We have an internal Glassfish 3.1 server where we have Jenkins deploy war-artifacts directly without any additional configuration.
This results in numerous rather verbose URL's like
http://xxx:5280/xxx_YYYY-52.20120824.0-SNAPSHOT/
and I would like to write a small ROOT.war (binding to "/") which simply lists all URL's in the current domain - preferably along with the <web-app><description>.... field.
This only needs to work with Glassfish. Is there a simple Glassfish API providing the information I need?
You can parse domain.xml. There is information about deployed apps, context root ... smth like this
<application context-root="/permit-1.0" location="${com.sun.aas.instanceRootURI}/applications/permit-1.0/" name="permit-1.0" object-type="user">
<property name="org.glassfish.ejb.container.application_unique_id" value="88379353331728384" />
<property name="defaultAppName" value="permit-1.0" />
<module name="permit-1.0">
<engine sniffer="ejb" />
<engine sniffer="security" />
<engine sniffer="web" />
</module>
</application>
Related
When I set up a camunda BPMN platform, I got the following error
HTTP Status 500 -
org.camunda.bpm.webapp.impl.IllegalWebAppConfigurationException: No
process engine found. camunda Webapp cannot work without a process
engine
Confirming that the both the '/camunda' and '/engine-rest' is deployed and running in Tomcat.
But /engine-rest returns 404 with following error.
description : The requested resource is not available.
Please help!.
You need to configure the shared process engine for your server as described in https://docs.camunda.org/manual/7.5/installation/full/tomcat/manual/#add-bpm-platform-xml
Have added bpm-platform.xml to '/conf'
<?xml version="1.0" encoding="UTF-8"?>
<bpm-platform xmlns="http://www.camunda.org/schema/1.0/BpmPlatform"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.camunda.org/schema/1.0/BpmPlatform http://www.camunda.org/schema/1.0/BpmPlatform ">
<job-executor>
<job-acquisition name="default" />
</job-executor>
<process-engine name="default">
<job-acquisition>default</job-acquisition>
<configuration>org.camunda.bpm.engine.impl.cfg.StandaloneProcessEngineConfiguration</configuration>
<datasource>java:jdbc/ProcessEngine</datasource>
<properties>
<property name="history">full</property>
<property name="databaseSchemaUpdate">true</property>
<property name="authorizationEnabled">true</property>
<property name="jobExecutorDeploymentAware">true</property>
</properties>
</process-engine>
</bpm-platform>
I want to configure CAS server 4.0 with ApacheDS LDAP. I followed the bellow steps:
1- Based on this Link I modify the deployerConfigContext.xml file. The following beans added to this file:
<bean id="ldapAuthenticationHandler"
class="org.jasig.cas.authentication.LdapAuthenticationHandler"
p:principalIdAttribute="uid"
c:authenticator-ref="authenticator">
<property name="principalAttributeMap">
<map>
<!--
| This map provides a simple attribute resolution mechanism.
| Keys are LDAP attribute names, values are CAS attribute names.
| Use this facility instead of a PrincipalResolver if LDAP is
| the only attribute source.
-->
<entry key="member" value="member" />
<entry key="mail" value="mail" />
<entry key="displayName" value="displayName" />
</map>
</property>
</bean>
<bean id="authenticator" class="org.ldaptive.auth.Authenticator"
c:resolver-ref="dnResolver"
c:handler-ref="authHandler" />
<!--
| The following DN format works for many directories, but may need to be
| customized.
-->
<bean id="dnResolver"
class="org.ldaptive.auth.FormatDnResolver"
c:format="uid=%s,${ldap.baseDn}" />
<bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler"
p:connectionFactory-ref="pooledLdapConnectionFactory" />
<bean id="pooledLdapConnectionFactory"
class="org.ldaptive.pool.PooledConnectionFactory"
p:connectionPool-ref="connectionPool" />
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" />
<bean id="ldapPoolConfig" class="org.ldaptive.pool.PoolConfig"
p:minPoolSize="${ldap.pool.minSize}"
p:maxPoolSize="${ldap.pool.maxSize}"
p:validateOnCheckOut="${ldap.pool.validateOnCheckout}"
p:validatePeriodically="${ldap.pool.validatePeriodically}"
p:validatePeriod="${ldap.pool.validatePeriod}" />
<bean id="connectionFactory" class="org.ldaptive.DefaultConnectionFactory"
p:connectionConfig-ref="connectionConfig" />
<bean id="connectionConfig" class="org.ldaptive.ConnectionConfig"
p:ldapUrl="${ldap.url}"
p:connectTimeout="${ldap.connectTimeout}"
p:useStartTLS="${ldap.useStartTLS}"
p:sslConfig-ref="sslConfig" />
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.X509CredentialConfig"
p:trustCertificates="${ldap.trustedCert}" />
</property>
</bean>
<bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
p:prunePeriod="${ldap.pool.prunePeriod}"
p:idleTime="${ldap.pool.idleTime}" />
<bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
Also the bellow properties added to the cas.properties:
