I need to create a proxy in the WSO2 ESB (4.9.0) to expose a secured backend webservice as an in-secured webservice, just like this image:
Exposing WS-Security secured backend WS as a plain WS
I want to use "Sign & Encrypt with X.509 authentication" WS-Security Policy.
This is my proxy "source view":
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="OutgoingSecurityProxy"
transports="http,https"
statistics="enable"
trace="enable"
startOnLoad="true">
<target>
<inSequence>
<send>
<endpoint>
<address uri="http://mylocalIP:80/mock_serverTest">
<enableAddressing/>
<enableSec policy="SecurityPolicyOut"/>
</address>
</endpoint>
</send>
</inSequence>
<outSequence>
<header xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
name="wsse:Security"
action="remove"/>
<send/>
</outSequence>
</target>
<publishWSDL uri="http://mylocalIP:80/mock_serverTest?WSDL"/>
<description/>
</proxy>
and this is the used security policy loaded as a "Local Entry" (It's the default policy for a sign & encrypt - x.509 auth scenario, only changed the info relative to keystores).
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SigEncr">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
</sp:Wss11>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>service</rampart:user>
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore
</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
<rampart:encryptionCrypto>
<rampart:crypto cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
<rampart:property name="org.wso2.carbon.security.crypto.alias">client</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.privatestore">mykeystore.jks</rampart:property>
<rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.truststores">mykeystore.jks</rampart:property>
<rampart:property name="rampart.config.user">service</rampart:property>
</rampart:crypto>
</rampart:encryptionCrypto>
<rampart:signatureCrypto>
<rampart:crypto cryptoKey="org.wso2.carbon.security.crypto.privatestore" provider="org.wso2.carbon.security.util.ServerCrypto">
<rampart:property name="org.wso2.carbon.security.crypto.alias">service</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.privatestore">mykeystore.jks</rampart:property>
<rampart:property name="org.wso2.stratos.tenant.id">-1234</rampart:property>
<rampart:property name="org.wso2.carbon.security.crypto.truststores">mykeystore.jks</rampart:property>
<rampart:property name="rampart.config.user">service</rampart:property>
</rampart:crypto>
</rampart:signatureCrypto>
</rampart:RampartConfig>
</wsp:Policy>
The backend "secured" WS (http://mylocalIP:80/mock_serverTest) is a ws-security enabled "mock" service of a plain WS created with SoapUI running in my desktop machine.
When I try to invoke the ESB service with SOAPUI I get the error "org.apache.axis2.AxisFault: Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext" :
16:17:45,465 [-] [PassThroughMessageProcessor-1] WARN TRACE_LOGGER Executing fault handler due to exception encountered
16:17:45,466 [-] [PassThroughMessageProcessor-1] WARN TRACE_LOGGER ERROR_CODE : 0
16:17:45,466 [-] [PassThroughMessageProcessor-1] WARN TRACE_LOGGER ERROR_MESSAGE : Unexpected error during sending message out
16:17:45,471 [-] [PassThroughMessageProcessor-1] WARN TRACE_LOGGER ERROR_DETAIL : org.apache.synapse.SynapseException: Unexpected error during sending message out
at org.apache.synapse.core.axis2.Axis2Sender.handleException(Axis2Sender.java:247)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:91)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:461)
at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:372)
at org.apache.synapse.endpoints.AddressEndpoint.send(AddressEndpoint.java:65)
at org.apache.synapse.mediators.builtin.SendMediator.mediate(SendMediator.java:105)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:81)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:48)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:149)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:185)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:395)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:142)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.axis2.AxisFault: Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:76)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:261)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:426)
at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.send(DynamicAxisOperation.java:185)
at org.apache.synapse.core.axis2.DynamicAxisOperation$DynamicOperationClient.executeImpl(DynamicAxisOperation.java:167)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:542)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:79)
... 15 more
Caused by: org.apache.rampart.RampartException: Password CallbackHandler not specified in rampart configuration policy or the CallbackHandler instance not available in the MessageContext
at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:312)
at org.apache.rampart.builder.BindingBuilder.getSignatureBuilder(BindingBuilder.java:265)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignature(AsymmetricBindingBuilder.java:761)
at org.apache.rampart.builder.AsymmetricBindingBuilder.doSignBeforeEncrypt(AsymmetricBindingBuilder.java:457)
at org.apache.rampart.builder.AsymmetricBindingBuilder.build(AsymmetricBindingBuilder.java:97)
at org.apache.rampart.MessageBuilder.build(MessageBuilder.java:147)
at org.apache.rampart.handler.RampartSender.invoke(RampartSender.java:65)
... 24 more
Any clues?
