Tuesday, June 27, 2017

WSO2- How to change c-app based artifacts for different environment?

You can follow below steps:

1. Create the message store as below (using ESB tooling)
<?xml version="1.0" encoding="UTF-8"?>
<messageStore
  class="org.apache.synapse.message.store.impl.rabbitmq.RabbitMQStore"
  name="TestMessageStore" xmlns="http://ws.apache.org/ns/synapse">
  <parameter name="store.rabbitmq.host.name">${hostName}</parameter>
  <parameter name="store.producer.guaranteed.delivery.enable">${guaranteed_delivery}</parameter>
  <parameter name="store.rabbitmq.host.port">${port}</parameter>
  <parameter name="store.rabbitmq.username">${userName}</parameter>
  <parameter name="store.rabbitmq.password">${password}</parameter>
</messageStore>

 2. In pom.xml we need to add the properties as below
....
  <properties>
      <maven.test.skip>false</maven.test.skip>
      <CApp.type>...</CApp.type>
      <hostName>${hostName}</hostName>
      <guaranteed_delivery>${guaranteed_delivery}</guaranteed_delivery>
      <port>${port}</port>
      <userName>${userName}</userName>
      <password>${password}</password>
  </properties>
....
 
3. Build the configuration project, by passing the relevant values according to the environment. According to the above sample, we build the project by using below command
mvn clean install -DhostName=172.22.217.25 -Dguaranteed_delivery=true -Dport=5672 -DuserName=admin -Dpassword=admin

4. Build the Carbon application (CAR project) by using below command
mvn clean install

5. In the CAR file, we can see the message store as below
<messageStore class="org.apache.synapse.message.store.impl.rabbitmq.RabbitMQStore" name="TestMessageStore">
<parameter name="store.rabbitmq.host.name">172.22.217.25</parameter>
<parameter name="store.producer.guaranteed.delivery.enable">false</parameter>
<parameter name="store.rabbitmq.host.port">5672</parameter>
<parameter name="store.rabbitmq.username">admin</parameter>
<parameter name="store.rabbitmq.password">admin</parameter>
</messageStore>
 
You can configure the artifacts configuration according to the environment and this is the recommended way.
Posted by at No comments:

Sunday, June 25, 2017

WSO2 - How to use Kerberos in Proxy?

I tried few other blogs and finally encounter some problem when following those. So, I thought to write a new blog to explain the steps which I followed.

You can use Kerberos in Proxy with below steps.

I used below options:

  • WSO2 Identity Server (IS) 5.0.0 as a Key Distribution Center (KDC).
  • Active directory (AD) as the KDC
Steps:

1. Change the <IS_HOME>/repository/conf/identity/embedded-ldap.xml
Under KDCServer, enabled property set to true and preAuthenticationTimeStampEnabled property set to false
 <KDCServer>
    <Property name="name">defaultKDC</Property>
    <Property name="enabled">true</Property>
    <Property name="protocol">UDP</Property>
    <Property name="host">localhost</Property>
    <Property name="port">${Ports.EmbeddedLDAP.KDCServerPort}</Property>
    <Property name="maximumTicketLifeTime">8640000</Property>
    <Property name="maximumRenewableLifeTime">604800000</Property>
    <Property name="preAuthenticationTimeStampEnabled">false</Property>
 </KDCServer>

2. If you want to change the default realm of the KDC, change the “realm” property. By default it's WSO2.ORG
<Property name="realm">WSO2.ORG</Property>

3. We can also enable the KDC settings in the <IS_HOME>/repository/conf/user-mgt.xml
<Property name="kdcEnabled">true</Property>

4. Create a jaas.conf file with the following content, and place inside <IS_HOME>/repository/conf/security/
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=tfalse
storeKey=true
useTicketCache=false
isInitiator=false;
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache=false;
};

