I'm trying to use a custom realm into my webapp deployed in weblogic version 12.2.1.4.0 to manage login (through a form based authentication), but even if the new realm is correctly defined and also the SQLAuthenticator provider, when i try to set the realm name, according to Oracle guide, the results is that at deploy or starts of the application weblogic logs that the configuration is ignored:
<Warning: Ignore the realm name: myrealm in
deployment descriptor.>
This problems occurs even when i configure the name of the standard WL realm "myrealm".
The SQLAuthenticator provider (readonly) works good and if i configure it in the default realm the login works, but the users and groups specific of the application are mixed with the system users and can be inherited by others application eventually deployed on the same WL instance and I want to avoid this.
weblogic-application.xml is correctly contained in META-INF dir of the EAR that contain the WAR and this is the content:
<?xml version="1.0" encoding="UTF-8"?>
<wls:weblogic-application
xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-application"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/javaee_6.xsd http://xmlns.oracle.com/weblogic/weblogic-application http://xmlns.oracle.com/weblogic/weblogic-application/1.8/weblogic-application.xsd">
<wls:security>
<wls:realm-name>myrealm</wls:realm-name>
</wls:security>
</wls:weblogic-application>
Related
I need to know if I can change the status of the application on Worklight Console using action file that I can run on the server.
Details:
In our production server, we need to change the status of the previous versions of the application from "Active" to "Active, Notifying" then to "Access Disabled".
This can be achieved from the WL console and we can write the notification message that will be sent to the user:
However, to avoid the "human" work on our Prod environment, we are looking to use an action file to be run on the server which will do the change.
Is this possible. Or this should be from the Console?
WL Version : 6.2.0.1
PS: We use an action file to change any property on our WebSphere server.
Action File example (Looking for something similar):
<?xml version="1.0" encoding="UTF-8"?>
<!--
Environment specific WebSphere configuration management XML file.
Warning: This file contains clear text passwords and, therefore, cannot be
distributed outside of the eCommerce group without masking the
password values.
-->
<!DOCTYPE WAS [
<!-- Environment specific parameters -->
<!ENTITY KEY_STORE_PATH "/was85/resources/security/ecommerce_bk_mobile.p12">
]>
<WAS>
<!-- Applications: Application Types: WebSphere enterprise applications -->
<Application
name="IBM_Worklight_project_runtime_MobileBanking">
<!-- Enterprise Applications > application_name > Environment entries for Web modules -->
<WebAppBinding _action="update"
description="[OPTIONAL] SSL certificate keystore location. Default: conf/default.keystore."
module="Worklight"
name="ssl.keystore.path"
uri="MobileBanking.war,WEB-INF/web.xml"
value="&KEY_STORE_PATH;"/>
</Application>
</WAS>
You cannot use "action files".
In Worklight, you can use the REST APIs services that allow you to manage... stuff, such as setting Remote Disable.
See here: http://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.apiref.doc/apiref/c_restapi_oview.html
And specifically for Remote Disable (info and example): http://www-01.ibm.com/support/knowledgecenter/SSZH4A_6.2.0/com.ibm.worklight.apiref.doc/apiref/r_restapi_app_version_access_rule_put.html
I am running my local dev Wildfly 9.0.1 server and faced a problem that after I deploy my .war application via IntelliJ IDEA I cant open Deployments tab it says "Unable to load deployments".
And in logs there is a record:
16:20:15,868 ERROR [org.jboss.as.controller.management-operation] (XNIO-1 task-10) WFLYCTL0013: Operation ("read-attribute") failed - address: ([
("deployment" => "modules-journal"),
("subsystem" => "datasources"),
("data-source" => "java:jboss/datasources/mj2")
]) - failure description: "WFLYJCA0065: No DataSource exists at address [
(\"deployment\" => \"modules-journal\"),
(\"subsystem\" => \"datasources\"),
(\"data-source\" => \"java:jboss/datasources/mj2\")
]"
Yes, my application contains datasource definition in WEB-INF folder:
<?xml version="1.0" encoding="UTF-8"?>
<datasources xmlns="http://www.jboss.org/ironjacamar/schema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.org/ironjacamar/schema http://docs.jboss.org/ironjacamar/schema/datasources_1_0.xsd">
<!-- The datasource is bound into JNDI at this location. We reference
this in META-INF/persistence.xml -->
<datasource jndi-name="java:jboss/datasources/mj2"
pool-name="hibernate4-quickstart" enabled="true"
use-java-context="true">
<connection-url>jdbc:h2:~/test:mj2</connection-url>
<driver>h2</driver>
<security>
<user-name>test</user-name>
<password>test</password>
</security>
</datasource>
</datasources>
And my deployed application works successfully with it.
