Skip to content

Latest commit





Folders and files

Last commit message
Last commit date

parent directory


Camel CXFRS Demo (swagger v2.0) :: OIDC-secured :: A Red Hat JBoss Fuse 6.3.0 RESTful service that handles operations on an IP address or a hostname

This project can be deployed both in a Red Hat JBoss Fuse 6.3.0 standalone karaf container or in a Fabric8-managed cluster environment.

Deployment on a standalone instance of Red Hat Fuse 6.3.0/Apache Karaf


  • Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf is installed and running in standalone mode
  • Red Hat JBoss AMQ broker is either running inside in the Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf (embedded) or is running as a standalone instance
  • A Red Hat Single Sign-On 7.5 or Keycloak 15 instance is installed and running
  • The project has been built for a standalone deployment

Deployment in a standalone instance of Red Hat Fuse 6.3.0 on Apache Karaf


  • Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf is installed and running in standalone mode
  • Red Hat JBoss AMQ broker is either running inside in the Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) on Apache Karaf (embedded) or is running as a standalone instance
  • A Red Hat Single Sign-On 7.5 or Keycloak 15 instance is installed and running
  • The project has been built for a standalone deployment

Deployment instructions

  • Create the org.jeannyil.fuse.demo.oidcsecured.ipservicecxfrsserver.cfg Persistent ID file in the <red_hat_fuse_install_directory>/etc directory with the following content:
  • Adapt the following properties according to your run-time environment:
    • amqclient.ssl.truststore: path to the truststore containing the AMQ broker public certificate
    • amqclient.ssl.truststore.password: password of the truststore
    • broker.out.url: Red Hat JBoss AMQ broker connection url (openwire)
    • and broker.user.password: credentials to connect to the Red Hat JBoss AMQ broker
    • and exposed.service.gateway.port: these are respectively the host and port where the RESTful service is exposed. They are used for the service dynamically-generated swagger v2.0 specification.
    • JBoss Fuse 6.3 Keyclaok Adapter configuration properties (see here for more details):
      • keycloak.adapter.realm: Name of the realm securing the application.
      • keycloak.adapter.authServerUrl: The base URL of the Red Hat Single Sign-On server. It is usually of the form https://host:port/auth
      • keycloak.adapter.sslRequired: Ensures that all communication to and from the Red Hat Single Sign-On server is over HTTPS. Valid values are 'all', 'external' and 'none'.
      • keycloak.adapter.useResourceRoleMappings: If set to true, the adapter will look inside the token for application level role mappings for the user. If false, it will look at the realm level for user role mappings. The default value is false.
      • keycloak.adapter.verifyTokenAudience: If set to true, then during authentication with the bearer token, the adapter will verify whether the token contains this client name (resource) as an audience. The default value is false.
  • Log into the Red Hat Fuse Karaf terminal and deploy the oidcsecured_ipservice_cxfrs_server_swaggerv2feature:
    $ features:addurl mvn:org.jeannyil.fuse/oidcsecured_ipservice_cxfrs_server_swaggerv2/1.0.0-SNAPSHOT/xml/features
    $ features:install oidcsecured_ipservice_cxfrs_server_swaggerv2

Deployment in a fabric8-managed cluster of Red Hat Fuse 6.3.0 on Apache Karaf


  • A fabric8-managed cluster of Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) is running
  • Red Hat JBoss AMQ broker is either running within the fabric8-managed cluster of Red Hat JBoss Fuse 6.3.0 Rollup 19 (v6.3.0.redhat-515) or as a standalone instance outside the fabric8 cluster
  • The project has been built for a Red Hat Fuse fabric8-managed cluster deployment
  • All the generated fabric8 profiles have been imported (See instructions here)

