I built a custom mule connector using Mule SDK and tested with Anypoint Studio. When I tried to deploy the Mulesoft Exchange using mvn deploy after updating the pom.xml file with Organization details, I'm running into the following Unauthorized error. Could someone point out what's causing this issue or a way to fix this?
Here is my POM.xml file:
Here is the error when running mvn deploy:
There is something wrong in your pom. Maven is trying to deploy to one of MuleSoft repositories, not to Exchange. Note the URL in the error doesn't match the one in the distributionManagement section.
Did you set the groupId to the org id? It doesn't look like it in the error.
Be sure to follow all the steps in the instructions: https://docs.mulesoft.com/exchange/to-publish-assets-maven#publish-an-asset-to-exchange-using-maven
Related
I need some information of log4j2 for updating our central versions of Mule CE 3.9.0 and Mule CE 3.9.5 (CE=Community Edition).
What is the best way to protect them and does downloading only jar files from Apache site https://dlcdn.apache.org/logging/log4j/2.12.3/ be useful to patch Mule CE 3.9?
Regards
As a summary you only need to find the vulnerable jars in the mule-server and in the mule flows deployed in the apps folder.
A Java project is a set of java class and libraries with complex dependencies relationship, but easy to replace one of them (manually or automated with maven), so no matter how or where log4j is being used, we just need replace the jar file.
mule community server 3.9.0
In this version, with this command find . -type f -iname "*log4j*" we will get the log4j jars:
As we can see, the version prior to the 2.14.x
log4j-jul-2.8.2.jar
log4j-jcl-2.8.2.jar
log4j-slf4j-impl-2.8.2.jar
log4j-core-2.8.2.jar
log4j-api-2.8.2.jar
log4j-1.2-api-2.8.2.jar
But according to the official maven repository, this version is affected too :(
Just the 2.17.0 is safe to use
Source: https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core
If this change breaks your mule, just delete the specific vulnerable class:
zip -q -d
log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
Source: https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
mule flow or mule app
This is not the server, is the app developed by programmers, packaged as .zip and deployed to the mule apps folder in the server.
In this layer, the app can ignore completely the server configurations and has its own jar versions.
If you don't use maven (rare), you need to search and replace the jar, app by app, similar to the server with find command but in the specific app folder:
/opt/mule_server/apps/my-mule-app
If you use maven, you could find if the jar is used with the pom.xml previewer of Eclipse Ide or with command mvn dependency:tree. Check this:
https://stackoverflow.com/a/68916675/3957754
Remember: If you not use directly this jar, you need to check if mule esb server uses it.
Here some tips from manual to automated pipelines:
mule esb monolithic with manual deployment
In this case you need to fix the server and your apps.
for the server, backup, stop, search the jar on lib folder and replace it with the 2.17 (after vulnerability fix) and start. Test if everything is working
for the mule apps, the process is the same: stop the mule server, go to your mule apps and one by one, search the jar and replace it. Start the mule server and test if everything is working
git repository , maven and one mule app by server
In this case, you don't have a big server with a big mule containing a lot of mule apps/flows. You have one light server for just one mule app.
Just search the dependency in your pom with maven and replace it.
Push your changes and in the next deploy( manual or automated) your mule app will be fixed.
Also note that this approach fix the app, not the server.
git, docker
If you are using docker, the things are easy. Just search the Dockerfile (usually in a git repository). In this file there are a lot of sentences, since the java installation until the star of mule server.
Choose the exact line between the download of mule and the start of server and put a sentence which replace the jar file
Next deploy will pick you new image version and that's all.
automated flow(devops)
Here you are using maven, gi, docker and some ci server. You just need:
update the git repository of your mule app (maven)
update the git repository of your docker image
deploy your fix using the ci server.
With this, you will not need human access to the production servers to fix your java application ( mule)
I am trying to deploying CF application available as the part of OpenSap course from this GitHub URL https://github.com/raepple/cfsectest.git . When I do maven clean install, I got the error as in the screenshot.It tells that it is unable to download some maven dependencies.Any solution to this issue?
There is a partial answer as these Maven dependencies are not available no longer. Please refer this blog for an alternative fix.
I have appfuse maven project , is it better to deploy it using Click start Tomcat or as a Jenkin Maven project? I have tried both but it does not seem to be working in any ways. I have created database and bound it to the app. still it gives error for spring bean creation etc. Can anyone help in this scenario?
If I would need to deploy my appfuse maven application on CloudBees platform, I will try two different ways:
Use the Tomcat 7 Maven ClickStart as a template changing the SCM to your repo.
Use the CloudBees SDK to deploy your application.
In this last case, you just need to generate your .war file, in case you use maven, launching:
mvn clean package
And then you can deploy your application from the CLoudBees SDK using:
bees app:deploy -t tomcat7 -a APPID MYFILE.war
You say that when you deploy your application it gives error for spring bean creation. However, you don't attach any stacktrace to your question, so it is difficult to do any kind of diagnosis on our end.
i'm very new to mule esb. I have some question after try mule.
1.how can i run mule project by Tomcat? (I've try this issue but seem not working : http://www.mulesoft.org/documentation/display/current/Deploying+Mule+as+a+Service+to+Tomcat)
I have error when I starting tomcat like something was wrong.
2.How can I packing mule project to .war? ,I see that my editor(sts) don't think that mule application is a web application but the file path of mule application seem to be similar to maven generate project so... I don't know.
I use mule version 3.4.0
thank you,
First of all, you should use the Mule Standalone, if you can. If you really need to use Tomcat, I suggest you package all the Mule dependencies into the application war with Maven, and not try to work with the jars manually. See the answer by David Dossot here and an example Maven project here. Note that the example project uses Mule 3.1.2, so you probably want to update it a bit.
I'm trying to build the source code of WSO2 ESB from the following URL https://svn.wso2.org/repos/wso2/carbon/platform/tags/4.0.7/products/esb/4.6.0/
But when I'm compiling with Maven the project it throw me the following exception:
Cannot complete the install because one or more required items could
not be found. Software being installed: WSO2 Carbon - Axis2 Transport
HTTP Pass-through Feature 1.0.2
(org.wso2.carbon.transports.passthru.feature.group 1.0.2) Missing
requirement: WSO2 Carbon - Axis2 Transport HTTP Pass-through Feature
1.0.2 (org.wso2.carbon.transports.passthru.feature.group 1.0.2) requires 'org.wso2.carbon.core.server.feature.group
[4.1.0.SNAPSHOT,4.2.0)' but it could not be found
What could be wrong? Is not the correct URL from the 4.6.0 source code?
Reason is you dont have required dependencies to build WSO2 ESB. Below steps will helps you to build esb 4.6.0
1.Do checkout form" https://svn.wso2.org/repos/wso2/carbon/orbit/tags/4.0.6/" and build it.
Get second checkout from "https://svn.wso2.org/repos/wso2/carbon/kernel/tags/4.0.6/" and build it.
Finally get the checkout from "https://svn.wso2.org/repos/wso2/carbon/platform/tags/4.0.6/" and build below modules by order,parent, dependencies,service-stubs,components,features,samples/shopping-cart,samples/shopping-cart-global/2.0.0
Then go to the products/esb/4.6.0/ directory and build it.