Thanks in advance!
The link above (sample 100 of WSO2 ESB) doesn't implement a password callback handler. You need to create a required password callback handler for your sign and encrypt policy. Here information how to create a PWCB http://pathberiya.blogspot.co.uk/2010/02/how-to-create-password-callback-class.html
Regards.
Related
I'm using WSO2 ESB to send JSON message using call mediator to Bitrix CRM. I had a look to all the posts and tutorials and I get always the same error:
HTTPSender - Unable to sendViaPost to url
After i switched Bitrix24 to use Nginx Push I have following problem on ESB.
TID[-1234] [EI] [2020-02-11 07:04:01,702] INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://xxxx.com/rest/update?id=33826]
org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.verifyHostname(TLSProtocolSocketFactory.java:233)
org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory.createSocket(TLSProtocolSocketFactory.java:194)
org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704)
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441)
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227) org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
org.apache.synapse.message.senders.blocking.BlockingMsgSender.sendReceive(BlockingMsgSender.java:490)
org.apache.synapse.message.senders.blocking.BlockingMsgSender.send(BlockingMsgSender.java:382)
org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:88)
org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:85)
org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:547)
org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:384)
org.apache.synapse.endpoints.HTTPEndpoint.send(HTTPEndpoint.java:85)
org.apache.synapse.mediators.builtin.CallMediator.handleBlockingCall(CallMediator.java:164)
org.apache.synapse.mediators.builtin.CallMediator.mediate(CallMediator.java:119)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
org.apache.synapse.config.xml.AnonymousListMediator.mediate(AnonymousListMediator.java:37)
org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:203)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:169)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:169)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
org.apache.synapse.mediators.builtin.ForEachMediator.mediateSequence(ForEachMediator.java:183)
org.apache.synapse.mediators.builtin.ForEachMediator.mediate(ForEachMediator.java:145)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:224)
org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:415)
org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
java.lang.Thread.run(Thread.java:748)
My call mediator looks like:
<property description="messageType JSON"
name="messageType"
scope="axis2"
type="STRING"
value="application/json"/>
<call blocking="true">
<endpoint>
<http method="POST"
statistics="enable"
trace="enable"
uri-template="{uri.var.RESTURL}">
<suspendOnFailure>
<errorCodes>400</errorCodes>
<initialDuration>0</initialDuration>
<progressionFactor>1.0</progressionFactor>
<maximumDuration>0</maximumDuration>
</suspendOnFailure>
</http>
</endpoint>
</call>
I've tried to send same message using Postman and It worked fine.
Thanks for any help.
UPDATE
Logs in admin panel are not full. I've checked manually on server and the problem is with:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
UPDATE2
Full stack:
[2020-02-11 22:18:01,953] [EI-Core] INFO - HTTPSender Unable to sendViaPost to url[https:/xxxx.com/rest/7]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:704)
at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:199)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:81)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:459)
at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:286)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:441)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:227)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.sendReceive(BlockingMsgSender.java:490)
at org.apache.synapse.message.senders.blocking.BlockingMsgSender.send(BlockingMsgSender.java:382)
at org.apache.synapse.core.axis2.Axis2FlexibleMEPClient.send(Axis2FlexibleMEPClient.java:88)
at org.apache.synapse.core.axis2.Axis2Sender.sendOn(Axis2Sender.java:85)
at org.apache.synapse.core.axis2.Axis2SynapseEnvironment.send(Axis2SynapseEnvironment.java:547)
at org.apache.synapse.endpoints.AbstractEndpoint.send(AbstractEndpoint.java:384)
at org.apache.synapse.endpoints.HTTPEndpoint.send(HTTPEndpoint.java:85)
at org.apache.synapse.mediators.builtin.CallMediator.handleBlockingCall(CallMediator.java:164)
at org.apache.synapse.mediators.builtin.CallMediator.mediate(CallMediator.java:119)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
at org.apache.synapse.config.xml.AnonymousListMediator.mediate(AnonymousListMediator.java:37)
at org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:203)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
at org.apache.synapse.config.xml.AnonymousListMediator.mediate(AnonymousListMediator.java:37)
at org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:203)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
at org.apache.synapse.mediators.filters.FilterMediator.mediate(FilterMediator.java:169)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.mediators.builtin.ForEachMediator.mediateSequence(ForEachMediator.java:183)
at org.apache.synapse.mediators.builtin.ForEachMediator.mediate(ForEachMediator.java:145)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:108)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:70)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:158)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:224)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:415)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:151)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
There seems to be a known issue in Call mediator blocking="true" mode. Please try out the work around suggested in the issue.
