The purpose of this blog post is to elaborate 2 steps given in the documentation [1].
Environment: WSO2APIM 1.10.0, DAS 3.0.0
You can follows the documentation [1] to do the configurations:
I will elaborate more on the steps 7 and 8.
Step 7:
Before saving the Add URL Group make sure you have set the correct thirft port on which DAS is running. You can see the running thrift port in DAS log as shown below.
[2016-02-12 12:01:42,353] INFO {org.wso2.carbon.databridge.receiver.binary.internal.BinaryDataReceiver} - Started Binary SSL Transport on port : 9712
[2016-02-12 12:01:42,354] INFO {org.wso2.carbon.databridge.receiver.binary.internal.BinaryDataReceiver} - Started Binary TCP Transport on port : 9612
Step 8:
For the Data Analyzer Configurations section set the URL and creadentials of the DAS server.
If offset in DAS is set to 1, the configurations would be
URL:https://localhost:9444
Username : admin
Password: admin
[1]https://docs.wso2.com/display/AM1100/Publishing+API+Runtime+Statistics+Using+RDBMS
Thursday, February 11, 2016
Wednesday, October 14, 2015
Maven Build Lifecycle in a nutshell
Maven is a build automation tool mainly used in java projects.When it comes to maven, Build lifecycles are very important topic.
There are 3 out of the box maven lifecycles know as default, clean and site. Out of these three, most of the time we are using default and clean.
A build lifecycle is made up of number of predefined phases or in other words stages.
A Phase is made up of goals. A goal represents a specif task and they are defined within associated plugin.
These plugin goals can explicitly execute with mvn.
A goal doesn't always need to be associated with a phase. Therefore a goal not bound to any build phase could be executed via direct invocation.
For the clear understanding please find the mvn command provided below:
mvn clean dependency:copy-dependency
There are 2 ways of using these build lifecycles.
1. Packaging (e.g.: war/jar/ear)
The packaging type defined in pom.xml will cause to run list of predefined goals bound to build phases of default lifecycle.
See Plugin Bindings for more details.
2. Plugin
By specifying plugins explicitly in your pom file, you can incorporate goals to specific phases of a build lifecycle.
- A plugin can have one or more goals.
- Each goal can be invoked in multiple phases.
Goal is bound to a lifecycle phase and if there are multiple goals bound to a particular phase, they will be invoked according to the oder in which they have defined.
mojo - Maven + Pojo
- Mojo is an executable goal in maven.
Reference: https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html
There are 3 out of the box maven lifecycles know as default, clean and site. Out of these three, most of the time we are using default and clean.
A build lifecycle is made up of number of predefined phases or in other words stages.
A Phase is made up of goals. A goal represents a specif task and they are defined within associated plugin.
These plugin goals can explicitly execute with mvn.
A goal doesn't always need to be associated with a phase. Therefore a goal not bound to any build phase could be executed via direct invocation.
For the clear understanding please find the mvn command provided below:
mvn clean dependency:copy-dependency
- clean - build phase (Once you execute this command all the build phases up to this build phase will get invoked. In other words, pre-clean and clean will get executed)
- dependency:copy-dependency - the goal 'copy-dependency' in 'maven-dependency-plugin' plugin.
There are 2 ways of using these build lifecycles.
1. Packaging (e.g.: war/jar/ear)
The packaging type defined in pom.xml will cause to run list of predefined goals bound to build phases of default lifecycle.
See Plugin Bindings for more details.
2. Plugin
By specifying plugins explicitly in your pom file, you can incorporate goals to specific phases of a build lifecycle.
- A plugin can have one or more goals.
- Each goal can be invoked in multiple phases.
Goal is bound to a lifecycle phase and if there are multiple goals bound to a particular phase, they will be invoked according to the oder in which they have defined.
mojo - Maven + Pojo
- Mojo is an executable goal in maven.
Reference: https://maven.apache.org/guides/introduction/introduction-to-the-lifecycle.html
Wednesday, September 2, 2015
localhost/127.0.0.1:7000 is in use by another process. Change listen_address:storage_port in cassandra.yaml to values that do not conflict with other services
If you ever get this error in your wso2 server, please check if there is any other wso2 server running on the same machine and check it's port offset in carbon.xml and change the other server's port offset accordingly.
Monday, January 12, 2015
Sending attachements with with WSO2 ESB via MTOM
Prerequisites:
WSO2 ESB 4.8.1
WSO2 ESB 4.8.1 service pack1 (This is yet to release)
SoapUI 4.5.1
Environment:
Ubuntu
Java Runtime
Steps:
Enable backend service
1. Apply the sp1 to ESB 4.8.1
2. Go to/samples/axis2Server/src/MTOMSwASampleService and run 'ant'. Once it is build successfully, go to /samples/axis2Server and start the server as follows:
/axis2server.sh
3.Now you will be able to access the wsdl file of MTOMSwASampleService via below url:
http://localhost:9000/services/MTOMSwASampleService?wsdl
Configure ESB
3.1 Save the wsdl file as MTOMSwASampleService.wsdl and copy it to/repository/samples/resources/proxy directory.
4. Start ESB and login via console.
5. Create three dynamic sequences and save them in config regitry as follows:
Go to Manage->Service Bus->Sequences and click on Add Sequence.
Click on Add Child->Core->Send and add a Send mediator.
Select Endpoint Type: Define Inline and click on Add button.
Create Address Endpoint.
Address: http://localhost:9000/services/MTOMSwASampleService
Show Advanced Options->Message Content
Optimize: MTOM
Hit 'Save & Close'.
Hit 'Update'.
Hit 'Save in Registry'.
Hit 'Save & Close'.
Click on Add Child->Core->Send and add a Send mediator.
Hit 'Update'.
Hit 'Save in Registry'.
Hit 'Save & Close'.
Hit 'Save in Registry'.
Hit 'Save & Close'.
6. Go to Manage->Service Bus->Source View and paste the config
P.S: Ignore the names as they are dump values
Hit Update.
Setup SoapUI
7. Start SoapUI.
Click on 'New SoapUI project' and paste below wsdl url.
http://localhost:8280/services/StockQuoteProxy?wsdl
8. Click on 'uploadFileUsingMTOM' request in soap11 binding.
10. Edit current url as follows:
http://localhost:8280/services/StockQuoteProxy.StockQuoteProxyHttpSoap12Endpoint
9. Attach a image via attachment window. Click yes for 'cache attachment in request'.
10. Modify the request as depicted in the image below and change the value of image name according to your image name:
11. Now you can send the request. You will receive the attachment as the response as follows:
References:
https://axis.apache.org/axis2/java/core/docs/mtom-guide.html
https://docs.wso2.com/pages/viewpage.action?pageId=33136025
WSO2 ESB 4.8.1
WSO2 ESB 4.8.1 service pack1 (This is yet to release)
SoapUI 4.5.1
Environment:
Ubuntu
Java Runtime
Steps:
Enable backend service
1. Apply the sp1 to ESB 4.8.1
2. Go to
/axis2server.sh
3.Now you will be able to access the wsdl file of MTOMSwASampleService via below url:
http://localhost:9000/services/MTOMSwASampleService?wsdl
Configure ESB
3.1 Save the wsdl file as MTOMSwASampleService.wsdl and copy it to
4. Start ESB and login via console.
5. Create three dynamic sequences and save them in config regitry as follows:
Go to Manage->Service Bus->Sequences and click on Add Sequence.
