MCP-Portal build problem

[Timo Vuorijärvi]

Dear MCP team,

I'm trying to build the MCP-Portal. I'm new to node development projects so let me know if I do something totally wrong.

I have the latest changes from master branch. Building the project in locally the Windows, because Windows Docker-Desktop did not work properly..

Environment:

- Windows 10

- node-v14.15.1-win-x64.

When running the npm install commands, those failed.

In the package.json had references to github projects which was not found, I assume:

npm ERR! code ENOENT

npm ERR! syscall spawn git

npm ERR! path git

npm ERR! errno -4058

npm ERR! enoent Error while executing:

npm ERR! enoent undefined ls-remote -h -t ssh://g...@github.com/gdi2290/string-replace-loader.git

npm ERR! enoent

npm ERR! enoent

npm ERR! enoent spawn git ENOENT

npm ERR! enoent This is related to npm not being able to find a file.

npm ERR! enoent

I tried to fix problem by changing those missing github projects to npm install stuff.

And updated latest versions to the package.json.

@call npm install --global rimraf

@call npm install --global webpack webpack-dev-server types...@2.0.0

@call npm uninstall node-sass

@call npm install node-sass

@call npm install ammap3

@call npm install amcharts3

@call npm install string-replace-loader

Now the "npm install" runs with some warnings and also "npm run prebuild:dev" runs.

Tried to run "npm run build:dev" like in Dockerfile, but it goes to error:

npm ERR! missing script: build:dev

npm ERR!

npm ERR! Did you mean one of these?

npm ERR!     prebuild:dev

npm ERR!     build:test

npm ERR!     build

Tried to run build, but it goes to same error.. Added following line to package.json:

    "build:dev": "webpack --config config/webpack.dev-dev.js --progress --profile",

Looks to me that the build worked after that.

Tried to start the server by running:

npm start-dev

npm start dev

npm start start-dev

npm run start-dev

npm run server:dev

npm run server

npm start server

All I get is error about missing script. Looks like my few hour node experience is not enough to 'fix' this one :)

It would be great if you could guide me to correct path, Thanks!

Br, Timo

[Oliver Steensen-Bech Haagh]

Hi Timo,

Dependencies that are suddenly missing is unfortunately one of the downsides of npm if you ask me... As far as I can see the Github link for the dependency that it is not able to get is redirected to https://github.com/PatrickJS/string-replace-loader and maybe npm is not able to follow that redirect... I will try to see if I can setup a clean environment on my end and see if I can reproduce the error. 

A word of caution though, be careful about just using 'npm install <package>' as that will actually install the latest version of that package which can in some cases actually break compatibility with other dependencies. 

The MCP Portal was originally based on https://github.com/akveo/ngx-admin about 4 years ago, but unfortunately we haven't been able to keep up with it which is why many dependencies are not really up-to-date anymore.

Regarding the missing scripts, I think it is actually just because the list has not been properly cleaned up for quite a while to be honest, so there are probably some of the scripts that are referenced that are actually missing. Except for the start-dev script what errors do you get for the other start-* scripts? 

Best regards

Oliver

[Timo Vuorijärvi]

Hi Oliver,

Thank you for info. Yes, I understand. 4 years are quite long time to stay still with new web technologies. No problem.

New day new eyes, I had something wrong with my startup-script which caused that missing script error. Now doing that differently, I was able to run the "npm run start-dev". The server starts, but when I go to http://localhost:30000/ there are just circling colors. No error or other new log seen in startup console. Is there way to enable debug logging?

This version uses the latest ammap3, amcharts3 and string-replace-loader libs..

Br, Timo

[oha...@gmail.com]

Hi Timo,

It sounds like the application is working as it should since you don't get any errors there. Have you tried to have development console in the browser open while loading the website? What I think it could be is that the OIDC client for the Portal in Keycloak is by default configured to be accessible on https://management.maritimeconnectivity.net, so what you will need to do is to change it to instead be allowed on http://localhost:3000 as shown bellow.

Best regards

Oliver 

[Timo Vuorijärvi]

Hi Oliver,

Yes, thanks for the tip and sorry, it takes little time get back to web developer mode ;) I checked the web console and it looks like that the portal is trying to connect following address and get 404 as response [http://localhost:8080/auth/realms/MCP/protocol/openid-connect/login-status-iframe.html]. Looks like keycloak have failed to start to 8080 because reserved port. There are some port conflicts because I'm running all the services at same machine. Need to do little port list which component is using which port and do some configuring..