5. Create a krb5.conf file with the following content, and place inside <IS_HOME>/repository/conf/security/
[libdefaults]
        default_realm = WSO2.ORG
        default_tkt_enctypes = rc4-hmac des-cbc-md5
        default_tgs_enctypes = rc4-hmac des-cbc-md5
        dns_lookup_kdc = true
        dns_lookup_realm = false

[realms]
        WSO2.ORG = {
            kdc = 127.0.0.1
   }

6. Start the IS server

7. Create a Service Principal (SPN) and client principals to use with kerberos ticket granting system (TGS).
  1. Configure
  2. Kerberos KDC
  3. Service Principals
  4. Add new Service Principal
  5. Provide a service principal name, description and a password
  6. Sample SPN Name : esb/local
    Note: Do not put relme with the SPN name (Ex: esb/local@WSO2.ORG)

8. Create a new user
  1. Configure
  2. Users and Roles
  3. Users
  4. Add User

9. Create a jaas.conf file with the following content, and place inside <ESB_HOME>/repository/conf/security/
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
storeKey=true
useTicketCache=true
isInitiator=false
principal="esb/local@WSO2.ORG";
};

10. Create a krb5.conf file with the following content, and place inside <ESB_HOME>/repository/conf/security/
[libdefaults]
        default_realm = WSO2.ORG
        default_tgs_enctypes = des-cbc-md5
        default_tkt_enctypes = des-cbc-md5
        permitted_enctypes = des-cbc-md5
        allow_weak_crypto = true
        
[realms]
        WSO2.ORG = {
                kdc = 127.0.0.1:8000
        }

[domain_realm]
        .wso2.ORG = WSO2.ORG
        wso2.ORG = WSO2.ORG

[login]
        krb4_convert = true
        krb4_get_tickets = false

11. Start the ESB server -> navigate to the proxy list

12. Secure the proxy
  1. Click a proxy
  2. Click the Security
  3. Enable Security set to Yes
  4. Tick the Kerberos Authentication - Sign - Sign based on a Kerberos Token. and Next
  5. Give the Service Principal Name and the Service Principal Password
  6. Finish

Note: Above configuration works without any issue with JDK1.6
If you are using JDK1.7 you have to contact WSO2 support to solve the problem.

We tested the above with a 'Java Client' and it was successful. Please find the below client log for your reference. (We enable the "System.setProperty("sun.security.krb5.debug", "true");" to get the KRB logs)