As a workaround for this, we can disable switching to opensaml http
client by setting rampart.axiom.parser.pool=false in a server start
up.
I am getting an error whenever I tried to redeploy the app to the esb. I am trying to merge the 2 response from different api and then map and manipulate that response. I am also using the latest 5.0.0 BETA version both esb tooling and esb.
Here is the fault reason
org.apache.axis2.deployment.DeploymentException: API deployment from
the file :
/Users/me/Downloads/wso2esb-5.0.0-BETA2/tmp/carbonapps/-1234/1468999438631movieapiApp_1.0.0.car/movieAPI_1.0.0/movieAPI-1.0.0.xml
: Failed. at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.deploy(AbstractSynapseArtifactDeployer.java:213)
at
org.wso2.carbon.application.deployer.synapse.SynapseAppDeployer.deployArtifacts(SynapseAppDeployer.java:131)
at
org.wso2.carbon.application.deployer.internal.ApplicationManager.deployCarbonApp(ApplicationManager.java:263)
at
org.wso2.carbon.application.deployer.CappAxis2Deployer.deploy(CappAxis2Deployer.java:72)
at
org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136)
at
org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:807)
at
org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144)
at
org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:377)
at
org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:254)
at
org.apache.axis2.deployment.RepositoryListener.startListener(RepositoryListener.java:371)
at
org.apache.axis2.deployment.scheduler.SchedulerTask.checkRepository(SchedulerTask.java:59)
at
org.apache.axis2.deployment.scheduler.SchedulerTask.run(SchedulerTask.java:67)
at
org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.runAxisDeployment(CarbonDeploymentSchedulerTask.java:93)
at
org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.run(CarbonDeploymentSchedulerTask.java:138)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745) Caused by:
org.apache.axis2.deployment.DeploymentException: API deployment from
the file :
/Users/me/Downloads/wso2esb-5.0.0-BETA2/tmp/carbonapps/-1234/1468999438631movieapiApp_1.0.0.car/movieAPI_1.0.0/movieAPI-1.0.0.xml
: Failed. at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.deploy(AbstractSynapseArtifactDeployer.java:201)
... 20 more Caused by:
org.apache.synapse.deployers.SynapseArtifactDeploymentException: API
deployment from the file :
/Users/me/Downloads/wso2esb-5.0.0-BETA2/tmp/carbonapps/-1234/1468999438631movieapiApp_1.0.0.car/movieAPI_1.0.0/movieAPI-1.0.0.xml
: Failed. at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.handleSynapseArtifactDeploymentError(AbstractSynapseArtifactDeployer.java:474)
at
org.apache.synapse.deployers.APIDeployer.deploySynapseArtifact(APIDeployer.java:71)
at
org.wso2.carbon.rest.api.ApiDeployer.deploySynapseArtifact(ApiDeployer.java:34)
at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.deploy(AbstractSynapseArtifactDeployer.java:194)
... 20 more Caused by: org.apache.synapse.SynapseException: Duplicate
resource definition by the name: movieapi at
org.apache.synapse.config.SynapseConfiguration.handleException(SynapseConfiguration.java:1627)
at
org.apache.synapse.config.SynapseConfiguration.addAPI(SynapseConfiguration.java:414)
at
org.apache.synapse.deployers.APIDeployer.deploySynapseArtifact(APIDeployer.java:59)
... 22 more
and here's my api
<?xml version="1.0" encoding="UTF-8"?>