Deployment instructions

  • Log into the Red Hat Fuse fabric8 terminal
  • Use the fabric:profile-edit command (example: fabric:profile-edit -p org.jeannyil.fuse.cxfrs.demo/ org-jeannyil-fuse-cxfrs-demo) to adapt some Persistent ID properties as indicated for the following fabric8 profiles:
    • org-jeannyil-fuse-cxfrs-demo fabric8 profile
      • Adapt these org.jeannyil.fuse.cxfrs.demo Persistent ID properties:
        • amqclient.ssl.truststore: path to the truststore containing the AMQ broker public certificate
        • amqclient.ssl.truststore.password: password of the truststore
        • broker.out.url: Red Hat JBoss AMQ broker connection url (openwire)
        • and broker.user.password: credentials to connect to the Red Hat JBoss AMQ broker
      • Below is an extract of my org-jeannyil-fuse-cxfrs-demo fabric8 profile:
        $ fabric:profile-display org-jeannyil-fuse-cxfrs-demo
        Profile id: org-jeannyil-fuse-cxfrs-demo
        Configuration details
        PID: org.jeannyil.fuse.cxfrs.demo
          broker.out.url discovery:(fabric://ssl-demo-broker)
          amqclient.ssl.truststore /Users/jnyilimb/workdata/truststore/truststore.jks
          broker.max.activesessionperconnection 500
          broker.max.connections 1
          broker.user.password ${crypt:AXwoRz+nwJEtZtayqOprP8VFTxMJl5EZ}
          amqclient.ssl.truststore.password ${crypt:/ynd1l0QTCcuaeJdcdAsrA==}
          output.message.ttl.inms 3600000
    • org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 fabric8 profile
      • Adapt these org.jeannyil.fuse.demo.ipservicecxfrsserver Persistent ID properties:
        • and exposed.service.gateway.port: these are respectively the host and port where the RESTful service is exposed. They are used for the service dynamically-generated swagger v2.0 specification.
        • JBoss Fuse 6.3 Keyclaok Adapter configuration properties (see here for more details):
          • keycloak.adapter.realm: Name of the realm securing the application.
          • keycloak.adapter.authServerUrl: The base URL of the Red Hat Single Sign-On server. It is usually of the form https://host:port/auth
          • keycloak.adapter.sslRequired: Ensures that all communication to and from the Red Hat Single Sign-On server is over HTTPS. Valid values are 'all', 'external' and 'none'.
          • keycloak.adapter.useResourceRoleMappings: If set to true, the adapter will look inside the token for application level role mappings for the user. If false, it will look at the realm level for user role mappings. The default value is false.
          • keycloak.adapter.verifyTokenAudience: If set to true, then during authentication with the bearer token, the adapter will verify whether the token contains this client name (resource) as an audience. The default value is false.
      • Below is an extract of the org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 fabric8 profile:
        $ fabric:profile-display org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2
        Profile id: org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2
        Configuration details
        PID: org.jeannyil.fuse.demo.oidcsecured.ipservicecxfrsserver
          error.amq.destination queue://IPSERVICE.CXFRSSERVER.ERROR.QUEUE
          broker.out.url ${profile:org.jeannyil.fuse.cxfrs.demo/broker.out.url}
          broker.max.activesessionperconnection ${profile:org.jeannyil.fuse.cxfrs.demo/broker.max.activesessionperconnection}
          broker.max.connections ${profile:org.jeannyil.fuse.cxfrs.demo/broker.max.connections}
          http.client.receive.timeout.inms 120000
          keycloak.adapter.verifyTokenAudience true
          keycloak.adapter.sslRequired ALL
          notif.amq.destination queue://IPSERVICE.CXFRSSERVER.NOTIF.QUEUE
          broker.user.password ${profile:org.jeannyil.fuse.cxfrs.demo/broker.user.password}
          amqclient.ssl.truststore.password ${profile:org.jeannyil.fuse.cxfrs.demo/amqclient.ssl.truststore.password}
          amqclient.ssl.truststore ${profile:org.jeannyil.fuse.cxfrs.demo/amqclient.ssl.truststore}
          http.client.connection.timeout.inms 60000
          exposed.service.gateway.port 9095
          keycloak.adapter.realm fuse-fabric-demo
          output.message.ttl.inms ${profile:org.jeannyil.fuse.cxfrs.demo/output.message.ttl.inms}
          keycloak.adapter.useResourceRoleMappings true
  • Deploy the org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2fabric8 profile:
    • On an existing fabric8 karaf container using the fabric:container-add-profile command. Example:
      $ fabric:container-add-profile cxfrs_server-node org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2
    • Or, create a new fabric8 karaf container and assign the profile using the fabric:container-create-child command. Example:
      $ fabric:container-create-child --profile org-jeannyil-fuse-cxfrs-demo-oidcsecured_ipservice_cxfrs_server_swaggerv2 fuse-01-root cxfrs_server-node

🚧 README TO BE COMPLETED with tests samples for both standalone and fabric8 deployments...