I'm trying to set up ActiveMQ Artemis for high availability using replication with 2 servers (server A and server B) with a master broker on A and a slave broker on B. I know this isnt optimal for the split brain issue; I'm just experimenting in dev. Both brokers start up fine and I'm able to access the console for the master, but the console indicates "replicating: false". Here are the broker.xml files.
Here is the master broker.xml:
<?xml version='1.0'?>
<configuration xmlns="urn:activemq"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
<core xmlns="urn:activemq:core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:activemq:core ">
<name>0.0.0.0</name>
<security-enabled>false</security-enabled>
<persistence-enabled>true</persistence-enabled>
<journal-type>ASYNCIO</journal-type>
<paging-directory>data/paging</paging-directory>
<bindings-directory>data/bindings</bindings-directory>
<journal-directory>data/journal</journal-directory>
<large-messages-directory>data/large-messages</large-messages-directory>
<!-- <journal-retention-directory period="7" unit="DAYS" storage-limit="10G">data/retention</journal-retention-directory> -->
<journal-datasync>true</journal-datasync>
<journal-min-files>2</journal-min-files>
<journal-pool-files>10</journal-pool-files>
<journal-device-block-size>4096</journal-device-block-size>
<journal-file-size>10M</journal-file-size>
<journal-buffer-timeout>20000</journal-buffer-timeout>
<journal-max-io>4096</journal-max-io>
<!-- <network-check-period>10000</network-check-period> -->
<!-- <network-check-timeout>1000</network-check-timeout> -->
<!-- <network-check-list>10.0.0.1</network-check-list> -->
<!-- <network-check-ping-command>ping -c 1 -t %d %s</network-check-ping-command> -->
<!-- <network-check-ping6-command>ping6 -c 1 %2$s</network-check-ping6-command> -->
<connectors>
<connector name="artemis">tcp://0.0.0.0:61616</connector>
</connectors>
<disk-scan-period>5000</disk-scan-period>
<max-disk-usage>90</max-disk-usage>
<critical-analyzer>true</critical-analyzer>
<critical-analyzer-timeout>120000</critical-analyzer-timeout>
<critical-analyzer-check-period>60000</critical-analyzer-check-period>
<critical-analyzer-policy>HALT</critical-analyzer-policy>
<page-sync-timeout>180000</page-sync-timeout>
<!-- <global-max-size>100Mb</global-max-size> -->
<!-- <global-max-messages>-1</global-max-messages> -->
<acceptors>
<acceptor name="artemis">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;supportAdvisory=false;suppressInternalManagementObjects=false</acceptor>
<acceptor name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>
<acceptor name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>
<acceptor name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>
<acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true</acceptor>
</acceptors>
<cluster-user>admin</cluster-user>
<cluster-password>admin</cluster-password>
<broadcast-groups>
<broadcast-group name="bg-group1">
<group-address>231.7.7.7</group-address>
<group-port>9876</group-port>
<broadcast-period>5000</broadcast-period>
<connector-ref>artemis</connector-ref>
</broadcast-group>
</broadcast-groups>
<discovery-groups>
<discovery-group name="dg-group1">
<group-address>231.7.7.7</group-address>
<group-port>9876</group-port>
<refresh-timeout>10000</refresh-timeout>
</discovery-group>
</discovery-groups>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<discovery-group-ref discovery-group-name="dg-group1"/>
</cluster-connection>
</cluster-connections>
<ha-policy>
<replication>
<master>
<vote-on-replication-failure>true</vote-on-replication-failure>
<check-for-live-server>true</check-for-live-server>
</master>
</replication>
</ha-policy>
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="amq"/>
<permission type="deleteNonDurableQueue" roles="amq"/>
<permission type="createDurableQueue" roles="amq"/>
<permission type="deleteDurableQueue" roles="amq"/>
<permission type="createAddress" roles="amq"/>
<permission type="deleteAddress" roles="amq"/>
<permission type="consume" roles="amq"/>
<permission type="browse" roles="amq"/>
<permission type="send" roles="amq"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="amq"/>
</security-setting>
</security-settings>
<address-settings>
<!-- if you define auto-create on certain queues, management has to be auto-create -->
<address-setting match="activemq.management#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- with -1 only the global-max-size is in use for limiting -->