Thanks!

Br, Timo

P.S.

The "as shown bellow".. There are just big blank white box (tried with Chrome and Firefox) :)

[oha...@gmail.com]

Hi Timo,

Ah yes, that's annoying when different applications are trying to use the same ports... 

Well I guess that's another reason to get away from Google Groups when it doesn't want to show pictures... :P I have attached it to the post now instead, hopefully that works. 

Best regards

Oliver

[Timo Vuorijärvi]

Hi Oliver,

Yes, now I was able to see the image, Thanks!

Br, Timo

[Timo Vuorijärvi]

Hi Oliver and the team,

Now all the components are running, but not everything are working yet. Here are couple questions, my configuration and some logs about portal log in error.

1) Is this correct? MCP Realm > Client > Setupclient > Valid Redirect URIs: http://localhost:8080/*

2) What is this? (Changed MIR port from 8443 to 9443, does this cause problems?) MCP Realm > Client > Cert2oidc > Valid Redirect URIs: http://localhost:9*

3) Portal has following config, should it point to keycloak?  (protractor.conf.js: baseUrl: 'http://localhost:8080/')

4) Is elasticsearch server required to be running that MCSR work properly?

This is my current configuration, changed the MCSR port from 8080 to 8181. Does the port change require some configuration that following list is missing?

MIR

    Provides

        9443: HTTP Listener, changed from 8443, application.yaml

    Uses

        1025: SMTP Server, application.yaml

        3306: JDBC, application.yaml

        8080: keycloak-broker-base-url: http://localhost:8080/auth/, application.yaml

        8080: keycloak-project-users-base-url: http://localhost:8080/auth/, application.yaml

        8080: keycloak-certificates-base-url: http://localhost:8080/auth/, application.yaml

8080: "auth-server-url": "http://localhost:8080/auth/", keycloak.json

Portal

    Provides

        3000: HTTP Listener

    Uses

        8080: "auth-server-url": "http://localhost:8080/auth", src/assets/dev-dev-keycloak.json

        8080: baseUrl: 'http://localhost:8080/', protractor.conf.js

MCSR

    Provides

        8181: HTTP Listener, changed from default 8080, application.yaml

    Uses

        1025: SMTP Server, changed from 25, application.yaml

        2003: metrics.graphite, application.yaml

        3306: JDBC, application.yaml

        5000: logging.logstash, application.yaml

        9300: Elasticsearch, application.yaml

        9999: metrics.spark, application.yaml

Keycloak

    Provides

        8080: HTTP listener

        8443: HTTPS listener

9990: Admin console / Http management interface

    Uses

        MCP Realm > Client > MCP-Portal > Root URL: http://localhost:3000

        MCP Realm > Client > Cert2oidc > Valid Redirect URIs: http://localhost:9* 

        MCP Realm > Client > Setupclient > Valid Redirect URIs: http://localhost:8080/* (Is this correct?)

MariaDB

    Provides

        3306: Server

FakeSMTP

    Provides

        1025: SMTP Server

Now I get the startup screen from the http://localhost:3000/#/login.

When the "Log in" button is pressed is get following error to the browser when it tries to connect URL:

http://localhost:8080/auth/realms/MCP/protocol/openid-connect/auth?client_id=MCP-Portal&redirect_uri=http://localhost:3000/&state=620a06a2-0160-45ac-853c-cd062e7efcfb&response_mode=fragment&response_type=code&scope=openid&nonce=7b1ab64e-efd4-4721-bb2f-ad75cd594493

java.lang.RuntimeException: java.lang.RuntimeException: java.lang.NullPointerException

at org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:46)

at org.keycloak.provider.wildfly.WildFlyRequestFilter.doFilter(WildFlyRequestFilter.java:39)

at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)

at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)

at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)

at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)

at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)

at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)

at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)

at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)

at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)

at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)

at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370)

at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)

at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)

at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)

at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: java.lang.NullPointerException

at org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:43)

at org.keycloak.services.filters.AbstractRequestFilter.filter(AbstractRequestFilter.java:43)

