Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 01 20:03
    stevehu closed #1388
  • Oct 01 20:03
    stevehu commented #1388
  • Oct 01 19:06

    stevehu on issue1388

    (compare)

  • Oct 01 19:06

    stevehu on master

    fix for RequestTransformer plus… (compare)

  • Oct 01 19:06
    stevehu closed #1389
  • Sep 30 21:19
    DiogoFKT opened #1389
  • Sep 30 21:18

    DiogoFKT on issue1388

    fix for RequestTransformer plus… (compare)

  • Sep 30 21:15

    DiogoFKT on #1388

    (compare)

  • Sep 30 21:15

    DiogoFKT on issue1388

    (compare)

  • Sep 30 21:15

    DiogoFKT on #1388

    (compare)

  • Sep 30 21:15
    DiogoFKT opened #1388
  • Sep 28 18:57
    stevehu commented #1387
  • Sep 28 18:57

    stevehu on 1386-request-and-response-interceptors-buffer-conflict

    (compare)

  • Sep 28 18:57

    stevehu on master

    Update RequestInterceptorInject… (compare)

  • Sep 28 18:57
    stevehu closed #1386
  • Sep 28 18:57
    stevehu closed #1387
  • Sep 28 18:48
    KalevGonvick opened #1387
  • Sep 28 18:48
    KalevGonvick review_requested #1387
  • Sep 28 18:48

    KalevGonvick on 1386-request-and-response-interceptors-buffer-conflict

    Update RequestInterceptorInject… (compare)

  • Sep 28 18:44

    KalevGonvick on 1386-request-and-response-interceptors-buffer-conflict

    (compare)

