Increase header size on Glassfish for Kerberos - glassfish

Does anyone know how I can increase the max header size in Glassfish through the domain.xml? I don't have access to the Administration GUI and need to increase the header for Kerberos authentication.

The http tag in the network-config/protocols/protocol section has two attributes (header-buffer-length-bytes and send-buffer-size-bytes) for this setting. Both parameters should be setup. In my example I use 65535 for this parameter:
<network-config>
<protocols>
<protocol name="http-listener-1">
<http request-timeout-seconds="300" redirect-port="443"
default-virtual-server="server" max-connections="100"
header-buffer-length-bytes="65535"
send-buffer-size-bytes="65535">
<file-cache></file-cache>
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl"
cert-nickname=""></ssl>
</protocol>
<protocol security-enabled="true" name="http-listener-2">
<http default-virtual-server="server" max-connections="250"
header-buffer-length-bytes="65535"
send-buffer-size-bytes="65535">
<file-cache></file-cache>
</http>
<ssl key-store="keystore.jks"
classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl"
cert-nickname="mynickname"></ssl>
</protocol>
...
</protocols>
</network-config>

Related

WSO2 EI with RabbitMQ - how to reject a message?

Using WSO2EI 6.4.0 with RabbitMQ as inbound transport as described in the documentation RabbitMQ AMQP Transport.
Seems working well, though there's only the "sunny day" scenario covered.
Requiring preserving the message ordering, on exception we cannot just requeue the message back to the queue. If the backend service is not available, I'd like to rollback the message and attempt to process the message later. As far I understood we need to send the nack response.
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="test_mgs_processing_proxy"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="http,rabbitmq,local">
<target>
<inSequence>
<log level="full">
<property name="step" value="test_mgs_processing_proxy"/>
</log>
<property name="OUT_ONLY" value="true"/>
<!-- simulate an exception has occured -->
<property name="SET_ROLLBACK_ONLY" scope="axis2" value="true"/>
<payloadFactory media-type="xml">
<format>
<step xmlns="">test_mgs_processing_proxy</step>
</format>
<args/>
</payloadFactory>
</inSequence>
</target>
<parameter name="rabbitmq.exchange.name">amq.topic</parameter>
<parameter name="rabbitmq.queue.name">app_a</parameter>
<parameter name="rabbitmq.connection.factory">AMQPConnectionFactory</parameter>
<description/>
</proxy>
Setting FORCE_SC_ACCEPTED makes the message considered as consumed. Even if we set the SET_ROLLBACK_ONLY property, the message stays in the NACK state and is not resent (at least no quickly).
Question - using the RabbitMQ AMQP Transport, is there a way to configure redelivery interval of not-processed messages?
Seems like it is an issue in WSO2 EI 6.4.0. https://github.com/wso2/product-ei/issues/4739
The issue is not there when you use Inbound Endpoints. The issue is there only when you use a Proxy with rabbitmq transport.

Let webservice use SSL

With WildFly 8.2.1, I am trying to make existing webservice (JAX-WS) use SSL, but I haven't seen any use of SSL in quickstarts and the information I was able to google is limited. So far I've added this to web.xml:
<security-constraint>
<display-name>Foo security</display-name>
<web-resource-collection>
<web-resource-name>FooService</web-resource-name>
<url-pattern>/foo/FooService</url-pattern>
<http-method>POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
and this is in my standalone.xml:
<subsystem xmlns="urn:jboss:domain:webservices:1.2">
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config">
<pre-handler-chain name="recording-handlers" protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
<handler name="RecordingHandler" class="org.jboss.ws.common.invocation.RecordingServerHandler"/>
</pre-handler-chain>
</endpoint-config>
<client-config name="Standard-Client-Config"/>
</subsystem>
but apparently that's not enough; when I look into standalone/data/wsdl/foo.ear/foo.war/FooService/Bar.wsdl I see:
<service name="FooService">
<port binding="foowsb:FooBinding" name="FooBinding">
<soap:address location="http://localhost:8080/foo/FooService"/>
</port>
</service>
Note that in the EAR/WAR, the soap:address.location is filled just with a placeholder (I suppose that the value is ignored).
I've found some info about setting up security realm, and creating the self-signed certificate using keytool (which I did), but I completely miss how this should be linked together.
I've also tried to setup wsdl-uri-scheme=https, but this is supported only in later versions of CXF.
Seems that the soap:address.location value is not ignored when it's being replaced, since changing that from REPLACE_WITH_ACTUAL_URL to https://REPLACE_WITH_ACTUAL_URL did the trick - now the service got exposed on https://localhost:8443.
There is a couple of more steps I had to do in standalone.xml: in undertow, add https-listener:
<https-listener name="secure" socket-binding="https" security-realm="SslRealm"/>
define the SslRealm:
<security-realm name="SslRealm">
<server-identities>
<ssl>
<keystore path="foo.keystore" relative-to="jboss.server.config.dir" keystore-password="foo1234" alias="foo" key-password="foo1234"/>
</ssl>
</server-identities>
<authentication>
<truststore path="foo.truststore" relative-to="jboss.server.config.dir" keystore-password="foo1234"/>
</authentication>
</security-realm>
Note that I reuse the same keystore for server and clients here. And since my clients are ATM in the same WF node during development, I had to setup the client-side part there, too:
<system-properties>
<property name="javax.net.ssl.trustStore" value="${jboss.server.config.dir}/foo.keystore"/>
<property name="javax.net.ssl.trustStorePassword" value="foo1234"/>
<property name="org.jboss.security.ignoreHttpsHost" value="true"/>
</system-properties>
The last property should be replaced in WF 9+ with cxf.tls-client.disableCNCheck.