<api context="/movieapi" name="movieapi" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET" uri-template="/*">
<inSequence>
<property name="ROOT" scope="default">
<root:movie xmlns:root="www.wso2esb.com"/>
</property>
<log level="full"/>
<clone continueParent="true" id="movie" sequential="true">
<target>
<sequence>
<send>
<endpoint>
<address format="rest" uri="https://api.themoviedb.org/3/movie/tt0918940?api_key=code&append_to_response=casts,images%22"/>
</endpoint>
</send>
</sequence>
</target>
<target>
<sequence>
<send>
<endpoint>
<address format="rest" uri="https://www.omdbapi.com/?type=movie&i=tt0918940"/>
</endpoint>
</send>
</sequence>
</target>
</clone>
</inSequence>
<outSequence>
<aggregate id="movie">
<completeCondition>
<messageCount max="-1" min="-1"/>
</completeCondition>
<onComplete enclosingElementProperty="ROOT" expression="//jsonObject" xmlns:dummy="http://org.dummy" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<datamapper config="gov:datamapper/movieapiMapping.dmc" inputSchema="gov:datamapper/movieapiMapping_inputSchema.json" inputType="JSON" outputSchema="gov:datamapper/movieapiMapping_outputSchema.json" outputType="JSON"/>
<property name="messageType" scope="axis2" type="STRING" value="application/json"/>
<respond/>
</onComplete>
</aggregate>
</outSequence>
<faultSequence/>
</resource>
</api>
and this is from the terminal
[2016-07-20 15:36:48,890] ERROR - DataMapperMediator DataMapper mediator : mapping configuration is null
The error you are getting in the terminal DataMapperMediator DataMapper mediator : mapping configuration is null is because the relevant registry resources are not deployed (more precisely, the configuration .dmc file). When you are deploying the capp, make sure that all the registry resources are included as well. Also when the capp deployment fails, can you check in the management console for any faulty services/APIs?
You get the error indicating Data mapper configurations null. So you have to add relevant configurations as you given in the proxy:
<datamapper config="gov:datamapper/movieapiMapping.dmc" inputSchema="gov:datamapper/movieapiMapping_inputSchema.json" inputType="JSON" outputSchema="gov:datamapper/movieapiMapping_outputSchema.json" outputType="JSON"/>
For example: You indicated about gov:datamapper/movieapiMapping.dmc
This should be available in governance registry.Please deploy relevant configs in to ESB.
Open the pom.xml file inside your CompositeApplication.
Edit it in the Design mode.
Under dependencies, you can see the artifacts which you can include.
Tick the checkbox near your relevant Registry artifact. Save pom file.
Now redeploy the application to the server or Regenerate your car file
What I wanna do is:
1.SSO with wso2 Identity server 5.1.0 and wso2 API manager 1.10.0 (done)
reference : https://docs.wso2.com/display/AM1100/Configuring+Single+Sign-on+with+SAML2
2.Login wso2 API manager 1.10.0 via Facebook credential (fail)
reference : https://docs.wso2.com/display/IS510/How+To%3A+Login+to+the+Identity+Server+using+Facebook+Credentials
The situation is :
1.When I go to the login page of APIM , it will redirect to Facebook login page via Identity server.
2.I login to Facebook and then it redirect to APIM via Identity server.
3.APIM shows Error 401 : Authorization Required.
The server couldn't verify that you are authorized to access the requested resource.