<max-size-bytes>-1</max-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
</address-setting>
<!--default for catch all-->
<address-setting match="#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- if max-size-bytes and max-size-messages were both enabled, the system will enter into paging
based on the first attribute to hits the maximum value -->
<!-- limit for the address in bytes, -1 means unlimited -->
<max-size-bytes>-1</max-size-bytes>
<!-- limit for the address in messages, -1 means unlimited -->
<max-size-messages>-1</max-size-messages>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
<auto-delete-queues>false</auto-delete-queues>
<auto-delete-addresses>false</auto-delete-addresses>
</address-setting>
</address-settings>
<addresses>
<address name="DLQ">
<anycast>
<queue name="DLQ" />
</anycast>
</address>
<address name="ExpiryQueue">
<anycast>
<queue name="ExpiryQueue" />
</anycast>
</address>
</addresses>
<!-- Uncomment the following if you want to use the Standard LoggingActiveMQServerPlugin pluging to log in events
<broker-plugins>
<broker-plugin class-name="org.apache.activemq.artemis.core.server.plugin.impl.LoggingActiveMQServerPlugin">
<property key="LOG_ALL_EVENTS" value="true"/>
<property key="LOG_CONNECTION_EVENTS" value="true"/>
<property key="LOG_SESSION_EVENTS" value="true"/>
<property key="LOG_CONSUMER_EVENTS" value="true"/>
<property key="LOG_DELIVERING_EVENTS" value="true"/>
<property key="LOG_SENDING_EVENTS" value="true"/>
<property key="LOG_INTERNAL_EVENTS" value="true"/>
</broker-plugin>
</broker-plugins>
-->
</core>
</configuration>
Here is the slave broker.xml:
<?xml version='1.0'?>
<configuration xmlns="urn:activemq"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
<core xmlns="urn:activemq:core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:activemq:core ">
<name>0.0.0.0</name>
<security-enabled>false</security-enabled>
<persistence-enabled>true</persistence-enabled>
<journal-type>ASYNCIO</journal-type>
<paging-directory>data/paging</paging-directory>
<bindings-directory>data/bindings</bindings-directory>
<journal-directory>data/journal</journal-directory>
<large-messages-directory>data/large-messages</large-messages-directory>
<!-- <journal-retention-directory period="7" unit="DAYS" storage-limit="10G">data/retention</journal-retention-directory> -->
<journal-datasync>true</journal-datasync>
<journal-min-files>2</journal-min-files>
<journal-pool-files>10</journal-pool-files>
<journal-device-block-size>4096</journal-device-block-size>
<journal-file-size>10M</journal-file-size>
<journal-buffer-timeout>24000</journal-buffer-timeout>
<journal-max-io>4096</journal-max-io>
<!-- <network-check-NIC>theNicName</network-check-NIC> -->
<!-- <network-check-URL-list>http://www.apache.org</network-check-URL-list> -->
<!-- <network-check-period>10000</network-check-period> -->
<!-- <network-check-timeout>1000</network-check-timeout> -->
<!-- <network-check-list>10.0.0.1</network-check-list> -->
<!-- use this to customize the ping used for ipv4 addresses -->
<!-- <network-check-ping-command>ping -c 1 -t %d %s</network-check-ping-command> -->
<!-- use this to customize the ping used for ipv6 addresses -->
<!-- <network-check-ping6-command>ping6 -c 1 %2$s</network-check-ping6-command> -->
<connectors>
<connector name="artemis">tcp://0.0.0.0:61616</connector>
</connectors>
<disk-scan-period>5000</disk-scan-period>
<max-disk-usage>90</max-disk-usage>
<critical-analyzer>true</critical-analyzer>
<critical-analyzer-timeout>120000</critical-analyzer-timeout>
<critical-analyzer-check-period>60000</critical-analyzer-check-period>
<critical-analyzer-policy>HALT</critical-analyzer-policy>
<page-sync-timeout>156000</page-sync-timeout>
<!-- <global-max-size>100Mb</global-max-size> -->
<global-max-messages>-1</global-max-messages>
<acceptors>
<acceptor name="artemis">tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQTT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDuplicateDetection=true;supportAdvisory=false;suppressInternalManagementObjects=false</acceptor>
<acceptor name="amqp">tcp://0.0.0.0:5672?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=AMQP;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpMinLargeMessageSize=102400;amqpDuplicateDetection=true</acceptor>
<acceptor name="stomp">tcp://0.0.0.0:61613?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=STOMP;useEpoll=true</acceptor>
<acceptor name="hornetq">tcp://0.0.0.0:5445?anycastPrefix=jms.queue.;multicastPrefix=jms.topic.;protocols=HORNETQ,STOMP;useEpoll=true</acceptor>