... 45 more

Caused by: java.lang.NullPointerException

at org.keycloak.theme.DefaultThemeManager.loadTheme(DefaultThemeManager.java:106)

at org.keycloak.theme.DefaultThemeManager.getTheme(DefaultThemeManager.java:73)

at org.keycloak.theme.DefaultThemeManager.getTheme(DefaultThemeManager.java:62)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.getTheme(FreeMarkerLoginFormsProvider.java:289)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createResponse(FreeMarkerLoginFormsProvider.java:177)

at org.keycloak.forms.login.freemarker.FreeMarkerLoginFormsProvider.createErrorPage(FreeMarkerLoginFormsProvider.java:545)

at org.keycloak.services.ErrorPage.error(ErrorPage.java:31)

at org.keycloak.services.ErrorPageException.getResponse(ErrorPageException.java:58)

at org.jboss.resteasy.core.ExceptionHandler.unwrapException(ExceptionHandler.java:132)

at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:80)

at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:346)

at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:193)

at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:457)

at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)

at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)

at org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:358)

at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)

at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)

at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:245)

at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:61)

at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:590)

at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)

at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

at org.keycloak.provider.wildfly.WildFlyRequestFilter.lambda$doFilter$0(WildFlyRequestFilter.java:41)

... 46 more

The keycloak console show also that same stacktrace and additionally before that comes following warning:

16:21:15,859 WARN  [org.keycloak.events] (default task-26) type=LOGIN_ERROR, realmId=MCP, clientId=MCP-Portal, userId=null, ipAddress=127.0.0.1, error=invalid_redirect_uri, redirect_uri=http://localhost:3000/

Also having following error log in the MCSR log, not sure is that related. The MCSR web UI is reachable from http://localhost:8181.

15:44:06.064 [http-nio-8181-exec-2] ERROR org.springframework.web.socket.messaging.StompSubProtocolHandler - Failed to send client message to application via MessageChannel in session ktgm03ax. Sending STOMP ERROR to client.

org.springframework.messaging.MessageDeliveryException: Failed to send message to ExecutorSubscribableChannel[clientInboundChannel]; nested exception is org.springframework.security.access.AccessDeniedException: Access is denied

        at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:129) ~[spring-messaging-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:105) ~[spring-messaging-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.messaging.StompSubProtocolHandler.handleMessageFromClient(StompSubProtocolHandler.java:281) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.messaging.SubProtocolWebSocketHandler.handleMessage(SubProtocolWebSocketHandler.java:310) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.handler.WebSocketHandlerDecorator.handleMessage(WebSocketHandlerDecorator.java:75) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.handler.LoggingWebSocketHandlerDecorator.handleMessage(LoggingWebSocketHandlerDecorator.java:56) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.handler.ExceptionWebSocketHandlerDecorator.handleMessage(ExceptionWebSocketHandlerDecorator.java:58) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.sockjs.transport.session.AbstractSockJsSession.delegateMessages(AbstractSockJsSession.java:386) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.sockjs.transport.session.WebSocketServerSockJsSession.handleMessage(WebSocketServerSockJsSession.java:195) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.sockjs.transport.handler.SockJsWebSocketHandler.handleTextMessage(SockJsWebSocketHandler.java:93) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.handler.AbstractWebSocketHandler.handleMessage(AbstractWebSocketHandler.java:43) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.handleTextMessage(StandardWebSocketHandlerAdapter.java:110) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter.access$000(StandardWebSocketHandlerAdapter.java:42) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:81) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.web.socket.adapter.standard.StandardWebSocketHandlerAdapter$3.onMessage(StandardWebSocketHandlerAdapter.java:78) [spring-websocket-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.apache.tomcat.websocket.WsFrameBase.sendMessageText(WsFrameBase.java:395) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.server.WsFrameServer.sendMessageText(WsFrameServer.java:119) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.WsFrameBase.processDataText(WsFrameBase.java:495) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.WsFrameBase.processData(WsFrameBase.java:294) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.WsFrameBase.processInputBuffer(WsFrameBase.java:133) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.server.WsFrameServer.onDataAvailable(WsFrameServer.java:82) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.server.WsFrameServer.doOnDataAvailable(WsFrameServer.java:171) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.server.WsFrameServer.notifyDataAvailable(WsFrameServer.java:151) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.upgradeDispatch(WsHttpUpgradeHandler.java:148) [tomcat-embed-websocket-8.5.23.jar!/:8.5.23]

        at org.apache.coyote.http11.upgrade.UpgradeProcessorInternal.dispatch(UpgradeProcessorInternal.java:54) [tomcat-embed-core-8.5.23.jar!/:8.5.23]

        at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:53) [tomcat-embed-core-8.5.23.jar!/:8.5.23]

        at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) [tomcat-embed-core-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459) [tomcat-embed-core-8.5.23.jar!/:8.5.23]

        at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.23.jar!/:8.5.23]

