Logging HTTP requests and responses in quarkus resteasy - httprequest

I am running into a problem with calling a REST endpoint on a server, using a REST client in Quarkus, built with the org.eclipse.microprofile.rest.client.RestClientBuilder. I would very much like to debug the service, by writing the HTTP requests and responses to the log, so I might see what is actually being sent to the server. The hunt for a guide for that particular issue has eluded me however.
I managed to build a logging filter but that only logs out the URL and the Entitys toString value, which is not at all the same as the HTTP request and response being sent.
Help me by pointing me to a solution to log the actual HTTP request and response.

You can try to enable the logging for all the traffic including wire or just some components, here in the logging configuration guide you can find how enable just some components logging.
Add this to your application.properties and you should be able to see some logging information quarkus.log.category."org.apache.http".level=DEBUG
If you need to log everything you can always put quarkus in debug level ALL, and the pick the components you need to constraint the logging, whit this you see all the traces at wire level.
You can also enable the http access log with this guide
Good luck.

If you are using resteasy reactive you can turn on logging with:
quarkus.rest-client.logging.scope=request-response
quarkus.rest-client.logging.body-limit=1024
quarkus.log.category."org.jboss.resteasy.reactive.client.logging".level=DEBUG

Check this: https://quarkus.io/guides/resteasy-reactive#the-jax-rs-way
Simply implement that class and you will start logging. Like this:
#Provider
class LoggingFilter implements ContainerRequestFilter,
ContainerResponseFilter {
/* Useful stuff for later development purposes.
#Context
UriInfo info;
#Context
HttpServerRequest request;
*/
#Override
public void filter(ContainerRequestContext requestContext) {
Log.info(requestContext);
}
#Override
public void filter(ContainerRequestContext requestContext,
ContainerResponseContext responseContext) {
Log.info(responseContext);
}
}
Then you may use UriInfo, HttpServerRequest and ContainerRequestContext to get any data you want and add to your custom log.

Related

How can I trace Database operations with opentelemetry in ASP.NET Core?

I have an ASP.NET Core Web API project, let's call it projectA.
ProjectA connects to a MySQL database.
Project A simply does this:
get a request
then make a query to the connected MySQL database
then return response to request
I want to measure time spent for database operation and send result to Jaeger.
For http requests opentelemetry automatically measure time spent for request and send results to jaeger.
How can I do the same thing with opentelemetry for database operations?
You need to enable SQL Client instrumentation when configuring your tracer provider.
using OpenTelemetry.Trace;
public class Program
{
public static void Main(string[] args)
{
using var tracerProvider = Sdk.CreateTracerProviderBuilder()
.AddSqlClientInstrumentation()
.AddConsoleExporter()
.Build();
}
}
Here's the official documentation: https://github.com/open-telemetry/opentelemetry-dotnet/tree/main/src/OpenTelemetry.Instrumentation.SqlClient#readme

register server wide javax.ws.rs.client.ClientRequestFilter on JBoss EAP 7

Is it possible to register a javax.ws.rs.client.ClientRequestFilter server wide on JBoss EAP 7? I would like to intercept all outbound JAX-RS calls to dynamically add some context information in HTTP headers.
For JAX-WS calls I was able to do this with https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html-single/developing_web_services_applications/#jax_ws_handler_chains. I can't find any documentation on a similar mechanism for JAX-RS.
Or alternatively, is there maybe another way to intercept outbound HTTP calls in general?
For a per server solution, according to Using HttpHandler class in Undertow "you need to package your handler(s) into a module, and configure custom-filter in undertow subsystem."
The module.xml example and undertow configuration has been given as well as filter source code!
Update
There's an example of using the HTTPExchange here though I dont really care much for that site. SO also has this slightly related example - it does look like it can work similarly to the JAX-WS Handlers/Interceptor How to properly read post request body in a handler
Another good example file upload using httphandler I know they're different that dealing with JAX-RS but still may apply.
I implemented it by creating a module with the following contents:
package be.fgov.kszbcss.tracer.jaxrs;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
public class TracerResteasyClientBuilder extends ResteasyClientBuilder {
#Override
public ResteasyClient build() {
return super.build().register(TracerJaxRsClientRequestFilter.class);
}
}
/META-INF/services/javax.ws.rs.client.ClientBuilder
be.fgov.kszbcss.tracer.jaxrs.TracerResteasyClientBuilder
And registering it as a global module on JBoss EAP.