<acceptor name="mqtt">tcp://0.0.0.0:1883?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048576;protocols=MQTT;useEpoll=true</acceptor>
</acceptors>
<cluster-user>admin</cluster-user>
<cluster-password>admin</cluster-password>
<broadcast-groups>
<broadcast-group name="bg-group1">
<group-address>231.7.7.7</group-address>
<group-port>9876</group-port>
<broadcast-period>5000</broadcast-period>
<connector-ref>artemis</connector-ref>
</broadcast-group>
</broadcast-groups>
<discovery-groups>
<discovery-group name="dg-group1">
<group-address>231.7.7.7</group-address>
<group-port>9876</group-port>
<refresh-timeout>10000</refresh-timeout>
</discovery-group>
</discovery-groups>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>artemis</connector-ref>
<message-load-balancing>ON_DEMAND</message-load-balancing>
<max-hops>0</max-hops>
<discovery-group-ref discovery-group-name="dg-group1"/>
</cluster-connection>
</cluster-connections>
<ha-policy>
<replication>
<slave>
<allow-failback>true</allow-failback>
</slave>
</replication>
</ha-policy>
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="amq"/>
<permission type="deleteNonDurableQueue" roles="amq"/>
<permission type="createDurableQueue" roles="amq"/>
<permission type="deleteDurableQueue" roles="amq"/>
<permission type="createAddress" roles="amq"/>
<permission type="deleteAddress" roles="amq"/>
<permission type="consume" roles="amq"/>
<permission type="browse" roles="amq"/>
<permission type="send" roles="amq"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="amq"/>
</security-setting>
</security-settings>
<address-settings>
<!-- if you define auto-create on certain queues, management has to be auto-create -->
<address-setting match="activemq.management#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- with -1 only the global-max-size is in use for limiting -->
<max-size-bytes>-1</max-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
</address-setting>
<!--default for catch all-->
<address-setting match="#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- if max-size-bytes and max-size-messages were both enabled, the system will enter into paging
based on the first attribute to hits the maximum value -->
<!-- limit for the address in bytes, -1 means unlimited -->
<max-size-bytes>-1</max-size-bytes>
<!-- limit for the address in messages, -1 means unlimited -->
<max-size-messages>-1</max-size-messages>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
<auto-delete-queues>false</auto-delete-queues>
<auto-delete-addresses>false</auto-delete-addresses>
</address-setting>
</address-settings>
<addresses>
<address name="DLQ">
<anycast>
<queue name="DLQ" />
</anycast>
</address>
<address name="ExpiryQueue">
<anycast>
<queue name="ExpiryQueue" />
</anycast>
</address>
</addresses>
<!-- Uncomment the following if you want to use the Standard LoggingActiveMQServerPlugin pluging to log in events
<broker-plugins>
<broker-plugin class-name="org.apache.activemq.artemis.core.server.plugin.impl.LoggingActiveMQServerPlugin">
<property key="LOG_ALL_EVENTS" value="true"/>
<property key="LOG_CONNECTION_EVENTS" value="true"/>
<property key="LOG_SESSION_EVENTS" value="true"/>
<property key="LOG_CONSUMER_EVENTS" value="true"/>
<property key="LOG_DELIVERING_EVENTS" value="true"/>
<property key="LOG_SENDING_EVENTS" value="true"/>
<property key="LOG_INTERNAL_EVENTS" value="true"/>
</broker-plugin>
</broker-plugins>
-->
</core>
</configuration>
Is this an issue with the way HA is configured? Is it an issue with the clustering? (either broadcast or discovery groups)
At the very least, the connector configuration you're using for your broadcast-group is incorrect. You're specifying:
<connector-ref>artemis</connector-ref>
And the artemis connector is defined like this:
<connector name="artemis">tcp://0.0.0.0:61616</connector>
This is the information which is broadcast to other nodes telling those other nodes how to connect back to the broker that broadcast it. When the other node(s) in the cluster try to use tcp://0.0.0.0:61616 to connect they won't get a connection to the node that broadcast it. They'll get a connection back to themselves. The URL should contain the actual IP address or hostname that remote brokers and/or clients would use to connect to it.
Related
How do you debug the Azure Java SDK CosmosClient connection SSL handshake?
I tried with Commons-Logging and with SLF4j, and cannot get the SSL handshake to put out debug output. Does anyone know how to do this.