        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_272]

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_272]

        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.23.jar!/:8.5.23]

        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_272]

Caused by: org.springframework.security.access.AccessDeniedException: Access is denied

        at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.0.0.M5.jar!/:5.0.0.M5]

        at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.0.0.M5.jar!/:5.0.0.M5]

        at org.springframework.security.messaging.access.intercept.ChannelSecurityInterceptor.preSend(ChannelSecurityInterceptor.java:69) ~[spring-security-messaging-5.0.0.M5.jar!/:5.0.0.M5]

        at org.springframework.messaging.support.AbstractMessageChannel$ChannelInterceptorChain.applyPreSend(AbstractMessageChannel.java:161) ~[spring-messaging-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        at org.springframework.messaging.support.AbstractMessageChannel.send(AbstractMessageChannel.java:115) ~[spring-messaging-5.0.0.RELEASE.jar!/:5.0.0.RELEASE]

        ... 32 more

Br, Timo

[oha...@gmail.com]

Hi Timo,

1) Yes, I believe that should be correct. 

2 ) Changing the port of the MIR should not matter. The Cert2oidc is a special OIDC client that can be used to exchange an MCP certificate to an OIDC token. How it can be used is described here https://developers.maritimeconnectivity.net/identity/index.html#obtaining-a-openid-connect-token-using-a-certificate. 

3) I don't think I have seen that config file before, where did you find it? 

4) Yes, it is required as it is what enables you to be able to search in the MSR. Also I don't think the MSR will even start up without a connection to an Elasticsearch server. 

The exception that you are getting seems to be because Keycloak is not able to find the custom MCP theme. How did you setup Keycloak, did you use a standalone installation or the MCP Keycloak Docker image? 
The exception from the MSR I think is because you haven't created a client for it in Keycloak. What you need to do is that you should create a new Client for the MSR similar to the one for the MIR, export the keycloak.json for it and then replace this one with the new one and then recompile. 

I hope this helps you.

Best regards

Oliver

[Timo Vuorijärvi]

Thanks again Oliver,

3) The  protractor.conf.js is found from here: node_modules\ng2-bootstrap. Just realized that, that looks like it is created by node. So the address comes from somewhere else to there.

4) The MSR start, but with some whining about the non responding elasticsearch. Ok, need to install that.

I use standalone installation from the keycloak.

Still having little difficulties with the MSR.

- I created client to MCP realm using keycloak admin console. It should be now same kind like the mcpidreg client configuration.

- Exported the keycloak.json (looks like same than the mcpidreg keycloak.json)

 - The old file had  "ssl-required": "external", new value is none

 - The old file had  "realm-public-key": new file does not have that value at all

- Replace WEB-INF file with new new one

> MSR does not startup > It does not understart the "confidential-port": 0 in the keycloak.json > Removed that one from the json.

> MSR starts but still get the access denied error

> There are nothing seen in the keycloak server log files..

>> I'll try to enable MSR debug, if that show something more

>>I start the MSR usgin command line parameter (like in MIR) -Dspring.profiles.active=prod,swagger , but in the there are first log that says no profile defined, using default 'dev' and later on in the there are logs that says using profile "prod,swagger", is this ok?

Br, Timo

[Timo Vuorijärvi]

Hi Oliver,

I was able to login to the MCR UI using default admin/admin user. And the UI looks to work nicely. I can see for example metrics page (http://localhost:8181/#/metrics) even though there are that log in the console. The messages level is debug, so not sure is that a real issue?

2020-11-26 11:31:58.360 DEBUG 17532 --- [boundChannel-26] c.f.m.m.web.websocket.ActivityService    : Sending user tracking data ActivityDTO{sessionId='3dntcgzo', userLogin='admin', ipAddress='/127.0.0.1:51870', page='jhi-tracker', time='2020-11-26 11:31:58'}

2020-11-26 11:32:05.722 DEBUG 17532 --- [boundChannel-32] c.f.m.m.web.websocket.ActivityService    : Sending user tracking data ActivityDTO{sessionId='3dntcgzo', userLogin='admin', ipAddress='/127.0.0.1:51870', page='jhi-metrics', time='2020-11-26 11:32:05'}

2020-11-26 11:32:05.788 DEBUG 17532 --- [nio-8181-exec-6] m.c.SecurityConfiguration$SkippingFilter : Check authentication [http://localhost:8181/management/jhipster/metrics?null]

