Wednesday, July 13, 2016

What is OSGI EE ? (22/250-2016)

OSGI EE - provides support for

  • JPA
  • JNDI
  • WEB (HTTP)
  • JTA
  • JDBC
  • CDI and 
  • EJB
  • This is implemented by Apache ARIES project
  • And OPS4J PAX - OPS4J
What is an OSGI EE Container - 
  • OSGI Services (Java Interfaces)
  • JPA, JTA OSGI Contianer
  • Web OSGI Container
  • Blueprint (IOC) to configure services, beans and access services
  • JNDI Wrapper
  • SPIFly  - http://aries.apache.org/modules/spi-fly.html

What is Karaf ? (21/250-2016)

Karaf - Birthdate - 16th of June 2010

● Platform running on OSGI (Apache Felix, Eclipse Equinox)

● Provides a lightweight container where

  • Applications, 
  • Integration projects
  • Web Service, 
  • JMS Brokers
  • Java applications can be deployed

● Used by JBoss Fuse, ServiceMix, Geronimo projects

Karaf consists of components




What is OSGI (20/250 - 2016)

OSGi (Open Service Gateway Initiative) -  * Java Framework / Develop modular software programs and libraries
Part 1 - * Specification for modular components - bundles / plug-ins
Part 2 - * JVM level registry - that bundles can use to publish / * discover and bind to services in a SOA.

Modularity
* Total control over library versions and dependencies- different versions of the same library will happliy co-exist in the same container.
* Quick Hot Deployment - restart / refresh operations
* Fully inspect - what packages and versions are used.
* Deploy exactly the modules and framework that is needed and no more
References:
* http://stackoverflow.com/questions/7490166/osgi-benefits-over-java-ee
* http://bit.ly/29E6uye - 

Thursday, June 16, 2016

How to increase heap size in JBoss EAP?

goto -->

C:\Users\ujjal\installs\jbdevstudio9\runtimes\jboss-eap\bin

open --> standalone.conf.bat
update -->

set "JAVA_OPTS=-Xms2G -Xmx2G -XX:MaxPermSize=512M"

Saturday, June 11, 2016

Dont Follow Passion - Follow Opportunity


Stop searching for your passion | Terri Trespicio | TEDxKC

https://www.youtube.com/watch?v=6MBaFL7sCb8

* Look for Problems that needs solving
* Dont wait - just start doing
* You
-------------------------------------------------------------------------------------------------

To find work you love, don't follow your passion | Benjamin Todd | TEDxYouth@Tallinn

https://www.youtube.com/watch?v=MKlx1DLa9EA


Wednesday, June 1, 2016

Kill Windows service based on the PID



Find the Service Name:


Find the PID

c:\>sc queryex "JbossSS"


Kill the service with the PID:
open cmd and run as admin.. then run taskkill with the PID

c:\>taskkill /F /PID <<4024>>

---------------------------------------------------------------
Reference:
http://www.dba-oracle.com/t_windows_kill_service_sc_queryx_taskkill.htm

Thursday, May 19, 2016

LDAP Authentication in JbossFuse (17/250-2016)

Step1: Add WSS4JInInterceptor & JAASLoginInterceptor to cxf:endpoint


<cxf:cxfEndpoint id="ridpEndpoint" address="XXXX" serviceClass="xxxx" wsdlURL="xxx">
    <cxf:inInterceptors>
 <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
  <property name="properties">
   <map>
    <entry key="passwordType" value="PasswordText" />
    <entry key="action" value="UsernameToken" />
   </map>
  </property>
 </bean>
 <ref component-id="authenticationInterceptor"/>
    </cxf:inInterceptors>
    <cxf:properties>
         <entry key="ws-security.validate.token" value="false"/>
    </cxf:properties>
</cxf:cxfEndpoint>

<bean id="authenticationInterceptor" class="org.apache.cxf.interceptor.security.JAASLoginInterceptor">
      <property name="contextName" value="karaf"/>
</bean>

Within the cxf:inInterceptor, two more interceptors are added.


WSS4JInInterceptor - the Java class to implement the Interceptor is mentioned over here. 
The passwordType and action is defined over here.
The entry in the properties - security action - UsernameToken is mandatory.

ws-security.validate.token - set to false.