Here is my log4j.properties :
log4j.rootLogger=INFO, stdout
log4j.logger.io.netty=DEBUG
log4j.logger.io.projectreactor=DEBUG
log4j.logger.reactor.netty.http=DEBUG
# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1} - %m%n
Here is my logging.properties :
handlers = java.util.logging.ConsoleHandler
.level = ALL
java.util.logging.ConsoleHandler.level = FINEST
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
java.util.logging.SimpleFormatter.format=[%1$tF %1$tT] [%4$s] %5$s %n
io.netty.level=ALL
io.projectreactor.level=ALL
reactor.netty.http=ALL
I solved it. I'm using Lombok SLF4j and I needed this log4j2.xml config:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="OFF">
<Properties>
<Property name="LOG_LOC">logs</Property>
<Property name="MAX">5</Property>
<Property name="LOG_PATTERN">%d{yyyy.MM.dd HH:mm:ss.SSS} [%p] %c: %m%n
</Property>
</Properties>
<Appenders>
<RollingFile name="FILE" fileName="${LOG_LOC}/main.log"
filePattern="${LOG_LOC}/main.%i.log">
<PatternLayout>
<Pattern>${LOG_PATTERN}</Pattern>
</PatternLayout>
<Policies>
<OnStartupTriggeringPolicy />
</Policies>
<DefaultRolloverStrategy max="${MAX}" />
</RollingFile>
<Console name="STDOUT" target="SYSTEM_OUT" follow="true">
<PatternLayout pattern="${LOG_PATTERN}" />
</Console>
</Appenders>
<Loggers>
<Logger name="io.netty" level="debug" />
<Logger name="io.projectreactor" level="debug" />
<Logger name="reactor.netty.http" level="debug" />
<Logger name="com.azure.cosmos" level="debug" />
<Logger name="file" level="debug" additivity="false">
<appender-ref ref="FILE" />
</Logger>
<Root level="warn">
<AppenderRef ref="FILE" />
<AppenderRef ref="STDOUT" />
</Root>
</Loggers>
</Configuration>
Also works with a log4j.properties if you add these dependencies in addition to Lombok:
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.36</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.36</version>
</dependency>
I tried running infinispan in two machines and persisted the index data in one machine. When i try to run simultaneously in 2 machines with indexing and persisting(cache-store) into the database, i am getting the following exception,
Caused by: java.io.FileNotFoundException: Error loading metadata for index file: segments_2j|M|Course
at org.infinispan.lucene.impl.DirectoryImplementor.openInput(DirectoryImplementor.java:134)
at org.infinispan.lucene.impl.DirectoryLuceneV4.openInput(DirectoryLuceneV4.java:101)
at org.apache.lucene.store.Directory.openChecksumInput(Directory.java:113)
at org.apache.lucene.index.SegmentInfos.read(SegmentInfos.java:341)
at org.apache.lucene.index.StandardDirectoryReader$1.doBody(StandardDirectoryReader.java:57)
at org.apache.lucene.index.SegmentInfos$FindSegmentsFile.run(SegmentInfos.java:923)
at org.apache.lucene.index.StandardDirectoryReader.open(StandardDirectoryReader.java:53)
at org.apache.lucene.index.DirectoryReader.open(DirectoryReader.java:67)
at org.hibernate.search.indexes.impl.SharingBufferReaderProvider.readerFactory(SharingBufferReaderProvider.java:131)
at org.hibernate.search.indexes.impl.SharingBufferReaderProvider$PerDirectoryLatestReader.<init>(SharingBufferReaderProvider.java:206)
at org.hibernate.search.indexes.impl.SharingBufferReaderProvider.createReader(SharingBufferReaderProvider.java:108)
... 24 more
My infinispan config file is:
infinispan-config.xml
<?xml version="1.0" encoding="UTF-8"?> <infinispan
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:infinispan:config:7.2 http://www.infinispan.org/schemas/infinispan-config-7.2.xsd
urn:infinispan:config:store:jdbc:7.2 http://www.infinispan.org/schemas/infinispan-cachestore-jdbc-config-7.2.xsd"
xmlns="urn:infinispan:config:7.2"
xmlns:jdbc="urn:infinispan:config:store:jdbc:7.2">
<!-- *************************** -->
<!-- System-wide global settings -->
<!-- *************************** -->
<jgroups>
<!-- Note that the JGroups transport uses sensible defaults if no configuration
property is defined. See the JGroupsTransport javadocs for more flags.