WSO2 API Manager 1.10 issue

We are running into an issue where a call to a WSO2 API REST endpoint fails with a "412 Precondition Failed" when the Content-Length exceeds 1068. Just adding a space to the request (increasing size to 1069) causes this failure. This issue can also happen when content length is less than 1069, if the API is called fast enough (using SOAPUI for testing). We have a theory that the header and body are split between packets and confuses the request. We tried turning off chunking and that didn't affect things. When the back end REST service is called directly it works fine.
You can turn off the chunking as below by using the property mediator if you are calling the SOAP endpoint. But you have to make sure that the SOAP endpoint is also expecting a non-chunked request.
<property name=”DISABLE_CHUNKING” value=”true” scope=”axis2″/>
But if you are using REST endpoint above property may not work sometimes. In that kind of situation, we need to make sure the Content-Length header is appended to the request. We can use below two properties to append the Content-Length header.
<property name="FORCE_HTTP_CONTENT_LENGTH" value="true" scope="axis2"></property>
<property name="COPY_CONTENT_LENGTH_FROM_INCOMING" value="true" scope="axis2"></property>
Sample proxy inSequence
<inSequence>
<log level="custom">
<property name="msg" value="Executing IN sequence"></property>
</log>
<property name="FORCE_HTTP_CONTENT_LENGTH" value="true" scope="axis2"></property>
<property name="COPY_CONTENT_LENGTH_FROM_INCOMING" value="true" scope="axis2"></property>
<send>
<endpoint>
<address uri="https://www.google.com" format="rest"></address>
</endpoint>
</send>
</inSequence>

