I want to add SSL security in the Database layer. I am using Struts2.1.6, Spring 2.5, JBOSS 5.0 and Informix 11.5. Any idea how to do this?
I have researched through a lot on the internet but could not find any solution.
Please suggest!
Here is my datasource and entity manager beans which is working perfect without SSL:
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="database" value="INFORMIX" />
<property name="showSql" value="true" />
</bean>
</property>
</bean>
<bean id="dataSource"
class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName" value="com.informix.jdbc.IfxDriver" />
<property name="url"
value="jdbc:informix-sqli://SERVER_NAME:9088/DB_NAME:INFORMIXSERVER=SERVER_NAME;DELIMIDENT=y;" />
<property name="username" value="username" />
<property name="password" value="password" />
<property name="minIdle" value="2" />
</bean>
<bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean" lazy-init="false">
<property name="targetObject" ref="dataSource" />
<property name="targetMethod" value="addConnectionProperty" />
<property name="arguments">
<list>
<value>characterEncoding</value>
<value>UTF-8</value>
</list>
</property>
</bean>
<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate" scope="prototype">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
Thankyou very much for your suggestion. So basically I need to set something like this in my applicationContext.xml, Please correct me if I am wrong:
<property name="username" value="username" />
<property name="password" value="password" />
**<property name="sslConnection" value="true" />**
<property name="minIdle" value="2" />
But how do I set the SSL certificate in java runtime. The link which you have provided is good but for some reason I am not able to follow. Please put your suggestion.
Using SSL for the communication between an application and a database is something that has to be supported by the database server (and the JDBC driver).
According to the documentation, this is supported by Informix Dynamic Server (IDS) since version 11.50.
You can use SSL support in your Java applications if you use IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to DB2® for z/OS® Version 9 or later, to DB2 Database for Linux®, UNIX®, and Windows® Version 9.1, Fix Pack 2 or later, or to IBM Informix® Dynamic Server (IDS) Version 11.50 or later.
(...)
To use SSL connections, you need to:
Configure connections to the data source to use SSL. (link)
Configure your Java Runtime Environment to use SSL. (link)
The documentation should help.
If you're using a version of IDS prior to 11.50, then I'm afraid you'll have to use SSH tunneling.
Related
I'm new with Ignite and I'm trying to test data quality and availability of Ignite cluster.
I use the below xml configuration for setting cluster,
<property name="discoverySpi">
<bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
<property name="socketTimeout" value="50000" />
<property name="networkTimeout" value="50000" />
<property name="reconnectCount" value="5" />
<property name="ipFinder">
<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder">
<property name="addresses">
<list>
<value>x.x.x.1:47500..47509</value>
<value>x.x.x.2:47500..47509</value>
</list>
</property>
</bean>
</property>
</bean>
</property>
</bean>
Also and jthe CacheConfiguration is,
<bean id="cache-template-bean" class="org.apache.ignite.configuration.CacheConfiguration">
<property name="name" value="CACHE_TEMPLATE*"/>
<property name="cacheMode" value="PARTITIONED" />
<property name="backups" value="1" />
<!-- <property name="backups" value="2" />
<property name="backups" value="3" /> -->
<property name="atomicityMode" value="TRANSACTIONAL" />
<property name="writeSynchronizationMode" value="PRIMARY_SYNC" />
<property name="rebalanceBatchSize" value="#{4 * 1024 * 1024}" />
<property name="rebalanceMode" value="ASYNC" />
<property name="statisticsEnabled" value="true" />
<property name="rebalanceBatchesPrefetchCount" value="4" />
<property name="defaultLockTimeout" value="5000" />
<property name="readFromBackup" value="true" />
<property name="queryParallelism" value="6" />
<property name="nodeFilter">
<bean class="org.apache.ignite.util.AttributeNodeFilter">
<constructor-arg>
<map>
<entry key="ROLE" value="data.compute"/>
</map>
</constructor-arg>
</bean>
</property>
</bean>
My scenarios are,
Loaded the 5 million data when all the 3 nodes
Bring one node down
The count shows 3.75 million. (Data loss)
Bringing the node up counts 5 million again.
I tried backup 1,2,3 all resulted in the same data loss. As per Ignite documents, appears the data loss should not happen. If this fixed, I can try adding data when the node is down and check how it behaves.
Any suggestions, please?
Ash
The main idea of the baseline topology and persistence is to prevent unnecessary rebalance and store data only in specified server nodes. When a baseline node stopped, it is expected that one will back soon and the rebalance process is not triggered. You could exclude the node from the baseline using api or control.sh utility.
IgniteCache.size() returns the number of primary entries. So when a baseline node is stopped, size() shows a smaller number indicating that a number of primary entries is not accessible.