jgroups-udp.xml is the default stack bundled in the Infinispan core jar: integration
and tuning are tested by Infinispan. -->
<stack-file name="default-jgroups-tcp" path="my-jgroupstcp.xml"/>
</jgroups>
<cache-container name="HibernateSearch" default-cache="default" statistics="false" shutdown-hook="DONT_REGISTER">
<transport stack="default-jgroups-tcp"/>
<!-- Duplicate domains are allowed so that multiple deployments with default configuration
of Hibernate Search applications work - if possible it would be better to use JNDI to share
the CacheManager across applications -->
<jmx duplicate-domains="true"/>
<!-- *************************************** -->
<!-- Cache to store Lucene's file metadata -->
<!-- *************************************** -->
<replicated-cache name="LuceneIndexesMetadata" mode="ASYNC" async-marshalling="true">
<locking striping="false" acquire-timeout="10000" concurrency-level="500" write-skew="false"/>
<transaction mode="NONE" />
<eviction max-entries="-1" strategy="NONE"/>
<expiration max-idle="-1"/>
<persistence passivation="false">
<jdbc:string-keyed-jdbc-store preload="true" fetch-state="true" read-only="false" purge="false">
<write-behind />
<property name="key2StringMapper">org.infinispan.lucene.LuceneKey2StringMapper</property>
<jdbc:connection-pool connection-url="jdbc:mysql://localhost:3306/hsearch"
driver="com.mysql.jdbc.Driver" username="my-username"
password="my-password"></jdbc:connection-pool>
<jdbc:string-keyed-table drop-on-exit="false" create-on-start="true" prefix="ISPN_STRING_TABLE">
<jdbc:id-column name="ID" type="VARCHAR(255)"/>
<jdbc:data-column name="DATA" type="MEDIUMBLOB"/>
<jdbc:timestamp-column name="TIMESTAMP" type="BIGINT"/>
</jdbc:string-keyed-table>
</jdbc:string-keyed-jdbc-store>
</persistence>
<indexing index="ALL"/>
<state-transfer enabled="true" timeout="480000" await-initial-transfer="true"/>
</replicated-cache>
<!-- **************************** -->
<!-- Cache to store Lucene data -->
<!-- **************************** -->
<distributed-cache name="LuceneIndexesData" mode="ASYNC" async-marshalling="true">
<locking striping="false" acquire-timeout="10000" concurrency-level="500" write-skew="false"/>
<transaction mode="NONE"/>
<eviction max-entries="-1" strategy="NONE"/>
<expiration max-idle="-1"/>
<persistence passivation="false">
<jdbc:string-keyed-jdbc-store preload="true" fetch-state="true" read-only="false" purge="false">
<write-behind />
<property name="key2StringMapper">org.infinispan.lucene.LuceneKey2StringMapper</property>
<jdbc:connection-pool connection-url="jdbc:mysql://localhost:3306/hsearch"
driver="com.mysql.jdbc.Driver" username="my-username"
password="my-password"></jdbc:connection-pool>
<jdbc:string-keyed-table drop-on-exit="false" create-on-start="true" prefix="ISPN_STRING_TABLE">
<jdbc:id-column name="ID" type="VARCHAR(255)"/>
<jdbc:data-column name="DATA" type="MEDIUMBLOB"/>
<jdbc:timestamp-column name="TIMESTAMP" type="BIGINT"/>
</jdbc:string-keyed-table>
</jdbc:string-keyed-jdbc-store>
</persistence>
<indexing index="NONE"/>
<state-transfer enabled="true" timeout="480000" await-initial-transfer="true"/>
</distributed-cache>
<!-- ***************************** -->
<!-- Cache to store Lucene locks -->
<!-- ***************************** -->
<replicated-cache name="LuceneIndexesLocking" mode="ASYNC" async-marshalling="true">
<locking striping="false" acquire-timeout="10000" concurrency-level="500" write-skew="false"/>
<transaction mode="NONE"/>
<eviction max-entries="-1" strategy="NONE"/>
<expiration max-idle="-1"/>
<indexing index="NONE"/>
<state-transfer enabled="true" timeout="480000" await-initial-transfer="true"/>
</replicated-cache>
</cache-container>
</infinispan>
My jgroup configuration file is,
my-jgroup.xml
<config xmlns="urn:org:jgroups"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:org:jgroups http://www.jgroups.org/schema/JGroups-3.6.xsd">
<TCP bind_addr="${jgroups.tcp.address:192.168.1.48}"
bind_port="${jgroups.tcp.port:7800}"
enable_diagnostics="false"
thread_naming_pattern="pl"
send_buf_size="640k"
sock_conn_timeout="300"
thread_pool.min_threads="${jgroups.thread_pool.min_threads:2}"
thread_pool.max_threads="${jgroups.thread_pool.max_threads:30}"
thread_pool.keep_alive_time="60000"
thread_pool.queue_enabled="false"
internal_thread_pool.min_threads="${jgroups.internal_thread_pool.min_threads:5}"
internal_thread_pool.max_threads="${jgroups.internal_thread_pool.max_threads:20}"
internal_thread_pool.keep_alive_time="60000"
internal_thread_pool.queue_enabled="true"
internal_thread_pool.queue_max_size="500"
oob_thread_pool.min_threads="${jgroups.oob_thread_pool.min_threads:20}"
oob_thread_pool.max_threads="${jgroups.oob_thread_pool.max_threads:200}"
oob_thread_pool.keep_alive_time="60000"
oob_thread_pool.queue_enabled="false"
/>
<MPING bind_addr="${jgroups.tcp.address:192.168.1.48}"
mcast_addr="${jgroups.mping.mcast_addr:228.2.4.6}"
mcast_port="${jgroups.mping.mcast_port:43366}"