We have to tell WSS4J not to authenticate the UsernameToken itself, but just to process it and store it for later authentication via the JAASLoginInterceptor. This is done by setting the JAX-WS property "ws-security.validate.token" to "false". 


JAASLoginInterceptor -  it is necessary to set the "contextName" attribute of the JAASLoginInterceptor, which references the JAAS Context Name to use. It is also possible to define how to retrieve roles as part of the authentication process, by default CXF assumes that javax.security.acl.Group Objects are interpreted as "role" Principals. 


Step2: Using JAAS LoginModules in Apache CXF

Validating a Username + Password to LDAP / Active Directory  - 

2.1 com.sun.security.auth.module.LdapLoginModule - copy the xml(blueprint) below - and create a new file, and place the file in the deploy folder of Jboss Fuse Installation.


<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
  xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

  <jaas:config name="karaf" rank="1">
    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=uid=admin,ou=system
      connection.password=secret
      connection.protocol=
      connection.url=ldap://localhost:10389
      user.base.dn=ou=users,ou=system
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=ou=roles,ou=system
      role.name.attribute=cn
      role.filter=(member=uid=%u)
      role.search.subtree=true
      authentication=simple
    </jaas:module>
  </jaas:config>
</blueprint>

or 

2.2 org.eclipse.jetty.plus.jaas.spi.LdapLoginModule - Available via the org.eclipse.jetty/jetty-plus dependency. This login module is useful as it's easy to retrieve roles associated with the authenticated user.


sun {
 com.sun.security.auth.module.LdapLoginModule REQUIRED
 userProvider="ldap://localhost:portno/"
 authIdentity="cn={USERNAME},ou=users,dc=example,dc=com"
 useSSL=false
 debug=true;
};

jetty {
    org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
    debug="true"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="localhost"
    port="portno"
    bindDn="uid=admin,dc=example,dc=com"
    bindPassword="ldap_su"
    authenticationMethod="simple"
    forceBindingLogin="false"
    userBaseDn="ou=users,dc=example,dc=com"
    userRdnAttribute="cn"
    userIdAttribute="cn"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    authenticated="true";
};







Friday, May 13, 2016

Force Fuse to use TLS1.2 (16/250-2016)

Add the attribute secureSocketProtocol="TLSv1.2" in tlsClientParamaters under the conduit tag

<http:conduit name="https://.*/.*">
<http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="TLSv1.2">


1)mvn clean install

Optional
2)mvn -Pserver -Djavax.net.debug=all (Run server)
3)mvn -Psecure.client -Djavax.net.debug=all (client)

Add "javax.net.debug=all" in system.properties in fuse/etc to start the server in all debug logging.




What is a nonce? (15/250-2016)

In cryptography, a nonce is an arbitrary number that may only be used once.
It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.

May include 

  • timestamp (requires clock synchronization between organizations)







Reference:
https://en.wikipedia.org/wiki/Cryptographic_nonce

Wednesday, May 11, 2016

Troubleshooting - com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 start byte 0x8b (at char #2, byte #-1) (14/250-2016)


Error:
org.apache.cxf.workqueue.AutomaticWorkQueueImpl$AWQThreadFactory$1.run(AutomaticWorkQueueImpl.java:353)[118:org.apache.cxf.cxf-core:3.0.4.redhat-620133]
 at java.lang.Thread.run(Thread.java:745)[:1.7.0_79]
Caused by: com.ctc.wstx.exc.WstxIOException: Invalid UTF-8 start byte 0x8b (at char #2, byte #-1)
 at com.ctc.wstx.stax.WstxInputFactory.doCreateSR(WstxInputFactory.java:550)[112:woodstox-core-asl:4.4.1]

Scenario:

SOAPUI --> ESB --> Backend Service Provider
ESB invokes the backend Service Provider, but fails when the service provider sends a response back to ESB.

Caused By:

By default SOAP UI is set to "Accept compressed responses from host". Since client mentions that it can accept GZIP format of the response, the service provider sends the response in a GZIP format.




Analysis:

SOAPUI mentions that it can accept compressed response message, but ESB is not able to handle the GZIP format of the response from the backend service provider.

Resolution:
In ESB, in the producer cxf endpoint (which goes out to the backend service), we have to mention in the InInterceptor to unzip the response from the Backend Service Provider.