Why Wildfly Deployments tab says that "No DataSource exists" and doesn't open but my application still works?
Also everything works well if I don't use IntelliJ IDEA but deploy my app with Wildfly web interface.
Possibly it is an IntelliJ IDEA issue but it looks very strange from Wildfly side.
Could anyone explain why Wildfly reports that it doesn't see datasource when it exists and why it prevents Wildfly from loading "Deployments tab"? I missing something in how Wildfly works or it is a bug in Wildfly?
Do you see your datasource through admin interface? File-based datasource deployments are deprecated and are not available for management at runtime [1]. IDEA probably tries to check for datasource using jboss management and gets an error.
[1] http://www.mastertheboss.com/jboss-server/jboss-datasource/jboss-as-7-deployable-datasources
When configuring WL HTTP Adapters, the domain and port are part of the adapter configuration .xml file build and uploaded on the WL server.
For our use case (especially beta testing and demos) the endpoint server url needs to be configurable for the end user. Example, same builds are tested by QA on test envs, while BA connects to demo.
We have only one WL Server up and setting environment specific servers is not an option.
Is it possible to change domain/hostname dynamically at application launch or runtime ? Ideally it would be to get and use the domain/hostname value from a drop down or free input from the client and use it.
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>http</protocol>
<domain>{hostname}</domain>
<port>80</port>
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>
Update: This answer is useful, so I leave it here for reference, but accept that it doesn't correctly answer this question!
There is a specific Worklight feature designed to address your scenario (for the Infocenter detail, see here).
You can do this by using a combination of worklight.properties and JNDI properties.
For example, let's say you had this setup in your adapter XML:
<connectivity>
<connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
<protocol>${my.adapter.protocol}</protocol>
<domain>${my.adapter.domain}</domain>
<port>${my.adapter.port}</port>
</connectionPolicy>
<loadConstraints maxConcurrentConnectionsPerNode="2" />
</connectivity>
You then define default values for these in your worklight.properties file (in the server/conf directory of your Worklight project, and "burnt in" to the .WAR file when you build it):
my.adapter.protocol=http
my.adapter.domain=some.host.com
my.adapter.port=80
You can then override these values in individual environments, by setting JNDI properties. For example, if you are using WebSphere Liberty, you might put this in your server.xml:
<jndiEntry jndiName="my.adapter.protocol" value="https"/>
<jndiEntry jndiName="my.adapter.domain" value="some.other.host.com"/>
<jndiEntry jndiName="my.adapter.port" value="8080"/>
You could create 3 adapters: 2 adapters connect to each backend servers, and one "proxy" adapter.
Your application would call the proxy adapter, passing some variable (the dropdown). Then the proxy would call one of the 2 real adapters.
You can´t. An option is to use MashUps.
See:
IBM Worklight 6.1 - Can a HTTP adapter call another HTTP adapter on server-side?
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v620/04_11_Advanced_adapter_usage_and_mashup.pdf
The idea is to have an Adapter responding to app mobile than this adapter call other deployed adapter (QA, Test Env, Prod Env, etc) considering any logic.
I think if you override WL.Server.invokeHttp so you can specify the domain name in each request instead of using the one set in the XML file, would a good alternative . You can get the domain name as parameter in the invocation request.
There is question that may interest you regarding that, you should check it because I'm not sure if it's possible or not. Worklight Adapter Override Origin of request
I have been able to define custom portlet actions/permissions based on this example in Liferay Plugins SDK
https://github.com/liferay/liferay-plugins/tree/master/portlets/sample-permissions-portlet
I want to know the necessary steps I need to take to remove the custom portlet actions/permissions (not model permissions) from a portlet.
