Unable to Run Web_api

sumantafinarb · February 23, 2024, 11:34am

I tried building web_api it started giving me permission error for log4j Below is the error
[Yesterday 8:56 PM] Sumanta Mukhopadhyaya
ohdsi-webapi | 2024-02-22 15:26:33,987 main ERROR Could not create plugin of type class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory@4629104a] unable to create manager for [${bundle:application:audit.trail.log.extraFile}] with data [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$FactoryData@7e32c033[pattern=/tmp/atlas/audit/audit-extra-%d{yyyy-MM-dd}-%i.log, append=true, bufferedIO=true, bufferSize=8192, policy=CompositeTriggeringPolicy(policies=[TimeBasedTriggeringPolicy(nextRolloverMillis=0, interval=1, modulate=true)]), strategy=DefaultRolloverStrategy(min=1, max=7, useMax=true), advertiseURI=null, layout=%m%n, filePermissions=null, fileOwner=null]] java.lang.IllegalStateException: ManagerFactory [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$RollingFileManagerFactory@4629104a] unable to create manager for [${bundle:application:audit.trail.log.extraFile}] with data [org.apache.logging.log4j.core.appender.rolling.RollingFileManager$FactoryData@7e32c033[pattern=/tmp/atlas/audit/audit-extra-%d{yyyy-MM-dd}-%i.log, append=true, bufferedIO=true, bufferSize=8192, policy=CompositeTriggeringPolicy(policies=[TimeBasedTriggeringPolicy(nextRolloverMillis=0, interval=1, modulate=true)]), strategy=DefaultRolloverStrategy(min=1, max=7, useMax=true), advertiseURI=null, layout=%m%n, filePermissions=null, fileOwner=null]]

[Yesterday 8:56 PM] Sumanta Mukhopadhyaya
ohdsi-webapi | 2024-02-22 15:26:33,985 main ERROR Unable to create file ${bundle:application:audit.trail.log.extraFile} java.io.IOException: Permission denied

Below is the web_api yml I am using.
version: ‘3.9’

services:

ohdsi-webapi:

container_name: ohdsi-webapi

platform: ${DOCKER_ARCH}

restart: unless-stopped

ipc: none

privileged: false

volumes:

  - ./cacerts:/usr/local/openjdk-8/lib/security/cacerts:ro

environment:

  DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver

  DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}

  DATASOURCE_USERNAME: ${WEBAPI_DATASOURCE_USERNAME}

  DATASOURCE_PASSWORD: ${WEBAPI_DATASOURCE_PASSWORD}

  DATASOURCE_OHDSI_SCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}

  SPRING_JPA_PROPERTIES_HIBERNATE_DIALECT: org.hibernate.dialect.PostgreSQLDialect

  SPRING_JPA_PROPERTIES_HIBERNATE_DEFAULT_SCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}

  SPRING_BATCH_REPOSITORY_TABLEPREFIX: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}.BATCH_

  FLYWAY_DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver

  FLYWAY_DATASOURCE_URL: ${WEBAPI_DATASOURCE_URL}

  FLYWAY_DATASOURCE_USERNAME: ${WEBAPI_DATASOURCE_USERNAME}

  FLYWAY_DATASOURCE_PASSWORD: ${WEBAPI_DATASOURCE_PASSWORD}

  FLYWAY_LOCATIONS: classpath:db/migration/postgresql

  FLYWAY_PLACEHOLDERS_OHDSISCHEMA: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}

  FLYWAY_SCHEMAS: ${WEBAPI_DATASOURCE_OHDSI_SCHEMA}

  FLYWAY_BASELINEONMIGRATE: "true"

  FLYWAY_TABLE: schema_history

  flyway_baselineVersionAsString: "2.2.5.20180212152023"  # this env var is case sensitive

  FLYWAY_BASELINEDESCRIPTION: Base Migration

  SECURITY_CORS_ENABLED: "true"

  SECURITY_ORIGIN: "${HTTP_TYPE}://${BROADSEA_HOST}"

  SOLR_ENDPOINT: "${SOLR_VOCAB_ENDPOINT}"

  # Security provider enabling/disabling

 

