IHS not redirecting the request to WAS - apache

So, I have installed WAS, and IHS.
I'm able to access the application directly from WAS. But IHS is trying to reply the request and its not using the plugin to reply the request.
I'm able to access the default IHS page, but not to the test application.
To create the IHS, I have done the standard stuff:
1- Install IHS and Plugin
2- Configure the plugin within the IHS
3- Create an unmanaged node on the DMGR
4- Create the webserver instance on the DMGR
I'm just trying to call a sample application called hello (for helloworld)
I see the request on the webservers logs, but they are not being redirected to the WAS.
This is the mention of the plugin on the httpd.conf:
LoadModule was_ap22_module /opt/ibm/plugin-ihs-85/test_webserver_instance1/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-cfg.xml
This is the plugin-cfg.xml:
<?xml version="1.0" encoding="ISO-8859-1"?><!--HTTP server plugin config file for the webserver test_Cell.test_webserver_01_unmanagedNode_1.test_webserver_instance1 generated on 20
17.06.25 at 07:37:51 PM CDT-->
<Config ASDisableNagle="false" AcceptAllContent="true" AppServerPortPreference="HostHeader" ChunkedResponse="false" FIPSEnable="false" FailoverToNext="false" HTTPMaxHeaders="
300" IISDisableFlushFlag="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" KillWebServerStartUpOnParseErr="false" MarkBusyDown="false" OS400C
onvertQueryStringToJobCCSID="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="true" StrictSecurity="false" TrustedProxyEnable="false" VHostMatchingCompat="f
alse">
<Log LogLevel="Error" Name="/opt/ibm/plugin-ihs-85/test_webserver_instance1/logs/test_webserver_instance1/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="ESICacheidFull" Value="false"/>
<Property Name="PostSizeLimit" Value="-1"/>
<Property Name="PostBufferSize" Value="0"/>
<Property Name="PluginInstallRoot" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/"/>
<Property Name="Keyfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="Stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:9080"/>
<VirtualHost Name="*:80"/>
<VirtualHost Name="*:9443"/>
<VirtualHost Name="*:5060"/>
<VirtualHost Name="*:5061"/>
<VirtualHost Name="*:443"/>
<VirtualHost Name="*:9061"/>
<VirtualHost Name="*:9044"/>
<VirtualHost Name="*:9062"/>
<VirtualHost Name="*:9081"/>
<VirtualHost Name="*:9444"/>
<VirtualHost Name="*:9045"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="false" LoadBalance="Round Robin" Name="test" PostBufferSize="0" PostSizeLimit="-1"
RemoveSpecialHeaders="true" RetryInterval="60" ServerIOTimeoutRetry="-1">
<Server CloneID="1bjgscrk8" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_01_node_1_test1" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_01" Port="9080" Protocol="http"/>
<Transport Hostname="test_app_01" Port="9443" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="1bjgscsei" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_01_node_1_test2" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_01" Port="9081" Protocol="http"/>
<Transport Hostname="test_app_01" Port="9444" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="1bjgscstv" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_02_node_1_test3" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_02" Port="9080" Protocol="http"/>
<Transport Hostname="test_app_02" Port="9443" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<Server CloneID="1bjgsctbv" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="2" MaxConnections="-1" Name="test_app_02_node_1_test4" ServerIOTimeout="900" W
aitForContinue="false">
<Transport Hostname="test_app_02" Port="9081" Protocol="http"/>
<Transport Hostname="test_app_02" Port="9444" Protocol="https">
<Property Name="keyring" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/ibm/plugin-ihs-85/test_webserver_instance1/config/test_webserver_instance1/plugin-key.sth"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="test_app_01_node_1_test1"/>
<Server Name="test_app_01_node_1_test2"/>
<Server Name="test_app_02_node_1_test3"/>
<Server Name="test_app_02_node_1_test4"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="default_host_test_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/hello/*"/>
</UriGroup>
<Route ServerCluster="test" UriGroup="default_host_test_URIs" VirtualHostGroup="default_host"/>
<RequestMetrics armEnabled="false" loggingEnabled="false" rmEnabled="false" traceLevel="HOPS">
<filters enable="false" type="URI">
<filterValues enable="false" value="/snoop"/>
<filterValues enable="false" value="/hitcount"/>
</filters>
<filters enable="false" type="SOURCE_IP">
<filterValues enable="false" value="255.255.255.255"/>
<filterValues enable="false" value="254.254.254.254"/>
</filters>
<filters enable="false" type="JMS">
<filterValues enable="false" value="destination=aaa"/>
</filters>
<filters enable="false" type="WEB_SERVICES">
<filterValues enable="false" value="wsdlPort=aaa:op=bbb:nameSpace=ccc"/>
</filters>
</RequestMetrics>
</Config>

Normally IHS is going to use port 80 to receive communication and rely to the application server.
The port 80 is in the default virtual host. So I added the listening port I'm using (1080) to the default virtual host.