WSO2 PayloadFactory is sending json wrapped with jsonObject

I am using WSO2 API Manager 1.7.0 and am doing a simple payloadfactory attempting to convert a call from a GET to a POST passing in a json payload.
However when I look at the log files it appears that WSO2 is sending the json wrapped with {"jsonObject": [myjson] }
I am new to WSO2 and am not sure what cofiguration setting I need to use to stop this. I assume it is a config setting since in no examples or documentation that I have found does anyone else mention this.
My api looks like this:
"POST http://localhost:81/Service/ProcessRequest HTTP/1.1[\r][\n]"
"Authorization: Basic asdfadfadfadfadfadfadfa=[\r][\n]"
"Accept-Encoding: gzip,deflate[\r][\n]"
"Content-Type: application/json[\r][\n]"
"activityID: 2342342342342342342342342[\r][\n]"
"Transfer-Encoding: chunked[\r][\n]"
"Host: localhost:81[\r][\n]"
"Connection: Keep-Alive[\r][\n]"
"User-Agent: Synapse-PT-HttpComponents-NIO[\r][\n]"
"[\r][\n]"
I/O session http-outgoing-2-3 11.11.11.11:12345<->192.168.1.1:8080[ACTIVE][rw:w]: 0 bytes written
http-outgoing-2: Produce output
I/O session http-outgoing-2-3 11.11.11.11:12345<->192.168.1.1:8080[ACTIVE][rw:w]: 230 bytes written
"db[\r][\n]"
"{"jsonObject":{"UserType":"User"}}[\r][\n]"
"0[\r][\n]"
"[\r][\n]"
The log file part that seems to apply to the service call looks like this:
<api name="admin--JJJJJ" context="/jjjjj" version="v1.0" version-type="url">
<resource methods="GET" url-mapping="/documents">
<inSequence>
<payloadFactory media-type="json">
<format>{"UserType":"User"}</format>
<args/>
</payloadFactory>
<property name="Authorization" expression="fn:concat('Basic ', base64Encode('user:password'))" scope="transport"/>
<property name="HTTP_METHOD" value="POST" scope="axis2" type="STRING"/>
<property name="messageType" value="application/json" scope="axis2"/>
<property name="REST_URL_POSTFIX" scope="axis2" action="remove"/>
<log>
<property name="JSON-Payload" expression="json-eval($.)"/>
</log>
<send>
<endpoint name="admin--JJJJJ_APIproductionEndpoint_0">
<http trace="enable" method="post" uri-template="http://localhost:81/Service/ProcessRequest"></http>
</endpoint>
</send>
</inSequence>
<outSequence>
<send/>
</outSequence>
</resource>
<handlers>
...
</handlers>
</api>
I'm not sure where the db and 0 come from in the transmission but the error I get back from my service appears to be caused by the wrapping jsonObject.
Does anyone have any hints or ideas on how I can either prevent this wrapping or modify the payload just prior to sending it to remove it. Or I guess a better or even different way of transforming a GET request to a POST with a json payload.
Thank you for any hints on what I'm doing wrong.
change the messageformater in axi2.xml (/repository/conf/axis2/axis2.xml)file as
<messageFormatter contentType="application/json" class="org.apache.synapse.commons.json.JsonStreamFormatter"/>
and comment the default message formatter for json
<!--messageFormatter contentType="application/json" class="org.apache.axis2.json.JSONMessageFormatter"/-->
learn more on json support here[1]
https://docs.wso2.com/display/ESB480/JSON+Support
You can add an enrich mediator to api before send mediator to remove jsonObject wrapper from body like below.
<enrich>
<source clone="true" xpath="$body//jsonObject//UserType"/>
<target type="body"/>
</enrich>
You can add a log mediator after enrich mediator and check the changed body.
Hope this will help you.

WSO2 ESB - Proxies do not work when Soap Tracing is turned off

I have downloaded and I am trying out the WSO2 ESB and setting up proxies for WCF services with wsHttpBindings. When I have Soap Tracing enabled everything works fine - when I turn it off I get a 500 internal server error every time. I am completely stuck with this and can't understand why this would be.
I have tried setting up both pass through proxies and WCF based proxies and I always have the exact same issue - with Soap Tracing enabled everything looks great and works perfectly. If I turn it off and otherwise don't touch anything I get a 500 error:
System.ServiceModel.ProtocolException: An HTTP Content-Type header is required for SOAP messaging and none was found. ---> System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
I have tried it with a basicHttpBinding and it seems to work fine with Soap Tracing on or off. The problem seems to just be with wsHttpBindings.
Here is the full source for the proxy:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="ContactService"
transports="http"
statistics="disable"
trace="disable"
startOnLoad="true">
<target>
<outSequence>
<send/>
</outSequence>
<endpoint>
<wsdl service="ContactService"
port="ContactService_WsHttp"
uri="http://localhost/Actions/ContactService.svc?singleWsdl"/>
</endpoint>
</target>
<publishWSDL uri="http://localhost/Actions/ContactService.svc?singleWsdl"/>
<description/>
</proxy>
can you please try with in the inSequence of the proxy that your are using?
thank you,
1G
I am having the same issue, here is the proxy that is having issues:
<proxy name="cx.partner.usps.RateV4"
transports="https http"
startOnLoad="true"
trace="disable">
<description/>
<target>
<inSequence>
<property name="CONTENT_TYPE"
value="application/xml"
scope="axis2-client"
type="STRING"/>
<property name="FORCE_HTTP_1.0" value="true" scope="axis2"/>
<log level="full"/>
<send>
<endpoint key="partner.usps.prd.endpoint"/>
</send>
</inSequence>
<outSequence>
<class name="cx.wso2.mediators.addNamespace">
<property name="soapPartName" value=""/>
<property name="nsToAdd" value="http://xmlns.usps.com"/>
</class>
<send/>
</outSequence>
</target>
<publishWSDL key="conf:/esb-resources/wsdl/usps/RateV4.wsdl">
<resource location="RateV4.xsd" key="conf:/esb-resources/schema/usps/RateV4.xsd"/>
</publishWSDL>
This was working without tracing on 3.x, but after migrating to 4.7 I have to enable the SOAP tracer.
Try this, it worked for us:
<parameter name="enforceWSAddressing">true</parameter>