  SECURITY_PROVIDER: ${WEBAPI_SECURITY_PROVIDER}

  SECURITY_AUTH_KERBEROS_ENABLED: ${SECURITY_AUTH_KERBEROS_ENABLED}

  SECURITY_AUTH_OPENID_ENABLED: ${SECURITY_AUTH_OPENID_ENABLED}

  SECURITY_AUTH_FACEBOOK_ENABLED: ${SECURITY_AUTH_FACEBOOK_ENABLED}

  SECURITY_AUTH_GITHUB_ENABLED: ${SECURITY_AUTH_GITHUB_ENABLED}

  SECURITY_AUTH_GOOGLE_ENABLED: ${SECURITY_AUTH_GOOGLE_ENABLED}

  SECURITY_AUTH_JDBC_ENABLED: ${SECURITY_AUTH_JDBC_ENABLED}

  SECURITY_AUTH_LDAP_ENABLED: ${SECURITY_AUTH_LDAP_ENABLED}

  SECURITY_AUTH_AD_ENABLED: ${SECURITY_AUTH_AD_ENABLED}

  SECURITY_AUTH_CAS_ENABLED: ${SECURITY_AUTH_CAS_ENABLED}

  SECURITY_AUTH_GOOGLEIAP_ENABLED: ${SECURITY_AUTH_GOOGLEIAP_ENABLED}

  # Security env variables - Basic

  SECURITY_DB_DATASOURCE_SCHEMA: ${SECURITY_DB_DATASOURCE_SCHEMA}

  SECURITY_DB_DATASOURCE_URL: ${SECURITY_DB_DATASOURCE_URL}

  SECURITY_DB_DATASOURCE_DRIVERCLASSNAME: ${SECURITY_DB_DATASOURCE_DRIVERCLASSNAME}

  SECURITY_DB_DATASOURCE_USERNAME: ${SECURITY_DB_DATASOURCE_USERNAME}

  SECURITY_DB_DATASOURCE_PASSWORD: ${SECURITY_DB_DATASOURCE_PASSWORD}

  # Security env variables - LDAP

  SECURITY_LDAP_DN: ${SECURITY_LDAP_DN}

  SECURITY_LDAP_URL: ${SECURITY_LDAP_URL}

  SECURITY_LDAP_BASEDN: ${SECURITY_LDAP_BASEDN}

  SECURITY_LDAP_SYSTEM_USERNAME: ${SECURITY_LDAP_SYSTEM_USERNAME}

  SECURITY_LDAP_SYSTEM_PASSWORD: ${SECURITY_LDAP_SYSTEM_PASSWORD}

  SECURITY_LDAP_SEARCHSTRING: ${SECURITY_LDAP_SEARCHSTRING}

  SECURITY_LDAP_SEARCHBASE: ${SECURITY_LDAP_SEARCHBASE}

  # Security env variables - AD

  SECURITY_AD_URL: ${SECURITY_AD_URL}

  SECURITY_AD_SEARCHBASE: ${SECURITY_AD_SEARCHBASE}

  SECURITY_AD_SEARCHFILTER: ${SECURITY_AD_SEARCHFILTER}

  SECURITY_AD_PRINCIPALSUFFIX: ${SECURITY_AD_PRINCIPALSUFFIX}

  SECURITY_AD_SEARCHSTRING: ${SECURITY_AD_SEARCHSTRING}

  SECURITY_AD_USERMAPPING_DISPLAYNAMEATTR: ${SECURITY_AD_USERMAPPING_DISPLAYNAMEATTR}

  SECURITY_AD_USERMAPPING_USERNAMEATTR: ${SECURITY_AD_USERMAPPING_USERNAMEATTR}

  SECURITY_AD_SYSTEM_USERNAME: ${SECURITY_AD_SYSTEM_USERNAME}

  SECURITY_AD_SYSTEM_PASSWORD: ${SECURITY_AD_SYSTEM_PASSWORD}

  # Security env variables - Kerberos

  SECURITY_KERBEROS_SPN: ${SECURITY_KERBEROS_SPN}

  SECURITY_KERBEROS_KEYTABPATH: ${SECURITY_KERBEROS_KEYTABPATH}

  # Security env variables - OAuth

  SECURITY_OAUTH_CALLBACK_UI: ${SECURITY_OAUTH_CALLBACK_UI}

  SECURITY_OAUTH_CALLBACK_API: ${SECURITY_OAUTH_CALLBACK_API}

  SECURITY_OAUTH_CALLBACK_URLRESOLVER: ${SECURITY_OAUTH_CALLBACK_URLRESOLVER}

  SECURITY_OAUTH_GOOGLE_APIKEY: ${SECURITY_OAUTH_GOOGLE_APIKEY}

  SECURITY_OAUTH_GOOGLE_APISECRET: ${SECURITY_OAUTH_GOOGLE_APISECRET}

  SECURITY_OAUTH_FACEBOOK_APIKEY: ${SECURITY_OAUTH_FACEBOOK_APIKEY}

