I have a password alias and I need to use it in my API configuration file.
I am getting error in configuration after saving it.
Any help would be greatly appreciated.
<property name="uri.var.Password" expression="wso2:vault-lookup('testenc.password')"/>
<property name="messageType" value="application/xacml+json" scope="axis2" type="STRING"/>
<property name="Authorization" expression="fn:concat('Basic ', base64Encode('username:get-property('uri.var.Password')'))" scope="transport"/>.
You can do as you tried the other question you posted here. Add the password using Management Console, "Secure Vault Tool" section. Then refer the password in ESB synapse configuration file, using the alias you used.
Hi its done finally as <property name="Authorization" expression="fn:concat('Basic ', base64Encode(fn:concat('username:',get-property('Password'))))" scope="transport"/> where "Password" is my alias password configured using secure vault.
Related
Do I have a way to store keyStorePassword and trustStorePassword values encrypted in Ignite SSL configuration XML instead of plain text?
<property name="sslContextFactory">
<bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath" value="keystore/node.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="trustStoreFilePath" value="keystore/trust.jks"/>
<property name="trustStorePassword" value="123456"/>
<property name="protocol" value="TLSv1.3"/>
</bean>
</property>
Thanks
Stanislav
The simplest way is probably to use property palceholders (Ignite’s XML file is just Spring).
You can also configure it to pull passwords from secret stores. Blog here.
I am trying to read HTTP header from inside an API that I defined in the ESB. I have tried various methods (see below) all of them print out "null" in the logs.
<log level="custom">
<property name="LOG-POSITION___________________________" value="...4"/>
<property name="AXIS2___________________________" expression="$axis2:accept"/>
<property name="AXIS2___________________________" expression="$axis2:Accept"/>
<property name="AXIS2___________________________" expression="$axis2:ACCEPT"/>
<property name="CTX___________________________" expression="$ctx:accept"/>
<property name="CTX___________________________" expression="$ctx:Accept"/>
<property name="CTX___________________________" expression="$ctx:ACCEPT"/>
<property name="TRP___________________________" expression="$trp:accept"/>
<property name="TRP___________________________" expression="$trp:Accept"/>
<property name="TRP___________________________" expression="$trp:ACCEPT"/>
</log>
I can't see why it is not working.
Here is the synapse code to read and log the content-type http header. Here $trp stands for the transport header.
<log level="custom">
<property name="Content_Type" expression="$trp:Content-Type"/>
</log>
Ref: https://docs.wso2.com/display/ESB500/Synapse+XPath+Variables
If it doesn't work, enable wire logs and post the logs in the question.
I have found an answer to this by looking through existing code, and doing a bit of trial and error.
The expression "$trp:Accept" works, but it must be used before using either a call or send mediator.
For any others experiencing this issue, move the property mediator for grabbing this to the beginning of your proxy or api and the values should come through.
I have a sample Spring application for registering the student. I even created a SQLDB Service using Bluemix. I am unable to bind the service in the spring application in Jpacontext.xml.
If someone could please help me in providing the syntax how to call that would really help me.
The following entries in server.xml enabled me to connect my Spring application to SQLDB Service instance running in Bluemix.
I kept db2jcc4.jar and db2jcc_license_cu.jar in shared/db2 folder.
Please look at the credentials for SQLDB instance in Bluemix to get the database instance name, username, password and host ip address.
<jdbcDriver id="DB2JDBCDriver" libraryRef="DB2"/>
<library id="DB2" name="DB2 Shared Library">
<fileset dir="${shared.resource.dir}/db2" includes="*.jar"/>
</library>
<dataSource id='MyDataSource' beginTranForVendorAPIs="false" jdbcDriverRef="DB2JDBCDriver" jndiName="jdbc/MyDataSource" type="javax.sql.DataSource">
<properties.db2.jcc id='MyDataSource-props' currentLockTimeout="10s"
databaseName='<Database instance name>'
password='<password>'
portNumber='50000'
serverName='<host ip address>'
user='<username>'/>
<connectionManager connectionTimeout="10s" maxConnectionsPerThread="10" maxPoolSize="25" minPoolSize="5"/>
</dataSource>
Hope this helps !
I agree, I think we need more information to be of any real value, however, it may be helpful to begin by reviewing the link below which discusses the SQLDB service
https://www.ng.bluemix.net/docs/services/SQLDB/index.html#cli
and the following link which discusses how to bind to a service in Bluemix.
https://www.ng.bluemix.net/docs/services/reqnsi.html#config
If you still have problems after reviewing this material, then please provide a code snippet and the errors you're encountering.
