After loading ApplicationContext I got a warning like this:
_ INFO: No authentication manager set. Reauthentication of users when changing passwords will not be performed. _
My Context.XML file is like this:
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.6.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- =============== Security =============== -->
<sec:method-security-metadata-source
id="method-security-metadata-source">
<sec:protect access="MyAccess"
method="springsecuritytest._00_base.AuthenticationTester.*" />
</sec:method-security-metadata-source>
<sec:global-method-security
access-decision-manager-ref="accessDecisionManager"
secured-annotations="enabled" pre-post-annotations="enabled"
proxy-target-class="true">
<sec:protect-pointcut
expression="execution(* springsecuritytest._00_base.AuthenticationTester.*(..))"
access="ROLE_USER_BASIC_099" />
<!-- <sec:protect-pointcut access="ROLE_USER_BASIC_099" expression="execution(*
springsecuritytest._00_base.AuthenticationTester.* (..))" /> -->
</sec:global-method-security>
<sec:authentication-manager alias="authenticationManager"
erase-credentials="true">
<sec:authentication-provider>
<sec:jdbc-user-service data-source-ref="dataSource" />
<!-- role-prefix="ROLE_" /> -->
</sec:authentication-provider>
</sec:authentication-manager>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<!-- <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> -->
</list>
</property>
</bean>
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/spring_security" />
<property name="username" value="root" />
<property name="password" value="" />
</bean>
any body can help me?
I found it, it seems to be caused by the bean definition model I used.
I too was experiencing this nebulous message in the log. I had to add a reference to my authentication manager in the http and UserDetailsManager in the xml configuration file. This will depend on how Spring security is configured, but hopefully it will help!
<security:http auto-config="true" authentication-manager-ref="authenticationManager" use-expressions="true">
<security:remember-me data-source-ref="dataSource" user-service-ref="userDetailsManagerDao" />
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/home" access="permitAll" />
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/registration" access="permitAll" />
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<security:form-login login-page="/login" default-target-url="/default" login-processing-url="/login/authenticate"
username-parameter="username" password-parameter="password" authentication-failure-url="/login?error" />
<security:logout logout-url="/logout" logout-success-url="/login?logout" />
</security:http>
<bean id="userDetailsManagerDao" class="com.alphatek.tylt.repository.UserDetailsManagerJdbcDao">
<property name="dataSource" ref="dataSource" />
<property name="enableAuthorities" value="false" />
<property name="enableGroups" value="true" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<security:authentication-manager id="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsManagerDao">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
Related
SQL Delete query is not working in camel, as it stuck at the SQL query and nothing happens. Have tried to execute same query in DB directly, it is working fine as expected.
Below is the glimpse of code.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">
<bean class="org.apache.commons.dbcp2.BasicDataSource"
destroy-method="close" id="OracleConnection">
<property name="driverClassName"
value="${Oracle.DB.DriverClassName}" />
<property name="url" value="${Oracle.DB.Url}" />
<property name="username" value="${Oracle.DB.Username}" />
<property name="password" value="${Oracle.DB.Password}" />
<property name="initialSize" value="${Oracle.DB.InitialSize}" />
<property name="maxTotal" value="${Oracle.DB.MaxTotal}" />
<property name="minIdle" value="${Oracle.DB.MinIdle}" />
<property name="maxIdle" value="${Oracle.DB.MaxIdle}" />
<property name="testOnBorrow" value="true" />
<property name="testOnReturn" value="true" />
<property name="removeAbandonedOnMaintenance" value="true" />
<property name="defaultAutoCommit" value="true" />
<property name="maxWaitMillis"
value="${Oracle.DB.MaxWaitMillis}" />
</bean>
<!-- configure the Camel SQL component to use the JDBC data source -->
<bean class="org.apache.camel.component.sql.SqlComponent" id="sql">
<property name="dataSource" ref="OracleConnection" />
</bean>
<camelContext id="GenerateOTPContext"
xmlns="http://camel.apache.org/schema/spring">
<route id="GenerateOTPMainRoute" streamCache="true">
<from id="_from1"
uri="restlet:http://localhost:9092/ESB/dbserviceapi/generateOTP?restletMethod=POST" />
<setHeader headerName="deleteQuery" id="_setHeader2">
<simple>sql:DELETE FROM MOBILE_OTP_DETAILS WHERE created_dt < SYSDATE - INTERVAL '20' MINUTE</simple>
</setHeader>
<log id="_log2" message="Delete query ${header.deleteQuery}" />
<recipientList delimiter="~" id="_recipientList2"
ignoreInvalidEndpoints="true">
<simple>${header.deleteQuery}</simple>
</recipientList>
<onException id="_onException1" useOriginalMessage="true">
<exception>java.sql.SQLException</exception>
<exception>java.lang.Exception</exception>
<handled>
<constant>true</constant>
</handled>
<log id="_log3"
message="ESBUUID : ${exchangeId} Exception occurred in GenerateOTPAdapter : ${exception.stacktrace}" />
</onException>
</route>
</camelContext>
</beans>
I'm using dbcp2, pool2 and camel-sql components to connect to DB.
