Arsnael commented on code in PR #1565: URL: https://github.com/apache/james-project/pull/1565#discussion_r1198494023
########## examples/oidc/apisix-lemonldap-ldap/apisix/conf/apisix.yaml: ########## @@ -0,0 +1,236 @@ +routes: + # OIDC authentication endpoints + - + id: jmap + uri: /oidc/jmap + service_id: jmap_service_oidc + methods: + - POST + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + uri: /jmap + - + id: jmap_websocket + uri: /oidc/jmap/ws + service_id: jmap_service_oidc + enable_websocket: true + methods: + - GET + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + uri: /jmap/ws + - + id: jmap_session_oidc + uri: /oidc/jmap/session + service_id: jmap_service_oidc + methods: + - GET + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + uri: /jmap/session + - + id: download + uri: /oidc/download/* + service_id: jmap_service_oidc + methods: + - GET + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + regex_uri: + - "^/oidc/download/(.*)/(.*)" + - "/download/$1/$2" + - + id: upload + uri: /oidc/upload/* + service_id: jmap_service_oidc + methods: + - POST + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + regex_uri: + - "^/oidc/upload/(.*)" + - "/upload/$1" + - + id: web_known_finger + uris: + - /oidc/.well-known/webfinger + - /.well-known/webfinger + service_id: jmap_service_basic_auth + methods: + - GET + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + uri: /.well-known/webfinger + - + id: web_known_linagora_ecosystem + uri: /oidc/.well-known/linagora-ecosystem + service_id: jmap_service_oidc + methods: + - GET + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + uri: /.well-known/linagora-ecosystem + - + id: web_known_jmap + uri: /oidc/.well-known/jmap + service_id: jmap_service_oidc + methods: + - GET + - OPTIONS + plugin_config_id: jmap-plugin + plugins: + proxy-rewrite: + uri: /.well-known/jmap + response-rewrite: + _meta: + filter: + - - request_method + - "~=" + - OPTIONS + headers: + set: + Location: "/oidc/jmap/session" + + # Basic authentication endpoints + - id: jmap_session_basic_auth Review Comment: I disagree with this though... I think it's good to have oidc and basic auth endpoints in the demo, so that people have an example with both. Basic auth might be enough for a lot of cases actually ########## examples/oidc/apisix-lemonldap-ldap/docker-compose.yml: ########## @@ -0,0 +1,103 @@ +version: "3" + +services: + apisix: + container_name: apisix.example.com + image: linagora/apisix:3.2.0-debian-javaplugin + volumes: + - ./apisix/conf/apisix.yaml:/usr/local/apisix/conf/apisix.yaml + - ./apisix/conf/config.yaml:/usr/local/apisix/conf/config.yaml + networks: + - james + ports: + - "9080:9080/tcp" + + james: + depends_on: + - ldap + networks: + - james + image: apache/james:memory-latest + container_name: james + hostname: james.local + command: + - --generate-keystore + volumes: + - ./james/usersrepository.xml:/root/conf/usersrepository.xml + - ./james/jmap.properties:/root/conf/jmap.properties + ports: + - "8000:8000" + healthcheck: + test: ["CMD", "curl", "-f", "http://james:8000/domains"] + + llngdb: + image: yadd/lemonldap-ng-pg-database + container_name: llngdb + environment: + - POSTGRES_PASSWORD=zz + healthcheck: + test: "exit 0" + volumes: + - "./lemonldap/lmConf-1.json:/llng-conf/conf.json" + networks: + - james + + sso.example.com: + image: yadd/lemonldap-ng-full Review Comment: The RPC handler plugin was a krakend limitation... The bloom filter where the tokens were stored on krakend was only accessible with gRPC, thus why we needed to write a sidecar container taking in the http request and doing the gRPC call to krakend. With Apisix no need of that -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@james.apache.org For additional commands, e-mail: notifications-h...@james.apache.org