Steve Hu
@stevehu
We actually have an e-commerce platform built on top of light-4j already and you can use it if you are interested.
We build it wiht Event Sourcing and CQRS with Kafka/Kafka streams
Steve Hu
@stevehu
We have released 2.0.32 for jdk11. It is backward compatible with some defects addressed, and some enhancements added.
For more all the PRs included in each release, please visit https://trello.com/b/189msq9S/release-schedule or individual release note.
PeterKieu
@PeterKieu
@stevehu Long time no see. Did you hear about Log4j RCE 0-day (CVE-2021-44228)?
The recommended fixed version of log4j is 2.15.0, we should update to the light-4j eco-system and all your partner's projects
PeterKieu
@PeterKieu
SLF4J is used in the Light-4j, it may be affected
Steve Hu
@stevehu
@PeterKieu Thanks a lot for the reminder. We are using SLF4j and logback. There is in Log4j in our dependency. However, some components like light-kafka and kafka-sidecar contain Kafka and it has Log4j as a dependency. We are working very closely with our customers the last few days. Thanks a lot for your reminder.
Guangwei Zhang
@632691987
Hi There, I am a new guy here, I want to build a rest application with light-4j, anyone know where I can find any example?
Steve Hu
@stevehu
Also, this repo contains the specification and codegen config. https://github.com/networknt/model-config/tree/master/rest
Kim Ming Yap
@yapkm01
Hi .. if i have a XML e..g <Test key=”565610101010”><a>test</a></Test> how do i mask the key say "5656**" using mask.yml since key is an attribute instead of an element? Will light4J be able to do it? Appreciate your help. Tx
Steve Hu
@stevehu
Not right now. The mask is working on JSON only at the moment. It basiscally iterate the properties with list or map and the mask pattern is defined using JSONPath. To implement similar feature for XML is doable but these days it is not used very often. I would be very happy if someone sumit a PR to get the feature in. Thanks.
Debanshu Sinha
@debanshu
Hi all, apologies for hijacking for a personal ask:
We are a startup based in Bangalore, India - https://www.goswift.in/ and we use light-4j in quite a few of our services; along with some written in NodeJS/Typescript
We are looking to hire on-site engineers across all levels to help grow our product.
If anyone is interested; or you know anyone who would be; please reach out to me at debanshu@goswift.in
Or you can directly apply here: https://www.linkedin.com/jobs/view/2955135205/
Steve Hu
@stevehu
@debanshu Nice to know you guys are building with light-4j. We have a lot of customers in India, China and Philippine and majority of them are in financial industry. Good luck to your product and let us know if you need any help.
Kim Ming Yap
@yapkm01
@stevehu Hi Steve, I have a situation where i requires 2 separate masking files, e.g. mask-a.yml and mask-b.yml. I know the handlers.yml can have multiple chains. I am thinking of e..g chain-a will use mask-a.yml and chain-b use mask-b.yml. The question is how does e.g. chain-a will load mask-a.yml and chain-b will load mask-b.yml? Appreciate your help. Tx
Steve Hu
@stevehu
As I understand it, the mask is working within the same application regardless which endpoint is used. You can define all the masking rules in the same file. However, if you want to have two chains with different mask config files, you can create two customized handlers to extend the light-4j implementation and in your handler, you load different mask config files. I hope it helps.
Kim Ming Yap
@yapkm01
I dont think that's possible because your mask class always use the mask.yml file. It's hardcoded.
Kim Ming Yap
@yapkm01
There's issue udinga single masking field. E.g 2 handlers. Handler1 has request header abc which handler2 does not has this request abc. So when handler2 has
.. payload processing .. since it has no request header abc .. the mask.replacewithmask will throw nullpointer the very first line since parameter stringToBeMasked is null
This method failed at ... "if stringToBeMasked.length().." with nullpointer
Steve Hu
@stevehu
If this is the case, I think we need to fix the issue. If the field doesn't exist, it will skip the mask. Not throw the exception. Could you please open an issue and let's get it fixed. I still think using the same handle for both endpoints is the best solution.
Kim Ming Yap
@yapkm01
Sure. When can this fixed? It's kind of urgent
I am using light4j 1.6.26 but i think if you have fixed the issue i probably just need the latest version of mask class
Steve Hu
@stevehu
I am busy with several projects at the moment. I am wondering if you could take a look at the implementation and submit a PR.
Kim Ming Yap
@yapkm01
Please confir.
Steve Hu
@stevehu
I would highly recommend moving to 2.0.x if possible. The 1.6.x is only used by several clients and it is in maintenance mode now.
Kim Ming Yap
@yapkm01
I have never created pr before. Using gitlab?
Steve Hu
@stevehu
GitHub
Kim Ming Yap
@yapkm01
I have submitted PR#1206. Bear in mind we're using java 1.8 which does not support modules. Tx
My company does not support light-4j 2x yet .. FYI
Steve Hu
@stevehu
OK. Thanks.
Kim Ming Yap
@yapkm01
sori #1208
i think it's a quick fix. when do you think i can have the revised one?
Steve Hu
@stevehu
I saw the issue but there is no PR yet.
could you please get it fixed and submit a PR/
?
Kim Ming Yap
@yapkm01
oh sori .. i am just a user of your framework.
i work for a bank and we use your framework
Steve Hu
@stevehu
Talk to your support team and they can handle the issue.
nmart
@nmart:matrix.org
[m]
Hi @stevehu the evolution of Light4j for some time, and we have to congratulate you. Light4j is really a flexible and easy software to build microservices. For instance, the project generator from a swagger file is certainly very useful, and the way Light4j handles the dependency injection is simply elegant. We've also been checking on other frameworks, like Quarkus or Micronaut, and they lack this ease of working by hiding many stuff behind the scenes that makes somehow hard to understand what's going on. However, Quarkus has a big advantage at this point, which is the possibility to compile to native code with GraalVM, and that's slowly turning into a standard in the microservices industry. Light4j is based on Undertow, which cannot be compiled with GraalVM, and according to the latest news on their official site, probably never will. We were wondering how do you see the future of Light4j in this regard, it seems to be very tied to Undertow, but maybe there are ways to replace it with Netty, as the latest frameworks are doing. What do you think?
Steve Hu
@stevehu
@nmart:matrix.org Thanks a lot for the good words. We are based on undertow 2.x now and planning to have another branch with undertow 3.x at https://github.com/quarkusio/quarkus-http
The http-core in quarkus-http is based on netty and it is the core of the quarkus.
nmart
@nmart:matrix.org
[m]
That's the point, Undertow 3.x seems a project that will never see the light: https://github.com/undertow-io/undertow/tree/3.x the last update was 3 years ago. Or do you mean that you plan on replacing Undertow with Quarkus http?
Steve Hu
@stevehu
Yes. It is the same as the Undertow just change the underline XNIO to Netty.
nmart
@nmart:matrix.org
[m]
Hi @stevehu long time no see. We've been trying to use tokens generated by KeyCloak on Light4j, but even if we are using the same server.keystore both on a Light4j microservice and Keycloak, the JwtVerifier class keeps rejecting the token. We've made sure the private key and certificates are the same on both ends, and the kid of the token is also the same that is set on openapi-security.yml. We've been using before light4-Oauth2, but we were planning to migrate to Keycloak to be used as SSO with external systems, so we were wondering if there is anything else we should add to KeyCloak's token to act as light4-Oauth2 tokens. Of course, we'll happy to write some documentation of the process once it's working, in case anyone else wants to follow the same path
nmart
@nmart:matrix.org
[m]
:point_up: Edit: Hi @stevehu long time no see. We've been trying to use tokens generated by KeyCloak on Light4j, but even if we are using the same server.keystore both on a Light4j microservice and Keycloak, the JwtVerifier class keeps rejecting the token. We've made sure the private key and certificates are the same on both ends, and the kid of the token is also the same that is set on openapi-security.yml. We've been using before light4-Oauth2, but we were planning to migrate to Keycloak to be used as SSO with external systems, so we were wondering if there is anything else we should add to KeyCloak's token to act as light4-Oauth2 tokens. Of course, we'll happy to write some documentation of the process once it's working, in case anyone else wants to follow the same path. To be more specific, the error is "Incorrect signature or malformed token in authorization header", but the token is right, we've checked it on jwt.io and has no issue
Steve Hu
@stevehu
There are two ways the JwtVerifierHandler load the public key: X509Cerfiticate vs JWK. If KeyCloak supports JWK, use that is the recommended way. If it doesn't, you need to add the public key certificate into the config folder and update the openapi-security.yml to map the kid to the right certificate file. You can also use values.yml to overwrite the mapping.
nmart
@nmart:matrix.org
[m]
Thanks Steve, we've already done that, the public certificate is in the config folder, and openapi-security.yml is pointing to it, using the same kid as the token. Being more specific, the error is org.jose4j.jwt.consumer.InvalidJwtException: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to verify the signature with any of the provided keys - SHA-1 thumbs of provided certificates: [X].): JsonWebSignature{"alg":"RS256","typ" : "JWT","kid" : "XY"}
Steve Hu
@stevehu
Looks like the key is not correct. The certificate file that is mapped to kid XY is not correct.