ip_ttl="${jgroups.udp.ip_ttl:2}"
/>
<MERGE3 min_interval="10000"
max_interval="30000"
/>
<FD_SOCK />
<FD_ALL timeout="60000"
interval="15000"
timeout_check_interval="5000"
/>
<VERIFY_SUSPECT timeout="5000" />
<pbcast.NAKACK2 use_mcast_xmit="false"
xmit_interval="1000"
xmit_table_num_rows="50"
xmit_table_msgs_per_row="1024"
xmit_table_max_compaction_time="30000"
max_msg_batch_size="100"
resend_last_seqno="true"
/>
<UNICAST3 xmit_interval="500"
xmit_table_num_rows="50"
xmit_table_msgs_per_row="1024"
xmit_table_max_compaction_time="30000"
max_msg_batch_size="100"
conn_expiry_timeout="0"
/>
<pbcast.STABLE stability_delay="500"
desired_avg_gossip="5000"
max_bytes="1M"
/>
<pbcast.GMS print_local_addr="false"
join_timeout="15000"
/>
<MFC max_credits="2m"
min_threshold="0.40"
/>
<FRAG2 />
My persistence.xml is,
<?xml version="1.0" encoding="UTF-8" ?>
<persistence-unit name="IC" transaction-type="RESOURCE_LOCAL">
<class>com.csgsol.model.Course</class>
<properties>
<property name="javax.persistence.jdbc.driver" value="com.mysql.jdbc.Driver"/>
<property name="javax.persistence.jdbc.url" value="jdbc:mysql://192.168.1.99:3306/sampleDb"/>
<property name="javax.persistence.jdbc.user" value="my-username"/>
<property name="javax.persistence.jdbc.password" value="my-password"/>
<property name="hibernate.dialect" value="org.hibernate.dialect.MySQL5InnoDBDialect"/>
<property name="hibernate.hbm2ddl.auto" value="update"/>
<property name="hibernate.search.default.directory_provider" value="infinispan"/>
<property name="hibernate.search.default.indexmanager" value="org.infinispan.query.indexmanager.InfinispanIndexManager"/>
<property name="hibernate.search.default.indexmanager" value="near-real-time"/>
<property name="hibernate.search.default.exclusive_index_use" value="false"/>
<property name="hibernate.search.default.worker.execution" value = "async"/>
<property name="hibernate.search.lucene_version" value="LUCENE_4_10_4"/>
<property name="hibernate.search.infinispan.configuration_resourcename" value="infinispan-config.xml"/>
</properties>
</persistence-unit>
</persistence>
The versions i am using are
Infinispan - 7.2.0.Final
Lucene - 4.10.4
You should not use mode="ASYNC" for index caches. Since Infinispan 8.2.x (https://issues.jboss.org/browse/ISPN-4065) this configuration is forbidden
I'm trying to make direct update work on my IBM MobileFirst application, but it works only for Android version.
Here is my conf files.
authenticationConfig.xml
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<mobileSecurityTest name="mobileWithDirectUpdate">
<testDirectUpdate mode="perSession"/>
</mobileSecurityTest>
<customSecurityTest name="securityCanalLojista">
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_antiXSRFRealm" step="2"/>
<test realm="wl_remoteDisableRealm" step="2"/>
<test isInternalUserID="true" realm="wl_anonymousUserRealm" step="2"/>
<test isInternalDeviceID="true" realm="wl_deviceNoProvisioningRealm" step="2"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1" />
</customSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
</realms>
<loginModules>
<loginModule name="StrongDummy" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll" expirationInSeconds="3600">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
</loginModules>
</tns:loginConfiguration>
applicationDescriptor.xml
<?xml version='1.0' encoding='utf-8'?>
<application id="br_com_customer_CanalLojista" platformVersion="7.1.0.00.20160229-1240" xmlns="http://www.worklight.com/application-descriptor" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<displayName>CanalLojista</displayName>
<description>A sample Apache Cordova application that responds to the deviceready event.</description>
<author>
<name>IBM MobileFirst Team</name>
<email>mobileb#us.ibm.com</email>
<copyright>Copyright My Company</copyright>
<homepage>https://developer.ibm.com/mobilefirstplatform/documentation/getting-started</homepage>
</author>
<mainFile>index.html</mainFile>
<thumbnailImage>www/img/thumbnail.png</thumbnailImage>
<accessTokenExpiration>3600</accessTokenExpiration>
<userIdentityRealms />
<licenseAppType>APPLICATION</licenseAppType>
<targetCategory>UNDEFINED</targetCategory>
<android version="1.0.0" securityTest="securityCanalLojista">
<worklightSettings include="false" />
<security>
<encryptWebResources enabled="false" />
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3" />
<publicSigningKey>MyPublicKeyuhaush</publicSigningKey>
<packageName>br.com.customer.CanalLojista</packageName>
</security>
</android>
<iphone bundleId="br.com.customer.CanalLojista" applicationId="br_com_customer_CanalLojista" version="1.0.0" securityTest="securityCanalLojista">
<worklightSettings include="false" />
<security>
<encryptWebResources enabled="false" />
<testWebResourcesChecksum enabled="false" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3" />
</security>
</iphone>
</application>
My deployed version is using my securityTest.