I remember observing that when I re-deploy a portlet with modified custom actions/permissions, the old custom actions/permissions stick around.
I tried deleting the portlet folder from Tomcat's webapps and it was successfully unregistered. But after I deploy the portlet again with the custom actions/permissions removed from the corresponding XML, I can still see the permissions in the Define Permissions of a Role.
I tried clearing permissions setting in Server Administration of Liferay's control panel, but it didn't change anything (it wasn't supposed to).
After re-deploying the portlet with the removed/modified permissions and restarting the server, I still see the custom actions/permissions assigned to the portlet, but when I select the portlet, then I don't see the removed permissions which is what I need.
Does un-deploying a portlet remove all the associated custom actions/permissions from Liferay Portal and the portal's Database?
Or do I need to make separate liferay service calls to do that?
Any inputs in this regard are really appreciated.
Liferay Version: 6.1.2 CE GA3
portlet.properties
include-and-override=portlet-ext.properties
language.bundle=content.Language
resource.actions.configs=resource-actions/default.xml
resource-actions/default.xml
<?xml version="1.0"?>
<!DOCTYPE resource-action-mapping PUBLIC "-//Liferay//DTD Resource Action Mapping 6.2.0//EN" "http://www.liferay.com/dtd/liferay-resource-action-mapping_6_2_0.dtd">
<resource-action-mapping>
<portlet-resource>
<portlet-name>1</portlet-name>
<permissions>
<supports>
<action-key>ADD_SOMETHING</action-key>
<action-key>CONFIGURATION</action-key>
<action-key>VIEW</action-key>
</supports>
<site-member-defaults>
<action-key>VIEW</action-key>
</site-member-defaults>
<guest-defaults>
<action-key>VIEW</action-key>
</guest-defaults>
<guest-unsupported />
</permissions>
</portlet-resource>
</resource-action-mapping>
content/language.properties
action.ADD_SOMETHING=Add Something
portlet.xml
<portlet-app xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd" version="2.0">
<portlet>
<portlet-name>1</portlet-name>
<display-name>Sample Permissions</display-name>
<portlet-class>com.liferay.util.bridges.mvc.MVCPortlet</portlet-class>
<init-param>
<name>view-template</name>
<value>/view.jsp</value>
</init-param>
<expiration-cache>0</expiration-cache>
<supports>
<mime-type>text/html</mime-type>
</supports>
<resource-bundle>content.Language</resource-bundle>
<portlet-info>
<title>Sample Permissions</title>
<short-title>Sample Permissions</short-title>
<keywords>Sample Permissions</keywords>
</portlet-info>
<security-role-ref>
<role-name>administrator</role-name>
</security-role-ref>
<security-role-ref>
<role-name>guest</role-name>
</security-role-ref>
<security-role-ref>
<role-name>power-user</role-name>
</security-role-ref>
<security-role-ref>
<role-name>user</role-name>
</security-role-ref>
</portlet>
</portlet-app>
liferay-portlet.xml
<liferay-portlet-app>
<portlet>
<portlet-name>1</portlet-name>
<instanceable>true</instanceable>
</portlet>
<role-mapper>
<role-name>administrator</role-name>
<role-link>Administrator</role-link>
</role-mapper>
<role-mapper>
<role-name>guest</role-name>
<role-link>Guest</role-link>
</role-mapper>
<role-mapper>
<role-name>power-user</role-name>
<role-link>Power User</role-link>
</role-mapper>
<role-mapper>
<role-name>user</role-name>
<role-link>User</role-link>
</role-mapper>
</liferay-portlet-app>
liferay-display.xml
<?xml version="1.0"?>
<!DOCTYPE display PUBLIC "-//Liferay//DTD Display 6.2.0//EN" "http://www.liferay.com/dtd/liferay-display_6_2_0.dtd">
<display>
<category name="category.sample">
<portlet id="1" />
</category>
</display>
liferay-plugin-package.properties
name=Sample Permissions
module-group-id=liferay
module-incremental-version=1
tags=sample
short-description=This plugin shows how to use the permission service from a portlet.
