zowe / sample-spring-boot-api-service Goto Github PK
View Code? Open in Web Editor NEWZowe REST API service SDK and sample API service that integrates with Zowe API Mediation Layer
License: Other
Zowe REST API service SDK and sample API service that integrates with Zowe API Mediation Layer
License: Other
It requires #24 to be on master and then go to https://bintray.com/beta/#/plavjanik/zowe/zowe-rest-api-commons-spring?tab=overview and use action Add to JCenter.
How will we share example makefile for site specific build process for links like object code identifiers?
errors
and rest.response
packages from zowe/api-layer
to the commons
- resolved by #36As a developer who is creating an API service, I would like to see an example of the JNI code that is calling MVS code via JNI and OS linkage together with instructions how to build them and run them on z/OS.
The existing code with JNI in the old sample should be migrated to the new sample.
As an API developer, I would like to be able to localize the Swagger documentation that my API is generating.
Accept-Language
header or lang
query parameterAccept-Language
header from the browser to the API serviceFor "production" APIs we want support for messages presented to the external user in multiple languages.
PetControllerExceptionHandler.java
which provides a recommended style)ApiMessage
class)We need a way how to let other teams (REST API Sample users) know that this repo has changed (eg vulnerability fix) so they update they code accordingly.
This is an outcome of architecture discussion on 6/24/2019
Migrate relevant documentation from https://docops.ca.com/display/IWM/Building+New+APIs to Markdown in the repository or to GitHub wiki (in case of general documentation that is not affected by code changes)
The PlatformAccessControl class and its underlying implementation __check_resource_auth_np() support the general resources only. In particular, the class can not specify DATASET
.
But checking access to DATASET
can be useful.
Acceptance criteria:
PlatformSecurityService
implementation works well with DATASET
resource class and can be used to check access to MVS datasets.Implementation tips:
RACROUTE REQUEST=AUTH
macrozowe-sdk-secur
module. This module is program-controlled so it can use RACROUTE REQUEST=AUTH
functionalityIf we follow this:
routes:
- gatewayUrl: api/v1
serviceUrl: /api/v1
We may have an endpoint outside of the API ML that is: /api/v1/status
.
Then, through the API ML, we would then have /api/v1/servicename/status
A concern is that this might make it difficult to be a client for both cases. Is that valid or is this normal in an API ML?
2019-09-03 04:02:37.856 <ZWEASA1:main:33950015> PLAPE03 (org.zowe.commons.spring.ServiceStartupEventHandler:25) INFO Zowe Sample API Service has been started in 10.204 seconds
[DEBUG] Input - id: 1 content: Hello, world!```
As this repository contains sample source code intended to be downloaded and expanded upon, it would be better suited with an EPL+Apache 2.0 dual license.
The OMP Governing Board has approved EPL-2.0 license waivers for sample repositories in Zowe, replaced by the dual license.
To re-license this repository, all contributors should consent by responding to this issue in the affirmative.
As a developer of the REST API, I would like to protect REST API endpoints or parts of my code by SAF resources.
DATASET
resource class is not in the scope of this story)hasSafResourceAccess
(absolute class resource name) and hasSafServiceResourceAccess
(relative to the user-configurable resource class and resource name prefix for the service)The goal of this story is to enable developers who are using the SDK to use token-based authentication in their REST API services.
Note:
Requires #80
Migrate the code for security context switching on z/OS
Depends on #4
The original source code has been added by https://github.gwd.broadcom.net/MFD/ca-sample-restapi-service/pull/28
As a developer who is developing REST API service, I want to run Java code under the same user ID the s user using REST API, so that the code can access mainframe resources only accessible by that user without the need to setup PassTickets.
Original acceptance criteria:
pthread_security_applid_np()
function with function code __DAEMON_SECURITY_ENV
that requires permission to BPX.DAEMON
As a developer of Zowe REST API, I would like to be able to run e2e REST API tests easily against my local instance and against z/OS instance.
Acceptance criteria:
Because I could not find a way to supply optional properties like messageReason and messageAction to the error-handling capabilities supplied by the commons package, I simply have not used them.
Can you confirm if this is true?
Reported by @gejohnston
I am toying with zowe samples. While trying out one, I got this error
Mounting zFS filesystem USERID.ZOWE.SAMPLAPI.ZFS to /a/surgo01/zowe-rest-api-sample-spring
Executing z/OS UNIX command '/usr/sbin/mount -v -o aggrgrow -f USERID.ZOWE.SAMPLAPI.ZFS /a/userid/zowe-rest-api-sample-spring'
Error:
$ FOMF0504I mount error: 8B 119B00B0
USERID.ZOWE.SAMPLAPI.ZFS
EPERM: The operation is not permitted
JRUserNotPrivileged: The requester of the service is not privileged
how do i get past this?