You may refer to sqldb as JNDI resource. See more details on this here:
https://developer.ibm.com/answers/questions/178223/how-to-connect-to-db2-with-spring/
Taken from the link, example:
datasource-config.xml
<bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jdbc/[some-jndi-name-from-server.xml]" />
</bean>
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager"
p:dataSource-ref="dataSource" />
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
<bean id="namedParameterJdbcTemplate"
class="org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate">
<constructor-arg ref="dataSource" />
</bean>
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:WEB-INF/datasource-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
basically what you need is JNDI name to refer, from server.xml path in your application:
Dashboard -> Your application -> Logs and Files -> app -> .liberty -> usr -> servers -> defaultServer -> server.xml
Than it's possible to refer to your "dataSource" bean in application.
I have a question in regards to
SSLHandshakeException talking to a https Web service using Spring WebServiceTemplate
answerd by borodark
"No need to import keys into keystore."
If we dont provide a keystore then what will Httpclient use for sending the Client certificate for SSL handshake ?
I have a requirement to invoke web services on a bussiness partner -
a) Authenticate using SSL using a public key certificate X
b) Encrypt and Sign SOAP messages using public key certificate Y
I guess I will need to specify certificate Y to the following :
<bean class="org.springframework.ws.soap.security.wss4j.Wss4jSecurityInterceptor">
<property name="securementActions" value="Signature"/>
<property name="securementSignatureKeyIdentifier" value="DirectReference"/>
<property name="securementUsername" value="mycert"/>
<property name="securementPassword" value="certpass"/>
<property name="securementSignatureCrypto">
<bean class="org.springframework.ws.soap.security.wss4j.support.CryptoFactoryBean">
<property name="keyStorePassword" value="123456"/>
<property name="keyStoreLocation" value="classpath:/keystore.jks"/>
</bean>
</property>
</bean>
I am not sure how/where to specify certificate X for SSL handshake. I think its the HttpClient but I dont see it in the XML posted by borodark.
Please help !
in the xml file where you have configured the keystore you should have something like this:
<beans>
<bean id="keyStoreHandler" class="org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler">
<property name="keyStore" ref="keyStore"/>
<property name="privateKeyPassword" value="changeit"/>
</bean>
<bean id="keyStore" class="org.springframework.ws.soap.security.support.KeyStoreFactoryBean">
<property name="location" value="classpath:keystore.jks"/>
<property name="password" value="changeit"/>
</bean>
</beans>
the cue here is
<property name="location" value="classpath:keystore.jks"/>
that is the path to the keystore.. now, possibly you can use a certain alias inside the keystore for ssl handhshake (and that's what you configure here), additionally the security policy leverages on the same file, but then again in the securitypolicy file you can specify a different alias.. and that should do the trick..
Consider that while
<property name="location" value="classpath:keystore.jks"/>
indicates classpath you can use other form to reference resources outside the war itself, and that lets you change the certificate without touching the war at all..
I followed the instructions at (https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method) for building the CAS server, and then the instructions for authenticating through LDAP (https://wiki.jasig.org/display/CASUM/LDAP). However, I keep getting the following error message in my Tomcat logs:
[LDAP: error code 34 - Invalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - Invalid DN]
I have verified that my bind user credentials are correct as I am able to perform the following search from the command line:
ldapsearch -x -H ldaps://fuller.edu:636 -b "ou=People,o=fuller.edu,o=cp" -D "cn=Directory Manager" -w "password" "(sn=Smith)" cn sn pdsLoginId
The results from that search are correct and nearly instantaneous.
At this point, I'm not entirely certain what I'm missing. Below are snippets from my deployerConfigContext.xml file.
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
p:filter="pdsLoginId=%u"
p:searchBase="ou=People,o=fuller.edu,o=cp"
p:contextSource-ref="contextSource" />
<bean id="contextSource"
class="org.springframework.ldap.core.support.LdapContextSource">
<property name="pooled" value="true"/>
<property name="url" value="ldaps://fuller.edu:636" />
<property name="userDn" value="cn=Directory Manager"/>
<property name="password" value="our password"/>
<property name="baseEnvironmentProperties">
<map>
<entry key="com.sun.jndi.ldap.connect.timeout" value="3000" />
<entry key="com.sun.jndi.ldap.read.timeout" value="3000" />
<entry key="java.naming.security.authentication" value="simple" />
</map>
</property>
</bean>
I've searched through several posts here at stackoverflow.com, and tried most of the answers, but without luck. I'm hoping someone will spot what is missing in my configuration and send me in the right direction.
I'm happy to post any more code that you may need to see.
Thanks in advance.
Your command line LDAP bind test uses the DN of "ou=People,o=our.edu,o=cp" but the config file specifies the DN of ou=People,o=edu,o=cp. Those are not the same.
o=our.edu or o=edu
Comment explained, it is ou=People,o=fuller.edu,o=cp
Next step would be to see if you need to escape the period with a backslash, so that ou=People,o=fuller.edu,o=cp which works on the command line, might beed to be ou=People,o=fuller\.edu,o=cp in the configuration file.