On this IBM article Enabling Direct Update Authenticity checks and see something about directUpdateAuthenticityPublicKey tag, but I'm sure if I really need to set it up because it's not necessary to see it working on Android.
Anybody knows what's wrong on my project?
Sorry guys, my configuration is OK, I was changing a code that wasn't necessary to ipad/iphone, that's the reason why it didn't downloading a new version. After change a file that's necessary on ipad it downloaded a new version.
I want to disable the automatic updates on MobileFirst 7.0 server for Android application. I have already tried the approach described here:
IBM MobileFirst 7.0 - How to disable auto-update
and here
https://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/admin/c_direct_update_as_security_realm.html?lang=en
, but with no luck.
My original authenticationConfig.xml file looked like this:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: If you are adding an app authenticity realm to a security test,
you must also update the application-descriptor.xml. Please refer to the user documentation
on application authenticity for environment specific guidelines. -->
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="perSession" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
After many trials, I ended with this:
<?xml version="1.0" encoding="UTF-8"?>
<tns:loginConfiguration xmlns:tns="http://www.worklight.com/auth/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<!--
<resource id="logUploadServlet" securityTest="LogUploadServlet">
<urlPatterns>/apps/services/loguploader*</urlPatterns>
</resource>
-->
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<!-- Sample security tests
Even if not used there will be some default webSecurityTest and mobileSecurityTest
Attention: If you are adding an app authenticity realm to a security test,
you must also update the application-descriptor.xml. Please refer to the user documentation
on application authenticity for environment specific guidelines. -->
<securityTests>
<!--
<mobileSecurityTest name="mobileTests">
<testAppAuthenticity/>
<testDeviceId provisioningType="none" />
<testUser realm="myMobileLoginForm" />
<testDirectUpdate mode="disabled" />
</mobileSecurityTest>
<webSecurityTest name="webTests">
<testUser realm="myWebLoginForm"/>
</webSecurityTest>
-->
<customSecurityTest name="customTests">
<test realm="wl_antiXSRFRealm" step="1"/>
<test realm="wl_authenticityRealm" step="1"/>
<test realm="wl_remoteDisableRealm" step="1"/>
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="wl_anonymousUserRealm" isInternalUserID="true" step="1"/>
<test realm="wl_deviceNoProvisioningRealm" isInternalDeviceID="true" step="2"/>
</customSecurityTest>
<!--
<customSecurityTest name="LogUploadServlet">
<test realm="wl_anonymousUserRealm" step="1"/>
<test realm="LogUploadServlet" isInternalUserID="true"/>
</customSecurityTest>
-->
<customSecurityTest name="SubscribeServlet">
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
<customSecurityTest name="SampleAppRealm">
<test realm="wl_directUpdateRealm" mode="disabled" step="1"/>
<test realm="SampleAppRealm" isInternalUserID="true"/>
</customSecurityTest>
<mobileSecurityTest name="mobileTests">
<testDirectUpdate mode="disabled"/>
<testDeviceId provisioningType="none"></testDeviceId>
<testUser realm="wl_anonymousUserRealm"></testUser>
</mobileSecurityTest>
</securityTests>
<realms>
<realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm>
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule>
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
</tns:loginConfiguration>
, but it is not working for me. And I am sure that the edited authenticationConfig.xml file is used (if I make mistake in them, server refuses to load it). What am I doing wrong?
You need to add the securityTest attribute to the environment element in application-descriptor.xml.
For example: <android version="1.0" securityTest="name-of-security-test"/>
Learn more about security tests: https://www.ibm.com/developerworks/community/blogs/worklight/entry/understanding_predefined_worklight_authentication_realms_and_security_tests11?lang=en
I'm developing a bank app for a company using WL enterprise edition with version 6.2.0.1,
I have deployed the WAR file for the application and implemented a securityTest for Mobile and Web.
Everything is working fine on iPhone, Android and web mobile.
However, when i try to connect through BB 10 (z10 or Q10) i'm getting this error on the server log.
Error log:
LoginContext E com.worklight.core.auth.impl.LoginContext
processRequest FWLSE0117E: Error code: 4, error description:
AUTHENTICATION_ERROR, error message: An error occurred while
performing authentication using loginModule
WLDeviceNoProvisioningLoginModule, User Identity Not available.
[project MobileBanking] [project MobileBanking]
the authenticationConfig.xml is the following
<?xml version="1.0" encoding="UTF-8"?>
<!-- Licensed Materials - Property of IBM
5725-I43 (C) Copyright IBM Corp. 2006, 2013. All Rights Reserved.
