Hi Aidy, [oxd-java-example](https://github.com/GluuFederation/oxd-java-sample) demo Connect Authorization Code Flow, in example you can see how to obtain `oxd_id` which is basic to perform any oxd operation/command. `oxd_id` contains link to AS (Gluu Server) internally. With `oxd_id` you can run `uma_rs_protect`. oxd knows about AS location from: `op_host` parameter in `register_site` command (or `setup_client` command). Otherwise if `op_host` is skipped in request to the oxd then it falls back to `op_host` from [oxd-default-site-config.json](https://gluu.org/docs/oxd/3.1.3/configuration/#oxd-default-site-configjson). So overall it is very simple : 1. obtain `oxd_id` (`op_host` points to AS) 2. call `uma_rs_protect`. Here is 3.1.3 documentation https://gluu.org/docs/oxd/3.1.3 Let me know if you face any problems. Thanks, Yuriy Z

Hi Yuriy, Thanks I’ll look for those ways of obtaining the oxd_id today when I try this out. One question though, when a protected resource access attempt happens how does OxD get to know about it? Thanks Aidy

It doesn't, when resource is accessed your application has to call `https://gluu.org/docs/oxd/3.1.3/api/#uma-rs-check-access` command and if access is `granted` allow access or otherwise deny. The flow is explain in our docs here: https://gluu.org/docs/oxd/3.1.3/api/#uma-2-resource-server-apis Thanks, Yuriy Z

Hi Yuriy, I ran ``` mvn jetty:run ``` from the place where the pom.xml file is and got the Jetty server running message. I've got Gluu server running on one vm and OxD and this sample running on another with the OxD/sample machine's hosts file edited to point to the Gluu Server with the value of this server held in the oxd-default-site-config.json file. The only problem is that these VMs are running minimal centos. Is there a way to allow the sample site to be seen from the host machine browsing to the site in the VM? I tried installing lynx cmdline browser and I can see sample site. thanks Aidy

Hi Yuriy, I'm still trying to run the java sample. I have Gluu server on one vm and I've configured my host file so I can see this in the browser on the VM's host machine. I have oxd running on a second vm with the https extension installed. I have the java sample app running on the host machine itself. (note the difference to my last post where I had the sample app on the same machine as the oxd server) What values could I use in the /opt/oxd-https-extension/lib/oxd-https.yml file to be able to point the sample app at the oxd server location successfully using https? Any help would be much appreciated. Aidy

Hi Aidy, Re-assigning ticket to Jose who is author of oxd-java-example project. Indeed he will be able to answer what is wrong with `mvn jetty:run` as well as how to configure it correctly to connect to socket or http. Thanks, Yuriy Z

Thanks Yuriy and hi Jose, This is how I'm starting up the [sample app](https://github.com/GluuFederation/oxd-java-sample) om the vm host machine ... ``` mvn -Doxd.sample.skip-conf-file -Doxd.server.is-https -Doxd.server.host=myoxd.co.uk -Doxd.server.port=8443 -Doxd.server.op-host=https://mygluu.co.uk jetty:run ``` when I run this I get this output on the vm host ... ``` 09:33:22.496 INFO oxd.sample.bean.OxdService OxdService.java:61- Attempting registration with settings: [opHost=https://mygluu.co.uk, host=myoxd.co.uk, port=8443, https-extension=true] 09:33:23.339 TRACE oxd.sample.bean.OxdService OxdService.java:273- Sending /setup-client request to oxd-https-extension with payload {"scope":["openid","uma_protection"],"contacts":null,"op_host":"https://mygluu.co.uk","op_discovery_path":null,"authorization_redirect_uri":"https://localhost:8463/oidc/tokens.xhtml","post_logout_redirect_uri":"https://localhost:8463/oidc/post-logout.xhtml","protection_access_token":null,"redirect_uris":null,"response_types":["code"],"claims_redirect_uri":null,"client_id":null,"client_secret":null,"client_name":"sampleapp-client-extension-1528450402518","client_jwks_uri":null,"client_token_endpoint_auth_method":null,"client_request_uris":null,"client_frontchannel_logout_uris":null,"client_sector_identifier_uri":null,"ui_locales":null,"claims_locales":null,"acr_values":["auth_ldap_server"],"grant_types":null,"trusted_client":true,"oxd_rp_programming_language":null} ``` and then a bit further down ... ``` [org.apache.http.impl.client.DefaultHttpClient] I/O exception (java.net.SocketException) caught when connecting to the target host: Resource temporarily unavailable (connect failed) 2018-06-08 09:33:44,630 INFO [org.apache.http.impl.client.DefaultHttpClient] Retrying connect.... ``` I can open https://localhost:8463/settings.xhtml and play with the settings, save and try again but no combinations seem to work. I've edited the hosts file on the vm host to associate the "https://mygluu.co.uk" with the IP of that vm. I've also edited "/etc/hosts" on the vm that has OxD server on it similarly. I've added a mapping on the hosts file on the vm host to the IP of the vm that has the OxD server on it. so I can ping from vm host to OxD (both IP and the mapping). .. from OxD server to vm host .. from OxD server to Gluu Server (both IP and mapping) .. from Gluu server to OxD server. Any ideas? thanks Aidy

Hello, Since your main objective is related to UMA resouce protection with oxd, I don't think the oxd-java-sample would be of much benefit to you. The only interesting part is how the "setup client" step is carried out to obtain an oxd-id. It suffices to take a look at the pointers given in the oxd-java documentation [here](https://gluu.org/docs/oxd/3.1.3/libraries/languages/java/#setup-client) to get the grasp. Unfortunately oxd-java-sample does not showcase UMA-related stuff yet. I'd suggest to simplify your architecture a bit because this might hinder your progress initally. Once more acquainted with the concepts and process you can evolve to a 3 "host setting": Gluu Server, oxd, and application separatedly. Otherwise you will have to deal from the beginning with network connectivity, SSL cert trustworthiness issues, etc. (this is what you are already facing as I can see from your previous post). Maybe using your host machine for the app and one vm with Gluu Server + oxd-server (socket based, not https extension) will allow you to move faster as you learn. Kind regards, Jose

Hi Jose, Thanks. Good point! I was making it needlessly complicated. I've got the example working now - thanks. Aidy