Any suggestions please?
Have found the issue, I had created my own table but missed to grant the delete permission, so it was not deleting the data in DB from camel components so I granted the permission for my table and it worked.
Struggling to get ActiveMQ web console to use LDAP and authenticated against Active Directory.
No errors when starting MQ, username/password login box prompt appears but doesn't progress when inserting the correct credentials.
Version
5.15.6
login.config
amqLdapLoginModule {
org.eclipse.jetty.jaas.spi.LdapLoginModule required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="ad-server1.domain.com"
port="389"
bindDn="CN=readonly-user,OU=Accounts,DC=domain,DC=com"
bindPassword="readonly-user-password"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="CN=users,DC=domain,DC=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="inetOrgPerson"
roleBaseDn="CN=groups,DC=domain,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames";
};
jetty.xml
<bean id="ldapLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="amqLdapLoginModule" />
<property name="roleClassNames" value="org.eclipse.jetty.jaas.JAASRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins-group" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins-group" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="securityHandlerLdap" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="ldapLoginService" />
<property name="identityService" ref="identityService" />
<property name="realmName" value="LdapRealm" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
<bean id="contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
</bean>
Following the guide from http://bacedifo.blogspot.com/2013/06/securing-activemq-580-web-console-using.html and using the ldaptive ldap java library with some tweaks to the configs I managed to get this working for our AD environment.
Copied the ldaptive-{version number}.jar and jetty-jass-{version number}.jar to /activemq/lib directory.
login.conf
activemq {
org.ldaptive.jaas.LdapLoginModule required
debug=true
storePass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=accounts,DC=domainname,DC=com"
bindCredential="ldapuser-password"
useStartTLS="false"
userFilter="(sAMAccountName={user})";
org.ldaptive.jaas.LdapRoleAuthorizationModule required
useFirstPass="true"
ldapUrl="ldap://ldap-server1.domainname.com:389 ldap://ldap-server2.domainname.com:389"
connectionStrategy="ACTIVE_PASSIVE"
bindDn="CN=ldap-readaccount,OU=Read Accounts,DC=domainname,DC=com"
baseDn="OU=groups,DC=domainname,DC=com"
bindCredential="ldapuser-password"
roleFilter="(&(cn=webconsoleadmins)(member={user}))"
useStartTLS="false"
defaultRole="admins"
roleAttribute="cn";
};
jetty.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="securityLoginService" class="org.eclipse.jetty.jaas.JAASLoginService">
<property name="name" value="LdapRealm" />
<property name="loginModuleName" value="activemq" />
<property name="roleClassNames" value="org.ldaptive.jaas.LdapRole" />
<property name="identityService" ref="identityService" />
</bean>
<bean id="identityService" class="org.eclipse.jetty.security.DefaultIdentityService"/>
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
<bean id="adminSecurityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="admins,webconsoleadmins" />
<!-- set authenticate=false to disable login -->
<property name="authenticate" value="true" />
</bean>
...
<bean id="securityHandler" class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<property name="loginService" ref="securityLoginService" />
<property name="identityService" ref="identityService" />
<property name="authenticator">
<bean class="org.eclipse.jetty.security.authentication.BasicAuthenticator" />
</property>
<property name="constraintMappings">
<list>
<ref bean="adminSecurityConstraintMapping" />
<ref bean="securityConstraintMapping" />
</list>
</property>
<property name="handler" ref="secHandlerCollection" />
</bean>
I am currently devloping a java web application based on activiti and i want to use ldap as an authentification system.
I Configured ldap as it its 's shown,but when i write this command in java System.out.println(processEngine.getIdentityService().createGroupQuery().list().size()); i got an error "This query is not supported by the LDAPGroupManager".So what can i do ?
