Trying to set up an affinity backup filter. Most of the bits are clear and I am following the details outlined here - https://ignite.apache.org/releases/latest/javadoc/index.html?org/apache/ignite/cache/affinity/rendezvous/ClusterNodeAttributeAffinityBackupFilter.html
which talks about backup by availability zone. And each node can set the value of that AZ.
However, the thing I am not very clear on is where this AZ value goes for each node, the above link says "that the environment variable "AVAILABILTY_ZONE" be set appropriately on each node via some means external to Ignite".
I see a couple of options where this could be set,
Use System.setProperty()(based on the above comment around environment variable)
Set it as part of IgniteConfiguration.setUserAttributes() (based on looking at the ClusterNodeAttributeAffinityBackupFilter source which is comparing node attributes)
Any inputs around this are helpful.
TIA
I suppose this documentation might be better structured.
Main idea is to set a user-defined attribute, for example "color" to red or blue.
<bean class="org.apache.ignite.configuration.IgniteConfiguration">
<property name="userAttributes">
<map>
<entry key="color" value="blue"/>
</map>
</property>
</bean>
Or config.setUserAttributes(F.asMap("color", "red"));
And use it in your backup filter implementation:
<bean class="org.apache.ignite.cache.affinity.rendezvous.RendezvousAffinityFunction">
<property name="affinityBackupFilter">
<bean class="org.apache.ignite.cache.affinity.rendezvous.ClusterNodeAttributeAffinityBackupFilter">
<constructor-arg>
<array value-type="java.lang.String">
<value>color</value>
</array>
</constructor-arg>
</bean>
</property>
</bean>
In that case, prior to saving a backup copy, Ignite will check if the "color" attribute of the current node differs from the backup's one (i.e. if it's "read", then we need to search for a "blue" node).
I have made a proxy service where the value of "Request1" property showing properly as in incoming request
<s1:PALMUpdateCatalogueRequest xmlns:s1="http://www.example.org/prodcatItemWSO2/">
<s1:updateproductCatalogueList>
<s1:catalogueinternalid>1</s1:catalogueinternalid>
ABC
<s1:itemList>
<s1:Item>
<s1:custitem_prod_cat_item>390</s1:custitem_prod_cat_item>
<s1:item_price_level>7</s1:item_price_level>
<s1:typeofitem>PQR</s1:typeofitem>
</s1:Item>
</s1:itemList>
</s1:updateproductCatalogueList>
<s1:transactionid />
</s1:PALMUpdateCatalogueRequest>
But,after calling a sequence when I am using this below expression to fetch the value of Request1,it's not showing.
What will I do to solve this issue?
<property name="REQUEST" expression="get-property('Request1')" scope="default" type="STRING"/>
You should use correct scopes to read properties. If your property is in the synapse scope, you can read it like this.
<property name="REQUEST" expression="$ctx:Request1" scope="default" type="STRING"/>
I'm calling an HTTP endpoint and getting the response in
a sequence. Response is getting logged in the seq_sla_resp.
<send receive="seq_sla_resp">
<endpoint key="gov:EDI/SLA/endpoints/edi_sla_payment_ep.xml" />
</send>
Inside this response sequence I'm unable to get a property which I set previously during the call (in the main proxy).
<property expression="//m1:sla_row/m1:tran_id/text()"
name="tran_id" scope="default" type="STRING"
xmlns:m1="http://ws.wso2.org/dataservice" />
When I try to log the property in the seq_sla_resp it ends up in the below error message
<log>
<property expression="$tran_id" name="tran_id" xmlns:m0="http://ws.wso2.org/dataservice"/>
</log>
Following is the error.
SynapseXPath Evaluation of the XPath expression $tran_id resulted in an error
org.jaxen.UnresolvableException: Variable tran_id
How can i get the context value in the response sequence.
In the documentaion it says default scope has the largest life span for the property.
Any help is very much appreciated.
I think you would find that your expression would also not work in the inSequence. You should either use expression="$ctx:tran_id" or expression="get-property('tran_id')"
Please note that WSO2 recommends using $ctx instead of the get-property if the scope is default. The get-property methods search in the registry if the value is not available in the message context. Therefore, it affects the performance.
In your case , you can use
<property expression="$ctx:tran_id" name="tran_id" scope="default" xmlns:m0="http://ws.wso2.org/dataservice"/>
Thanks
Kranthi
I've been having trouble with Camel transactions and after some great help from the camel list I eventually tracked it down to using org.apache.activemq.camel.component.ActiveMQComponent in a bean with id 'activemq'. If I use an id of 'activemqTx' it works. But I can't seem to find any documentation on the significance of 'activemqTx' as a bean id.
only one message gets through the route with this:
<bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent">
everything works with this:
<bean id="activemqTx" class="org.apache.activemq.camel.component.ActiveMQComponent">
Must have been a bean name clash
(Context: I'm an experienced programmer, but new to LDAP, AD and Spring.)