#========================================
# General properties
#========================================
ldap.url=ldaps://localhost:10636
# LDAP connection timeout in milliseconds
ldap.connectTimeout=30000
# Whether to use StartTLS (probably needed if not SSL connection)
ldap.useStartTLS=true
#========================================
# LDAP connection pool configuration
#========================================
ldap.pool.minSize=3
ldap.pool.maxSize=10
ldap.pool.validateOnCheckout=false
ldap.pool.validatePeriodically=true
# Amount of time in milliseconds to block on pool exhausted condition
# before giving up.
ldap.pool.blockWaitTime=3000
# Frequency of connection validation in seconds
# Only applies if validatePeriodically=true
ldap.pool.validatePeriod=3000
# Attempt to prune connections every N seconds
ldap.pool.prunePeriod=3000
# Maximum amount of time an idle connection is allowed to be in
# pool before it is liable to be removed/destroyed
ldap.pool.idleTime=6000
#========================================
# Authentication
#========================================
ldap.baseDn=dc=example,dc=com
# Base DN of users to be authenticated
ldap.authn.baseDn=dc=example,dc=com
# Manager DN for authenticated searches
ldap.authn.managerDN=uid=admin,ou=system
# Manager password for authenticated searches
ldap.authn.managerPassword=secret
# Search filter used for configurations that require searching for DNs
#ldap.authn.searchFilter=(&(uid={user})(accountState=active))
ldap.authn.searchFilter=(uid={0})
# Search filter used for configurations that require searching for DNs
#ldap.authn.format=uid=%s,ou=Users,dc=example,dc=org
ldap.authn.format=uid=%s,ou=system
ldap.trustedCert=file:/D:/ApacheDS.cer
Also I used InstallCert to add the port of localhosr:8443 (tomcat) and localhost:10636 (ApacheDS) to the cacers file. And with Portecle export the ApacheDS.cer from ApacheDs certification from cacers.
My server.xml file of tomcat modified as bellow:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="50" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Program Files/Java/jdk1.7.0_60/jre/lib/security/cacerts"
keystorePass="changeit"
/>
Also the following Jars add to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF\lib :
cas-server-support-ldap-4.0.0.jar
spring-ldap-core-2.0.2.RELEASE.jar
spring-ldap-1.2.1.jar
ldaptive-1.0.5.jar
Finally! After lots of struggling tries I get the bellow error:
Caused by: java.lang.IllegalStateException: Could not initialize pool size
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:258)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1638)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1579)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1509)
... 70 more
Caused by: [org.ldaptive.provider.ConnectionException#3778440::resultCode=null, matchedDn=null, responseControls=null, referralURLs=null, messageId=-1, providerException=javax.naming.ServiceUnavailableException: localhost:10636; socket closed]
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:95)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:37)
at org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:99)
at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:295)
at org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:482)
at org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:523)
at org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:363)
at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:252)
... 77 more
Caused by: javax.naming.ServiceUnavailableException: localhost:10636; socket closed
at com.sun.jndi.ldap.Connection.readReply(Connection.java:454)
at com.sun.jndi.ldap.LdapClient.extendedOp(LdapClient.java:1202)
at com.sun.jndi.ldap.LdapCtx.extendedOperation(LdapCtx.java:3206)
at javax.naming.ldap.InitialLdapContext.extendedOperation(InitialLdapContext.java:183)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.startTLS(JndiStartTLSConnectionFactory.java:134)
at org.ldaptive.provider.jndi.JndiStartTLSConnectionFactory.createInternal(JndiStartTLSConnectionFactory.java:92)
... 84 more
Could you possibly help me to solve this issue! I really don't know the main reason of my problem?
I don`t know is it late to answer or not, but to day I had same problem and after reading the ldaptive project source, I found the answer as below:
just add the p:failFastInitialize="false" parameter to your connectionPool bean just like
<bean id="connectionPool"
class="org.ldaptive.pool.BlockingConnectionPool"
init-method="initialize"
p:poolConfig-ref="ldapPoolConfig"
p:blockWaitTime="${ldap.pool.blockWaitTime}"
p:validator-ref="searchValidator"
p:pruneStrategy-ref="pruneStrategy"
p:connectionFactory-ref="connectionFactory" p:failFastInitialize="false" />
Finally I can find the solution! Listed bellow are the steps that help you to connect to AacheDS through CAS server 4.