As an SDK user, I want to run java code under the same user ID the s user using REST API, so that the code can access mainframe resources only accessible by that user by leveraging future PassTicket support in Zowe to allow me to have a minimum security requirement for my service.
Acceptance Criteria:
pthread_security_applid_np()
function with function code __CREATE_SECURITY_ENV
that requires permission to BPX.SERVER
but not to BPX.DAEMONMigrated original story: https://rally1.rallydev.com/#/106710376756d/detail/userstory/288640296608
Maybe I'm missing something, but I removed any custom exception handlers in favor of what is being done in the commons jar:
For "403" I get the following response:
{
"messages": [
{
"messageType": "ERROR",
"messageNumber": "ZWEAS403",
"messageContent": "The user is not authorized to the target resource: Access is denied",
"messageKey": "org.zowe.commons.rest.forbidden",
"messageInstanceId": "11a3da12-4895-42b5-81b1-e8e5e092c88d"
}
]
}
For "405" I get no payload response? For us, its really not a big deal to have a message in the response body, the HTTP status is enough, but just wanted to check if this is expected behavior?
Steps:
http
protocol to connect2019-10-05 15:59:06.400 <ZWEASA1:https-jsse-nio-0.0.0.0-20081-exec-1:33620312> SDKBLD1 (org.apache.coyote.http11.Http11NioProtocol:175) ERROR Error reading request, ignored
java.lang.NullPointerException: null
at org.apache.tomcat.util.net.NioEndpoint$NioSocketWrapper.getSslSupport(NioEndpoint.java:1392)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:853)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1593)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:811)
Expected behavior:
Reporting for another team - SafPlatformUser() does not reject a valid user name with a blank password when called through the SDK basic auth code.
I haven't had a chance to independently verify but capturing here until it is verified.
Deprecated Gradle features were used in this build, making it incompatible with Gradle 6.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/5.2.1/userguide/command_line_interface.html#sec:command_line_warnings
Message is not correct:
Run ./gradlew zosbuild in directory C:\dev\java\sample-spring-boot-api-service\zowe-rest-api-commons-spring
It should be:
It should be: run ./gradlew :zowe-rest-api-commons-spring:zosbuild in C:\dev\java\sample-spring-boot-api-service
Reported by @dkelosky
The packages that are not the sample service code are distributed as Java libraries. They are now kept for practical reasons with the sample.
org.zowe.sdk.spring
) and non-spring (other packages under org.zowe.sdk
) libraries should be createdWe need an example "callable" endpoint in the SDK tested against all three security subsystems (modeled after wrapRunnableInEnvironmentForAuthenticatedUser) and understand why one appears to need BPX.DAEMON and the other does not on Top Secret
As a developed of a REST API (and the SDK too), I would like the integration tests to be counted into code coverage.
Tooling that simplifies localization and checks its correctness and can generate a message reference for numbered error messages.
Create a new zowe-api-dev messages i18n
command that will:
messages_{languageCode}.properties
initialized with non-localized and commented text from messages.yml
that needs to be localizedmessages_{languageCode}.properties
have all the messages keys covered. This will help developers to find out that a localization is missing for a new messagemessages.
. To find out extra localization for keys that were removed/renamed in messages.yml
New zowe-api-dev messages docgen
:
We have code in our service that registers to the API layer. We modeled it after the provided sample:
Would it be possible (or make sense) to include this with Zowe commons jar?
The API doc states:
"Unexpected errors does not need to be handled or caught by your REST controller. If your controller throws an Exception or RuntimeException then Spring exception handler (customized by CustomRestExceptionHandler in the commons library) will convert the exception into a standardized format. "
Is information available on what content is produced by the commons package for an uncaught exception? For example, does it produce a stack trace, or other detailed information?
Reported by @gejohnston
As a developer of the REST API, I would like to test or debug my REST API on z/OS without losing focus while waiting minutes for JAR or native code upload to finish.
java -jar ....
- added to #24-d <port>
for remote debug of java applicationFor basic auth we will use Java_org_zowe_sdk_zos_security_jni_Secur_createSecurityEnvironment
JNI method which does not require BPX.DAEMON
access.
Execution failed for task ':zowe-rest-api-commons-spring:zosbuild'.
?[33m> ?[39mA problem occurred starting process 'command 'zowe-api-dev''
Spring Boot requires JARs inside the fat JAR to be stored without compression.