We are a Windows shop, so all of our authentication is done with Active Directory. We are attempting to integrate a third-party product that is written in Java, so it does all of its authentication using Spring Security. So far, so good -- they've done that integration before, and there's a good deal online about how to set things up.
The problem is, our AD setup is a bit complex: in particular, our user accounts exist in various nodes in the AD/LDAP tree. To give a simplified example, say the LDAP tree looks like this:
DC=my-domain,DC=com
+ CN=Users
++ CN=user1,CN=Users,DC=my-domain,DC=com
+ CN=Staff
++ CN=user2,CN=Staff,DC=my-domain,DC=com
The thing is, all of the examples I have found let me authenticate either user1 or user2, but not both. That is, the following XML snippet will work to authenticate user1 against roles defined under "Groups":
<security:ldap-server url="ldap://my-domain.com:389" manager-dn="CN=manager_svc,OU=System Users,DC=my-domain,DC=com" manager-password="MyPa55w0rd"/>
<security:ldap-authentication-provider
user-dn-pattern=""
user-search-base="CN=Users,DC=my-domain,DC=com"
user-search-filter="(&(sAMAccountName={0})(objectclass=user))"
group-search-base="OU=Groups,DC=mydomain,DC=com"
group-search-filter="member={0}"
/>
but that won't authenticate user2, since he doesn't match the user-search-base. Contrariwise, I can change user-search-base to CN=Staff,DC=my-domain,DC=com, which will work for user2, but then it won't work for user1.
So the question is, how do I make this search work for user accounts that are scattered across the AD/LDAP tree? I can imagine two possibilities, but I haven't figured out how to do either yet:
On the one hand, if I can make user-search-base multi-valued, that solves my problem easily and correctly: I just put in all of the locations where user accounts might be found. So far, all of my attempts to do this have met with one error or another, but I'm still experimenting.
OTOH, there is Subtree scoping of the search. I can see in the interactive LDAP tools that search can be either single-level or subtree. Far as I can tell, Spring out of the box is doing single-level. I can see that the underlying FilterBasedLdapUserSearch class has a setSearchSubtree() method, which looks like what I want, but I can't find a way to set that to true from the XML. (For now, let's assume that it isn't feasible to change the underlying Java program.)
The first option would be ideal, since it is probably much more efficient, but if that isn't possible and the second is, I suspect we can make it work.
I have a suspicion that the second approach is possible using thorny bean hackery, but I know next to nothing about beans, so I'd rather not wade into those thickets by myself. Does anybody have a good recipe to recommend?
Thanks much for any guidance you can provide...
I solved this by using a searchBase with the empty string value (this uses the root as the searchbase, just like prule's answer), but I also had to set the property "referral" to "follow", otherwise I got a PartialResultException!
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(...);
contextSource.setReferral("follow");
You could try searching from the domain root, if that is feasible, though that can cause problems with AD.
Alternatively, use of explicit bean configuration is probably your best option. You can inject a custom LdapUserSearch implementation into the BindAuthenticator bean, which searches under all the necessary locations. If you look at the example in the docs, it shows a FilterBasedLdapUserSearch configuration. You could either use a couple of these, or implement the interface yourself from scratch. Here's a quick hack as an example:
public class CustomLdapSearch implements LdapUserSearch {
public static final String SAM_FILTER="(&(sAMAccountName={0})(objectclass=user))"
final LdapUserSearch users;
final LdapUserSearch staff;
public CustomLdapSearch(BaseLdapPathContextSource contextSource) {
users = new FilterBasedLdapUserSearch("CN=Users,DC=my-domain,DC=com", SAM_FILTER, contextSource);
staff = new FilterBasedLdapUserSearch("CN=Staff,DC=my-domain,DC=com", SAM_FILTER, contextSource);
}
public DirContextOperations searchForUser(String username) {
try {
return users.searchForUser(username);
} catch(UsernameNotFoundException e) {
return staff.searchForUser(username);
}
}
}
Then change the BindAuthenticator configuration to:
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch" ref="customSearch"/>
</bean>
<bean id="customSearch" class="CustomLdapSearch">
<constructor-arg ref="contextSource"/>
</bean>
I've done something similar with spring-security-2.0.x using FilterBasedLdapUserSearch - where users were spread across multiple nodes:
<bean id="ldapUserSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg value=""/> <!-- optional sub-tree here -->
<constructor-arg value="(&(sAMAccountName={0})(objectclass=user))"/>
<constructor-arg ref="contextSource"/>
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userSearch" ref="ldapUserSearch"/>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="userDetailsContextMapper"/>
</bean>
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:10389/CN=Users,DC=my-domain,DC=com"/>
<!-- you may or may not need to connect with an account that can search -->
<!--<property name="userDn" value="uid=admin,ou=system"/>-->
<!--<property name="password" value="secret"/>-->
</bean>