Identity server logs
==> audit.log <==
[2016-05-03 01:34:56,770] INFO {AUDIT_LOG}- Initiator : sbyangtw#yahoo.com.tw | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "c2474e20-3b83-4007-b34e-a6c461f7b9fa","AuthenticatedUser" : "sbyangtw#yahoo.com.tw","AuthenticatedUserTenantDomain" : "null","ServiceProviderName" : "APIM_PUBLISHER","RequestType" : "samlsso","RelyingParty" : "API_PUBLISHER_ISSUER","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNDYyMjM5Mjk2NzY1MzAwMCwiaWF0IjoxNDYyMjM5Mjk2NzY1LCJpZHBzIjpbeyJpZHAiOiJmYWNlYm9vayIsImF1dGhlbnRpY2F0b3IiOiJGYWNlYm9va0F1dGhlbnRpY2F0b3IifV19." } | Result : Success
==> http_access_2016-05-03.log <==
122.147.238.98 - - [03/May/2016:01:34:56 +0000] "GET /commonauth?code=AQBs01GQq0m76-z1ilUNzgIF-8qgBq7ES9MxIE_as5-EwoUg9kROlrKNQynM0xdZ7ZkdAMAxDq5wa8WRAZHoU8AHNTEHj_eEDzix5KKKyNTFkzqE0bRd4DXMaDwQg2r1WW9BTqVwAJYeJGuySE7aabNYfBaSyasqSOH0_kaow6-68MbDt6oAxCNBYUocn-JIDmS3-TUS6bYJsLMwYo8mcib22ZOl7pJWIhCPtx6mbIvcJmzIopdNqQwQkDMK741PN4jfNGfqkwkyRi1AQikgzomYSvqHt1slVV8KnHVDj-OTM2EwkDdVzWGiiyfKbT9P9MPZ7vxLYlkS6JgWdntzXDM7&state=c2474e20-3b83-4007-b34e-a6c461f7b9fa%2Cfacebook HTTP/1.1" 302 - "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
122.147.238.98 - - [03/May/2016:01:34:58 +0000] "GET /samlsso?sessionDataKey=a492a7af-202f-4370-af83-f96d8240f526 HTTP/1.1" 200 3632 "https://www.facebook.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"
APIM logs
==> wso2carbon.log <==
TID: [-1234] [] [2016-05-03 01:34:43,373] ERROR {org.wso2.carbon.registry.core.jdbc.realm.RegistryRealm} - Realm service is not available. Make sure that the required version of the User Manager component is properly installed. {org.wso2.carbon.registry.core.jdbc.realm.RegistryRealm}
==> wso2-apigw-errors.log <==
2016-05-03 01:34:43,373 [-] [http-nio-9443-exec-28] ERROR RegistryRealm Realm service is not available. Make sure that the required version of the User Manager component is properly installed.
==> wso2carbon.log <==
TID: [-1234] [] [2016-05-03 01:34:43,374] ERROR {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} - Error when updating the permission cache for tenant : -1 {org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
org.wso2.carbon.user.core.UserStoreException: Realm service is not available. Make sure that the required version of the User Manager component is properly installed.
at org.wso2.carbon.registry.core.jdbc.realm.RegistryRealm.getRealm(RegistryRealm.java:149)
at org.wso2.carbon.core.internal.permission.update.PermissionUpdater.getAuthzManager(PermissionUpdater.java:90)
at org.wso2.carbon.core.internal.permission.update.PermissionUpdater.update(PermissionUpdater.java:60)
at org.wso2.carbon.core.util.PermissionUpdateUtil.updatePermissionTree(PermissionUpdateUtil.java:46)
at org.wso2.carbon.apimgt.impl.utils.APIUtil.updatePermissionCache(APIUtil.java:4554)
at org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject.jsFunction_updatePermissionCache(APIProviderHostObject.java:284)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.publisher.modules.api.c1._c_anonymous_7(/publisher/modules/api/check-permissions.jag:169)
at org.jaggeryjs.rhino.publisher.modules.api.c1.call(/publisher/modules/api/check-permissions.jag)
at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)
at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)
at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.publisher.modules.api.c0._c_anonymous_25(/publisher/modules/api/module.jag:83)
at org.jaggeryjs.rhino.publisher.modules.api.c0.call(/publisher/modules/api/module.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.publisher.jagg.c1._c_anonymous_1(/publisher/jagg/jaggery_acs.jag:59)
at org.jaggeryjs.rhino.publisher.jagg.c1.call(/publisher/jagg/jaggery_acs.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at org.jaggeryjs.rhino.publisher.jagg.c1._c_script_0(/publisher/jagg/jaggery_acs.jag:5)
at org.jaggeryjs.rhino.publisher.jagg.c1.call(/publisher/jagg/jaggery_acs.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at org.jaggeryjs.rhino.publisher.jagg.c1.call(/publisher/jagg/jaggery_acs.jag)
at org.jaggeryjs.rhino.publisher.jagg.c1.exec(/publisher/jagg/jaggery_acs.jag)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338)
at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
==> wso2-apigw-errors.log <==
2016-05-03 01:34:43,374 [-] [http-nio-9443-exec-28] ERROR PermissionUpdater Error when updating the permission cache for tenant : -1
org.wso2.carbon.user.core.UserStoreException: Realm service is not available. Make sure that the required version of the User Manager component is properly installed.