- InSeq
Click on Add Child->Core->Send and add a Send mediator.
Select Endpoint Type: Define Inline and click on Add button.
Create Address Endpoint.
Address: http://localhost:9000/services/MTOMSwASampleService
Show Advanced Options->Message Content
Optimize: MTOM
Hit 'Save & Close'.
Hit 'Update'.
Hit 'Save in Registry'.
Hit 'Save & Close'.
- OutSeq
Click on Add Child->Core->Send and add a Send mediator.
Hit 'Update'.
Hit 'Save in Registry'.
Hit 'Save & Close'.
- ErrorSeq
Hit 'Save in Registry'.
Hit 'Save & Close'.
6. Go to Manage->Service Bus->Source View and paste the config
P.S: Ignore the names as they are dump values
Hit Update.
Setup SoapUI
7. Start SoapUI.
Click on 'New SoapUI project' and paste below wsdl url.
http://localhost:8280/services/StockQuoteProxy?wsdl
8. Click on 'uploadFileUsingMTOM' request in soap11 binding.
10. Edit current url as follows:
http://localhost:8280/services/StockQuoteProxy.StockQuoteProxyHttpSoap12Endpoint
9. Attach a image via attachment window. Click yes for 'cache attachment in request'.
10. Modify the request as depicted in the image below and change the value of image name according to your image name:
11. Now you can send the request. You will receive the attachment as the response as follows:
References:
https://axis.apache.org/axis2/java/core/docs/mtom-guide.html
https://docs.wso2.com/pages/viewpage.action?pageId=33136025
Wednesday, January 7, 2015
WSO2 Identity Server as a Federation Hub
Requirement:
Setup identity federation with two WSO2 IS instance with SAML2 Web SSO, one acts as a Federation hub (primary idp) and the other acts as the IDP (secondary idp).
These are fronted by nginx to hide the original characteristics and the existence of the Identity Servers.
Prerequisits:
1. WSO2 IS 5.0.0 - two servers
2. Web Server to host Service Provide(s). e.g: Tomcat 7.0.x
Note: In this sample SAML request signing will be done only between primary idp and secondary idp as we already have self signed certificate, public/private key pairs available in WSO2 IS by default (Location:<carbon_home>/repository/resources).
If you want to create your own self signed certificate, refer this blog post.
Steps:
1. Configure nginx and modify /etc/nginx/sites-enabled/default file. You can refer the this blog post.
I have provided the configured file.
2. Use the following link to checkout and configure Service provider (travelocity application)
https://docs.wso2.com/display/IS460/Configuring+SAML2+SSO
(Refere the 'Configuring the web app' section only)
I have provided the configured travelocity.properties file.
3. Change the following configs in Primary IDP.
<carbon_home>/repository/conf/tomcat/catalina-server.xml add proxy port pointing load balancers port(i.e 443).
<carbon_home>/repository/conf/carbon.xml change the hostname to identity-dev1.is.com
4.Login to the Primary IDP console.
5. Register a identity provider
5.1 Expand Federated Authenticators and configure SAML2 Web SSO Configuration.
6. Register a service provider
6.2 Expand Local & Outbound Authentication Configuration and choose Authentication Type as Federated Authentication and select the identity provider created in step 5
Save the configurations.
7. Change the following configs in Secondary IDP.
<carbon_home>/repository/conf/tomcat/catalina-server.xml add proxy port pointing load balancers port(i.e 443).
<carbon_home>/repository/conf/carbon.xml change the hostname to identity-dev2.is.com and offset to 1
8. Login to Secondary IDP console
9. Register a service provider
Now all the configurations are done.
10. You can access travelocity application with below url:
htttp://localhost:8080/travelocity.com
Note: If you are using firefox install SSO tracer plugin to view decrypted SAML requests easily.
Setup identity federation with two WSO2 IS instance with SAML2 Web SSO, one acts as a Federation hub (primary idp) and the other acts as the IDP (secondary idp).
These are fronted by nginx to hide the original characteristics and the existence of the Identity Servers.
Prerequisits:
1. WSO2 IS 5.0.0 - two servers
2. Web Server to host Service Provide(s). e.g: Tomcat 7.0.x
Note: In this sample SAML request signing will be done only between primary idp and secondary idp as we already have self signed certificate, public/private key pairs available in WSO2 IS by default (Location:<carbon_home>
If you want to create your own self signed certificate, refer this blog post.
Steps:
1. Configure nginx and modify /etc/nginx/sites-enabled/default file. You can refer the this blog post.
I have provided the configured file.
2. Use the following link to checkout and configure Service provider (travelocity application)
https://docs.wso2.com/display/IS460/Configuring+SAML2+SSO
(Refere the 'Configuring the web app' section only)
I have provided the configured travelocity.properties file.
3. Change the following configs in Primary IDP.
<carbon_home>
4.Login to the Primary IDP console.
5. Register a identity provider
- Identity Provider Name: Any meaningful name
- Identity Provider Public Certificate: Export the public certificate in pem format and upload it.
- Alias will be auto generated as follows:
5.1 Expand Federated Authenticators and configure SAML2 Web SSO Configuration.
- Tick Enable SAML2 Web SSO
- Identity Provider Entity Id: Any meaningful name
- Service Provider Entity Id: Any meaningful name (This value is required when registering service provider in Secondary IDP)
- Set the SSO URL to https://identity-dev2.is.com/samlsso/
- Tick Enable Authentication Request Signing
- Tick Enable Logout
- Tick Enable Logout Request Signing
- SAML2 Web SSO User ID Location: Tick User ID found in 'Name Identifier'
6. Register a service provider
- Service Provider Name: Any meaningful name
- Issuer: travelocity.com (same value provided in travelocity.properties file for SAML.IssuerID)
- Assertion Consumer URL: http://localhost:8080/travelocity.com/samlsso-home.jsp (same value provided in travelocity.properties file for SAML.ConsumerUrl)
- Tick Use fully qualified username in the NameID
- Tick Enable Single Logout
- Tick Enable Attribute Profile
6.2 Expand Local & Outbound Authentication Configuration and choose Authentication Type as Federated Authentication and select the identity provider created in step 5
Save the configurations.
7. Change the following configs in Secondary IDP.
<carbon_home>
8. Login to Secondary IDP console
9. Register a service provider
- Service Provider Name: Any meaningful name
- Issuer: same value provided in 5.1 for Service Provider Entity Id
- Assertion Consumer URL: Any garbage value as signing SAML with CA certificate will skip this acs URL validation
- Tick Use fully qualified username in the NameID
- Tick Enable Signature Validation in Authentication Requests and Logout Requests
- Tick Enable Single Logout
- Tick Enable Attribute Profile
Now all the configurations are done.
