jetty plugin & SSL trust - jetty

I'm trying to setup the jetty maven plugin for local development but I'm stuck on trusting the LDAP server's SSL which I use with spring security for authentication.
I tried creating a connector for SSL with the truststore, however I'm still getting the bind exception on login.
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore">servers/jetty/jetty.jks</Set>
<Set name="keyStorePassword">password</Set>
<Set name="keyManagerPassword">password</Set>
<Set name="trustStore">servers/trust.jks</Set>
<Set name="trustStorePassword">password</Set>
</New>
</Arg>
<Set name="port">443</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
This is the exception:
simple bind failed: host:port; nested exception is javax.naming.CommunicationException: simple bind failed: host:port [Root exception is javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.g: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by ROOT CA is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error]
seems like the truststore for the connector is limited to incoming SSL connections. Anyway to get this working with jetty?

I solved it as follows:
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.trustStore</Arg>
<Arg>trust.jks</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.trustStorePassword</Arg>
<Arg>xxxx</Arg>
</Call>

For me it was:
<systemProperty>
<name>javax.net.ssl.trustStore</name>
<value>/Users/koraytugay/Desktop/cacerts.jks</value>
</systemProperty>
<systemProperty>
<name>javax.net.ssl.trustStorePassword</name>
<value>changeit</value>
</systemProperty>

Related

Javascript application is unable to generate access token from WSO2 gateway URL

We have on premise WSO2 stack for managing the api subscription where there are client applications created in the wso2 store URL for generating access tokens. One of the development team in our organization is trying to generate the access token from the client id and secret by the means of javascript. The tokens are not getting generated and resulting into CORS issue. I have checked the documentations for similar issues and I have made change in the TokenAPI.xml file located under the <API_M>/repository/deployment/server/synapse-configs/default/api directory by adding the outsequence property. Unfortunately this did not solve the issue. I have read a few documentations and verified the cors configuration in the api manager.xml file it looked fine to me.
const token =
"Base64(consumer-key:consumer-secret)";
const url = "https://<gateway_Url>/token";
const res = axios({
method: "post",
url: url,
data: "grant_type=client_credentials",
headers: {
"Authorization": `Basic ${token}`,
"Content-Type": "application/x-www-form-urlencoded",
Accept: "application/json"
},
});
cat /data/wso2/wso2am-2.6.0/repository/deployment/server/synapse-configs/default/api/_TokenAPI_.xml
<api xmlns="http://ws.apache.org/ns/synapse" name="_WSO2AMTokenAPI_" context="/token">
<resource methods="POST" url-mapping="/*" faultSequence="_token_fault_">
<inSequence>
<property name="uri.var.portnum" expression="get-property('keyManager.port')"/>
<property name="uri.var.hostname" expression="get-property('keyManager.hostname')"/>
<send>
<endpoint>
<http uri-template="https://{uri.var.hostname}:{uri.var.portnum}/oauth2/token">
<timeout>
<duration>60000</duration>
<responseAction>fault</responseAction>
</timeout>
</http>
</endpoint>
</send>
</inSequence>
<outSequence>
<property name="Access-Control-Allow-Headers" scope="transport" value="authorization,Access-Control-Allow-Origin,Content-Type,Action"></property>
<send/>
</outSequence>
</resource>
<handlers>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.ext.APIManagerCacheExtensionHandler"/>
<handler class="org.wso2.carbon.apimgt.gateway.handlers.common.SynapsePropertiesHandler"/>
</handlers>
</api>
Error - Access to XMLHttpRequest at 'https://api-uat.ucl.ac.uk/token' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
You might have to add the CORS handler to the token API under handlers.
<handler class= "org.wso2.carbon.apimgt.gateway.handlers.security.CORSRequestHandler">
<property name="apiImplementationType" value="ENDPOINT"/>
</handler>

