;
+  }
+
+  private String callSynchronous() {
+
+    VisitormanagementRestService visitormanagementRestService = this.serviceClientFactory
+        .create(VisitormanagementRestService.class);
+    // call of service over the wire, synchronously blocking until result is received or error occurred
+    String resultFromAPICall = visitormanagementRestService.returnResponseToClient();
+    return resultFromAPICall;
+  }
+
+  @Override
+  public String returnServiceDetail() {
+
+    String result = "This is devon4j rest service client";
+    return result;
+  }
+}

devon4j-http-rest-client/files/RestDescription.txt

@@ -0,0 +1,7 @@
+For implementing REST services we use the JAX-RS standard. As an implementation we recommend CXF. For JSON bindings we use Jackson while XML binding works out-of-the-box with JAXB. To implement a service you write an interface with JAX-RS annotations for the API and a regular implementation class annotated with @Named to make it a spring-bean.
+
+The REST service implementation is a regular CDI bean that can use dependency injection. The separation of the API as a Java interface allows to use it for service client calls.
+
+**Why** **Should** **you** **prefer** **devon4j** **client** **over** **other** **clients?**
+
+devon4j supports flexible configuration, adding headers for authentication, mapping of errors from server, logging success/errors with duration for performance analysis, support for synchronous and asynchronous invocations. Easy invocation of service inside a micro-service.

devon4j-http-rest-client/files/VisitorManagementRestServiceClient.txt

@@ -0,0 +1,19 @@
+package com.sample.application.httprestclient.general.service.api.rest;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+
+@Path("/visitormanagement")
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+public interface VisitormanagementRestService {
+
+  @GET
+  @Path("/clientrequest")
+  public String returnResponseToClient();
+
+}

devon4j-http-rest-client/files/VisitormanagementRestService.java

@@ -0,0 +1,19 @@
+package com.example.application.httprestserver.visitormanagement.service.api.rest;
+
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+
+@Path("/visitormanagement")
+@Consumes(MediaType.APPLICATION_JSON)
+@Produces(MediaType.APPLICATION_JSON)
+public interface VisitormanagementRestService {
+
+  @GET
+  @Path("/clientrequest")
+  public String returnResponseToClient();
+
+}

devon4j-http-rest-client/files/VisitormanagementRestServiceImpl.java

@@ -0,0 +1,16 @@
+package com.example.application.httprestserver.visitormanagement.service.impl.rest;
+
+import javax.inject.Inject;
+import javax.inject.Named;
+
+import com.example.application.httprestserver.visitormanagement.service.api.rest.VisitormanagementRestService;
+
+@Named("VisitormanagementRestService")
+public class VisitormanagementRestServiceImpl implements VisitormanagementRestService {
+
+  @Override
+  public String returnResponseToClient() {
+   String args = "welcome to rest api";
+   return args;
+  }
+}

devon4j-http-rest-client/files/client_application.txt

@@ -0,0 +1,44 @@
+# This is the configuration file shipped with the application that contains reasonable defaults.
+# Environment specific configurations are configured in config/application.properties.
+# If you are running in a servlet container you may add this to lib/config/application.properties in case you do not
+# want to touch the WAR file.
+
+server.port=8081
+spring.application.name=httprestclient
+server.servlet.context-path=/httprestclient
+
+security.expose.error.details=false
+
+spring.jpa.hibernate.ddl-auto=validate
+
+# Datasource for accessing the database
+# https://github.com/spring-projects/spring-boot/blob/d3c34ee3d1bfd3db4a98678c524e145ef9bca51c/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/jdbc/DatabaseDriver.java
+spring.jpa.database=h2
+# spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
+# spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+
+# Hibernate NamingStrategy has been deprecated and then removed in favor of two step naming strategy ImplicitNamingStrategy and PhysicalNamingStrategy
+spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl
+spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+
+# https://github.com/devonfw/devon4j/issues/65
+# https://vladmihalcea.com/the-open-session-in-view-anti-pattern/
+spring.jpa.open-in-view=false
+
+# to prevent that Spring Boot launches batch jobs on startup
+# might otherwise lead to errors if job parameters are needed (or lead to unwanted modifications and longer startup times)
+# see http://stackoverflow.com/questions/22318907/how-to-stop-spring-batch-scheduled-jobs-from-running-at-first-time-when-executin
+spring.batch.job.enabled=false
+
+# Flyway for Database Setup and Migrations
+spring.flyway.locations=classpath:db/migration
+
+# rest client setup
+service.client.default.url=http://localhost:8081/httprestserver/services/rest
+service.client.app.httprestserver.url=http://localhost:8081/httprestserver/services/rest
+service.client.default.timeout.connection=120
+service.client.default.timeout.response=3600
+service.client.app.httprestserver.auth=basic
+service.client.app.httprestserver.user.login=admin
+service.client.app.httprestserver.user.password=admin

devon4j-http-rest-client/files/client_config_application.txt

@@ -0,0 +1,36 @@
+# This is the spring boot configuration file for development. It will not be included into the application.
+# In order to set specific configurations in a regular installed environment create an according file
+# config/application.properties in the server. If you are deploying the application to a servlet container as untouched
+# WAR file you can locate this config folder in ${symbol_dollar}{CATALINA_BASE}/lib. If you want to deploy multiple applications to
+# the same container (not recommended by default) you need to ensure the WARs are extracted in webapps folder and locate
+# the config folder inside the WEB-INF/classes folder of the webapplication.
+
+server.port=8081
+server.servlet.context-path=/httprestclient
+
+# Datasource for accessing the database
+# See https://github.com/devonfw/devon4j/blob/develop/documentation/guide-configuration.asciidoc#security-configuration
+#jasypt.encryptor.password=none
+#spring.datasource.password=ENC(7CnHiadYc0Wh2FnWADNjJg==)
+spring.datasource.password=
+spring.datasource.url=jdbc:h2:./.httprestclient;
+
+# print SQL to console for debugging (e.g. detect N+1 issues)
+spring.jpa.show-sql=true
+spring.jpa.properties.hibernate.format_sql=true
+
+# Enable JSON pretty printing
+spring.jackson.serialization.INDENT_OUTPUT=true
+
+# Flyway for Database Setup and Migrations
+spring.flyway.enabled=true
+spring.flyway.clean-on-validation-error=true
+
+# rest client setup
+service.client.default.url=http://localhost:8081/httprestserver/services/rest
+service.client.app.httprestserver.url=http://localhost:8081/httprestserver/services/rest
+service.client.default.timeout.connection=120
+service.client.default.timeout.response=3600
+service.client.app.httprestserver.auth=basic
+service.client.app.httprestserver.user.login=admin
+service.client.app.httprestserver.user.password=admin

devon4j-http-rest-client/files/configurationProperties.txt

@@ -0,0 +1,14 @@
+## Service Discovery
+* service.client.default.url :- It is used to set the default url of server and it is added for service discovery.
+* service.client.app.httprestserver.url :- This property provide base url of REST in your application. It follows format such as "service.client.app.«application».url". Here, «application» refers to the technical name of the application providing the service.
+
+## Timeouts
+* service.client.default.timeout.connection:- It is used to set the default timeout for particular connection.
+* service.client.default.timeout.response:- It is used to set the default timeout for particular response.
+
+## Headers
+* service.client.app.httprestserver.auth:- It is used for customization of Service Header. Here it is used for basic authentication.
+
+## Authentication
+* service.client.app.httprestserver.user.login:- It is used to set username of server for authentication
+* service.client.app.httprestserver.user.password:- It is used to set password.