10. You can access travelocity application with below url:
htttp://localhost:8080/travelocity.com
Note: If you are using firefox install SSO tracer plugin to view decrypted SAML requests easily.
Friday, December 26, 2014
Write a Simple BPEL Project with WSO2 Developer Studio and Deploy it in WSO2 BPS
Prerequisites:
- A simple up and running Webservice (Refer this post to if you want to learn how to write a simple Axis2 Webservice with Eclipse)
- WSO2 BPS
- WSO2 developer studio plug-in installed Eclipse
- Apache Tomcat 7.0.47
- Apache ODE war distribution
- JDK 1.7/1.6
Create New Server Runtime Environment for Apache ODE
1. Copy the ode.war to apache-tomcat-7.0.47/webapps directory and start the server. when you see the ode directory created under apache-tomcat-7.0.47/webapps directory, stop the server.
2. Configure the server runtime as follows:
Create BPEL Project
1. Create a new BPEL project as follows:
2. In the next dialog, provide a project name and select the target runtime as Apache ODE. Click Finish.
3. Write click on the project and create a "New BPEL process file" (Same as step 1). Fill the dialog accordingly and make sure you select the Template to 'Synchronous BPEL Process' and click finish.
4. Copy the Hello.wsdl file inside bpelContent folder in Eclipse project.
Sample Hello.wsdl is attached.
5. Open the .bpel file design view. You should be able to see the Palette in the workspace with all the gadgets required to create the BPEL workflow.
6. Drag and drop two Assign actions and an Invoke action as follows:
7. Click on Invoke and rename it to 'invokeHelloService'
8. In the Properties Dialog, click on 'Details' tab.
9. Select 'Create Global Partner link' from Partner Link drop down. A popup will Open.
Provide a 'Partner Link Name' (any meaningful name is sufficient) and click Ok. Choose 'HelloPortType' as depicted below and click Ok.
Provide a 'Partner Link Type Name' (any meaningful name is sufficient) and click Next. Give a 'Role Name' and click Finish.
10. Under the Properties dialog there is a 'Quick Pick section'.
Select 'greetingInSinhala' from that and double click on it.
You will noticed that the Input/Output variables are generated as follows. Save the changes made.
11. Now it is time to pass the input parameters to the Hello service. In order to do that we have to click on 'Assign' action. In Properties dialog click on 'Details' tab.
12. Click on New and do as depicted below and hit Save. You will be prompted for Initializer dialog. Click yes.
Here you will assign the input for the Hello Webservice from BPEL input payload.
13. Likewise in 'Assign1' action do the same as follows and hit Save.You will be prompted for Initializer dialog. Click yes.
Here you will assign the output received from Hello Webservice to BPEL output payload.
14. Write click on the project and create new 'Apache ODE Deployment Descriptor'. Do the configuration as follows:
15. Create a ZIP archive as follows:
Now the BPEL is ready.
Deply BPEL Project in WSO2 BPS
1. Start the WSO2 BPS and access the carbon console (https://1localhost:9443/carbon/). Login as admin user with admin/admin credentials.
2. Under 'Manage' section click on 'Processes' -> 'Add'. Upload the Zip.
3. Now you can see the uploaded BPEL under 'Processes' -> 'List'.
4. Click on the 'Process ID'. You will see a dialog simillar to below:
5. Use try it and you will get a response as follows:
That is it. Happy Orchestration with BPEL :)
How to convert a simple Java class to a Webservice with Axis2 [Deploying POJOs]
It has never been this easy to convert your class into a Webservice in few steps with Apache Axis2.
Apache Axis2 is a SOAP processing engine and it is hand in hand with WSO2 SOA middleware platform.
Prerequsists:
JDK 1.7/1.6
How to create Axis2 service
1. Create a new Axis2 service project in Eclipse
2. Tick 'Create new Axis2 Service ' and click Next
3. Provide Project Name, package name and Class name and click Finish.
As you can see the project structure will contain the services.xml file which contains the details of the exposed service.
4. Now you can add methods to the Class as follows:
package com.world.hello;
public class Hello{
public String greetInSinhala(String name){
return "Ayubowan "+ name;
}
public String greetInEnglish(String name){
return "Hello "+ name;
}
} 4. Now you can add methods to the Class as follows:
5. Now create the service archive file (*.aar extension) by right click on the project and select 'Export Project as Deployable Archive'.
How to deploy *.aar file in Axis2 enabled Tomcat
1. Copy the axis2 war file to apache-tomcat-7.0.47/webapps directory and start the server.
You will see the axis2 directory under Tomcat webapps directory once the server is started.
2.Copy the HelloWorld.aar file to apache-tomcat-7.0.47/webapps/axis2/WEB-INF/services directory
3. Access below url and you should be able to see the deployed service and the available methods.
http://localhost:8080/axis2/services/listServices
That is the end of the story :)
Monday, December 22, 2014
SSO session timeouts when the applications are idle for 15 minutes [WSO2 IS 5.0.0]
In IS 5.0.0 there is a session cache which gets cleared every 15 minutes and it is not configurable at the moment.
But there is a workaround.
You have to enable remember me while sign-in to the system. Then even if the cache expires in 15 minutes, the session cookie will be retrieved from session data persistence. But this will keep your login active even if you close the browser and reopen it.
You can get rid of that by setting the "RememberMePeriod" under "SessionDataPersist" to -1 in identity.xml.
So every time you close the browser, you will have to login to the application again.
But there is a workaround.
You have to enable remember me while sign-in to the system. Then even if the cache expires in 15 minutes, the session cookie will be retrieved from session data persistence. But this will keep your login active even if you close the browser and reopen it.
You can get rid of that by setting the "RememberMePeriod" under "SessionDataPersist" to -1 in identity.xml.
So every time you close the browser, you will have to login to the application again.
Tuesday, December 2, 2014
Downgrade Subversion 1.8 to 1.7 in Ubuntu 14.04
I ran into the below problem when I try to update my existing codebase after upgrading the operating system from ubuntu 12.04 to 14.04.
The working copy at '/home/punnadi/wso2/source/platform/turing'
is too old (format 29) to work with client version '1.8.8 (r1568071)' (expects format 31). You need to upgrade the working copy first.
The reason behind this error os Ubuntu 14.04 comes with subversion 1.8.x by default. So I had to downgrade the subversion version to 1.7.x in order to overcome this issue.
I did it with the help of following post (Check the Wauzl's answer).
http://askubuntu.com/questions/453717/i-need-downgrade-from-subversion-1-8-to-subversion-1-7
The working copy at '/home/punnadi/wso2/source/platform/turing'
is too old (format 29) to work with client version '1.8.8 (r1568071)' (expects format 31). You need to upgrade the working copy first.
The reason behind this error os Ubuntu 14.04 comes with subversion 1.8.x by default. So I had to downgrade the subversion version to 1.7.x in order to overcome this issue.