Related

Not honoring Bundle-RequiredExecutionEnvironment in manifest.mf

I am running Photon on Java 10.
I am testing a small plugin used to help me to learn how to write plugins. When I run the plugin I get the following popup validation message:
Missing Constraint: Bundle-RequiredExecutionEnvironment: JavaSE-10
My MANIFEST.MF file is as follows:
Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-Name: Application
Bundle-SymbolicName: com.packtpub.e4.application;singleton:=true
Bundle-Version: 1.0.0.qualifier
Bundle-Activator: com.packtpub.e4.application.Activator
Bundle-Vendor: PACKTPUB
Require-Bundle: javax.inject;bundle-version="0.0.0",
org.eclipse.swt;bundle-version="0.0.0",
org.eclipse.e4.ui.model.workbench;bundle-version="0.0.0",
org.eclipse.jface;bundle-version="0.0.0",
org.eclipse.e4.ui.services;bundle-version="0.0.0",
org.eclipse.e4.ui.workbench;bundle-version="0.0.0",
org.eclipse.e4.core.di;bundle-version="0.0.0",
org.eclipse.e4.ui.di;bundle-version="0.0.0",
org.eclipse.e4.core.contexts;bundle-version="0.0.0",
org.eclipse.core.runtime;bundle-version="0.0.0",
org.eclipse.e4.core.di.extensions;bundle-version="0.15.100",
org.eclipse.e4.core.services;bundle-version="2.1.100",
org.eclipse.osgi.services;bundle-version="3.7.0"
Bundle-RequiredExecutionEnvironment: JavaSE-10
Automatic-Module-Name: com.packtpub.e4.application
Import-Package: javax.annotation;version="0.0.0"
Bundle-ActivationPolicy: lazy
Service-Component: OSGI-INF/*.xml
My launch configuration is here:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<launchConfiguration type="org.eclipse.pde.ui.RuntimeWorkbench">
<booleanAttribute key="append.args" value="true"/>
<stringAttribute key="application" value="org.eclipse.e4.ui.workbench.swt.E4Application"/>
<booleanAttribute key="askclear" value="true"/>
<booleanAttribute key="automaticAdd" value="false"/>
<booleanAttribute key="automaticValidate" value="true"/>
<stringAttribute key="bootstrap" value=""/>
<stringAttribute key="checked" value="[NONE]"/>
<booleanAttribute key="clearConfig" value="false"/>
<booleanAttribute key="clearws" value="true"/>
<booleanAttribute key="clearwslog" value="false"/>
<stringAttribute key="configLocation" value="${workspace_loc}/.metadata/.plugins/org.eclipse.pde.core/com.packtpub.e4.application.product"/>
<booleanAttribute key="default" value="false"/>
<booleanAttribute key="includeOptional" value="true"/>
<stringAttribute key="location" value="${workspace_loc}/runtime-com.packtpub.e4.application.product"/>
<stringAttribute key="org.eclipse.jdt.launching.JRE_CONTAINER" **value="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-10"/>**
<stringAttribute key="org.eclipse.jdt.launching.PROGRAM_ARGUMENTS" value="-os ${target.os} -ws ${target.ws} -arch ${target.arch} -nl ${target.nl} -consoleLog -clearPersistedState"/>
<stringAttribute key="org.eclipse.jdt.launching.SOURCE_PATH_PROVIDER" value="org.eclipse.pde.ui.workbenchClasspathProvider"/>
<stringAttribute key="pde.version" value="3.3"/>
<stringAttribute key="product" value="com.packtpub.e4.application.product"/>
<stringAttribute key="productFile" value="\com.packtpub.e4.application\com.packtpub.e4.application.product"/>