2020-11-26 11:32:05.788 DEBUG 17532 --- [nio-8181-exec-6] m.c.SecurityConfiguration$SkippingFilter : No authentication - do filter [http://localhost:8181/management/jhipster/metrics?null]

2020-11-26 11:32:05.795 DEBUG 17532 --- [nio-8181-exec-6] m.c.SecurityConfiguration$SkippingFilter : Check authentication [http://localhost:8181/management/jhipster/metrics?null]

2020-11-26 11:32:05.810 DEBUG 17532 --- [nio-8181-exec-6] m.c.SecurityConfiguration$SkippingFilter : No authentication - do filter [http://localhost:8181/management/jhipster/metrics?null]

2020-11-26 11:32:05.821 DEBUG 17532 --- [nio-8181-exec-6] c.f.m.mcsr.security.UserDetailsService   : Authenticating admin

Br, Timo

[oha...@gmail.com]

Hi Timo,

Knowing that you are using a standalone installation of Keycloak might explain the exception you are getting - on the login screen Keycloak is configured to use a custom theme that we made, and if that doesn't exist it will throw a NullPointerException. Setting up a standalone installation of Keycloak is usually very cumbersome and therefore I instead recommend people to use our custom Kyecloak Docker container as that already contains all the customizations. If you want to keep using the standalone installation there are two things you can do: the first is to install the custom theme by copying the themes folder from here to the base of your Keycloak installation folder. The other thing you can do is to change the login theme on the page shown in the attachment.

The modifications that you made to the keycloak.json file for the MSR look correct, the MSR uses a quite old version of the Keycloak adapter so some of the attributes like confidential-port are not supported by it. 

The requests that you get access denied from are you setting a valid access token in the Authorization header for them? 

Except for it complaining about the missing Elasticsearch the log output you get from the MSR looks normal. 

Best regards

Oliver

[Timo Vuorijärvi]

Hi Oliver,

Ok, that worked, now new try..

Thanks for help. I added the theme to the keycloak and it went to some redirect error.

Noticed that in one of your image, the MCP-Portal Valid url was "/*".

In the default config it seems to be "/app/*", changed that to "/*" and new redirect to MCP Broker page works.

When trying to log in to the MCP Broker with idreg-admin/idreg-admin it get following error to web console:

"Uncaught Error: Keycloak token parse error: 'org' not present", any glue what that means?

I could try also the docker image. The keycloak docker image requires mapping to some config directory, what config directory that should be?

In the MIR_setup.pdf there are following certification creation url:

- oidc/api/org/urn:mrn:mcl:org:dma/device/urn:mrn:mcp:device:idp1:dma:sync/issue-new

Should it be following?

- oidc/api/org/urn:mrn:mcp:org:idp1:dma/device/urn:mrn:mcp:device:idp1:dma:sync/certificate/issue-new

Installed also newest elasticsearch, looks like it requires min lib version 6.0.0.

MSR uses 5.x, So installed newest 5.x elasticsearch and now those elasticsearch startup errors are gone.

I got few errors from MSR pages which seems to be because of wrong version of db schema?

2020-11-26 12:03:01.080 DEBUG 17532 --- [io-8181-exec-10] c.f.maritime.mcsr.service.DesignService  : Request to get all Designs

12:03:01.089 [http-nio-8181-exec-10] ERROR org.hibernate.engine.jdbc.spi.SqlExceptionHelper - Unknown column 'design0_.last_updated_at' in 'field list'

2020-11-26 12:04:06.283 DEBUG 17532 --- [nio-8181-exec-1] c.f.m.mcsr.service.SpecificationService  : Request to get all Specifications

12:04:06.297 [http-nio-8181-exec-1] ERROR org.hibernate.engine.jdbc.spi.SqlExceptionHelper - Unknown column 'specificat0_.last_updated_at' in 'field list'

2020-11-26 12:04:38.117 DEBUG 17532 --- [nio-8181-exec-7] c.f.m.mcsr.service.InstanceService       : Request to get all Instances

12:04:38.122 [http-nio-8181-exec-7] ERROR org.hibernate.engine.jdbc.spi.SqlExceptionHelper - Unknown column 'instance0_.last_updated_at' in 'field list'

"The requests that you get access denied from are you setting a valid access token in the Authorization header for them?"

I don't know, it comes when I use the MSR. But I have logged in to there with default admin/admin user.