I did it with the help of following post (Check the Wauzl's answer).
http://askubuntu.com/questions/453717/i-need-downgrade-from-subversion-1-8-to-subversion-1-7
Monday, May 5, 2014
[java] Add or Delete CNAME Records with Amazon route 53 API
package com;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
public class Test {
private static final String AWS_HOST = "route53.amazonaws.com";
private static final String SECRECT_ACCESS_KEY = "xxxxxxxxxxxxxxxxxxxx";
private static final String ACCESS_KEY_ID = "xxxxxxxxxxxxxxxxxxx";
private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
private static final String HOSTED_ZONE_ID = "xxxxxxxxxxxxxxx";
/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The data to be signed.
*
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws java.security.SignatureException
* when signature generation fails
*/
public static String calculateRFC2104HMAC(String stringToSign, String secrectAccessKey) {
// get an hmac_sha1 key from the raw key bytes
SecretKeySpec signingKey =
new SecretKeySpec(secrectAccessKey.getBytes(),
HMAC_SHA1_ALGORITHM);
// get an hmac_sha1 Mac instance and initialize with the signing key
Mac mac = null;
try {
mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(stringToSign.getBytes());
// base64-encode the hmac
return new String(Base64.encodeBase64(rawHmac));
}
public static void main(String[] args) {
String[] domainsAdd =
{ "1.sample.cloudtest.com", "2.sample.cloudtest.com",
"3.sample.cloudtest.com", "4.sample.cloudtest.com",
"5.sample.cloudtest.com" };
String name = "sample_pu.cloudtest.com";
createResourceRecords(prepareCNAMERecordsReq("CREATE", name, domainsAdd));
listResourceRecords();
String[] domainsRemove = { "1.sample.cloudtest.com", "2.sample.cloudtest.com" };
createResourceRecords(prepareCNAMERecordsReq("DELETE", name, domainsRemove));
listResourceRecords();
}
private static void listResourceRecords() {
// create a post request to addAPI.
HttpClient httpclient = new DefaultHttpClient();
String endPoint =
"https://route53.amazonaws.com/2013-04-01/hostedzone/" + HOSTED_ZONE_ID +
"/rrset";
HttpGet httpGet = new HttpGet(endPoint);
try {
authenticateAWS(httpGet);
} catch (Exception e) {
e.printStackTrace();
}
String responseString = null;
try {
HttpResponse response = httpclient.execute(httpGet);
HttpEntity entity = response.getEntity();
responseString = EntityUtils.toString(entity, "UTF-8");
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println(responseString);
}
private static void createResourceRecords(String request) {
// create a post request to addAPI.
HttpClient httpclient = new DefaultHttpClient();
String endPoint =
"https://route53.amazonaws.com/2013-04-01/hostedzone/" + HOSTED_ZONE_ID +
"/rrset";
HttpPost httpAction = new HttpPost(endPoint);
try {
authenticateAWS(httpAction);
httpAction.setEntity(new StringEntity(request, "UTF-8"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
String responseString = null;
try {
HttpResponse response = httpclient.execute(httpAction);
HttpEntity entity = response.getEntity();
responseString = EntityUtils.toString(entity, "UTF-8");
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println(responseString);
}
private static void authenticateAWS(HttpRequestBase httpAction) {
String stringToSign = getGMTTime();
httpAction.setHeader("Content-Type", "text/xml");
httpAction.setHeader("Host", AWS_HOST);
httpAction.setHeader("x-amz-date", stringToSign);
String authHeaderval =
"AWS3-HTTPS AWSAccessKeyId=" + ACCESS_KEY_ID + ",Algorithm=" +
HMAC_SHA1_ALGORITHM + ",Signature=" +
calculateRFC2104HMAC(stringToSign, SECRECT_ACCESS_KEY);
httpAction.setHeader("X-Amzn-Authorization", authHeaderval);
}
/*
* Get the current date from the Amazon Route 53 server
*/
private static String getGMTTime() {
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpGet = new HttpGet("https://route53.amazonaws.com/date");
HttpResponse response = null;
try {
response = httpclient.execute(httpGet);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
String date = response.getFirstHeader("Date").getValue();
return date;
}
private static String prepareCNAMERecordsReq(String action, String name, String[] domains) {
StringBuffer request =
new StringBuffer(
"<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\">"
+ "<ChangeBatch>" + "<Changes>");
for (int i = 0; i < domains.length; i++) {
request.append("<Change><Action>" + action + "</Action>" + "<ResourceRecordSet>" +
"<Name>" + domains[i] + "</Name>" + "<Type>CNAME</Type>" +
"<TTL>100000</TTL>" + "<ResourceRecords>" + "<ResourceRecord>" +
"<Value>" + name + "</Value>" + "</ResourceRecord>" +
"</ResourceRecords>" + "</ResourceRecordSet>" + "</Change>");
}
request.append("</Changes>" + "</ChangeBatch>" + "</ChangeResourceRecordSetsRequest>");
return request.toString();
}
}
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
public class Test {
private static final String AWS_HOST = "route53.amazonaws.com";
private static final String SECRECT_ACCESS_KEY = "xxxxxxxxxxxxxxxxxxxx";
private static final String ACCESS_KEY_ID = "xxxxxxxxxxxxxxxxxxx";
private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
private static final String HOSTED_ZONE_ID = "xxxxxxxxxxxxxxx";
/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The data to be signed.
*
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws java.security.SignatureException
* when signature generation fails
*/
public static String calculateRFC2104HMAC(String stringToSign, String secrectAccessKey) {
// get an hmac_sha1 key from the raw key bytes
SecretKeySpec signingKey =
new SecretKeySpec(secrectAccessKey.getBytes(),
HMAC_SHA1_ALGORITHM);
// get an hmac_sha1 Mac instance and initialize with the signing key
Mac mac = null;
try {
mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(stringToSign.getBytes());
// base64-encode the hmac
return new String(Base64.encodeBase64(rawHmac));
}
public static void main(String[] args) {
String[] domainsAdd =
{ "1.sample.cloudtest.com", "2.sample.cloudtest.com",
"3.sample.cloudtest.com", "4.sample.cloudtest.com",
"5.sample.cloudtest.com" };
String name = "sample_pu.cloudtest.com";
createResourceRecords(prepareCNAMERecordsReq("CREATE", name, domainsAdd));
listResourceRecords();
String[] domainsRemove = { "1.sample.cloudtest.com", "2.sample.cloudtest.com" };
createResourceRecords(prepareCNAMERecordsReq("DELETE", name, domainsRemove));
listResourceRecords();
}
private static void listResourceRecords() {
// create a post request to addAPI.
HttpClient httpclient = new DefaultHttpClient();
String endPoint =
"https://route53.amazonaws.com/2013-04-01/hostedzone/" + HOSTED_ZONE_ID +
"/rrset";
HttpGet httpGet = new HttpGet(endPoint);
try {
authenticateAWS(httpGet);
} catch (Exception e) {
e.printStackTrace();
}
String responseString = null;
try {
HttpResponse response = httpclient.execute(httpGet);
HttpEntity entity = response.getEntity();
responseString = EntityUtils.toString(entity, "UTF-8");
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println(responseString);
}
private static void createResourceRecords(String request) {
// create a post request to addAPI.