Thank you in advance.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">
<bean id="dataSource" class="org.springframework.jdbc.datasource.SimpleDriverDataSource">
<property name="driverClass" value="org.h2.Driver" />
<property name="url" value="jdbc:h2:mem:activiti;DB_CLOSE_DELAY=1000" />
<property name="username" value="sa" />
<property name="password" value="" />
</bean>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
<property name="dataSource" ref="dataSource" />
<property name="transactionManager" ref="transactionManager" />
<property name="databaseSchemaUpdate" value="true" />
<property name="jobExecutorActivate" value="false" />
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://localhost" />
<property name="port" value="10389" />
<property name="user" value="uid=admin,ou=system" />
<property name="password" value="secret" />
<!-- Query params -->
<property name="baseDn" value="o=mojo" />
<property name="queryUserByUserId" value="(&(objectClass=inetOrgPerson)(uid={0}))" />
<property name="queryUserByFullNameLike" value="(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="uid" />
<property name="userFirstNameAttribute" value="cn" />
<property name="userLastNameAttribute" value="sn" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
</bean>
<bean id="processEngine" class="org.activiti.spring.ProcessEngineFactoryBean">
<property name="processEngineConfiguration" ref="processEngineConfiguration" />
</bean>
<bean id="repositoryService" factory-bean="processEngine" factory-method="getRepositoryService" />
<bean id="runtimeService" factory-bean="processEngine" factory-method="getRuntimeService" />
<bean id="taskService" factory-bean="processEngine" factory-method="getTaskService" />
<bean id="historyService" factory-bean="processEngine" factory-method="getHistoryService" />
<bean id="managementService" factory-bean="processEngine" factory-method="getManagementService" />
</beans>
we can't get all the ldap users with the bean this is not supported by the LDAPGroupManager
I work on integration IBM Domino with activiti.org workflow engine. I need to connect Activiti with Domino LDAP in order to retrive users and groups.
I already can log in with my Domino credentials but I'm not able to resolve user groups. My user is a member of ACTIVITI_ADMINS domino group but he doesn't see activiti-explorer administration menu (the one that default kermit user see). I've made the following modifications in Activiti xml config files. What should I add/rewrite in my config files in order to resolve user groups?
activiti-custom-context.xml
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
<!--...-->
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://myDominoLdapServer" />
<property name="port" value="389" />
<property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
<property name="password" value="myPassword" />
<!-- Query params -->
<property name="baseDn" value="o=myCompany" />
<property name="queryUserByUserId" value="(&(objectClass=inetOrgPerson)(displayname={0}))" />
<property name="queryUserByFullNameLike" value="(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="displayname" />
<property name="userFirstNameAttribute" value="GivenName" />
<property name="userLastNameAttribute" value="sn" />
<property name="userEmailAttribute" value="mail" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
</bean>
activiti-ui-context.xml
<bean name="explorerApp" class="org.activiti.explorer.ExplorerApp" scope="session">
<property name="environment" value="${activiti.ui.environment}" />
<property name="useJavascriptDiagram" value="${activiti.ui.jsdiagram}" />
<property name="i18nManager" ref="i18nManager" />
<property name="viewManager" ref="viewManager" />
<property name="notificationManager" ref="notificationManager" />
<property name="attachmentRendererManager" ref="attachmentRendererManager" />
<property name="formPropertyRendererManager" ref="formPropertyRendererManager" />
<property name="variableRendererManager" ref="variableRendererManager" />
<property name="applicationMainWindow" ref="mainWindow" />
<property name="componentFactories" ref="componentFactories" />
<property name="workflowDefinitionConversionFactory" ref="workflowDefinitionConversionFactory" />
<property name="loginHandler" ref="activitiLoginHandler" />
<property name="simpleWorkflowJsonConverter" ref="simpleWorkflowJsonConverter" />
<property name="adminGroups">
<list>
<value>ACTIVITI_ADMINS</value>
</list>
</property>
<property name="userGroups">
<list>
<value>user</value>
</list>
</property>
</bean>
Your configuration looks right so the problem must have something to do with the LDAP query used to retrieved the groups for the user:
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
Is this query returning the ACTIVITI_ADMIN group?