Download cas-server-4.0.0-release.zip
Download Tomcat 8 and run it
Extract the cas-server-4.0.0-release.zip and copy cas-server-webapp-4.0.0.war into apache-tomcat-8.0.8\webapps of your tomcat. Wait till Tomcat extract the War file and make cas-server-webapp-4.0.0
Stop Tomcat Server
Go to conf folder of your Tomcat and edit the server.xml file. You should uncomment the HTTPS part of this file.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Program Files/Java/jdk1.7.0_60/jre/lib/security/cacerts"
keystorePass="changeit"
/>
As you can see , the certification of HTTPS Tomcat should be added to the cacerts file. You can check the following link to do this:
A Simple Step-By-Step Guide To Apache Tomcat SSL Configuration
Go to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF and replace deployerConfigContext.xml content with the following:
Go to my Blog to copy the content of file
Go to the apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\META-INF\maven\org.jasig.cas\cas-server-webapp and add the following to the pom.xml:
Add the following jar files into apache-tomcat-8.0.8\webapps\cas-server-webapp-4.0.0\WEB-INF\lib
cas-server-support-ldap-4.0.0.jar
spring-ldap-core-2.0.2.RELEASE.jar
spring-ldap-1.2.1.jar
ldaptive-1.0.5.jar
Run ApacheDS
Connect to your ApacheDS with Apache Directory Studio and create a user in dc=example,dc=com
Start Tomcat
Go to the http://localhost:8080/cas-server-webapp-4.0.0/login
Type username and password that you made in the Apache Directory Studio. You can login to CAS with ldap user now!
I'm using successfully Moghadam's solution above, but I had to make a small adjustment in deployerConfigContext.xml:
<bean id="ldapAuthenticationHandler" class="org.jasig.cas.authentication.LdapAuthenticationHandler" >
<constructor-arg ref="authenticator" />
<property name="principalAttributeMap">
<map>
<entry key="mail" value="mail" />
<entry key="cn" value="cn" />
</map>
</property>
</bean>
Please notice I removed the p:principalIdAttribute="uid" property.
Does anybody have a working example of how to configure a cluster of nodes to share an index using the infinispan directory provider? All the documentation on Infinispan (the documentation is seriously lacking btw) implies that it should be as easy as having some properties set but no matter how I try I cannot get it to work. The nodes in the cluster find eachother fine and I can do get operations on one node and get object that were put on another. But as soon as I do queries (use the index) it just starts to fail.
My infinispan config:
<global>
<transport clusterName="SomeCluster">
<properties>
<property name="configurationFile" value="jgroups-udp.xml" />
</properties>
</transport>
</global>
<namedCache name="access">
<clustering mode="distribution" />
<indexing enabled="true" indexLocalOnly="true">
<properties>
<property name="default.directory_provider" value="infinispan"/>
<property name="default.worker.backend" value="jgroups"/>
</properties>
</indexing>
</namedCache>
I have not found one example/tutorial which covers a distributed cache with a shared index, and I consider my google-fu to be great. I have asked on the infinispan community forum but havent gotten any replies there.
The errors I get are all related to the fact that only one node can be able to write to the index (the master node) but the config above, which according some the documentation on Hibernet Search should make one node a master node, does nothing as far as I can se.
Edit:Im using Infinispan 6.0.2.Final
Rather than JGroups backend I'd use InfinispanIndexManager - this manager already provides its own backend.
<indexing enabled="true" indexLocalOnly="true">
<properties>
<property name="default.indexmanager" value="org.infinispan.query.indexmanager.InfinispanIndexManager" />
<property name="default.exclusive_index_use" value="false" />
<property name="default.metadata_cachename" value="lucene_metadata_repl" />
<property name="default.data_cachename" value="lucene_data_dist" />
<property name="default.locking_cachename" value="lucene_locking_repl" />
<property name="lucene_version" value="LUCENE_36" />
</properties>
</indexing>
Now, configure all the caches to be clustered (distributed or replicated). Without specifying the cache configuration this way, the three caches are created using the default cache configuration - which is by default non-clustered.
I am not sure about the exclusive_index_use, though, maybe it's not necessary.
I agree that Infinispan documentation could be much better, usually I have to fallback to investigating source code. For examples of indexing configuration, you can look into the infinispan-query module/src/test/resources.