WSO2 SP upgrading from DAS

I am trying to upgrade from WSO2 DAS to SP; which involves rewriting the event flow definition with Siddhi SQL script.
my object is that all changes be restricted within Siddhi SQL script(thus within SP).
I am using DAS as a simple "Message Broker" in a micro service context.
as shown in the diagram:
there are three(3) micro services: A, B, C; service A calls service B, and C.
service A issues an "wso2event" with the wso2 data agent;
the event is received by a receiver (type="wso2event") in the DAS;
two(2) publishers (eventAdapterType="soap") were used to form two SOAP messages and published respectively to service B and C
below are my artifacts definitions:
stream:
{
"name": "ip3c",
"version": "1.0.0",
"nickName": "ip3c.receiverservice.senderservice.follow",
"description": "follow event from receiver to sender and userevent",
"metaData": [
{
"name": "sender",
"type": "STRING"
}
],
"correlationData": [
{
"name": "host",
"type": "STRING"
}
],
"payloadData": [
{
"name": "message",
"type": "STRING"
}
]
}
receiver:
<?xml version="1.0" encoding="UTF-8"?>
<!-- gbb2.receiverservice.follow -->
<eventReceiver name="gbb2" statistics="disable"
trace="disable" xmlns="http://wso2.org/carbon/eventreceiver">
<from eventAdapterType="wso2event">
<property name="receiving.events.duplicated.in.cluster">false</property>
</from>
<mapping customMapping="disable" type="wso2event"/>
<to streamName="ip3c" version="1.0.0"/>
</eventReceiver>
publisher 1:
<?xml version="1.0" encoding="UTF-8"?>
<!-- pnbu.senderservice.follow -->
<eventPublisher name="pnbu" statistics="disable"
trace="disable" xmlns="http://wso2.org/carbon/eventpublisher">
<from streamName="ip3c" version="1.0.0"/>
<mapping customMapping="enable" type="xml">
<inline>
<sen:follow xmlns:sen="http://gubnoi.com/SenderService/">
<sender>{{meta_sender}}</sender>
<host>{{correlation_host}}</host>
<message>{{message}}</message>
</sen:follow>
</inline>
</mapping>
<to eventAdapterType="soap">
<property name="soapHeaders">SOAPAction: http://gubnoi.com/SenderService/follow</property>
<property name="url">http://sender.gubnoi.com:10102/services/SenderService/</property>
</to>
</eventPublisher>
publisher 2:
<?xml version="1.0" encoding="UTF-8"?>
<!-- tvzh.userevent.receiverfollow -->
<eventPublisher name="tvzh" statistics="disable"
trace="disable" xmlns="http://wso2.org/carbon/eventpublisher">
<from streamName="ip3c" version="1.0.0"/>
<mapping customMapping="enable" type="xml">
<inline>
<use:save xmlns:use="http://gubnoi.com/UserEvents/">
<title>u5khurw3</title>
<obj>{{meta_sender}}</obj>
<host>{{correlation_host}}</host>
<bucket>{{message}}</bucket>
</use:save>
</inline>
</mapping>
<to eventAdapterType="soap">
<property name="soapHeaders">SOAPAction: http://gubnoi.com/UserEvents/save</property>
<property name="url">http://userevents.gubnoi.com:10304/services/UserEvents/</property>
</to>
</eventPublisher>
I searched around, and could not find any useful examples.
Can anyone please give any help
thanks
WSO2 Stream Processor has a documentation on upgrading from a previous release. You can refer the documentation to create siddhi artifact from your streams, receivers and publishers.

SBT - How to configure ssl for Jetty running locally?

I need to implement local ssl for my project for an OAuth implementation. I read through the xsbt-web-plugin page (here). I created the keystore as advised here.
keytool -genkey -alias localhost -keyalg RSA -keystore localhost.jks -keysize 2048
I got it to serve https using jetty config file that I found here. This is what it looks like:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore">localhost.jks</Set>
<Set name="keyStorePassword">password</Set>
<Set name="keyManagerPassword">password</Set>
<Set name="trustStore">localhost.jks</Set>
<Set name="trustStorePassword">password</Set>
</New>
</Arg>
<Set name="port">8443</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
</Configure>
My SBT config looks like this:
customConfiguration in container.Configuration := true
ssl in container.Configuration := Some("127.0.0.1", 8443, "localhost.jks", "password", "password")
configurationFiles in container.Configuration := Seq(file("path\\to\\jetty.xml"))
The problem is now the server serves a 404 for every request:
Also there is this warning on console:
2017-03-13 16:06:56.819:WARN:oeji.nio:javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
Jetty: 8.1.7/Lift: 2.6.2
Please advise. Thank you.
After struggling with this for a couple of days, I just used STunnel which is basically just another server running locally that forwards all the request from 8443 to my dev server running on 8080.

wso2 server redeployment error "Faulty Carbon Applications."