US Government Users Restricted Rights - Use, duplication or
disclosure restricted by GSA ADP Schedule Contract with IBM Corp. -->
<staticResources>
<resource id="subscribeServlet" securityTest="SubscribeServlet">
<urlPatterns>/subscribeSMS*;/receiveSMS*;/ussd*</urlPatterns>
</resource>
</staticResources>
<securityTests>
<mobileSecurityTest name="MobileBankingTestMobile">
<testDeviceId provisioningType="none" />
<testDirectUpdate mode="perSession" />
</mobileSecurityTest>
<webSecurityTest name="MobileBankingTest">
<testUser realm="MobileBankingRealm" />
</webSecurityTest>
<customSecurityTest name="SubscribeServlet">
<test realm="SubscribeServlet" isInternalUserID="true"/>
</customSecurityTest>
</securityTests>
<realms>
<realm loginModule="BankingLoginModule" name="MobileBankingRealm">
<className>com.worklight.integration.auth.AdapterAuthenticator</className>
<parameter name="login-function" value="MBCAuthenticationAdapter.onAuthRequired" />
<parameter name="logout-function" value="MBCAuthenticationAdapter.onLogout" />
</realm>
<!-- <realm name="SampleAppRealm" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
</realm> -->
<realm name="SubscribeServlet" loginModule="rejectAll">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm>
<!-- For client logger -->
<!-- <realm name="LogUploadServlet" loginModule="StrongDummy">
<className>com.worklight.core.auth.ext.HeaderAuthenticator</className>
</realm -->
<!-- For websphere -->
<!-- realm name="WASLTPARealm" loginModule="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereFormBasedAuthenticator</className>
<parameter name="login-page" value="/login.html"/>
<parameter name="error-page" value="/loginError.html"/>
</realm -->
<!-- For User Certificate Authentication -->
<!-- realm name="wl_userCertificateAuthRealm" loginModule="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateAuthenticator</className>
<parameter name="dependent-user-auth-realm" value="WASLTPARealm" />
<parameter name="pki-bridge-class" value="com.worklight.core.auth.ext.UserCertificateEmbeddedPKI" />
<parameter name="embedded-pki-bridge-ca-p12-file-path" value="/opt/ssl_ca/ca.p12"/>
<parameter name="embedded-pki-bridge-ca-p12-password" value="capassword" />
</realm -->
<!-- For Trusteer Fraud Detection -->
<!-- Requires acquiring Trusteer SDK -->
<!-- realm name="wl_basicTrusteerFraudDetectionRealm" loginModule="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerAuthenticator</className>
<parameter name="rooted-device" value="block"/>
<parameter name="device-with-malware" value="block"/>
<parameter name="rooted-hiders" value="block"/>
<parameter name="unsecured-wifi" value="alert"/>
<parameter name="outdated-configuration" value="alert"/>
</realm -->
</realms>
<loginModules>
<loginModule name="BankingLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<!-- <loginModule name="StrongDummy">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule>
<loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
</loginModule> -->
<loginModule name="rejectAll">
<className>com.worklight.core.auth.ext.RejectingLoginModule</className>
</loginModule>
<!-- Required for Trusteer - wl_basicTrusteerFraudDetectionRealm -->
<!-- loginModule name="trusteerFraudDetectionLogin">
<className>com.worklight.core.auth.ext.TrusteerLoginModule</className>
</loginModule-->
<!-- For websphere -->
<!-- loginModule name="WASLTPAModule">
<className>com.worklight.core.auth.ext.WebSphereLoginModule</className>
</loginModule -->
<!-- Login module for User Certificate Authentication -->
<!-- <loginModule name="WLUserCertificateLoginModule">
<className>com.worklight.core.auth.ext.UserCertificateLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with no-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceNoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
<!-- For enabling SSO with auto-provisioning device authentication -->
<!-- <loginModule name="MySSO" ssoDeviceLoginModule="WLDeviceAutoProvisioningLoginModule">
<className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
</loginModule> -->
</loginModules>
Application-descriptor.xml:
I kept it the same with no changes than the original,
I have changed the BB parameters for testing, each test is done separately, and the app is being deployed on BB10 Device for each change, but didn't work:
<android version="1.0">
<worklightSettings include="true"/>
<security>
<encryptWebResources enabled="true"/>
<testWebResourcesChecksum enabled="true" ignoreFileExtensions="png, jpg, jpeg, gif, mp4, mp3"/>
<publicSigningKey/>
</security>
</android>
<blackberry10 version="1.0"> </blackberry10>
How can I fix this issue? is there a certification needs to be installed on the WL enterprise server for BB? is there a fix for the realm issue for BB10.?
Thanks
We have solved the issue by raising a PMR with IBM.
They provided us with an update for Eclipse kepler containing the fix for the BB authentication and with 32 extra fixes.