<stringAttribute key="selected_target_plugins" value="com.ibm.icu#default:default,javax.annotation#default:default,javax.inject#default:default,org.apache.batik.constants#default:default,org.apache.batik.css#default:default,org.apache.batik.i18n#default:default,org.apache.batik.util#default:default,org.apache.commons.io#default:default,org.apache.commons.jxpath#default:default,org.apache.commons.logging#default:default,org.apache.felix.scr#1:true,org.apache.xmlgraphics#default:default,org.eclipse.core.commands#default:default,org.eclipse.core.contenttype#default:default,org.eclipse.core.databinding.beans#default:default,org.eclipse.core.databinding.observable#default:default,org.eclipse.core.databinding.property#default:default,org.eclipse.core.databinding#default:default,org.eclipse.core.expressions#default:default,org.eclipse.core.jobs#default:default,org.eclipse.core.runtime#default:true,org.eclipse.e4.core.commands#default:default,org.eclipse.e4.core.contexts#default:default,org.eclipse.e4.core.di.annotations#default:default,org.eclipse.e4.core.di.extensions.supplier#default:default,org.eclipse.e4.core.di.extensions#default:default,org.eclipse.e4.core.di#default:default,org.eclipse.e4.core.services#default:default,org.eclipse.e4.emf.xpath#default:default,org.eclipse.e4.ui.bindings#default:default,org.eclipse.e4.ui.css.core#default:default,org.eclipse.e4.ui.css.swt.theme#default:default,org.eclipse.e4.ui.css.swt#default:default,org.eclipse.e4.ui.di#default:default,org.eclipse.e4.ui.model.workbench#default:default,org.eclipse.e4.ui.services#default:default,org.eclipse.e4.ui.widgets#default:default,org.eclipse.e4.ui.workbench.renderers.swt#default:default,org.eclipse.e4.ui.workbench.swt#default:default,org.eclipse.e4.ui.workbench3#default:default,org.eclipse.e4.ui.workbench#default:default,org.eclipse.emf.common#default:default,org.eclipse.emf.databinding#default:default,org.eclipse.emf.ecore.change#default:default,org.eclipse.emf.ecore.xmi#default:default,org.eclipse.emf.ecore#default:default,org.eclipse.equinox.app#default:default,org.eclipse.equinox.common#2:true,org.eclipse.equinox.concurrent#default:default,org.eclipse.equinox.ds#1:true,org.eclipse.equinox.event#default:default,org.eclipse.equinox.preferences#default:default,org.eclipse.equinox.registry#default:default,org.eclipse.jface.databinding#default:default,org.eclipse.jface#default:default,org.eclipse.osgi.compatibility.state#default:false,org.eclipse.osgi.services#default:default,org.eclipse.osgi.util#default:default,org.eclipse.osgi#-1:true,org.eclipse.swt.win32.win32.x86_64#default:false,org.eclipse.swt#default:default,org.w3c.css.sac#default:default,org.w3c.dom.events#default:default,org.w3c.dom.smil#default:default,org.w3c.dom.svg#default:default"/>
<stringAttribute key="selected_workspace_plugins" value="com.packtpub.e4.application#default:default"/>
<booleanAttribute key="show_selected_only" value="false"/>
<booleanAttribute key="tracing" value="false"/>
<booleanAttribute key="useCustomFeatures" value="false"/>
<booleanAttribute key="useDefaultConfig" value="true"/>
<booleanAttribute key="useDefaultConfigArea" value="true"/>
<booleanAttribute key="useProduct" value="true"/>
<booleanAttribute key="usefeatures" value="false"/>
</launchConfiguration>
As you can see, the launch configuration is requesting JaveSE 10- I am at a loss to see why I am getting this error as the plugin loads and runs without other problems.
This seems to be an Eclipse bug. JavaSE-10 just doesn't work in Bundle-RequiredExecutionEnvironment.
A workaround is to just use JavaSE-9 in the Bundle-RequiredExecutionEnvironment. You may get a warning that the JRE container is not a perfect match, this can be ignored.

how to get the response of the rest api and pass that response to another service in wso2 esb?