at org.wso2.carbon.registry.core.jdbc.realm.RegistryRealm.getRealm(RegistryRealm.java:149)
at org.wso2.carbon.core.internal.permission.update.PermissionUpdater.getAuthzManager(PermissionUpdater.java:90)
at org.wso2.carbon.core.internal.permission.update.PermissionUpdater.update(PermissionUpdater.java:60)
at org.wso2.carbon.core.util.PermissionUpdateUtil.updatePermissionTree(PermissionUpdateUtil.java:46)
at org.wso2.carbon.apimgt.impl.utils.APIUtil.updatePermissionCache(APIUtil.java:4554)
at org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject.jsFunction_updatePermissionCache(APIProviderHostObject.java:284)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)
at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.publisher.modules.api.c1._c_anonymous_7(/publisher/modules/api/check-permissions.jag:169)
at org.jaggeryjs.rhino.publisher.modules.api.c1.call(/publisher/modules/api/check-permissions.jag)
at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)
at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)
at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)
at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)
at org.jaggeryjs.rhino.publisher.modules.api.c0._c_anonymous_25(/publisher/modules/api/module.jag:83)
at org.jaggeryjs.rhino.publisher.modules.api.c0.call(/publisher/modules/api/module.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call1(OptRuntime.java:32)
at org.jaggeryjs.rhino.publisher.jagg.c1._c_anonymous_1(/publisher/jagg/jaggery_acs.jag:59)
at org.jaggeryjs.rhino.publisher.jagg.c1.call(/publisher/jagg/jaggery_acs.jag)
at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)
at org.jaggeryjs.rhino.publisher.jagg.c1._c_script_0(/publisher/jagg/jaggery_acs.jag:5)
at org.jaggeryjs.rhino.publisher.jagg.c1.call(/publisher/jagg/jaggery_acs.jag)
at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
at org.jaggeryjs.rhino.publisher.jagg.c1.call(/publisher/jagg/jaggery_acs.jag)
at org.jaggeryjs.rhino.publisher.jagg.c1.exec(/publisher/jagg/jaggery_acs.jag)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)
at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:587)
at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:507)
at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:748)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:486)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:378)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:338)
at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)
at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)
at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)
at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)
at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)
at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1739)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1698)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
Identity.xml
<JDBCPersistenceManager>
<DataSource>
<!-- Include a data source name (jndiConfigName) from the set of data
sources defined in master-datasources.xml -->
<Name>jdbc/WSO2CarbonDB</Name>
</DataSource>
<!-- If the identity database is created from another place and if it is
required to skip schema initialization during the server start up, set the
following property to "true". -->
<!-- <SkipDBSchemaCreation>false</SkipDBSchemaCreation> -->
<!--SessionDataPersist>
<Enable>true</Enable>
<Temporary>false</Temporary>
<SessionDataCleanUp>
<Enable>true</Enable>
<CleanUpTimeout>20160</CleanUpTimeout>
<CleanUpPeriod>1140</CleanUpPeriod>
</SessionDataCleanUp>
<OperationDataCleanUp>
<Enable>true</Enable>
<CleanUpPeriod>720</CleanUpPeriod>
</OperationDataCleanUp>
</SessionDataPersist-->
</JDBCPersistenceManager>
saml response from facebook
<saml2p:Response Destination="https://52.38.21.105:9443/publisher/jagg/jaggery_acs.jag"
ID="nfbjmnijblahmijdkcjolekcjnodibpjicoebece"
InResponseTo="ahnmgghndidhnoefdghpcdjiipifggdddnhiblej"
IssueInstant="2016-05-03T12:18:05.854Z"
Version="2.0"
xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