HttpClient httpclient = new DefaultHttpClient();
String endPoint =
"https://route53.amazonaws.com/2013-04-01/hostedzone/" + HOSTED_ZONE_ID +
"/rrset";
HttpPost httpAction = new HttpPost(endPoint);
try {
authenticateAWS(httpAction);
httpAction.setEntity(new StringEntity(request, "UTF-8"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
String responseString = null;
try {
HttpResponse response = httpclient.execute(httpAction);
HttpEntity entity = response.getEntity();
responseString = EntityUtils.toString(entity, "UTF-8");
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println(responseString);
}
private static void authenticateAWS(HttpRequestBase httpAction) {
String stringToSign = getGMTTime();
httpAction.setHeader("Content-Type", "text/xml");
httpAction.setHeader("Host", AWS_HOST);
httpAction.setHeader("x-amz-date", stringToSign);
String authHeaderval =
"AWS3-HTTPS AWSAccessKeyId=" + ACCESS_KEY_ID + ",Algorithm=" +
HMAC_SHA1_ALGORITHM + ",Signature=" +
calculateRFC2104HMAC(stringToSign, SECRECT_ACCESS_KEY);
httpAction.setHeader("X-Amzn-Authorization", authHeaderval);
}
/*
* Get the current date from the Amazon Route 53 server
*/
private static String getGMTTime() {
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpGet = new HttpGet("https://route53.amazonaws.com/date");
HttpResponse response = null;
try {
response = httpclient.execute(httpGet);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
String date = response.getFirstHeader("Date").getValue();
return date;
}
private static String prepareCNAMERecordsReq(String action, String name, String[] domains) {
StringBuffer request =
new StringBuffer(
"<ChangeResourceRecordSetsRequest xmlns=\"https://route53.amazonaws.com/doc/2013-04-01/\">"
+ "<ChangeBatch>" + "<Changes>");
for (int i = 0; i < domains.length; i++) {
request.append("<Change><Action>" + action + "</Action>" + "<ResourceRecordSet>" +
"<Name>" + domains[i] + "</Name>" + "<Type>CNAME</Type>" +
"<TTL>100000</TTL>" + "<ResourceRecords>" + "<ResourceRecord>" +
"<Value>" + name + "</Value>" + "</ResourceRecord>" +
"</ResourceRecords>" + "</ResourceRecordSet>" + "</Change>");
}
request.append("</Changes>" + "</ChangeBatch>" + "</ChangeResourceRecordSetsRequest>");
return request.toString();
}
}
Sunday, May 4, 2014
[java] Listing Resource Record Sets Using the Amazon Route 53 API
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
public class Test {
private static final String AWS_HOST = "route53.amazonaws.com";
private static final String SECRECT_ACCESS_KEY = "xxxxxxxxxxxxxxxxxxxx";
private static final String ACCESS_KEY_ID = "xxxxxxxxxxxxxxx";
private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
private static final String HOSTED_ZONE_ID = "xxxxxxxxxxxxxxxxxxx";
/**
* Computes RFC 2104-compliant HMAC signature.
* * @param data
* The data to be signed.
*
* @param key
* The signing key.
* @return
* The Base64-encoded RFC 2104-compliant HMAC signature.
* @throws java.security.SignatureException
* when signature generation fails
*/
public static String calculateRFC2104HMAC(String stringToSign, String secrectAccessKey) {
// get an hmac_sha1 key from the raw key bytes
SecretKeySpec signingKey =
new SecretKeySpec(secrectAccessKey.getBytes(),
HMAC_SHA1_ALGORITHM);
// get an hmac_sha1 Mac instance and initialize with the signing key
Mac mac = null;
try {
mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
mac.init(signingKey);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
// compute the hmac on input data bytes
byte[] rawHmac = mac.doFinal(stringToSign.getBytes());
// base64-encode the hmac
return new String(Base64.encodeBase64(rawHmac));
}
public static void main(String[] args) {
listResourceRecords();
}
private static void listResourceRecords() {
// create a post request to addAPI.
HttpClient httpclient = new DefaultHttpClient();
String endPoint =
"https://route53.amazonaws.com/2013-04-01/hostedzone/" + HOSTED_ZONE_ID +
"/rrset";
HttpGet httpGet = new HttpGet(endPoint);
try {
authenticateAWS(httpGet);
} catch (Exception e) {
e.printStackTrace();
}
String responseString = null;
try {
HttpResponse response = httpclient.execute(httpGet);
HttpEntity entity = response.getEntity();
responseString = EntityUtils.toString(entity, "UTF-8");
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
System.out.println(responseString);
}
private static void authenticateAWS(HttpGet httpGet) {
String stringToSign = getGMTTime();
httpGet.setHeader("Content-Type", "text/xml");
httpGet.setHeader("Host", AWS_HOST);
httpGet.setHeader("x-amz-date", stringToSign);
String authHeaderval =
"AWS3-HTTPS AWSAccessKeyId=" + ACCESS_KEY_ID + ",Algorithm=" +
HMAC_SHA1_ALGORITHM + ",Signature=" +
calculateRFC2104HMAC(stringToSign, SECRECT_ACCESS_KEY);
httpGet.setHeader("X-Amzn-Authorization", authHeaderval);
}
/*
* Get the current date from the Amazon Route 53 server
*/
private static String getGMTTime() {
HttpClient httpclient = new DefaultHttpClient();
HttpGet httpGet = new HttpGet("https://route53.amazonaws.com/date");
HttpResponse response = null;
try {
response = httpclient.execute(httpGet);
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
String date = response.getFirstHeader("Date").getValue();
System.out.println(date);
return date;
}
}
Thursday, May 1, 2014
How to refere a WAR module as dependency in Maven
You can add type tag as follows:<dependency>
<groupId>org.apache.stratos</groupId>
<artifactId>org.apache.stratos.rest.endpoint</artifactId>
<version>4.0.0-SNAPSHOT</version>
<type>war</type>
</dependency>
Thursday, April 17, 2014
How to secure the plain text password of NetworkAuthenticatorConfig element in carbon.xml with WSO2 Carbon Secure Vault
If you are familiar with Carbon servers you may have noticed that the passwords are set in plain text in configuration files. This is prone to security vulnerabilities. But with Secure Vault implementation you can get rid of plain text passwords.
Following blog posts provide through knowledge on how to work with WSO2 Carbon Secure Vault.
[1] http://ajithvblogs.blogspot.com/2014/01/secure-custom-configuration-filexml.html
[2] http://pathberiya.blogspot.com/2012/08/secure-plain-text-passwords-in-wso2.html
In this post I am going to discuss how to secure the password field under 'NetworkAuthenticatorConfig' element defined in carbon.xml
This will require custom implementation as this password field is not supported out of the box. You can follow the 7 steps provided in Blog [1].
