Chapter 8. Running SOAP to REST bridge quickstart for Spring Boot 2 on Fuse on OpenShift

This quickstart demonstrates how to use Camel’s REST DSL to expose a backend SOAP API. A simple camel route can bridge REST invocation to legacy SOAP service. Security is involved for both REST endpoint and SOAP endpoint, both backed by RH SSO. Frontend REST API protected via OAuth and OpenID Connect, and the client will fetch JWT access token from RH SSO using Resource Owner Password Credentials OAuth2 mode and using this token to access the REST endpoint.

Prerequsites

  • You have installed and configured OCP 4.1 or later version.
  • You have installed RH SSO 7.4 or later version.
  • You have installed 3Scale 2.8 or later version.
  • You have configured authentication to registry.redhat.io. For more information see Configuring Red Hat Container Registry authentication.

Procedure

Following section explains how to run and deploy SOAP to REST bridge quickstart on Fuse on OpenShift.

  1. Start OpenShift server. Since we need to install RH SSO image (2 pods) and 3Scale image (15 pods) as prerequisites for this quickstart, we need to start the OpenShift server on a powerful machine, with options --memory 8GB --cpus 4. We also need to issue a security token with the expiration time, hence we need to add the timezone option as well. Ensure the Openshift cluster uses the same time zone as your local machine (by default it will use UTC timezone).
  2. Add cluster-admin role to the user developer.

    $ oc login -u system:admin
    $ oc adm policy add-cluster-role-to-user cluster-admin developer
    $ oc login -u developer
    $ oc project openshift

    This quickstart is deployed in the openshift namespace (this is the requirement of default configurations of the templates involved), as well as the RH SSO image, so we need to add the cluster-admin role to user developer.

  3. Create a secret and link it to the serviceaccounts.

    $ oc create secret docker-registry camel-bridge --docker-server=registry.redhat.io \
      --docker-username=USERNAME \
      --docker-password=PASSWORD \
      --docker-email=EMAIL_ADDRESS
    $ oc secrets link default camel-bridge --for=pull
    $ oc secrets link builder camel-bridge
  4. Add the RH SSO image stream and install RH SSO with template sso74-x509-postgresql-persistent.

    $ for resource in sso74-image-stream.json \
       sso74-https.json \
       sso74-postgresql.json \
       sso74-postgresql-persistent.json \
       sso74-x509-https.json \
       sso74-x509-postgresql-persistent.json
     do
       oc create -f \
       https://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/sso74-dev/templates/${resource}
     done
    
    $ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
    
    $ oc new-app --template=sso74-x509-postgresql-persistent

    Verify that the RH SSO images are available from openshift namespace, and then install RH SSO with template sso74-x509-postgresql-persistent. This template can save the RH SSO configuration permenantly, so the configuration is retained after the Openshift server restart.

  5. Once the RH SSO image is installed successfully on the server, you can see the output on the console as follows.

    A new persistent RH-SSO service (using PostgreSQL) has been created in your project. The admin username/password for accessing the master realm via the RH-SSO console is tprYtXP1/nEjf7fojv11FmhJ5eaqadoh0SI2gvlls. The username/password for accessing the PostgreSQL database "root" is userqxe/XNYRjL74CrJEWW7HiSYEdH5FMKVSDytx. The HTTPS keystore used for serving secure content, the JGroups keystore used for securing JGroups communications, and server truststore used for securing RH-SSO requests were automatically created via OpenShift's service serving x509 certificate secrets.
    
         * With parameters:
            * Application Name=sso
            * Custom RH-SSO Server Hostname=
            * JGroups Cluster Password=1whGRnsAWu162u0e4P6jNpLn5ysJLWjg # generated
            * Database JNDI Name=java:jboss/datasources/KeycloakDS
            * Database Name=root
            * Datasource Minimum Pool Size=
            * Datasource Maximum Pool Size=
            * Datasource Transaction Isolation=
            * PostgreSQL Maximum number of connections=
            * PostgreSQL Shared Buffers=
            * Database Username=userqxe # generated
            * Database Password=XNYRjL74CrJEWW7HiSYEdH5FMKVSDytx # generated
            * Database Volume Capacity=1Gi
            * ImageStream Namespace=openshift
            * RH-SSO Administrator Username=tprYtXP1 # generated
            * RH-SSO Administrator Password=nEjf7fojv11FmhJ5eaqadoh0SI2gvlls # generated
            * RH-SSO Realm=
            * RH-SSO Service Username=
            * RH-SSO Service Password=
            * PostgreSQL Image Stream Tag=10
            * Container Memory Limit=1Gi
  6. Note down the Username/Password which is used to access the RH SSO admin console. For example,

     * RH-SSO Administrator Username=tprYtXP1 # generated
     * RH-SSO Administrator Password=nEjf7fojv11FmhJ5eaqadoh0SI2gvlls # generated
  7. Install 3scale template in the 3scale project.