>localhost</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#nfbjmnijblahmijdkcjolekcjnodibpjicoebece">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="xs"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ggxLiK1EmD+McPcZeg1N83Fv9gg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>CP2lIDldQ982Ipdr2L+lbX/heU170cY6mhmhxGNbPs80gn0dxLq/GjFSXiF8jPHjGgPVgnRR0YcpTtCLK9R0ApSyND+P4PgR7/diylqWJMx7t+U5317WYQF3eHabH2NgFvnSzKthjv1Pj3hjyBsobX3Y9gV76mH1yt5n5XZFaY0=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2p:Status>
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</saml2p:Status>
<saml2:Assertion ID="eadlilbmecplfedkihojbidmefiekgpihihgngbd"
IssueInstant="2016-05-03T12:18:05.854Z"
Version="2.0"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
>
<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">localhost</saml2:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#eadlilbmecplfedkihojbidmefiekgpihihgngbd">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<ec:InclusiveNamespaces PrefixList="xs"
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
</ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>ooEBywjtlX+KP3skLWU+Ug66gjQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>G5KWqTchrtk4XSsAhDfhocIAguNVJdT25btnD4/OtFMBJ0jYYL/MnQO14eAdniPQ163ijPmgbh6GZWhI8FzpkXi73zPxVkiOLCO9LP7VJK4fjwEH+hrs5ukjKRfu1t5/aE08HwGjZXOJg6sKs00oXrWdm+a5UluyMndbuappbT8=</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIICNTCCAZ6gAwIBAgIES343gjANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxDTALBgNVBAoMBFdTTzIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMDAyMTkwNzAyMjZaFw0zNTAyMTMwNzAyMjZaMFUxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzENMAsGA1UECgwEV1NPMjESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUp/oV1vWc8/TkQSiAvTousMzOM4asB2iltr2QKozni5aVFu818MpOLZIr8LMnTzWllJvvaA5RAAdpbECb+48FjbBe0hseUdN5HpwvnH/DW8ZccGvk53I6Orq7hLCv1ZHtuOCokghz/ATrhyPq+QktMfXnRS4HrKGJTzxaCcU7OQIDAQABoxIwEDAOBgNVHQ8BAf8EBAMCBPAwDQYJKoZIhvcNAQEFBQADgYEAW5wPR7cr1LAdq+IrR44iQlRG5ITCZXY9hI0PygLP2rHANh+PYfTmxbuOnykNGyhM6FjFLbW2uZHQTY1jMrPprjOrmyK5sjJRO4d1DeGHT/YnIjs9JogRKv4XHECwLtIVdAbIdWHEtVZJyMSktcyysFcvuhPQK8Qc/E/Wq8uHSCo=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml2:Subject>
<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">sbyangtw#yahoo.com.tw</saml2:NameID>
<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml2:SubjectConfirmationData InResponseTo="ahnmgghndidhnoefdghpcdjiipifggdddnhiblej"
NotOnOrAfter="2016-05-03T12:23:05.854Z"
Recipient="https://52.38.21.105:9443/publisher/jagg/jaggery_acs.jag"
/>
</saml2:SubjectConfirmation>
</saml2:Subject>
<saml2:Conditions NotBefore="2016-05-03T12:18:05.854Z"
NotOnOrAfter="2016-05-03T12:23:05.854Z"
>
<saml2:AudienceRestriction>
<saml2:Audience>API_PUBLISHER_ISSUER</saml2:Audience>
</saml2:AudienceRestriction>
</saml2:Conditions>
<saml2:AuthnStatement AuthnInstant="2016-05-03T12:18:05.858Z"
SessionIndex="f6348dd6-0c44-48c9-8d23-becbb07f61de"
>
<saml2:AuthnContext>
<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml2:AuthnContextClassRef>
</saml2:AuthnContext>
</saml2:AuthnStatement>
<saml2:AttributeStatement>
<saml2:Attribute Name="http://wso2.org/claims/emailaddress"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
>
<saml2:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:type="xs:string"
>sbyangtw#yahoo.com.tw</saml2:AttributeValue>
</saml2:Attribute>
</saml2:AttributeStatement>
</saml2:Assertion>
</saml2p:Response>
I guess the error is related with tenant id and I found Identity server log shows "AuthenticatedUserTenantDomain" : "null" , but I don't know how to fix it.
Thanks
Tom
This would work once you enable email username in your IS and APIM as mentioned here.
It seems like the reason for the issue is, in your identity.xml of Identity Server is pointing to a different database than the AM_DB defined in the master-datasources.xml of your API manager. Then your API-M is pointing to a different set of tables and IS is pointing to another.
To fix this, you need to add the AM_DB as a data source in the master-datasource.xml of your Identity Server and in your identity.xml, include AM_DB as pointing data source.
Refer to Configuring Identity Server at this for more details on how to do this.