I will describe the Implementation details:
You need to modify setupAuthenticator method in https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/core/org.wso2.carbon.utils/4.2.0/src/main/java/org/wso2/carbon/context/internal/CarbonContextDataHolder.java class.
Note: The version 4.2.0 may vary depending on your carbon server release.
By default it reads the password value from carbon.xml. But after we use Secure Vault the actual password is not in carbon.xml. Therefore we have to implement the logic in such a way that it will get the decrypted secured password accordingly.
The modified method is as follows:
private static void setupAuthenticator(CarbonAuthenticator authenticator) throws Exception {
OMElement documentElement = XMLUtils.toOM(
CarbonUtils.getServerConfiguration().getDocumentElement());
OMElement authenticators = documentElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Security")).
getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "NetworkAuthenticatorConfig"));
if (authenticators == null) {
return;
}
String password = null;
String secretAlias = "xxxxxxxxxxxxxxxxxxxxx: Set the entry key used in cipher-tool.properties/cipher-text.properties xxxxxxxxxxxxxxxxxxx";
SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false);
for (Iterator iterator = authenticators.getChildElements(); iterator.hasNext(); ) {
OMElement authenticatorElement = (OMElement) iterator.next();
if (!authenticatorElement.getLocalName().equalsIgnoreCase("Credential")) {
continue;
}
String pattern = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Pattern")).getText();
String type = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Type")).getText();
String username = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Username")).getText();
if (secretResolver != null && secretResolver.isInitialized()) {
if (secretResolver.isTokenProtected(secretAlias)) {
password = secretResolver.resolve(secretAlias);
} else {
password = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Password")).getText();
}
}
authenticator.addAuthenticator(type, pattern, username, password);
}
}
Patch process:
- build the org.wso2.carbon.utils bundle with 'mvn clean install'
- create a directory called patch000X (X can be a preferred number greater than the existing ones) in $PRODUCT_HOME/repository/components/patches/ directory.
- place the built jar in patch000X directory
- restart the server with "-DapplyPatches" as follows:
./wso2server.sh -DapplyPatches
Following blog posts provide through knowledge on how to work with WSO2 Carbon Secure Vault.
[1] http://ajithvblogs.blogspot.com/2014/01/secure-custom-configuration-filexml.html
[2] http://pathberiya.blogspot.com/2012/08/secure-plain-text-passwords-in-wso2.html
In this post I am going to discuss how to secure the password field under 'NetworkAuthenticatorConfig' element defined in carbon.xml
This will require custom implementation as this password field is not supported out of the box. You can follow the 7 steps provided in Blog [1].
I will describe the Implementation details:
You need to modify setupAuthenticator method in https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.2.0/core/org.wso2.carbon.utils/4.2.0/src/main/java/org/wso2/carbon/context/internal/CarbonContextDataHolder.java class.
Note: The version 4.2.0 may vary depending on your carbon server release.
By default it reads the password value from carbon.xml. But after we use Secure Vault the actual password is not in carbon.xml. Therefore we have to implement the logic in such a way that it will get the decrypted secured password accordingly.
The modified method is as follows:
private static void setupAuthenticator(CarbonAuthenticator authenticator) throws Exception {
OMElement documentElement = XMLUtils.toOM(
CarbonUtils.getServerConfiguration().getDocumentElement());
OMElement authenticators = documentElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Security")).
getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "NetworkAuthenticatorConfig"));
if (authenticators == null) {
return;
}
String password = null;
String secretAlias = "xxxxxxxxxxxxxxxxxxxxx: Set the entry key used in cipher-tool.properties/cipher-text.properties xxxxxxxxxxxxxxxxxxx";
SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false);
for (Iterator iterator = authenticators.getChildElements(); iterator.hasNext(); ) {
OMElement authenticatorElement = (OMElement) iterator.next();
if (!authenticatorElement.getLocalName().equalsIgnoreCase("Credential")) {
continue;
}
String pattern = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Pattern")).getText();
String type = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Type")).getText();
String username = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Username")).getText();
if (secretResolver != null && secretResolver.isInitialized()) {
if (secretResolver.isTokenProtected(secretAlias)) {
password = secretResolver.resolve(secretAlias);
} else {
password = authenticatorElement.getFirstChildWithName(
new QName(ServerConstants.CARBON_SERVER_XML_NAMESPACE, "Password")).getText();
}
}
authenticator.addAuthenticator(type, pattern, username, password);
}
}
- build the org.wso2.carbon.utils bundle with 'mvn clean install'
- create a directory called patch000X (X can be a preferred number greater than the existing ones) in $PRODUCT_HOME/repository/components/patches/ directory.
- place the built jar in patch000X directory
- restart the server with "-DapplyPatches" as follows:
./wso2server.sh -DapplyPatches
Wednesday, April 16, 2014
How to write a client to invoke WSO2 Carbon Admin Services
Background:
In WSO2 Carbon platform, there is a concept call admin services which are a set of secured SOAP web services used to handle administrative tasks. There are certain cases where you might want to directly interact with these services to get your work done.
How do you find the list of available Admin Services?
You can start the carbon product with
./wso2server.sh -DosgiConsole
You can list the admin services with "listAdminServices" command in OSGi console.
By default the wsdl files are inaccessible via Management Console url. But you can set "HideAdminServices" value to false in carbon.xml to view these wsdl files easily as follows (If the port offset is set to 0 in carbon.xml the url is as follows).
https://localhost:9443/services/AuthenticationAdmin?wsdl
Usecase:
Think that you have a requirement to get permission set for each role you have defined through Management Console. In order to full fill this requirement you can write a client with the help of "AuthenticationAdmin" and "UserAdmin" admin services.
Steps:
1. Get yourself authenticated with AuthenticationAdmin service and retrieve the session cookie
2. Using the session cookie access other services.
Sample Code:
I am using a maven project to write this client. The repositories and dependencies used in pom.xml are as follows:
In WSO2 Carbon platform, there is a concept call admin services which are a set of secured SOAP web services used to handle administrative tasks. There are certain cases where you might want to directly interact with these services to get your work done.
How do you find the list of available Admin Services?
You can start the carbon product with
-DosgiConsole option. This is because all carbon products are based on OSGi../wso2server.sh -DosgiConsole
You can list the admin services with "listAdminServices" command in OSGi console.
By default the wsdl files are inaccessible via Management Console url. But you can set "HideAdminServices" value to false in carbon.xml to view these wsdl files easily as follows (If the port offset is set to 0 in carbon.xml the url is as follows).
https://localhost:9443/services/AuthenticationAdmin?wsdl
Usecase:
Think that you have a requirement to get permission set for each role you have defined through Management Console. In order to full fill this requirement you can write a client with the help of "AuthenticationAdmin" and "UserAdmin" admin services.