    $ oc new-project 3scale
    $ oc create secret docker-registry threescale-registry-auth --docker-server=registry.redhat.io --docker-server=registry.redhat.io \
      --docker-username=USERNAME \
      --docker-password=PASSWORD \
      --docker-email=EMAIL_ADDRESS
    $ oc secrets link default threescale-registry-auth --for=pull
    $ oc secrets link builder threescale-registry-auth
    $ oc new-app --param WILDCARD_DOMAIN="OPENSHIFT_IP_ADDR.nip.io" -f https://raw.githubusercontent.com/3scale/3scale-amp-openshift-templates/2.8.0.GA/amp/amp-eval-tech-preview.yml

    3scale installation on openshift will start 15 pods, so it is necessary to create a new specific project for 3scale. You also need a new threescale-registry-auth (use this name to create the secret as it is written in 3scale templates) secret for 3scale. You can reuse the USERNAME/PASSWORD from camel-bridge secret. We intentionally use amp-eval-tech-preview.yml template here because it doesn’t explicitly specify hardware resources so can be easily run on a local machine/laptop.

  8. After the 3scale template is installed successfully on the Openshift, you can see the output on the console as follows.

    3scale API Management
         ---------
         3scale API Management main system (Evaluation)
    
         Login on https://3scale-admin.192.168.64.33.nip.io as admin/b6t784nt
    
         * With parameters:
            * AMP_RELEASE=2.8
            * APP_LABEL=3scale-api-management
            * TENANT_NAME=3scale
            * RWX_STORAGE_CLASS=null
            * AMP_BACKEND_IMAGE=registry.redhat.io/3scale-amp2/backend-rhel7:3scale2.8
            * AMP_ZYNC_IMAGE=registry.redhat.io/3scale-amp2/zync-rhel7:3scale2.8
            * AMP_APICAST_IMAGE=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8:3scale2.8
            * AMP_SYSTEM_IMAGE=registry.redhat.io/3scale-amp2/system-rhel7:3scale2.8
            * ZYNC_DATABASE_IMAGE=registry.redhat.io/rhscl/postgresql-10-rhel7
            * MEMCACHED_IMAGE=registry.redhat.io/3scale-amp2/memcached-rhel7:3scale2.8
            * IMAGESTREAM_TAG_IMPORT_INSECURE=false
            * SYSTEM_DATABASE_IMAGE=registry.redhat.io/rhscl/mysql-57-rhel7:5.7
            * REDIS_IMAGE=registry.redhat.io/rhscl/redis-32-rhel7:3.2
            * System MySQL User=mysql
            * System MySQL Password=mrscfh4h # generated
            * System MySQL Database Name=system
            * System MySQL Root password.=xbi0ch3i # generated
            * WILDCARD_DOMAIN=192.168.64.33.nip.io
            * SYSTEM_BACKEND_USERNAME=3scale_api_user
            * SYSTEM_BACKEND_PASSWORD=kraji167 # generated
            * SYSTEM_BACKEND_SHARED_SECRET=8af5m6gb # generated
            * SYSTEM_APP_SECRET_KEY_BASE=726e63427173e58cbb68a63bdc60c7315565d6acd037caedeeb0050ecc0e6e41c3c7ec4aba01c17d8d8b7b7e3a28d6166d351a6238608bb84aa5d5b2dc02ae60 # generated
            * ADMIN_PASSWORD=b6t784nt # generated
            * ADMIN_USERNAME=admin
            * ADMIN_EMAIL=
            * ADMIN_ACCESS_TOKEN=k055jof4itblvwwn # generated
            * MASTER_NAME=master
            * MASTER_USER=master
            * MASTER_PASSWORD=buikudum # generated
            * MASTER_ACCESS_TOKEN=xa7wkt16 # generated
            * RECAPTCHA_PUBLIC_KEY=
            * RECAPTCHA_PRIVATE_KEY=
            * SYSTEM_REDIS_URL=redis://system-redis:6379/1
            * SYSTEM_MESSAGE_BUS_REDIS_URL=
            * SYSTEM_REDIS_NAMESPACE=
            * SYSTEM_MESSAGE_BUS_REDIS_NAMESPACE=
            * Zync Database PostgreSQL Connection Password=efyJdRccBbYcWtWl # generated
            * ZYNC_SECRET_KEY_BASE=dcmNGWtrjCReuJlQ # generated
            * ZYNC_AUTHENTICATION_TOKEN=3FKMAije3V3RWQQ8 # generated
            * APICAST_ACCESS_TOKEN=2ql8txu4 # generated
            * APICAST_MANAGEMENT_API=status
            * APICAST_OPENSSL_VERIFY=false
            * APICAST_RESPONSE_CODES=true
            * APICAST_REGISTRY_URL=http://apicast-staging:8090/policies
  9. Note down the Username/Password which can access the 3scale admin console.