I was able to reproduce the error "Error 401 : Authorization Required. The server couldn't verify that you are authorized to access the requested resource." by following the provided instructions in the documents. I have raised the ticket [1] to address/ get feedback regarding this issue.
[1] https://wso2.org/jira/browse/IDENTITY-4566
Regards,
Pubudu.
I have fresh installation of WSO2 ESB 4.9.0 and I’m trying to secure proxy service with HTTP Basic Authentication, but I’m failing.
I tried this tutorial from official documentation, but this approach was possible up to 4.8.1. In version 4.9.0 I can’t click Security to open the Security for the service page.
So i tried another approach:
I created policy UTOverTransport in registry (copied from 4.8.1).
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
</wsp:Policy>
And in proxy service configuration I added:
<parameter name="allowRoles">admin</parameter>
<parameter name="ScenarioID">scenario1</parameter>
<enableSec/>
<policy key="conf:/repository/policies/UTOverTransport"/>
Now in management console I see that proxy service is secured but, when I’m calling this service I’m getting error:
java.lang.ClassCastException: org.apache.axiom.om.impl.dom.ElementImpl cannot be cast to org.apache.axiom.soap.SOAPHeaderBlock
org.wso2.carbon.security.pox.POXSecurityHandler.isSOAPWithoutSecHeader(POXSecurityHandler.java:362)
org.wso2.carbon.security.pox.POXSecurityHandler.invoke(POXSecurityHandler.java:102)
org.apache.axis2.engine.Phase.invokeHandler(Phase.java:340)
Request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soapenv:mustUnderstand="1">
<wsu:Timestamp wsu:Id="TS-4">
<wsu:Created>2015-12-09T07:15:21Z</wsu:Created>
<wsu:Expires>2015-12-09T09:38:41Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken wsu:Id="UsernameToken-3">
<wsse:Username>admin</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin</wsse:Password>
<wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">byWKVY4stEATvTqaoNMswQ==</wsse:Nonce>
<wsu:Created>2015-12-09T07:15:21.304Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body/>
</soapenv:Envelope>
I also tried to secure proxy using API with SecurityAdminService and operation applySecurity (this worked in 4.8.1) but I’m getting error org.apache.axis2.AxisFault: Service with name test not found.
Can someone help me and explain how to do this?
Policy file for Basic Authentication (with username token) should look like this:
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
</wsp:Policy>
</sp:SignedSupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
<rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
<rampart:user>wso2carbon</rampart:user>
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:timestampStrict>false</rampart:timestampStrict>
<rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore</rampart:tokenStoreClass>
<rampart:nonceLifeTime>300</rampart:nonceLifeTime>
</rampart:RampartConfig>
<sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
<sec:Authorization>
<sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
</sec:Authorization>
</sec:CarbonSecConfig>
In proxy service configuration add this:
<policy key="conf:/repository/policies/UTOverTransport"/>
<enableSec/>
conf:/repository/policies/UTOverTransport is path to the policy file
Developer studio is not necessary.
I hope this will help
All these Quality Of Service (QOS) features were removed from the WSO2 ESB admin console from ESB 4.9.0 release onwards. Therefore we recommend you to use WSO2 Developer Studio 3.8 version which is compatible with ESB 4.9.0 release to do those QOS related stuffs such as security, reliability etc.
I have a web service deployed on WebLogic that has a usernameToken security policy. I implemented my own Java password validator (that extends com.sun.xml.wss.impl.callback.PasswordValidationCallback.WsitDigestPasswordValidator).
<wsp:Policy wsu:Id="DoubleItBindingPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsam:Addressing wsp:Optional="false"/>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedEncryptedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedEncryptedSupportingTokens>
<sc:ValidatorConfiguration wspp:visibility="private">
<sc:Validator name="usernameValidator" classname="service.PasswordValidator"/>
</sc:ValidatorConfiguration>
<sp:Wss11/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
My problem is that when i try to invoke my web service using a SOAP message containing the security header, the header is completely ignored, as if the web service has no security attached.
I have tried creating in the WebLogic console a new Web Service Security configuration and reference it in my service's class using the annotation WssConfiguration, but the result is the same.
I have also tried adding a WS-Policy to my WebService ( policy:Wssp1.2-2007-Wss1.1-UsernameToken-Digest-DK.xml), and still the same.
Could you please tell how to activate the validation of my SOAP message security header in WebLogic?