Calling service with parameter - Hello Shazni!!!!!!!
Request = <abc><in>Hello Shazni!!!!!!!</in></abc>
default etypes for default_tkt_enctypes: 3 1 16.
>>> KdcAccessibility: reset
default etypes for default_tkt_enctypes: 3 1 16.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=localhost UDP:8000, timeout=30000, number of retries =3, #bytes=144
>>> KDCCommunication: kdc=localhost UDP:8000, timeout=30000,Attempt =1, #bytes=144
>>> KrbKdcReq send: #bytes read=497
>>> KrbKdcReq send: #bytes read=497
>>> KdcAccessibility: remove localhost:8000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply test_carbon.super
default etypes for default_tkt_enctypes: 3 1 16.
Found ticket for test_carbon.super@WSO2.ORG to go to krbtgt/WSO2.ORG@WSO2.ORG expiring on Fri Mar 10 17:28:24 IST 2017
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for test_carbon.super@WSO2.ORG to go to krbtgt/WSO2.ORG@WSO2.ORG expiring on Fri Mar 10 17:28:24 IST 2017
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 3 1 16.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbKdcReq send: kdc=localhost UDP:8000, timeout=30000, number of retries =3, #bytes=551
>>> KDCCommunication: kdc=localhost UDP:8000, timeout=30000,Attempt =1, #bytes=551
>>> KrbKdcReq send: #bytes read=527
>>> KrbKdcReq send: #bytes read=527
>>> KdcAccessibility: remove localhost:8000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 710568894
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 01 D0 30 82   01 CC A0 03 02 01 05 A1  ..n...0.........
0010: 03 02 01 0E A2 07 03 05   00 00 00 00 00 A3 81 F5  ................
0020: 61 81 F2 30 81 EF A0 03   02 01 05 A1 0A 1B 08 57  a..0...........W
0030: 53 4F 32 2E 4F 52 47 A2   1B 30 19 A0 03 02 01 00  SO2.ORG..0......
0040: A1 12 30 10 1B 07 74 65   73 74 61 62 63 1B 05 6C  ..0...testabc..l
0050: 6F 63 61 6C A3 81 BE 30   81 BB A0 03 02 01 03 A2  ocal...0........
0060: 81 B3 04 81 B0 65 12 9C   46 31 27 AF 91 24 DF A8  .....e..F1'..$..
0070: 99 03 4E CE 82 03 AF 29   5F C7 46 10 51 8C 82 3D  ..N....)_.F.Q..=
0080: D5 6E C2 52 78 97 27 24   E6 84 F4 25 F1 CB AC EF  .n.Rx.'$...%....
0090: D0 95 E8 F8 61 C6 3E AA   5E 37 6E 68 47 8C FD 58  ....a.>.^7nhG..X
00A0: 9B 49 DE 88 08 EF D2 D8   12 45 5D AC 0B 8B 42 07  .I.......E]...B.
00B0: 4A 0D 43 96 C7 BC AD 81   50 72 5F 63 0F 4A 8D 79  J.C.....Pr_c.J.y
00C0: F3 DB 11 05 15 54 7B 4C   C9 B0 DC 28 83 75 6C 05  .....T.L...(.ul.
00D0: E4 8F 4F CF 7D CC 70 0A   0C 85 3C E2 E0 E1 5C 34  ..O...p...<...\4
00E0: BC 8A 3B AB CB 09 79 09   4F E9 62 47 F6 1D 6E CE  ..;...y.O.bG..n.
00F0: 46 2C 40 D1 E0 98 A5 3D   AD 18 2A 40 17 26 32 0A  F,@....=..*@.&2.
0100: A7 AA 9C 90 8B 5C 57 30   16 45 F6 E8 22 28 E2 50  .....\W0.E.."(.P
0110: E9 B5 4C CC 7F A4 81 BE   30 81 BB A0 03 02 01 03  ..L.....0.......
0120: A2 81 B3 04 81 B0 02 D0   DE 35 C5 34 95 07 C9 9A  .........5.4....
0130: 31 56 5B 5E 35 7C 81 5B   12 06 23 27 24 D5 D0 4E  1V[^5..[..#'$..N
0140: 2C 06 2F 91 5D AF E7 FB   9E 9E BC 60 C8 9D 11 2E  ,./.]......`....
0150: BC 1A 98 7D 90 3A AE B1   F1 DA 00 20 0D 6B 06 68  .....:..... .k.h
0160: F4 7D FE 7F 9B CC E2 45   D6 AE 95 41 35 C3 D7 4F  .......E...A5..O
0170: 89 AD 94 70 25 BC E7 D0   CF 64 3D 1A F8 3A EE C3  ...p%....d=..:..
0180: EE C6 73 D0 02 2A 12 99   9E B0 EB 8F F8 A8 95 11  ..s..*..........
0190: 98 F0 29 55 C3 65 F9 8E   AE 74 42 5E F3 6C 73 08  ..)U.e...tB^.ls.
01A0: 21 F7 2E F5 2E F4 34 F4   C6 8E D2 68 F2 EC 8F EC  !.....4....h....
01B0: B9 A8 20 8D 53 F2 50 3D   94 12 70 31 06 89 0D 4A  .. .S.P=..p1...J
01C0: 30 D9 6E FF 86 E9 BE 51   F2 5B C2 94 8E 65 A3 51  0.n....Q.[...e.Q
01D0: 58 0C 6F 00 C8 34                                  X.o..4

The response is: <abc><in>Hello Shazni!!!!!!!</in></abc>

Enjoy...!!!
Posted by at No comments:

How to start to implement SpringBoot application.