Steps:
1. Get yourself authenticated with AuthenticationAdmin service and retrieve the session cookie
2. Using the session cookie access other services.
Sample Code:
I am using a maven project to write this client. The repositories and dependencies used in pom.xml are as follows:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>Aloo</groupId>
<artifactId>AdminServicesInvoker</artifactId>
<version>0.0.1-SNAPSHOT</version>
<repositories>
<repository>
<id>wso2-nexus</id>
<name>WSO2 internal Repository</name>
<url>http://maven.wso2.org/nexus/content/groups/wso2-public/</url>
<releases>
<enabled>true</enabled>
<updatePolicy>daily</updatePolicy>
<checksumPolicy>fail</checksumPolicy>
</releases>
</repository>
</repositories>
<dependencies>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.authenticator.stub</artifactId>
<version>4.2.0</version>
</dependency>
<dependency>
<groupId>org.wso2.carbon</groupId>
<artifactId>org.wso2.carbon.user.mgt.stub</artifactId>
<version>4.2.0</version>
</dependency>
<dependency>
<groupId>org.apache.axis2.wso2</groupId>
<artifactId>axis2-client</artifactId>
<version>1.6.1.wso2v5</version>
</dependency>
</dependencies>
</project><pre class="brush: csharp">import java.rmi.RemoteException;
import org.apache.axis2.AxisFault;
import org.apache.axis2.context.ServiceContext;
import org.apache.axis2.transport.http.HTTPConstants;
import org.wso2.carbon.authenticator.stub.AuthenticationAdminStub;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.authenticator.stub.LogoutAuthenticationExceptionException;
public class LoginAdminServiceClient {
private final String serviceName = "AuthenticationAdmin";
private AuthenticationAdminStub authenticationAdminStub;
private String endPoint;
public LoginAdminServiceClient(String backEndUrl) throws AxisFault {
this.endPoint = backEndUrl + "/services/" + serviceName;
authenticationAdminStub = new AuthenticationAdminStub(endPoint);
}
public String authenticate(String userName, String password)
throws RemoteException, LoginAuthenticationExceptionException {
String sessionCookie = null;
if (authenticationAdminStub.login(userName, password, "localhost")) {
System.out.println("Login Successful");
ServiceContext serviceContext = authenticationAdminStub
._getServiceClient().getLastOperationContext()
.getServiceContext();
sessionCookie = (String) serviceContext
.getProperty(HTTPConstants.COOKIE_STRING);
System.out.println(sessionCookie);
}
return sessionCookie;
}
public void logOut() throws RemoteException,
LogoutAuthenticationExceptionException {
authenticationAdminStub.logout();
}
} </pre><pre class="brush: csharp"> import java.rmi.RemoteException;
import java.util.ArrayList;
import java.util.List;
import org.apache.axis2.AxisFault;
import org.apache.axis2.client.Options;
import org.apache.axis2.client.ServiceClient;
import org.wso2.carbon.user.mgt.stub.UserAdminStub;
import org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException;
import org.wso2.carbon.user.mgt.stub.types.carbon.UIPermissionNode;
public class ServiceAdminClient {
private final String serviceName = "UserAdmin";
private UserAdminStub userAdminStub;
private String endPoint;
public ServiceAdminClient(String backEndUrl, String sessionCookie)
throws AxisFault {
this.endPoint = backEndUrl + "/services/" + serviceName;
userAdminStub = new UserAdminStub(endPoint);
// Authenticate Your stub from sessionCooke
ServiceClient serviceClient;
Options option;
serviceClient = userAdminStub._getServiceClient();
option = serviceClient.getOptions();
option.setManageSession(true);
option.setProperty(
org.apache.axis2.transport.http.HTTPConstants.COOKIE_STRING,
sessionCookie);
}
public void getRolePermissions(String role) throws RemoteException,
UserAdminUserAdminException {
List allowedPermissions = new ArrayList();
UIPermissionNode uiPermissionNode = userAdminStub
.getRolePermissions(role);
getResourcePath(uiPermissionNode, allowedPermissions);
System.out.println(allowedPermissions);
}
public void getResourcePath(UIPermissionNode uiPermissionNode,
List allowedPermissions) {
if (uiPermissionNode.getNodeList() != null) {
UIPermissionNode[] uiPermissionNodes = uiPermissionNode
.getNodeList();
for (int i = 0; i < uiPermissionNodes.length; i++) {
UIPermissionNode uPermissionNode1 = uiPermissionNodes[i];
if (uPermissionNode1.getSelected()) {
allowedPermissions.add(uPermissionNode1.getResourcePath());
}
getResourcePath(uPermissionNode1, allowedPermissions);
}
}
return;
}
} </pre> The below class act as the invoker: Note: Change the path variable accordingly by pointing the certificate of your carbon product. <pre class="brush: csharp">import java.rmi.RemoteException;
import org.wso2.carbon.authenticator.stub.LoginAuthenticationExceptionException;
import org.wso2.carbon.authenticator.stub.LogoutAuthenticationExceptionException;
import org.wso2.carbon.user.mgt.stub.UserAdminUserAdminException;
public class ServiceInvoker {
public static void main(String[] args) throws RemoteException,
LoginAuthenticationExceptionException,
LogoutAuthenticationExceptionException {
String path = "/home/punnadi/wso2is-4.5.0/repository/resources/security/"
+ "wso2carbon.jks";
System.setProperty("javax.net.ssl.trustStore", path);
System.setProperty("javax.net.ssl.trustStorePassword", "wso2carbon");
String backEndUrl = "https://localhost:9443";
LoginAdminServiceClient login = new LoginAdminServiceClient(backEndUrl);
String sessionCookie = login.authenticate("admin", "admin");
ServiceAdminClient serviceAdminClient = new ServiceAdminClient(
backEndUrl, sessionCookie);
try {
serviceAdminClient.getRolePermissions("admin");
} catch (UserAdminUserAdminException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
login.logOut();
}
}</pre> Wednesday, April 9, 2014
Adding a MySQL datasource to JBoss AS 7.1.1
Prerequisites:
JBoss AS 7.1.1
mysql-connector-java-your_version-bin.jar
My Environment:
Ubuntu 12.04
java version "1.6.0_45"
1. Extract the JBoss server and I call it "JBOSS_HOME" here onwards.
2. Create "com/mysql/main" directory structure in JBOSS_HOME/modules directory.
3. Copy mysql-connector-java--bin.jar to the above created directory.
4. Create a file called module.xml which has following content in the same directory. Update the jar version accordingly.
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-5.1.27-bin.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>
</dependencies>
</module>
The created directory structure including files is as depicted above.
5. Modify JBOSS_HOME/standalone/configuration/standalone.xml as follows:
Add mysql datasource and the driver configs as given below under datasources tag.
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jta="true" jndi-name="java:/jboss/datasources/dsJaasProject" pool-name="my_pool" enabled="true" use-java-context="true" use-ccm="true">
<connection-url>jdbc:mysql://localhost:3306/jaasProject</connection-url>
<driver>mysql</driver>
<security>
<user-name>root</user-name>
<password>root</password>
</security>
<statement>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>true</share-prepared-statements>
</statement>
</datasource>
<drivers>
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
6. Now start the server from JBOSS_HOME/bin directory as follows:
./standalone.sh
You would notice that there will be a file called "mysql-connector-java-your_version-bin.jar.index" generated inside JBOSS_HOME/module/com/mysql/main directory.