<resource methods="GET" uri-template="/getTypeCodes" faultSequence="service_error_handler_">
<inSequence>
<log level="custom">
<property name="CommonService" value="*************getTypeCodes called**************"/>
<property name="Request Payload" expression="get-property('JSON_OBJECT')"/>
</log>
<property name="HTTP_METHOD" value="GET" scope="axis2" type="STRING"/>
<property name="messageType" value="application/json" scope="axis2" type="STRING"/>
<sequence key="oauthMediationService"/>
<property name="uri.var.servicename" value="commonservice"/>
<send>
<endpoint>
<address uri="http://localhost:8080/rest/commonservice/getTypeCodes" format="rest"/>
</endpoint>
</send>
<log level="custom">
<property name="getTypeCodeResponse" expression="$body"/>
</log>
</inSequence>
<outSequence>
<send/>
</outSequence>
From the above rest example configuration i am calling the service in endpoint. After calling the endpoint i need to get the response and send that response to the the another endpoint based on condition.
You can use following configuration to call to reset service and get a response. In below sample I'm using HTTP endpoint
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="peoplePutProxy"
transports="https,http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<inSequence>
<property name="HTTP_METHOD" value="GET" scope="axis2"/>
<property name="messageType"
value="application/x-www-form-urlencoded"
scope="axis2"/>
<send>
<endpoint>
<http method="post"
uri-template="http://localhost:8080/rest/api/people?email={uri.var.email}&firstName={uri.var.fname}&lastName={uri.var.lname}"/>
<property name="uri.var.fname" value="dhar"/>
<property name="uri.var.email" value="kasun#gmail.com"/>
<property name="uri.var.lname" value="kasun"/>
</endpoint>
</send>
</inSequence>
<outSequence>
<log level="full"/>
<property name="messageType" value="text/xml" scope="axis2"/>
<send/>
</outSequence>
</target>
<description/>
</proxy>
Http end point is where users can specify an URI Template which can dynamically populate final URI for the RESTful service invocation. Also, users can manipulate HTTP method of the outgoing request.
Please refer [1] for more information on http endpoint
[1]. http://docs.wso2.org/display/ESB470/HTTP+Endpoint
Your requirement is called 'Service Chaining'. This blog post explains how to achieve service chaining in WSO2 ESB. Go through the other article linked at the start of that blog to get a better understanding. They provide a complete example of service chaining.
Basically you can specify a sequence as the receiver of the response in a send mediator as follows.
<send receive="RespSequence">
<endpoint>
<address uri="http://localhost:8080/rest/commonservice/getTypeCodes" format="rest"/>
</endpoint>
</send>
In this case the response from calling the endpoint will be directed to RespSequence. So in that sequence you can specify the other endpoint.Refer Send Mediator doc for more info. Use Switch Mediator to check for conditions.

Read from a file in wso2 esb

I want to read from an xml file in my esb home directory called test.xml whose content is:
<a>Helloo
<b>World</b>
</a>
I have written a proxy to access content of node b as:
<proxy xmlns="http://ws.apache.org/ns/synapse" name="ReadFileProxy" transports="https,http" statistics="disable" trace="disable" startOnLoad="true">
<target>
<inSequence>
<property name="test" expression="get-property('registry','conf:/test.xml')" scope="default" type="OM"/>
<log level="custom">
<property name="test.b" expression="$ctx:test//b"/>
</log>
<header name="To" action="remove"/>
<property name="RESPONSE" value="true" scope="default" type="STRING"/>
<property name="NO_ENTITY_BODY" scope="axis2" action="remove"/>
<payloadFactory>
<format>
<getCombinedResponse>Succefully read</getCombinedResponse>
</format>
</payloadFactory>
<send/>
</inSequence>
</target>
<description></description>
</proxy>
But it is giving me error as:
[2013-06-18 16:29:09,524] ERROR - NativeWorkerPool Uncaught exception
org.apache.axiom.om.OMException: com.ctc.wstx.exc.WstxEOFException: Unexpected EOF in prolog
at [row,col {unknown-source}]: [1,0]
at org.apache.axiom.om.impl.builder.StAXOMBuilder.next(StAXOMBuilder.java:296)
at org.apache.axiom.om.impl.llom.OMDocumentImpl.getOMDocumentElement(OMDocumentImpl.java:109)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:570)
at org.apache.axiom.om.impl.builder.StAXOMBuilder.getDocumentElement(StAXOMBuilder.java:566)
at org.apache.axiom.om.util.AXIOMUtil.stringToOM(AXIOMUtil.java:54)
at org.apache.axiom.om.util.AXIOMUtil.stringToOM(AXIOMUtil.java:39)
at org.apache.synapse.config.SynapseConfigUtils.stringToOM(SynapseConfigUtils.java:766)
at org.apache.synapse.mediators.builtin.PropertyMediator.convertValue(PropertyMediator.java:317)
at org.apache.synapse.mediators.builtin.PropertyMediator.getResultValue(PropertyMediator.java:299)
at org.apache.synapse.mediators.builtin.PropertyMediator.mediate(PropertyMediator.java:95)
at org.apache.synapse.mediators.AbstractListMediator.mediate(AbstractListMediator.java:71)
at org.apache.synapse.mediators.base.SequenceMediator.mediate(SequenceMediator.java:114)
at org.apache.synapse.core.axis2.ProxyServiceMessageReceiver.receive(ProxyServiceMessageReceiver.java:154)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:180)
at org.apache.synapse.transport.passthru.ServerWorker.processEntityEnclosingRequest(ServerWorker.java:434)
at org.apache.synapse.transport.passthru.ServerWorker.run(ServerWorker.java:219)
at org.apache.axis2.transport.base.threads.NativeWorkerPool$1.run(NativeWorkerPool.java:172)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
What am i doing wrong in this. Is there any other method to read from any file(pdf,txt and xml only).
As you have specified in the configuration
<property name="test" expression="get-property('registry','conf:/test.xml')" scope="default" type="OM"/>
you are referring a file which is saved in the registry. This is why you need to save that in the registry.
You can use VFS transport to read from a file. Please reffer the sample [1]. From this sample you can get to know how to read from a file. This sample directly sends the content to an endpoint. For your case you can use an xpath expression to retrieve the element b.
<property name="test.b" expression="//a/b"/>
[1]http://docs.wso2.org/wiki/pages/viewpage.action?pageId=16846489