I'm looking for a solution similar to this:
httpOnly Session Cookie + Servlet 3.0 (e.g. Glassfish v3)
I want to turn the HTTP headers: http-only and Secure off so that authentication with https carries across to http requests.
However,
1 Relating to the other post. I am not using servlet 3.0. I may be willing to try to use servlet 3.0 if there was decent documentation somewhere on how to migrate an intellij project from serverl 2.5 to 3.0. It does not seem obvious how to use this. Changing my maven pom to javax.servlet 3.0 and then editing my web.xml version to 3.0 doesn't work. Gives a facet-error on the 3.0 version. Sigh.
This is my primary approach to solve this. I edited domains/domain1/config for default-web.xml and domain.xml to what I thought would work but it doesn't. Oracle's documentation does not seem very clear to me on this.
domain.xml
<web-container>
<session-config>
<session-manager>
<manager-properties></manager-properties>
<store-properties></store-properties>
</session-manager>
<session-properties>
<property name="cookieSecure" value="false"></property>
<property name="cookieHttpOnly" value="false"></property>
</session-properties>
</session-config>
</web-container>
....
<configs>
<config name="server-config">
<http-service sso-enabled="true">
<access-log></access-log>
<virtual-server id="server" sso-cookie-secure="false" sso-cookie-http-only="false" network-listeners="http-listener-1,http-listener-2"></virtual-server>
<virtual-server id="__asadmin" sso-cookie-http-only="false" network-listeners="admin-listener"></virtual-server>
</http-service>
default-web.xml
<session-config>
<session-timeout>60</session-timeout>
<cookie-config>
<http-only>false</http-only>
<secure>false</secure>
</cookie-config>
<cookie-properties>
<property name="cookieSecure" value="false" />
<property name="cookieHttpOnly" value="false" />
</cookie-properties>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
Okay I feel a bit stupid but I generally have never written to a specific container before to make sure that my code was portable across containers. However, after some research, I discovered that you can put a WEB-INF/glassfish-web.xml file that looks like this to control your security cookie setting for each WAR file under glassfish.
http://blogs.oracle.com/jluehe/entry/ow_to_configure_the_security
<?xml version="1.0" encoding="UTF-8"?>
<glassfish-web-app>
<session-config>
<cookie-properties>
<b><property name="cookieSecure" value="[true|false|dynamic]"/></b>
</cookie-properties>
</session-config>
</glassfish-web-app>
How can I create JDBCResources, -Pools and Security Realms in a Glassfish 3.1 Server from within my Application, if they are not already created? I am writing an application that relies on this resources, however I don't want to configure the server manually every time the application is deployed on a different server.
Doing this with a shell script feels like a workaround.
Glassfish provides a REST interface. You can create a new security (authentication) realm in a certain configuration (say, server-config in a DAS on localhost, admin port 4848) with a POST to:
http://localhost:4848/management/domain/configs/config/server-config/security-service/auth-realm
Do a GET to that resource to see the parameters.
You can use the same interface to create connection pools.
Ok, I found a solution for half of the Question.
I created a file called glassfish-resources.xml in my WEB-INF folder and added the following content to it:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
<resources>
<jdbc-connection-pool
name="java:app/jdbc/BeerUserPool"
res-type="javax.sql.DataSource"
datasource-classname="org.postgresql.ds.PGSimpleDataSource"
pool-resize-quantity="2"
max-pool-size="32"
steady-pool-size="0"
statement-timeout-in-seconds="30">
<property name="User" value="USERNAME"></property>
<property name="Password" value="PASSWORD"></property>
<property name="PortNumber" value="12345678"></property>
<property name="dataBaseName" value="DATABASE_NAME"></property>
<property name="ServerName" value="yourDBUrl.com"></property>
<property name="Ssl" value="false"></property>
<property name="ProtocolVersion" value="0"></property>
</jdbc-connection-pool>
<jdbc-resource
pool-name="java:app/jdbc/BeerUserPool"
jndi-name="java:app/jdbc/BeerUser"></jdbc-resource>
<
</resources>
Addingt the java:app/ to the names is important, without it it won't work correctly. This connection pool is also only application scoped and gets destroyed after the application is undebloyed (except you add an additional argument).
This pool can now be accessed with JPA with the following persistence.xml.
<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence">
<persistence-unit name="jsf-jpa-war" transaction-type="JTA">
<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
<jta-data-source>java:app/jdbc/BeerUser</jta-data-source>
<properties>
<property name="eclipselink.logging.level" value="FINE"/>
</properties>
</persistence-unit>
</persistence>
However I found no soultion how I can define the security realms in the same way.