I am getting an error whenever I tried to redeploy the app to the esb. I am trying to merge the 2 response from different api and then map and manipulate that response. I am also using the latest 5.0.0 BETA version both esb tooling and esb.
Here is the fault reason
org.apache.axis2.deployment.DeploymentException: API deployment from
the file :
/Users/me/Downloads/wso2esb-5.0.0-BETA2/tmp/carbonapps/-1234/1468999438631movieapiApp_1.0.0.car/movieAPI_1.0.0/movieAPI-1.0.0.xml
: Failed. at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.deploy(AbstractSynapseArtifactDeployer.java:213)
at
org.wso2.carbon.application.deployer.synapse.SynapseAppDeployer.deployArtifacts(SynapseAppDeployer.java:131)
at
org.wso2.carbon.application.deployer.internal.ApplicationManager.deployCarbonApp(ApplicationManager.java:263)
at
org.wso2.carbon.application.deployer.CappAxis2Deployer.deploy(CappAxis2Deployer.java:72)
at
org.apache.axis2.deployment.repository.util.DeploymentFileData.deploy(DeploymentFileData.java:136)
at
org.apache.axis2.deployment.DeploymentEngine.doDeploy(DeploymentEngine.java:807)
at
org.apache.axis2.deployment.repository.util.WSInfoList.update(WSInfoList.java:144)
at
org.apache.axis2.deployment.RepositoryListener.update(RepositoryListener.java:377)
at
org.apache.axis2.deployment.RepositoryListener.checkServices(RepositoryListener.java:254)
at
org.apache.axis2.deployment.RepositoryListener.startListener(RepositoryListener.java:371)
at
org.apache.axis2.deployment.scheduler.SchedulerTask.checkRepository(SchedulerTask.java:59)
at
org.apache.axis2.deployment.scheduler.SchedulerTask.run(SchedulerTask.java:67)
at
org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.runAxisDeployment(CarbonDeploymentSchedulerTask.java:93)
at
org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.run(CarbonDeploymentSchedulerTask.java:138)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745) Caused by:
org.apache.axis2.deployment.DeploymentException: API deployment from
the file :
/Users/me/Downloads/wso2esb-5.0.0-BETA2/tmp/carbonapps/-1234/1468999438631movieapiApp_1.0.0.car/movieAPI_1.0.0/movieAPI-1.0.0.xml
: Failed. at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.deploy(AbstractSynapseArtifactDeployer.java:201)
... 20 more Caused by:
org.apache.synapse.deployers.SynapseArtifactDeploymentException: API
deployment from the file :
/Users/me/Downloads/wso2esb-5.0.0-BETA2/tmp/carbonapps/-1234/1468999438631movieapiApp_1.0.0.car/movieAPI_1.0.0/movieAPI-1.0.0.xml
: Failed. at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.handleSynapseArtifactDeploymentError(AbstractSynapseArtifactDeployer.java:474)
at
org.apache.synapse.deployers.APIDeployer.deploySynapseArtifact(APIDeployer.java:71)
at
org.wso2.carbon.rest.api.ApiDeployer.deploySynapseArtifact(ApiDeployer.java:34)
at
org.apache.synapse.deployers.AbstractSynapseArtifactDeployer.deploy(AbstractSynapseArtifactDeployer.java:194)
... 20 more Caused by: org.apache.synapse.SynapseException: Duplicate
resource definition by the name: movieapi at
org.apache.synapse.config.SynapseConfiguration.handleException(SynapseConfiguration.java:1627)
at
org.apache.synapse.config.SynapseConfiguration.addAPI(SynapseConfiguration.java:414)
at
org.apache.synapse.deployers.APIDeployer.deploySynapseArtifact(APIDeployer.java:59)
... 22 more
and here's my api
<?xml version="1.0" encoding="UTF-8"?>
<api context="/movieapi" name="movieapi" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="GET" uri-template="/*">
<inSequence>
<property name="ROOT" scope="default">
<root:movie xmlns:root="www.wso2esb.com"/>
</property>
<log level="full"/>
<clone continueParent="true" id="movie" sequential="true">
<target>
<sequence>
<send>
<endpoint>
<address format="rest" uri="https://api.themoviedb.org/3/movie/tt0918940?api_key=code&append_to_response=casts,images%22"/>
</endpoint>
</send>
</sequence>
</target>
<target>
<sequence>
<send>
<endpoint>
<address format="rest" uri="https://www.omdbapi.com/?type=movie&i=tt0918940"/>
</endpoint>
</send>
</sequence>
</target>
</clone>
</inSequence>
<outSequence>
<aggregate id="movie">
<completeCondition>
<messageCount max="-1" min="-1"/>
</completeCondition>
<onComplete enclosingElementProperty="ROOT" expression="//jsonObject" xmlns:dummy="http://org.dummy" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<datamapper config="gov:datamapper/movieapiMapping.dmc" inputSchema="gov:datamapper/movieapiMapping_inputSchema.json" inputType="JSON" outputSchema="gov:datamapper/movieapiMapping_outputSchema.json" outputType="JSON"/>
<property name="messageType" scope="axis2" type="STRING" value="application/json"/>
<respond/>
</onComplete>
</aggregate>
</outSequence>
<faultSequence/>
</resource>
</api>
and this is from the terminal
[2016-07-20 15:36:48,890] ERROR - DataMapperMediator DataMapper mediator : mapping configuration is null
The error you are getting in the terminal DataMapperMediator DataMapper mediator : mapping configuration is null is because the relevant registry resources are not deployed (more precisely, the configuration .dmc file). When you are deploying the capp, make sure that all the registry resources are included as well. Also when the capp deployment fails, can you check in the management console for any faulty services/APIs?
You get the error indicating Data mapper configurations null. So you have to add relevant configurations as you given in the proxy:
<datamapper config="gov:datamapper/movieapiMapping.dmc" inputSchema="gov:datamapper/movieapiMapping_inputSchema.json" inputType="JSON" outputSchema="gov:datamapper/movieapiMapping_outputSchema.json" outputType="JSON"/>
For example: You indicated about gov:datamapper/movieapiMapping.dmc
This should be available in governance registry.Please deploy relevant configs in to ESB.
Open the pom.xml file inside your CompositeApplication.
Edit it in the Design mode.
Under dependencies, you can see the artifacts which you can include.
Tick the checkbox near your relevant Registry artifact. Save pom file.
Now redeploy the application to the server or Regenerate your car file