JBoss AS 7.1.1
mysql-connector-java-
My Environment:
Ubuntu 12.04
java version "1.6.0_45"
1. Extract the JBoss server and I call it "JBOSS_HOME" here onwards.
2. Create "com/mysql/main" directory structure in JBOSS_HOME/modules directory.
3. Copy mysql-connector-java-
4. Create a file called module.xml which has following content in the same directory. Update the jar version accordingly.
<?xml version="1.0" encoding="UTF-8"?>
<module xmlns="urn:jboss:module:1.1" name="com.mysql">
<resources>
<resource-root path="mysql-connector-java-5.1.27-bin.jar"/>
</resources>
<dependencies>
<module name="javax.api"/>
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>
</dependencies>
</module>
The created directory structure including files is as depicted above.
5. Modify JBOSS_HOME/standalone/configuration/standalone.xml as follows:
Add mysql datasource and the driver configs as given below under datasources tag.
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" pool-name="ExampleDS" enabled="true" use-java-context="true">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
<driver>h2</driver>
<security>
<user-name>sa</user-name>
<password>sa</password>
</security>
</datasource>
<datasource jta="true" jndi-name="java:/jboss/datasources/dsJaasProject" pool-name="my_pool" enabled="true" use-java-context="true" use-ccm="true">
<connection-url>jdbc:mysql://localhost:3306/jaasProject</connection-url>
<driver>mysql</driver>
<security>
<user-name>root</user-name>
<password>root</password>
</security>
<statement>
<prepared-statement-cache-size>100</prepared-statement-cache-size>
<share-prepared-statements>true</share-prepared-statements>
</statement>
</datasource>
<drivers>
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.jdbc.jdbc2.optional.MysqlXADataSource</xa-datasource-class>
</driver>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
6. Now start the server from JBOSS_HOME/bin directory as follows:
./standalone.sh
You would notice that there will be a file called "mysql-connector-java-
Tuesday, March 11, 2014
transport error 202: gethostbyname: unknown host in Eclipse while debugging
FATAL ERROR in native method: JDWP No transports initialized, jvmtiError=AGENT_ERROR_TRANSPORT_INIT(197)
ERROR: transport error 202: gethostbyname: unknown host
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)
JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [../../../src/share/back/debugInit.c:690]
If you come across this error while you trying to debug code from Eclipse check your /etc/hosts file and add below entry. Issue will go away.
127.0.0.1 localhost
ERROR: transport error 202: gethostbyname: unknown host
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)
JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized [../../../src/share/back/debugInit.c:690]
If you come across this error while you trying to debug code from Eclipse check your /etc/hosts file and add below entry. Issue will go away.
127.0.0.1 localhost
Tuesday, November 19, 2013
How to host a WCF in IIS and enable Windows Authentication
I came across a scenario where I wanted to deploy a web service in windows server. Since I am mainly familiar with Linux environment and Java technology it took a while for me to get it done. So here I am sharing the knowledge gathered by me for those who wants to achieve the same task with less time.
WCF is a runtime set of APIs in .NET framework to create Web services.
IIS is a Microsoft Web server.
Environment:
JDK 1.6
.NET 4.0
IIS 7.5
Windows 7 professional
When you type IIS on the search in Start menu and did not retrieve any related results you can follow below steps:
Go to Control Panel -> Programs -> Programs and Features and click on "Turn Windows Features on or off". Refer the attached diagram.
Make sure you have ticked what is shown in here to avoid getting exceptions when you deploy WCF in IIS and try to access it from the browser.
I mainly referred this link to create WCF application but did some slight changes on Web.config. (Important: Please create your application directory in C:\inetpub\wwwroot\ directory)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Microsoft.ServiceModel.Samples.CalculatorService">
<endpoint address="" binding="basicHttpBinding" contract="Microsoft.ServiceModel.Samples.ICalculator" />
<endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="Information, ActivityTracing"
propagateActivity="true" >
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="myUserTraceSource"
switchValue="Information, ActivityTracing">
<listeners>
<add name="xml"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add name="xml"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="Error.svclog" />
</sharedListeners>
</system.diagnostics>
</configuration>
In order to create the application you need to first go to "IIS Manager" and expand the node and go to "Default Web Site" and right click on it as follows.
Now go to the application you have created and select it. In the feature view, under IIS click on "Authentication" and disable "Anonymous Authentication" and enable "Windows Authentication".
Now you need to add users in order to use windows authentication.
For that go to Computer Management -> Local Users and Groups -> Users and create new user. Uncheck "User must change password at next logon" and click "User cannot change password" and "Password never expires".
Then go to Computer Management -> Local Users and Groups ->Groups and select "IIS_IUSERS". Write click on it and click on All Tasks->Add to Group and add the user created in the previous step.
Now when you type the app url in browser you should be prompted to enter credentials.
WCF is a runtime set of APIs in .NET framework to create Web services.
IIS is a Microsoft Web server.
Environment:
JDK 1.6
.NET 4.0
IIS 7.5
Windows 7 professional
When you type IIS on the search in Start menu and did not retrieve any related results you can follow below steps:
Go to Control Panel -> Programs -> Programs and Features and click on "Turn Windows Features on or off". Refer the attached diagram.
Make sure you have ticked what is shown in here to avoid getting exceptions when you deploy WCF in IIS and try to access it from the browser.
I mainly referred this link to create WCF application but did some slight changes on Web.config. (Important: Please create your application directory in C:\inetpub\wwwroot\ directory)
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Microsoft.ServiceModel.Samples.CalculatorService">
<endpoint address="" binding="basicHttpBinding" contract="Microsoft.ServiceModel.Samples.ICalculator" />
<endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="Information, ActivityTracing"
propagateActivity="true" >
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="xml"/>
</listeners>
</source>
<source name="myUserTraceSource"
switchValue="Information, ActivityTracing">
<listeners>
<add name="xml"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add name="xml"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="Error.svclog" />
</sharedListeners>
</system.diagnostics>
</configuration>
In order to create the application you need to first go to "IIS Manager" and expand the node and go to "Default Web Site" and right click on it as follows.
Now go to the application you have created and select it. In the feature view, under IIS click on "Authentication" and disable "Anonymous Authentication" and enable "Windows Authentication".
Now you need to add users in order to use windows authentication.
For that go to Computer Management -> Local Users and Groups -> Users and create new user. Uncheck "User must change password at next logon" and click "User cannot change password" and "Password never expires".
Then go to Computer Management -> Local Users and Groups ->Groups and select "IIS_IUSERS". Write click on it and click on All Tasks->Add to Group and add the user created in the previous step.
Now when you type the app url in browser you should be prompted to enter credentials.
Subscribe to:
Posts (Atom)