Well, I've found that the baseDN entry was the reason of my problem. I set empty value and Activiti is resolving my group now. The activiti-custom-context.xml file contains the following code:
<bean id="processEngineConfiguration" class="org.activiti.spring.SpringProcessEngineConfiguration">
<!--...-->
<property name="configurators">
<list>
<bean class="org.activiti.ldap.LDAPConfigurator">
<!-- Server connection params -->
<property name="server" value="ldap://myDominoLdapServer" />
<property name="port" value="389" />
<property name="user" value="cn=User Ldap, ou=myUnit1, ou=myUnit2, o=myCompany" />
<property name="password" value="myPassword" />
<!-- Query params -->
<!--MY CHANGE START-->
<property name="baseDn" value="" />
<!--MY CHANGE END-->
<property name="queryUserByUserId" value="(&(objectClass=inetOrgPerson)(displayname={0}))" />
<property name="queryUserByFullNameLike" value="(&(objectClass=inetOrgPerson)(|({0}=*{1}*)({2}=*{3}*)))" />
<property name="queryGroupsForUser" value="(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" />
<!-- Attribute config -->
<property name="userIdAttribute" value="displayname" />
<property name="userFirstNameAttribute" value="GivenName" />
<property name="userLastNameAttribute" value="sn" />
<property name="userEmailAttribute" value="mail" />
<property name="groupIdAttribute" value="cn" />
<property name="groupNameAttribute" value="cn" />
</bean>
</list>
</property>
</bean>
Apparently, it is not a good idea to use an existing domain.xml file, generated when creating a new domain using asadmin create-domain new_domain, and later use it when running an embedded instance of Glassfish. DataSources can not be found etcetera.
This is confirmed on this thread: GLASSFISH-20270
However, my question is, is there any way to get a "embedded version" of the domain.xml file for Glassfish 4.0?
Here is the default domain.xml for Embedded Glassfish 4.0. You can change it and put it in your project.
<domain log-root="${com.sun.aas.instanceRoot}/logs" application-root="${com.sun.aas.instanceRoot}/applications" version="10.0">
<security-configurations>
<authorization-service default="true" name="authorizationService">
<security-provider name="simpleAuthorization" type="Simple" provider-name="simpleAuthorizationProvider">
<authorization-provider-config support-policy-deploy="false" name="simpleAuthorizationProviderConfig"></authorization-provider-config>
</security-provider>
</authorization-service>
</security-configurations>
<system-applications />
<applications />
<resources>
<jdbc-resource pool-name="__TimerPool" jndi-name="jdbc/__TimerPool" object-type="system-admin" />
<jdbc-resource pool-name="DerbyPool" jndi-name="jdbc/__default" object-type="system-all" />
<jdbc-connection-pool name="__TimerPool" datasource-classname="org.apache.derby.jdbc.EmbeddedXADataSource" res-type="javax.sql.XADataSource">
<property value="${com.sun.aas.instanceRoot}/lib/databases/ejbtimer" name="databaseName" />
<property value=";create=true" name="connectionAttributes" />
</jdbc-connection-pool>
<jdbc-connection-pool is-isolation-level-guaranteed="false" name="DerbyPool" datasource-classname="org.apache.derby.jdbc.EmbeddedDataSource" res-type="javax.sql.DataSource">
<property name="databaseName" value="${com.sun.aas.instanceRoot}/lib/databases/embedded_default" />
<property name="connectionAttributes" value=";create=true" />
</jdbc-connection-pool>
</resources>
<servers>
<server name="server" config-ref="server-config">
<resource-ref ref="jdbc/__TimerPool" />
<resource-ref ref="jdbc/__default" />
</server>
</servers>
<configs>
<config name="server-config">
<http-service>
<access-log rotation-interval-in-minutes="15" rotation-suffix="yyyy-MM-dd" />
<virtual-server id="server" network-listeners="http-listener, https-listener" />
</http-service>
<iiop-service>
<orb use-thread-pool-ids="thread-pool-1" />
<iiop-listener address="0.0.0.0" port="3700" id="orb-listener-1" />
<iiop-listener security-enabled="true" address="0.0.0.0" port="3820" id="SSL">
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" />
</iiop-listener>
<iiop-listener security-enabled="true" address="0.0.0.0" port="3920" id="SSL_MUTUALAUTH">
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" client-auth-enabled="true" />
</iiop-listener>
</iiop-service>
<admin-service type="das-and-server" system-jmx-connector-name="system">
<jmx-connector enabled="false" auth-realm-name="admin-realm" security-enabled="false" address="0.0.0.0" port="8686" name="system" />
<das-config autodeploy-enabled="false" dynamic-reload-enabled="true" deploy-xml-validation="full" autodeploy-dir="${com.sun.aas.instanceRoot}/autodeploy" />