I/O exception while sending request to axis2 server in WSO2 ESB

When I send a request to axis2 client I get a error
Proxy:
<proxy name="SOAP_Body" startOnLoad="true">
<target>
<inSequence>
<switch xmlns:m0="http://services.samples"
source="//m0:getQuote/m0:request/m0:symbol">
<case regex="foo">
<log level="custom">
<property name="a" value="s"/>
</log>
<send>
<endpoint>
<address uri="http://localhost:9001/services/SimpleStockQuoteService?wsdl"/>
</endpoint>
</send>
</case>
<case regex="bar">
<log level="custom">
<property name="b" value="a"/>
</log>
<send>
<endpoint>
<address uri="http://localhost:9002/services/SimpleStockQuoteService?wsdl"/>
</endpoint>
</send>
</case>
<default>
<property name="symbol"
expression="fn:concat('Normal Stock - ', //m0:getQuote/m0:request/m0:symbol)"/>
</default>
</switch>
</inSequence>
<outSequence>
<send/>
</outSequence>
</target>
ELB in 9443 offset 0, ESB in 9444 offset 1
so I have sent a request to http://localhost:8280/services/SOAP_Body of ELB
and I get the following error when I have sent a request thru axis2client in esb
[java] 15/06/30 15:40:43 INFO httpclient.HttpMethodDirector: I/O exception
(java.net.ConnectException) caught when processing request: Connection refused:
connect
When I send through SOAP UI for the above endpoint I get
Wed Jul 01 10:48:06 IST 2015:ERROR:Exception in request: org.apache.http.conn.HttpHostConnectException: Connection to http://localhost:8280 refused
Wed Jul 01 10:48:06 IST 2015:ERROR:An error occured [Connection to http://localhost:8280 refused], see error log for details
Wed Jul 01 10:48:06 IST 2015:INFO:Error getting response for [SimpleStockQuoteServiceSoap11Binding.getQuote:Request 1]; org.apache.http.conn.HttpHostConnectException: Connection to http://localhost:8280 refused
I have enabled clustering and other configuration as in 1
But when I send request to ESB alone without getting through ELB I get the desired output.
When I give AllowAll in axis2.xml in ELB i get the new error in ELB server
Error - DynamicLoadbalanceEndpoint application member not available
What would be the problem? Please help me out.
Did any of you got sample 57 in wso2 esb for dynamic endpoint working? If yes please help me in configuring. I have configured as in documentation but i couldnt get it working.
Thanks.
There is not enough information in your question.
Post the full stack trace.
Where is your axis 2 service being hosted? WSO2AS?
What is your axis 2 service endpoint.
Post your send mediator xml config.
Have you checked whether the endpoint is working correctly...
Please try this on the web browser:
http://localhost:8280/services/SOAP_Body?wsdl
and see whether or not you get the wsdl of the proxy.