Among many features of WSO2 G-REG listed here there is one which states that in G-REG you can "store any type of data or metadata" (etc. Word documents). How to do that? Because I don't see any options to do that in a management console.
Users are provided to add common service information through standard
service metadata formats like using WSDL (Web Services Description
Language) files, Policy file and schema files. User have to give the
location of their WSDL, Policy or Schema files from local file system
or as a URL, Governance Registry is importing those information in to
Registry as resources. All the special resources are having their own
Media Type which will be useful to users to handle them convenience
way.
For more information, check the documentation here and here
Related
We have some security requirements from customer, so we need to configure/develop detailed audit logging which will log user actions done in Carbon Management console - i.e. datasource modification, service modification in WSO2 ESB.
Is there any way do this using included log4j?
We are using WSO2 Enterprise Service Bus 4.8.1 and WSO2 Application Server 5.2.1
WSO2 products has an audit log which can be found in the repository/logs folder. But the problem is, this audit log has very little audit information. Reason is as follows.
WSO2 products are built using a collection of reusable osgi componentns. For example, for data sources related operations we have one component and for proxy related operations we have another.
Now, the problem here is, these individual components has not put enough audit logs to cover the user operations. Therefore, your requirement seems to be difficult to achieve.
There are some extension points in WSO2 products where you can use to do your own tasks upon certain actions such as user login, user creation. For example, you can implement a certain interface and print whatever log you want upon a successful user login or a failed login attempt. But, those extension points are limited mostly to user management related operations.
All the HTTP communication done with the server is already logged in HTTP access logs in CARBON_HOME/repository/logs. You can use a log analyzer tool or even grep to capture any desired user action.
Ex: To get the log ins to datasources page use
cat http_access_2016-06-02.log | grep "GET /carbon/ndatasource/index.jsp"
I have a requirement to version control my "registry" artifacts (i.e. wsdls, xsds, xsls), that I currently upload to the WSO2 ESB 4.8.1 server. I'm not using WSO2 GREG at the moment. I came across the "Registry Resources Project" facility which I think would help me achieve this. However I'm unsure as to whether this facility can only be used with GREG or with ESB as well. Is there a way for me to generate a CApp Project, include the the above "Registry Resources Project" in it, and deploy it to my ESB server?
I've come across blogs which deploy standard ESB artifacts in the way, but not the registry. -
Please help....
You can create required registry resources as specified in the creating registry resources documentation. Once you have created your registry resource project, then you need to create composite application archive as specified in the Creating a Composite Application Archive (CAR) file documentation.
When you are creating CAR file, you need to specify server role as EnterpriseServiceBus to deploy your registry resources in ESB.
Thanks.
I added in claim-config.xml but i dont see that claim being added in the IS management console.
<ClaimURI>http://wso2.org/claims/serialNumber</ClaimURI>
<DisplayName>serialNumber</DisplayName>
<AttributeID>url</AttributeID>
<Description>SerialNumber</Description>
<DisplayOrder>3</DisplayOrder>
<SupportedByDefault />
</Claim>
Also i dont want to add the claim mapping from management console. i want to automate this process so need a configuration change.
WSO2IS reads the claim-config.xml file and add those claims when you start the server first time. After you update the claim-config.xml, It does not read from it. When server is started first time, it reads the claim-config.xml file add add those in to the database (as there are no any claim configuration in the database). If claim mapping are dynamically changed and you do not like to configure them from UI, you can automate the web service API that is used to configure the claims. If claim mappings are not changed, them you can add all the configures in the claim-config.xml in the first start up.
You can use the ClaimManagementService admin service of WSO2 Identity Server to do CRUD operations on claims. You can get an idea of available methods by referring to the wsdl of ClaimManagementService. Please refer to this link for more information regarding calling admin services of WSO2 servers.
Is there any authoritative documentation available for data found under the Registry UI menu (for example as found in WSO2 ESB admin screens)?
I have seen snippets of information about this registry, for example:
The configuration registry contains product specific configuration
that can be shared across multiple instances of the same product (a
cluster of ESB nodes for example).
Source: link
To start with, I have a few questions:
What is the difference between this registry and the WSO2 Governance Registry?
What are the typical use cases for a WSO2 esb admin user for interacting with this Registry?
What are the typical use cases for a WSO2 esb developer for interacting with this Registry?
Is there a description of all the meta data stored in this registry?
In All WSO2 products there is an internal registry which is used to store resources. WSo2 Governance Registry uses the same core features + some more feature that gives complete Governance scenario. If you need you can mount to an external WSo2 Governance Registry without using the internal registry you referred.You can find more details here.
In the data services server, one of the step is to create a Data Source, in which you need to supply the connection URL as well as the database userId and password.
My questions are
how is this password store in the data services server?
Is the password encrypted and what kind of encryption is used?
Is the password stored in a database or a file?
Where can I find out more about this as there is not much details in the documentation?
I need to find answers to these questions as these will be potential questions from the database security team when we plan to roll out WSO2 DSS to the live environment.
If no answers will also appreciate any links or emails that I can send my queries to.
if you use current release of a data service server this information is stored in the registry.
with the next release it will be possible to specify these as an xml file and secure the xml file using secure valult.
By default data services does not encrypt the password entries that are in the .dbs files. You can use Synapse datasource.properties file to define global datasources and access them as "Carbon Datasources" from data services. These data in the datasource.properties file can be encrypted using secure vault functionality, for more info, check [1].
Also, in the DSS v2.6.3 release, we had partial secure vault implementation, but it is not publicly documented, but can still accessed from here [2]. That implementation is not fully integrated to Carbon secure vault implementation, and you will have to write your own "SecretCallBackHandler"s.
From the upcoming DSS v3.0.0 release, which is to be released soon, it will contain proper secure vault functionality by integrating to Carbon secure vault, where you can give aliases to the password fields from the data service wizard itself. Also, we also have new XML configurations for defining global data sources, which is independent from Synapse, and is also integrated with secure vault.
[1] http://wso2.org/project/esb/java/4.0.0/docs/samples_setup_guide.html#datasource
[2] http://wso2.org/project/data-services/2.6.3/docs/secureVault.html
Cheers,
Anjana.