I was unable to access the ActiveMQ web console in 5.16 version.
I opened the required ports in AWS security group and I checked which ports are configured for console and the broker URL, yet the browser said "Page Not Found" so I looked into the jetty.xml and noticed this line:
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="127.0.0.1"/>
<property name="port" value="8161"/>
</bean>
I changed the host to 0.0.0.0:
<bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start">
<!-- the default port number for the web console -->
<property name="host" value="0.0.0.0"/>
<property name="port" value="8161"/>
</bean>
Now I am able to access the web console. However does this give any security risk?
There is always inherently more risk when exposing additional points of entry into a system (e.g. a management console).
The ActiveMQ web console is a powerful tool which can be used to delete messages, remove destinations, stop the broker, etc. If a user gains unauthorized access to the web console then they can make a real mess. If you expose the web console to external users then be sure to secure it according to the documentation.
Related
I am trying to use the monetization feature in WSO2 APIM. I am testing it out with default Stripe as its billing engine. I have followed this documentation for the configuration WSO2 APIM Monetization. I have commented out the existing workflow definition for SubscriptionCreation and SubscriptionDeletion and added the definition mentioned in the steps.
The current workflow definition after the update looks like this ->
<WorkFlowExtensions>
<ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationSimpleWorkflowExecutor"/>
<!--ApplicationCreation executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationCreationApprovalWorkflowExecutor"/-->
<ProductionApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor"/>
<!--ProductionApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationApprovalWorkflowExecutor"/-->
<SandboxApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor"/>
<!--SandboxApplicationRegistration executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationApprovalWorkflowExecutor"/-->
<!--<SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationSimpleWorkflowExecutor"/>-->
<SubscriptionCreation executor="org.wso2.apim.monetization.impl.workflow.StripeSubscriptionCreationWorkflowExecutor"/>
<!--SubscriptionCreation executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionCreationApprovalWorkflowExecutor"/-->
Subscription Update ->
<SubscriptionUpdate executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateSimpleWorkflowExecutor"/>
<!--SubscriptionUpdate executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateApprovalWorkflowExecutor"/-->
<!--SubscriptionUpdate executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionUpdateWSWorkflowExecutor">
<Property name="serviceEndpoint">http://localhost:9765/services/SubscriptionApprovalWorkFlowProcess/</Property>
<Property name="username">username</Property>
<Property name="password">password</Property>
<Property name="callbackURL">https://host:port/services/WorkflowCallbackService</Property>
</SubscriptionUpdate-->
<UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpSimpleWorkflowExecutor"/>
<!--UserSignUp executor="org.wso2.carbon.apimgt.impl.workflow.UserSignUpApprovalWorkflowExecutor"/-->
<!--
***NOTE:***
Users of deletion workflows are expected to implement their own deletion workflow executors and services.
By default API Manager only implements the core functionalities required to support deletion workflows and
simple deletion workflow executors. Default WS deletion workflow implementations are not available with the
distribution.
-->
<!--<SubscriptionDeletion executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionDeletionSimpleWorkflowExecutor"/>-->
<SubscriptionDeletion executor="org.wso2.apim.monetization.impl.workflow.StripeSubscriptionDeletionWorkflowExecutor"/>
<!--SubscriptionDeletion executor="org.wso2.carbon.apimgt.impl.workflow.SubscriptionDeletionSimpleWorkflowExecutor">
<Property name="serviceEndpoint">http://host:port/services/SubscriptionApprovalWorkFlowProcess/</Property>
<Property name="username">username</Property>
<Property name="password">password</Property>
<Property name="callbackURL">https://host:port/services/WorkflowCallbackService</Property>
</SubscriptionDeletion -->
<ApplicationDeletion executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationDeletionSimpleWorkflowExecutor"/>
<!--ApplicationDeletion executor="org.wso2.carbon.apimgt.impl.workflow.ApplicationDeletionSimpleWorkflowExecutor">
<Property name="serviceEndpoint">http://host:port/services/ApplicationApprovalWorkFlowProcess/</Property>
<Property name="username">username</Property>
<Property name="password">password</Property>
<Property name="callbackURL">https://host:port/services/WorkflowCallbackService</Property>
</ApplicationDeletion-->
<!-- Publisher related workflows -->
<APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeSimpleWorkflowExecutor" />
<!--APIStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIStateChangeApprovalWorkflowExecutor">
<Property name="stateList">Created:Publish,Published:Block</Property>
</APIStateChange-->
<APIProductStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIProductStateChangeSimpleWorkflowExecutor" />
<!--APIProductStateChange executor="org.wso2.carbon.apimgt.impl.workflow.APIProductStateChangeApprovalWorkflowExecutor">
<Property name="stateList">Created:Publish,Published:Block</Property>
</APIProductStateChange-->
`
When I try to monetize a policy or when I try to subscribe API to an application using the monetized policy, I get the following error ->
ERROR - StripeSubscriptionCreationWorkflowExecutor Error while creating a customer in Stripe for username
ERROR - APIConsumerImpl Could not execute Workflow
org.wso2.carbon.apimgt.impl.workflow.WorkflowException: Error while creating a customer in Stripe for username
Caused by: com.stripe.exception.ApiConnectionException: IOException during API request to Stripe (https://api.stripe.com): HTTPS hostname wrong: should be <api.stripe.com> Please check your internet connection and try again. If this problem persists,you should check Stripe's service status at https://twitter.com/stripestatus, or let us know at support#stripe.com.