long-description=
change-log=
page-url=http://www.liferay.com
author=Liferay, Inc.
licenses=LGPL
liferay-versions=6.2.0+
portal-dependency-jars=\
jstl-api.jar,\
jstl-impl.jar
portal-dependency-tlds=\
c.tld
web.xml
<?xml version="1.0"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<jsp-config>
<taglib>
<taglib-uri>http://java.sun.com/jsp/jstl/core</taglib-uri>
<taglib-location>/WEB-INF/tld/c.tld</taglib-location>
</taglib>
</jsp-config>
</web-app>
The above code works perfectly and I am able to see the permissions in Define Permissions for role.
What I am looking for is, if I modify ADD_SOMETHING action to ADD_SOMETHING_ELSE or
Remove ADD_SOMETHING action and add a new action key MY_NEW_ACTION,
would the ADD_SOMETHING permission be removed completely from the portal? And if not what are the steps that I need to take to remove the ADD_SOMETHING permission?
Redeploy and Restart the server is enough to ensure these actions?
EDIT:
Based on Prakash's Response
//Ashok - Beanshell Script for ResourceAction Table Service
import com.liferay.portal.model.ResourceAction;
import com.liferay.portal.service.ResourceActionLocalServiceUtil;
import java.util.List;
List resourceList=ResourceActionLocalServiceUtil.getResourceActions(com.liferay.portal.kernel.dao.orm.QueryUtil.ALL_POS, com.liferay.portal.kernel.dao.orm.QueryUtil.ALL_POS);
for (ResourceAction resourceAction:resourceList) {
System.out.println("Resource Name: " + resourceAction.getActionId());
System.out.println("Resource Name: " + resourceAction.getName());
//ResourceActionLocalServiceUtil.deleteResourceAction(giveActionIdHereForDeleting);
}
Permissions are not removed from database for the portlet either when you un-deploy the portlet, or when you restart the server. why?
Because, undeploying a portlet does not necessarily mean the data needs to be removed from the database, the portlet can be redeployed many times. So liferay correctly takes the safe route of keeping the data intact unless it is manually deleted through the database or through some service. And the permissions are considered as data just like you have data stored for your custom asset.
So you can delete the permissions from ResourceAction table by creating some service or through the beanshell scripting panel in control Panel → Server Administration → Scripting → Select Beanshell. You would also need to take care of the bitwiseValue and the permissions already set in the ResourcePermission table.
I would suggest renaming the permission in the ResourceAction table rather than deleting and adding new, it might get complicated.
Hope this helps.
I'm porting a legacy application from JBoss 4.2.3 to JBoss 7 (the web profile version). They used a custom login module and used a valve to capture the login failure reason into j_exception. They did this by putting context.xml into the web-inf directory of the war, with the following contents:
<!-- Add the ExtendedFormAuthenticator to get access to the username/password/exception ->
<Context cookies="true" crossContext="true">
<Valve className="org.jboss.web.tomcat.security.ExtendedFormAuthenticator"
includePassword="true" ></Valve>
</Context>
The login is working for me, but not that valve. When there's a login exception, the j_exception is still empty and the logic that depends on analyzing why the login was rejected fails. According to this link: http://community.jboss.org/wiki/ExtendedFormAuthenticator, everything looks right. However that link is very old, and it's possible things have changed since then. What's the new way?
It seems that security valves are now defined directly in jboss-web.xml, like this:
<jboss-web>
<security-domain>mydomain</security-domain>
<valve>
<class-name>org.jboss.web.tomcat.security.ExtendedFormAuthenticator</class-name>
<param>
<param-name>includePassword</param-name>
<param-value>true</param-value>
</param>
</valve>
</jboss-web>
However, the ExtendedFormAuthenticator class wasn't ported to JBoss 7.0.1. A ticket has been opened for me, so it should be present in JBoss 7.1.0:
https://issues.jboss.org/browse/AS7-1963