Auth0 spring security issue

I've been banging my head against this issue now for a couple days and I'm a bit of a noob with spring security. When implementing Auth0 into the system following their tutorials I get some unexpected behavior. When making a request to api if I have the configuration paramater
auth0.defaultAuth0ApiSecurityEnabled = false
then the when I do the OPTIONS pre-ping, I get back a 401 unauthorized code. This doesn't make much sense to me since OPTIONS requests don't get a token injected. To make matters more confusing for me if I switch this flag to true then the OPTIONS preping returns a 200 and then the get request to my endpoint returns 404. This seems hopeful, but the documentation explicitly says that the auth0.defaultAuth0ApiSecurityEnabled configuration should be set to false.
I have the config set up according to their spec as well.
#Configuration
#EnableWebSecurity(debug = true)
#EnableGlobalMethodSecurity(prePostEnabled = true)
#Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class WebConfig extends Auth0SecurityConfig {
/**
* Our API Configuration - for Profile CRUD operations
*
* Here we choose not to bother using the `auth0.securedRoute` property configuration
* and instead ensure any unlisted endpoint in our config is secured by default
*/
#Override
protected void authorizeRequests(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/api).authenticated()
.antMatchers("/**").permitAll();
}
}
I have intentionally set up the endpoint I am trying to hit as non secured as well which has made 0 difference in accessibily. Can anyone shed some light on where they think I might be going wrong with this in Spring security?

spring boot and google oauth

I've looked at the Oauth2 workflow on Google's docs and it seems pretty intuitive. Using a basic servlet I understand how I'd process all the callbacks, but using Spring Boot I'm a little confused by what I need to do if I'm using oauth and the Spring security module.
I found a tutorial here describing how to add authentication using a username and password, but I'm not sure if this is the best option for my needs as I mostly want to restrict things in the page and not the page itself. Anyway, assuming I will need authentication per page how can I set up a user using Oauth? Looking at the tutorial it appears the security module is doing some magic to get the username/password checked against the in-memory database.
#Configuration
#EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
#Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
In the example above I see configureGlobal sets up the username/password store to check against. Does spring boot have hard-coded logic for a username/password that will prevent me from using it for Oauth2? Should I just ignore this security module and set the user directly using my own handlers?
If all you need is to know who Google thinks your user is, you are happy to handle everything yourself you don't necessarily need Spring Security. There is also a Spring Social Google library here that you could use to implement the callbacks.

ServiceStack - prevent unauthorized access to static files

I understand there is more than one way of handling service authentication/authorization, but I cannot make it work for static files.
Is there a way of configuring the behavior to be the same as with services; if not authenticated a request to index.html should redirect to login page the same as a request to secured dto/service.
I am currently looking into RawHttpHandlers but since it is too early in the pipeline how do I get the authentication setup in the apphost config?
thanks in advance
Gjergji
You would have to use IAppHost.RawHttpHandlers because that's the only custom handler in ServiceStack's Request Pipeline that gets executed before the built-in static file handling is accessed.
But you should still be able to access the Users Session with the available extension methods, e.g:
this.RawHttpHandlers.Add(httpReq =>
{
var isStaticFileRequest = httpReq.PathInfo.StartsWith("/static");
if (isStaticFileRequest)
{
var session = httpReq.GetSession();
if (!session.HasRole("TheRole"))
return new ForbiddenHttpHandler();
}
return null;
});
This handler simply checks if it's a request for a static file, in this case the path info starts with /static, and if is checks the user session if they have the required role, if not it returns a Forbidden request, otherwise it returns null to tell ServiceStack to continue executing the request.
Note: if it's needed you can access any registered dependency from outside of ServiceStack with HostContext.Resolve, e.g:
var authRepo = HostContext.Resolve<IAuthRepository>();