It seems the issue is due to the workflow update, but I couldn't figure out the exact issue.
Update: -
I tried removing the workflow changes, and with that configuration, I am able to create an API subscription (Hostname error occurs sometimes and sometimes it does not) but even if the subscription is created respective customer is not getting created on the connected Stripe account.
It seems like your server is unable to communicate with Stripe API endpoint (https://api.stripe.com). You might want to add Stripe domains to your server's allowlist.
i'm working on a webapp offering SOAP WebServices using Spring-WS 2.0. The WebService Requests need to be signed with a certificate which is of course validated on the server. In order to do this WSS4J and a truststore is used - here the spring-config:
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="validationActions" value="Signature" />
<property name="validationSignatureCrypto">
<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="pass"/>
<property name="keyStoreLocation" value="location"/>
</bean>
</property>
</bean>
The application should be deployed to WebSphere 7 and the major requirement is, that the truststore should not be shipped with the application but be provided by the Application Server.
Does anybody know how i can achieve, that WebSphere either provides the truststore or how WebSphere can be configured to perform the security authorization ? The major challenge seems to be, that Spring-WS is used instead of using the WebSphere's facility for WebServices...
I don't work with Spring-WS so don't know the details of it.
WAS has a truststore which is where the list of trusted signer certificates are stored.
THe keystores and truststores can kept # multiple levels if you desire (e.g node,cell etc).
For detailed info you can look at a publicly available PPT
http://www.websphereusergroup.org.uk/wug/files/presentations/25/25_3_WAS61SecUpdate.pdf.
I don't know the version of WAS that you are using WAS 6.1 and WAS 7.x are the most widely used ones these days!
HTH
Manglu
I have an ubuntu machine, on which
a) a web application (Tomcat, on URL http://myapp.com ) and
b) a message queue broker (ActiveMQ)
are running.
ActiveMQ has a web console, which normally runs on port 8161 (i. e. at http://AAA.BBB.CCC.DDD:8161/admin , where AAA.BBB.CCC.DDD is the IP address of the machine).
Due to firewall restrictions in my office, I cannot access the web console, if it runs on port 8161, 8080 doesn't work, either.
I can, however, access the web console, if I use port 80 (http).
But then I get another problem: When I try to access
http://myapp.com
I am directed to the web console of ActiveMQ.
Question: How can I configure ActiveMQ's so that
a) ActiveMQ web console is available via port 80 on URL like http://AAA.BBB.CCC.DDD/activemq and
b) my web application works as usual on http://myapp.com
?
To change the contextPath/port, just modify the /activemq/conf/jetty.xml file, like this...
<bean class="org.eclipse.jetty.webapp.WebAppContext">
<property name="contextPath" value="/activemq" />
...
<bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<property name="port" value="80" />
</bean>
That being said, it sounds like you have a Tomcat app running on port 80 already. In this case, you'll need to embed the AMQ web console in Tomcat (as a separate app) instead of running it separately via the broker/Jetty. See this page for more information on doing this...
I've got ActiveMQ installed as I want it. However, the Web Console only listens on localhost - how do I make it listen on all interfaces? I'm sure it's a "host"="0.0.0.0" somewhere but where?
For the latest versions of ActiveMQ (e.g. 5.5), you can configure within the <activemq>/conf/jetty.xml file by adding a host property setting to the SelectChannelConnector bean.
<bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">
**<property name="host" value="0.0.0.0"/>**
<property name="port" value="8161" />
</bean>
Looking at the SelectChannelConnector code, if the host property is not set (i.e. null) then it will use the default for InetSocketAddress, which is supposed to be the "wildcard address" per the JavaDoc, so I'm surprised its not automatically binding to all addresses on your server by default.
Hope that helps,
Scott
FuseSource
I have been searching around for a proper way to configure an HTTP proxy in a Spring web application. Unfortunately, each time the results I get are about AOP proxies and not HTTP proxies.
Basically, one module of my application is running a webservice client configure in the Spring XML file with JAX-WS, giving something like :
<bean id="heartBeatWebservice" class="org.springframework.remoting.jaxws.JaxWsPortProxyFactoryBean">
<property name="serviceInterface" value="the.web.service.interface"/>
<property name="wsdlDocumentUrl" value="http://thehost:theport/theservicename.wsdl"/>
<property name="serviceName" value="TheServiceName"/>
<property name="namespaceUri" value="http://the.namespace/"/>
<property name="portName" value="TheWebServicePortName"/>
</bean>
But my app has to run behind an HTTP proxy for being able to call the web service, and I must acknowledge that I don't know how to do it properly within the Spring context.
I tried in some main class that I wrote to try out this code at first :
System.setProperty("http.proxyHost", "my.proxy.addr");
System.setProperty("http.proxyPort", "8080");
Unfortunately, it didn't work as expected. I assume there is a nice way to configure an HTTP proxy in a Spring context but can't find out how ...
Can you give me a hint ?
There isn't any Spring-specific HTTP proxy configuration required.
It should use the standard Java HTTP proxy settings, so you're going along the right lines.
Can you try running the main class using -Dhttp.proxyHost=my.proxy.host -Dhttp.proxyPort=8080 rather than using System.setProperty?