  SECURITY_OAUTH_FACEBOOK_APISECRET: ${SECURITY_OAUTH_FACEBOOK_APISECRET}

  SECURITY_OAUTH_GITHUB_APIKEY: ${SECURITY_OAUTH_GITHUB_APIKEY}

  SECURITY_OAUTH_GITHUB_APISECRET: ${SECURITY_OAUTH_GITHUB_APISECRET}

  # Security env variables - OpenID

  SECURITY_OID_CLIENTID: ${SECURITY_OID_CLIENTID}

  SECURITY_OID_APISECRET: ${SECURITY_OID_APISECRET}

  SECURITY_OID_URL: ${SECURITY_OID_URL}

  SECURITY_OID_LOGOUTURL: ${SECURITY_OID_LOGOUTURL}

  SECURITY_OID_EXTRASCOPES: ${SECURITY_OID_EXTRASCOPES}

  SECURITY_OID_REDIRECTURL: ${SECURITY_OID_REDIRECTURL}

  # Security env variables - IAP

  SECURITY_GOOGLEIAP_CLOUDPROJECTID: ${SECURITY_GOOGLEIAP_CLOUDPROJECTID}

  SECURITY_GOOGLEIAP_BACKENDSERVICEID: ${SECURITY_GOOGLEIAP_BACKENDSERVICEID}

  SECURITY_GOOGLE_ACCESSTOKEN_ENABLED: ${SECURITY_GOOGLE_ACCESSTOKEN_ENABLED}

 

  # Security env variables - CAS

 

  SECURITY_CAS_LOGINURL: ${HTTP_TYPE}://${WEBAPI_SECURITY_CAS_SERVER}/idp/profile/cas/login

  SECURITY_CAS_CALLBACKURL: ${HTTP_TYPE}://${BROADSEA_HOST}/WebAPI/user/cas/callback?client_name=CasClient

  SECURITY_CAS_SERVERURL: ${HTTP_TYPE}://${WEBAPI_SECURITY_CAS_SERVER}/idp/profile/cas

  SECURITY_CAS_CASTICKET: ticket

  # Security env variables - SAML

  SECURITY_SAML_ENTITYID: ${SECURITY_SAML_ENTITYID}

  SECURITY_SAML_IDPMETADATALOCATION: ${SECURITY_SAML_IDPMETADATALOCATION}

  SECURITY_SAML_KEYMANAGER_KEYSTOREFILE: ${SECURITY_SAML_KEYMANAGER_KEYSTOREFILE}

  SECURITY_SAML_KEYMANAGER_STOREPASSWORD: ${SECURITY_SAML_KEYMANAGER_STOREPASSWORD}

  SECURITY_SAML_KEYMANAGER_DEFAULTKEY: ${SECURITY_SAML_KEYMANAGER_DEFAULTKEY}

  SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK: ${SECURITY_SAML_KEYMANAGER_PASSWORDS_ARACHNENETWORK}

  SECURITY_SAML_METADATALOCATION: ${SECURITY_SAML_METADATALOCATION}

  SECURITY_SAML_CALLBACKURL: ${SECURITY_SAML_CALLBACKURL}

  SECURITY_SAML_SLOURL: ${SECURITY_SAML_SLOURL}

  SECURITY_SAML_MAXIMUMAUTHENTICATIONLIFETIME: ${SECURITY_SAML_MAXIMUMAUTHENTICATIONLIFETIME}

labels:

  - "traefik.enable=true"

Ajit_Londhe · February 23, 2024, 6:26pm

Is this using the develop branch of Broadsea or the main branch>?

sumantafinarb · March 7, 2024, 2:57pm

Thanks I have resolved it nvm its because of the wrong volume mount.

Apart from that do you guys have anything a complete documentation or a manual how to integrate AAD into Webapi as well as Atlas.

As the documentation in github have very less information.

sumantafinarb · March 7, 2024, 5:33pm

Also, can you share some screenshots about how to setup an open id using azure entra id is that something doable @Ajit_Londhe ?

sumantafinarb · March 7, 2024, 6:33pm

I always get bad credentials