Caused by: java.lang.IllegalStateException: Unable to open nested entry 'BOOT-INF/lib/zowe-rest-api-commons-spring-0.0.0-SNAPSHOT.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
The workaround is to use:
zowe-api-dev deploy --force
Full error log:
Starting application in SSH z/OS UNIX session using command '/sys/java64bt/v8r0m0/usr/lpp/java/J8.0_64/bin/java -Djava.library.path="./lib:${LIBPATH}" -Xquickstart -jar bin/zowe-rest-api-sample-spring.jar --spring.config.additional-location=file:etc/application.yml' in directory '/a/plape03/zowe-rest-api-sample-spring'
ℹ You can stop it using Ctrl+C
Executing z/OS UNIX command '/sys/java64bt/v8r0m0/usr/lpp/java/J8.0_64/bin/java -Djava.library.path="./lib:${LIBPATH}" -Xquickstart -jar bin/zowe-rest-api-sample-spring.jar --spring.config.additional-location=file:etc/application.yml' in directory /a/plape03/zowe-rest-api-sample-spring
$ Exception in thread "main" java.lang.IllegalStateException: Failed to get nested archive for entry BOOT-INF/lib/zowe-rest-api-commons-spring-0.0.0-SNAPSHOT.jar
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:108)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchives(JarFileArchive.java:87)
at org.springframework.boot.loader.ExecutableArchiveLauncher.getClassPathArchives(ExecutableArchiveLauncher.java:69)
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52)
Caused by: java.io.IOException: Unable to open nested jar file 'BOOT-INF/lib/zowe-rest-api-commons-spring-0.0.0-SNAPSHOT.jar'
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:258)
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:244)
at org.springframework.boot.loader.archive.JarFileArchive.getNestedArchive(JarFileArchive.java:104)
... 4 more
Caused by: java.lang.IllegalStateException: Unable to open nested entry 'BOOT-INF/lib/zowe-rest-api-commons-spring-0.0.0-SNAPSHOT.jar'. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file
at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry(JarFile.java:284)
at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry(JarFile.java:266)
at org.springframework.boot.loader.jar.JarFile.getNestedJarFile(JarFile.java:255)
... 6 more
Error: empty JSON response from Zowe CLI
at zoweSync (~/workspace/github.com/zowe/sample-spring-boot-api-service/zowe-api-dev/src/zowe.ts:65:23)
at execSshCommand (~/workspace/github.com/zowe/sample-spring-boot-api-service/zowe-api-dev/src/zowe.ts:152:12)
at Object.execSshCommandWithDefaultEnv (~/workspace/github.com/zowe/sample-spring-boot-api-service/zowe-api-dev/src/zowe.ts:161:12)
at Start.run (~/workspace/github.com/zowe/sample-spring-boot-api-service/zowe-api-dev/src/commands/start.ts:59:13)
at Start._run (~/workspace/github.com/zowe/sample-spring-boot-api-service/zowe-api-dev/node_modules/@oclif/command/lib/command.js:44:31)
It might make sense to include some jzos stuff in the sample? It's probably pretty common for folks to need those capabilities.
We would like the SDK to require only BPX.SERVER (instead of BPX.DAEMON & superuser)
As the SDK developer, I would like the CIt to build the native code on z/OS.
Acceptance criteria:
zowe-api-dev
against river.zowe.orgThe current recommendation is that zowe REST API SDK be consumed by importing a single JAR.
While importing one single JAR file may be convenient for some consumers, importing one single JAR file has several disadvantages.
We would like to request that the zowe REST API SDK be able to be consumed in smaller chunks. Instead of a single JAR, we would like the ability to consume only those portions of the SDK which we intend to actively leverage at the present time.
As a developer of the REST API, I would like to know how to do the i18n easily and consistently with other Broadcom products.
ErrorService
)When adding the zos
profile to configuration and calling native code through JNI, you get UnsatisfiedLinkError
during invocation. When starting through JCL, messages like this appear in the job log:
08.14.25 JOB51197 TSS7003W Password Will Expire on 07/01/19
08.14.25 JOB51197 TSS7000I xxxxxxx Last-Used 26 Jun 19 06:23 System=xxxx Facility=ZOSMF
08.14.25 JOB51197 TSS7001I Count=00423 Mode=Fail Locktime=None Name=KELOSKY, DANIEL L
08.14.25 JOB51197 BPXP015I HFS PROGRAM ./libwtojni.so IS NOT MARKED PROGRAM CONTROLLED.
08.14.25 JOB51197 TSS7236E ENVIRONMENT IS CONTROLLED - UNIX MARK UNCONTROLLED REQUEST RE
08.14.25 JOB51197 JECTED
08.14.25 JOB51197 BPXP014I ENVIRONMENT MUST REMAIN CONTROLLED FOR DAEMON (BPX.DAEMON) PR
08.14.25 JOB51197 OCESSING.
Removing the zos
from the profile "resolves" the UnsatisfiedLinkError
.
In an old instance of the SDK, there was a context path, so endpoints were something like:
/sampleservice/api/v1/...
. Is the guidance to not have this context path in the URI?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.