WSO2 ESB Store and Forward Processor not obeying endpoint message format

We have been testing the message processors and queues on wso2 esb. We have been using the sampling processor quite successfully to just log data to a DB. This POX end to end. The sampling processor correctly dequeues a message and sends it to the endpoint. The endpoint is defined as POX and non-chunked, and all this works well.
We decided to try the store and forward processor as we wanted to test out the guaranteed delivery mechanism. So we created a new processor and defined it as store and forward. In the main sequence that stores the message, we added the target.endpoint property before storing the message. The property was set to the same endpoint that was being used in the sampling scenario.
However - what have found is that in this mode, the message transformation does not happen correctly. The content type is set to text/html and the output is chunked. This causes our service to return a 415 error.
We have tried adding messageType, contentType etc to multiple place, to the axis http sender transport, etc, but it seems to make no difference at all.
Any guidance on this would be appreciated
Define the following property in the sequence before sending to the endpoint
<property name="DISABLE_CHUNKING" value="true" scope="axis2"/>
The JS code below simply inserts the messageID into the return payload to the caller. Using this with a sampling processor and sequence that simply sends to the same endpoint works fine.
<?xml version="1.0" encoding="UTF-8"?>
<definitions xmlns="http://ws.apache.org/ns/synapse">
<registry provider="org.wso2.carbon.mediation.registry.WSO2Registry">
<parameter name="cachableDuration">15000</parameter>
</registry>
<endpoint name="test_e">
<address uri="http://192.168.45.168:8080/cgi-bin/esbcgi.pl" format="pox"/>
<property name="DISABLE_CHUNKING" value="true" scope="axis2"/>
</endpoint>
<sequence name="fault" trace="enable">
<log level="full">
<property name="MESSAGE" value="Executing default 'fault' sequence"/>
<property name="ERROR_CODE" expression="get-property('ERROR_CODE')"/>
<property name="ERROR_MESSAGE" expression="get-property('ERROR_MESSAGE')"/>
</log>
<drop/>
</sequence>
<sequence name="main" onError="fault" trace="enable">
<in>
<log level="full"/>
<property name="OUT_ONLY" value="true"/>
<property name="FORCE_HTTP_1.0" value="true" scope="axis2"/>
<script language="js">
var message = mc.getMessageID();
var messageId = message.substring(9,45);
var payload = mc.getPayloadXML().*;
mc.setPayloadXML(
<payload> <messageId>{messageId}</messageId>{payload}
</payload>);
</script>
<switch xmlns:ns="http://org.apache.synapse/xsd" xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:ns3="http://org.apache.synapse/xsd" source="get-property('To')">
<case regex=".*/TEST/.*">
<property name="target.endpoint" value="test_e" scope="default"/>
<store messageStore="TEST"/>
</case>
<default/>
</switch>
<property name="OUT_ONLY" value="false"/>
<script language="js">var serviceMessageId = mc.getMessageID();
mc.setPayloadXML(
<tag xmlns="http://tagcmd.com">
<messageId>{serviceMessageId}</messageId> </tag>);
</script>
<send>
<endpoint key="MessageService"/>
</send>
</in>
<out>
<script language="js">
var messagePayload= mc.getPayloadXML().*.*;
mc.setPayloadXML(
<eventResponse> <messageId>{messagePayload}</messageId> </eventResponse>);
</script>
<send/>
</out>
<description>The main sequence for the message mediation</description>
</sequence>
<messageStore class="org.wso2.carbon.message.store.persistence.jms.JMSMessageStore" name="TEST">
<parameter name="java.naming.factory.initial">org.apache.qpid.jndi.PropertiesFileInitialContextFactory</parameter>
<parameter name="java.naming.provider.url">repository/conf/jndi.properties</parameter>
<parameter name="store.jms.destination">APP8</parameter>
</messageStore>
<messageProcessor class="org.apache.synapse.message.processors.forward.ScheduledMessageForwardingProcessor" name="test_p2" messageStore="TEST">
<parameter name="max.deliver.attempts">1</parameter>
</messageProcessor>
</definitions>