            * ADMIN_PASSWORD=b6t784nt # generated
            * ADMIN_USERNAME=admin
  10. Configure RH SSO.

    1. Login to RH SSO Admin Console from https://sso-openshift.OPENSHIFT_IP_ADDR.nip.io/auth with username/password displayed on console after the RH SSO installation.
    2. Click the Add Realm button on the upper left corner of the page.
    3. On the Add Realm page, select Import Select file button.
    4. Select ./src/main/resources/keycloak-config/realm-export-new.json from the directory which will import pre-defined necessary realm/client/user/role for this example.
  11. Configure 3Scale API Gateway.

    1. Login to 3Scale Admin Console from https://3scale-admin.OPENSHIFT_IP_ADDR.nip.io/p/admin/dashboard with username/password displayed on console after the 3Scale installation.
    2. When creating a new product, select Define manually and use camel-security-bridge for both Name and System name.
    3. When creating a new backend, use camel-security-bridge for both Name and System name and the Private Base URL should be http://spring-boot-camel-soap-rest-bridge-openshift.OPENSHIFT_IP_ADDR.nip.io/.
    4. Add the newly created backend to the newly created product.
    5. Add the Mapping Rule Verb:POST Pattern:/.
    6. When creating application plans, use camel-security-bridge for both Name and System name.
    7. When creating applications, choose the new created camel-security-bridge application plan. After creating the application, note down the API Credentials. Use these credentials to access the 3scale gateway. For eample,

          User Key 	bdfb53fe9b426fbf21428fd116035798
    8. Edit the newly created camel-security-bridge project and publish it from camel-security-bridge in the Dashboard.
    9. Go to Integration > Settings. Select As HTTP Headers as the Credentials location.
    10. From the camel-security-bridge in the Dashboard, go to Integration > Configuration and promote both the Staging APIcast and Production APIcast.
  12. Navigate to the directory that contains the extracted quickstart application (for example, my_openshift/spring-boot-camel-soap-rest-bridge).

    $ cd my_openshift/spring-boot-camel-soap-rest-bridge
  13. Build and deploy the project to the OpenShift cluster.

    $ mvn clean oc:deploy -Popenshift -DJAVA_OPTIONS="-Dsso.server=https://sso-openshift.OPENSHIFT_IP_ADDR.nip.io -Dweather.service.host=${your local ip}"

    We need to pass in two properties to camel-soap-rest-bridge image on openshift. One is the RH SSO server address on openshift, and this is https://sso-openshift.OPENSHIFT_IP_ADDR.nip.io. Another one is the backend soap server. In this quickstart, we run the backend soap server on the local machine, so pass the local ip address of your machine as -Dweather.service.host. (This must be an ip address other than localhost or 127.0.0.1).

  14. In your browser, navigate to the openshift project in the OpenShift console. Wait until you can see that the pod for the spring-boot-camel-soap-rest-bridge has started up.
  15. On the project’s Overview page, navigate to the details page deployment of the spring-boot-camel-soap-rest-bridge application: https://OPENSHIFT_IP_ADDR:8443/console/project/openshift/browse/pods/spring-boot-camel-soap-rest-bridge-NUMBER_OF_DEPLOYMENT?tab=details.
  16. Switch to Logs tab to view the log from Camel.
  17. Access OpenApi API.

This example provides API documentation of the service using openapi using the context-path camelcxf/openapi. You can access the API documentation from your Web browser at http://spring-boot-camel-soap-rest-bridge-openshift.OPENSHIFT_IP_ADDR.nip.io/camelcxf/openapi/openapi.jsonn.