The error log might come because the default admin/admin user does not have any rights in keycloak?

Br, Timo

perjantai 27. marraskuuta 2020 klo 11.01.54 UTC+2 Timo Vuorijärvi kirjoitti:

Hi Oliver and Team,

This is a test msg. Looks like that my messages gets removed. So sure is that by purpose ;)

Br, Timo

[Timo Vuorijärvi]

Hi Oliver and The Team, 

I'm trying to create the keystore for the device using following command:

Invoke-RestMethod -Uri http://localhost:9443/oidc/api/org/urn:mrn:mcp:org:idp1:dma/device/urn:mrn:mcp:device:idp1:dma:sync/certificate/issue-new -Headers @{"Authorization" = "Bearer $token"} -Method Get

The code goes to MIR's contained PKI module's KeystoreHandler:76: "return (KeyStore.PrivateKeyEntry) keyStore.getEntry(alias, protParam);".

The alias parameter value is "urn:mrn:mcp:ca:idp1:mcp-idreg" and the keystore is mc-sub-ca-keystore.jks.

The keystore does not contain entity with that alias, which causes NullPointerException later on.

What have I missed, where from the "urn:mrn:mcp:ca:idp1:mcp-idreg" should end up to the mc-sub-ca-keystore.jks? Or is the MRN wrong?

Br, Timo

[oha...@gmail.com]

Hi Timo,

For some reason some of your messages were flagged by the spam filter, perhaps you reached your quota for posts ;) Just kidding, I think maybe it was the paste of the log output that triggered it or something. 

The idreg-admin is only supposed to be used by the MIR itself to interact with Keycloak, so it cannot be used to interact with the MIR API. You should instead use the bootstrap user. 

Yes, I think you are correct the missing part in the URL, thank you for catching that! 

For the MSR error I am afraid that is an issue with how it initially creates the tables resulting in a few columns missing. I had a SQL script that could fix that lying around at some point, but I am afraid that I might have lost it. If you want it I can send you the contact details of someone who can help you in private? 

The access token that need to interact with MSR API is the same one from Keycloak that you should use to interact with the MIR API, the management dashboard with the default credentials is only used for internal management of the MSR.

For the mc-sub-ca-keystore.jks are you using the one that is included in the project, or did you make your own. And does it contain anything at all, or is it empty? 

Best regards

Oliver

[Timo Vuorijärvi]

Good Morning Oliver and The Team,

Yes, you are probably right, though also something like that :)

Thanks for clarifying of the user thing, I'll try to use bootstrap user.

The private messaging for SQL scripts is ok, I'll think I can manage if I get the alter clauses.

I used generated (empty) mc-sub-ca-keystore.jks, I'll try the keystore from the git.

Thanks!

Br, Timo   

[Timo Vuorijärvi]

Hi Oliver and The Team,

I was able to generate the certification successfully with using the keystore from the git. Looks like that the keycloak starts now without error with the mc-event-listener.

I'm able to login to the MCP using urn:mrn:mcp:user:idp1:bootstrap:mcp-admin. It took little time to find IR_BASE_PATH from webpack.dev-dev.js, but now the server address is fixed to there, and looks like it's ALIVE! :)

If we play with the thought that the whole system is now up and running. Is there some HelloWorld/test consumer/producer services, that could be used to verify the setup?

Br, Timo

[oha...@gmail.com]

Hi Timo,

Great to hear that you got it up and running now! :) 

I am afraid that I don't have a good example of a service that can be used to verify the setup, but I think anything that uses OIDC and/or certificate based authentication could be used. The closest to a Hello World would probably be to query the Swagger definition of the MIR API on /v2/api-docs. 

Best regards

Oliver

[Timo Vuorijärvi]

Hi Oliver,

Ok, Thanks, I'll try that.

Br,

Timo

[Timo Vuorijärvi]

Hi Team,

If someone needs, the previous MSR sql errors can be quick fixed by updating db schema using following spells:

ALTER TABLE `design` ADD `last_updated_at` varchar(255) NOT NULL;
ALTER TABLE `instance` ADD `last_updated_at` varchar(255) NOT NULL;
ALTER TABLE `specification` ADD `last_updated_at` varchar(255) NOT NULL;

ALTER TABLE `design` ADD `published_at` varchar(255) NOT NULL;
ALTER TABLE `instance` ADD `published_at` varchar(255) NOT NULL;
ALTER TABLE `specification` ADD `published_at` varchar(255) NOT NULL;  

Br, Timo