<property value="/admin" name="adminConsoleContextRoot" />
<property value="${com.sun.aas.installRoot}/lib/install/applications/admingui.war" name="adminConsoleDownloadLocation" />
<property value="${com.sun.aas.installRoot}/.." name="ipsRoot" />
</admin-service>
<connector-service shutdown-timeout-in-seconds="30">
</connector-service>
<ejb-container steady-pool-size="0" max-pool-size="32" session-store="${com.sun.aas.instanceRoot}/session-store" pool-resize-quantity="8">
<ejb-timer-service />
</ejb-container>
<mdb-container steady-pool-size="0" max-pool-size="32" pool-resize-quantity="8" >
</mdb-container>
<jms-service type="EMBEDDED" default-jms-host="default_JMS_host">
<jms-host name="default_JMS_host" host="localhost" port="7676" admin-user-name="admin" admin-password="admin" lazy-init="false"/>
</jms-service>
<log-service file="${com.sun.aas.instanceRoot}/logs/server.log" log-rotation-limit-in-bytes="2000000">
<module-log-levels />
</log-service>
<security-service activate-default-principal-to-role-mapping="true" jacc="simple">
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="admin-realm">
<property value="${com.sun.aas.instanceRoot}/config/admin-keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.file.FileRealm" name="file">
<property value="${com.sun.aas.instanceRoot}/config/keyfile" name="file" />
<property value="fileRealm" name="jaas-context" />
</auth-realm>
<auth-realm classname="com.sun.enterprise.security.auth.realm.certificate.CertificateRealm" name="certificate" />
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.provider.PolicyConfigurationFactoryImpl" policy-provider="com.sun.enterprise.security.provider.PolicyWrapper" name="default">
<property value="${com.sun.aas.instanceRoot}/generated/policy" name="repository" />
</jacc-provider>
<jacc-provider policy-configuration-factory-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyConfigurationFactory" policy-provider="com.sun.enterprise.security.jacc.provider.SimplePolicyProvider" name="simple" />
<audit-module classname="com.sun.enterprise.security.ee.Audit" name="default">
<property value="false" name="auditOn" />
</audit-module>
<message-security-config auth-layer="SOAP">
<provider-config provider-id="XWS_ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ClientProvider" class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-type="client">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="dynamic.username.password" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
<provider-config provider-id="XWS_ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
</provider-config>
<provider-config provider-id="ServerProvider" class-name="com.sun.xml.wss.provider.ServerSecurityAuthModule" provider-type="server">
<request-policy auth-source="content" />
<response-policy auth-source="content" />
<property value="s1as" name="encryption.key.alias" />
<property value="s1as" name="signature.key.alias" />
<property value="false" name="debug" />
<property value="${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml" name="security.config" />
</provider-config>
</message-security-config>
<property value="SHA-256" name="default-digest-algorithm" />
</security-service>
<monitoring-service>
<module-monitoring-levels />
</monitoring-service>
<transaction-service tx-log-dir="${com.sun.aas.instanceRoot}/logs" >
</transaction-service>
<java-config>
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvm-options>
<jvm-options>-Dorg.glassfish.jms.InitializeOnDemand=true</jvm-options>
</java-config>
<network-config>
<protocols>
<protocol name="http-listener">
<http default-virtual-server="server" max-connections="250">
<file-cache enabled="false"></file-cache>
</http>
</protocol>
<protocol security-enabled="true" name="https-listener">
<http default-virtual-server="server" max-connections="250">
<file-cache enabled="false"></file-cache>
</http>
<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" ssl3-enabled="false" cert-nickname="s1as"></ssl>
</protocol>
</protocols>
<network-listeners>
<network-listener port="0" protocol="http-listener" transport="tcp" name="http-listener" thread-pool="http-thread-pool" enabled="false" />
<network-listener port="0" protocol="https-listener" transport="tcp" name="https-listener" thread-pool="http-thread-pool" enabled="false" />
</network-listeners>
<transports>
<transport name="tcp"></transport>
</transports>
</network-config>
<thread-pools>
<thread-pool name="http-thread-pool" max-queue-size="4096"></thread-pool>
<thread-pool name="thread-pool-1" max-thread-pool-size="200"/>
</thread-pools>
</config>
</configs>
<property name="administrative.domain.name" value="domain1"/>