There are 4 different ways to start a SpringBoot application.
1. Create a simple maven project and change the necessary changes to the pom file
2. Spring Initializr (online application)
3. Spring Boot CLI
4. STS IDE

I'll briefly explain above 4 ways to get a basic knowledge about mechanisms.

1. Create a simple maven project and change the necessary changes to the pom file
You can create a simple maven project and then,

       a.) Add the below parent tag
<parent>
 <groupId>org.springframework.boot</groupId>    
 <artifactId>spring-boot-starter-parent</artifactId>        
 <version>1.4.2.RELEASE</version>
</parent>

      b.) Add the spring-boot-starter-web dependency
<dependency> 
 <groupId>org.springframework.boot</groupId>    
 <artifactId>spring-boot-starter-web</artifactId> 
</dependency>

      c.) Add the supported java version (1.8)
<properties>   
 <java.version>1.8</java.version>  
</properties>
Then build the project.

2. Spring Initializr (online application)
Go to the http://start.spring.io & Give necessary information & generate the project

3. Spring Boot CLI
Download spring-boot-cli & go to bin and can write Groovy script to generate the project

4. STS IDE
    a. You can download the STS editor by accessing url [1]
    b. Extract the download file and start the STS IDE
Since, I'v been using the Ubuntu operating system, I downloaded the spring-tool-suite-3.8.4.RELEASE-e4.6.3-linux-gtk-x86_64.tar.gz file. Then extracted it. Finally started the STS file located in <extracted_location>/sts-bundle/sts-3.8.4.RELEASE/
   c. File -> New -> Spring Starter Project
   d. Then you can give a 'name' and select the 'Spring Boot Version' and select the necessary available dependency and finish

[1] https://spring.io/tools/sts/all













Posted by



at





No comments:
  










































WSO2 ESB - How to read the payload content using enrich mediator?














You can enrich mediator to read the payload content very easily.







We will assume that ESB receives a payload as below.






<?xml version='1.0' encoding='utf-8'?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soap:Body>
        <person>
            <name>tharanga wijeweer</name>
        </person>
    </soap:Body>
</soap:Envelope>







Now, need to read this payload & set the name of the person to a property.






<enrich>
    <source xmlns:soap="http://www.w3.org/2003/05/soap-envelope" clone="true" xpath="//soap:Envelope/soap:Body/person/name/text()"/>
    <target type="property" property="PersonName"/>
</enrich>







Above enrich mediator reads the name of the person from the payload and set that value to the PersonName property.







Enjoy..!! 
















Posted by



at





No comments:
  










































WSO2 ESB - How to set payload content using enrich mediator?












You can use WSO2 enrich mediator replace a new value to a existing payload as below



We will assume that, ESB received a payload as below:


<?xml version='1.0' encoding='utf-8'?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soap:Body>
        <person>
            <name>tharanga</name>
        </person>
    </soap:Body>
</soap:Envelope>




And if you need to set the new name of person,  you can use the enrich mediator as below:




<property name="PersonName" value="wijeweera"/>


<enrich>
   <source type="property" clone="true" property="PersonName"/>
   <target xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xpath="//soap:Envelope/soap:Body/person/name/text()"/>
</enrich>




PersonName value (wijeweera) will replace with the old value. Then payload will be as below.



<?xml version='1.0' encoding='utf-8'?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soap:Body>
        <person>
            <name>Wijeweera</name>
        </person>
    </soap:Body>
</soap:Envelope>



Enjoy..!!










Posted by



at





No comments:
  










































WSO2 - How to assign system date time to a property?












You can get the system time very easily as below




<property name="StringVal" expression="get-property('SYSTEM_DATE')"/>



And also you can format the Date & Time according to your requirement as below.




<property name="StringVal" expression="get-property('SYSTEM_DATE', 'yyyyMMddHHmmss')"/>



Year - y

Month - M

Day - d

Hour - H

Minute - m

Second - s



Enjoy..!










Posted by



at





No comments:
  


































        

      









Subscribe to:
Posts (Atom)