Jboss application-policy ignored in mutual/client-cert auth with PBESecurityDomain

With the following, mutual client cert, SSL (TLS) handshake works for a rest endpoint (yay!) - validated via testing and debugging: javax.net logging & wireshark. But...
1st observation: HTTPServletRequest and JAX-RS annotated SecurityContext has null Principal info
2nd observation: Tampering with the login-config.xml, containing application-policy elements, has no effect
In short, TLS works but the transfer of the cert DN to the HTTPServletRequest object in the request thread does not preventing the application from picking up on the caller's ID. Does anyone have any advice?
On JBoss 6:
deploy/jbossweb.sar/server.xml:
<Connector protocol="HTTP/1.1" debug="10"
SSLEnabled="true"
...
secure="true"
clientAuth="true"
sslProtocol = "TLS"
securityDomain="java:/jaas/mydomain"
SSLImplementation="org.jboss.net.ssl.JBossImplementation" />
deploy/jbossweb.sar/META-INF/jboss-beans.xml:
<depends>jboss.security:service=PBESecurityDomain</depends>
deploy/security-service.xml:
<?xml version="1.0" encoding="UTF-8"?>
<server>
<mbean code="org.jboss.security.plugins.JaasSecurityDomain"
name="jboss.security:service=PBESecurityDomain">
<constructor> <arg type="java.lang.String" value="mydomain"/>
</constructor>
<attribute name="KeyStoreURL">${jboss.server.home.dir}/mykeystore.jks</attribute>
<attribute name="KeyStorePass">{CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/mykeystorepass.pbe</attribute>
<attribute name="TrustStoreURL">${jboss.server.home.dir}/mytruststore.jks</attribute>
<attribute name="TrustStorePass">password</attribute>
<attribute name="Salt">abunchofrandomchars</attribute>
<attribute name="IterationCount">13</attribute>
<depends>jboss.security:service=JaasSecurityManager</depends>
</mbean>
</server>
deploy/security/security-jboss-beans.xml:
<bean name="XMLLoginConfig" class="org.jboss.security.auth.login.XMLLoginConfig">
<property name="configResource">login-config.xml</property>
</bean>
<bean name="SecurityConfig" class="org.jboss.security.plugins.SecurityConfig">
<property name="mbeanServer"><inject bean="JMXKernel" property="mbeanServer"/></property>
<property name="defaultLoginConfig"><inject bean="XMLLoginConfig"/></property>
</bean>
conf/login-config.xml:
<application-policy name="mydomain">
<authentication>
<login-module code="org.jboss.security.auth.spi.BaseCertLoginModule"
flag = "required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="securityDomain">java:/jaas/mydomain</module-option>
<module-option name="verifier">org.jboss.security.auth.certs.AnyCertVerifier</module-option>
<module-option name="principalClass">org.jboss.security.auth.certs.SubjectDNMapping</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UserRolesLoginModu"
flag = "required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">users.properties</module-option>
<module-option name="rolesProperties">roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
war/WEB-INF/jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 2.4//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
<jboss-web>
<security-domain>java:/jaas/mydomain</security-domain>
<context-root>/myapp</context-root>
</jboss-web>
Add the special ClientLoginModule to login-context.xml to fix the null principal issue.
<login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>