In your case the data is not lost by two reasons:
1. The data is persisted in backup entries on alive baseline nodes.
2. The primary and backup entries located on the stopped node will back to the cluster after the node started.
[1] https://apacheignite.readme.io/docs/baseline-topology
Does anyone know how to construct the database connection string with multisubnet failover as true? We are trying to connect to a SQL Server which is on AOAG (Always on availability group).
We are trying to connect via application where we are using org.springframework.jdbc.datasource.DriverManagerDataSource to create a data source bean and then using it in application.
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${DRIVER_CLASS}"/>
<property name="url" value="${JDBC_URL}"/>
<property name="username" value="{userName}"/>
<property name="password" value="{******}"/>
</bean>
Are you looking for
MultiSubnetFailover=True
From https://learn.microsoft.com/en-us/sql/database-engine/availability-groups/windows/listeners-client-connectivity-application-failover
I'm trying to create a read only user in activeMQ console, I found this and this too. the second post from stackoverflow is not helpful because it deployed the web console to an external server. The second page from pivotal looks promising and I tried with activeMQ version 5.14.1 but it didn't work too. activeMQ didn't even start whenever I try accessing the console with the user/password specified for read only user I get !role error.
Any ideas?
Thanks in advance!
found the answer in here I had to change class="org.eclipse.jetty.http.security.Constraint" to class="org.eclipse.jetty.util.security.Constraint" in step number 1
Links to Pivotal are dead. For those who want a simple solution you can change these lines from jetty.xml :
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,/admin/*,*.jsp" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
to
<bean id="securityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="securityConstraint" />
<property name="pathSpec" value="/api/*,*.jsp,*.html,*.png,*.css,/admin/js/*" />
</bean>
<bean id="adminSecurityConstraintMapping" class="org.eclipse.jetty.security.ConstraintMapping">
<property name="constraint" ref="adminSecurityConstraint" />
<property name="pathSpec" value="*.action" />
</bean>
I deployed my CAS server with OAuth protocol support
I've added this code to my deployerConfigContext.xml
<bean class="org.jasig.cas.services.RegisteredServiceImpl">
<property name="id" value="1"/>
<property name="name" value="the_key"/>
<property name="description" value="the_secret"/>
<property name="theme" value="my great webapp for OAuth"/>
<property name="serviceId" value="http://localhost:8080/cas/login"/>
<property name="evaluationOrder" value="10000001"/>
<property name="allowedAttributes">
<list>
<!-- facebook -->
<value>the_key</value>
<value>the_secret</value>
</list>
</property>
</bean>
and
<bean id="ticketRegistry" class="org.jasig.cas.ticket.registry.DefaultTicketRegistry">
<constructor-arg index="0" value="1000"/>
<constructor-arg index="1" value="1"/>
<constructor-arg index="2" value="16"/>
</bean>
to define my ticketRegistry
So my OAuth client secret code key is the_secret and the_key
but when I load this URL http://localhost:8080/cas/oauth2.0/accessToken?client_secret=the_secret&grant_type=refresh_token&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcas%2Flogin&code=0&client_id=the_key to test my OAuth protocol, I've got this exception
<Code Expired 0>
Why and how could I fix it?
You need to define two CAS services :
one for internal mechanism of OAuth server support (with CASservice.serviceId = http://localhost:8080/cas/oauth2.0/callbackAuthorize)
one for the each client OAuth application you want to authorize (with oauthclient.key = CASservice.name, oauthclient.secret = CASservice.description, oauthclient.redirect_uri should start with CASservice.serviceId).
The documentation : https://wiki.jasig.org/display/CASUM/OAuth+server+support, part 3...
I am trying to make Spring Security 3.05 to work with a modified UserDetailsContextMapper so that i can get a few more info out of LDAP they way i need to, a task that seems fairly straightforward, but had no success.
I have configured Spring Security to use LDAP authentication with the following beans:
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldaps://192.168.1.102:636" />
<property name="userDn" value="manager" />
<property name="password" value="password" />
</bean>
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userSearch">
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="" />
<constructor-arg index="1" value="(mail={0})" />
<constructor-arg index="2" ref="contextSource" />
</bean>
</property>
</bean>
</constructor-arg>
<property name="userDetailsContextMapper" ref="myContextMapper" />
</bean>
However even though i have defined myContextMapper as:
<bean id="myContextMapper" class="com.mypackage.MyLDAPUserDetailsMapper">
<property name="rolePrefix" value="TEST_PREFIX" />
</bean>
it does not work. meaning that the custom mapper is ignored (i get no debug output whatsoever).
p.s. applicationContext-security.xml can be seen below and apart from the custom UserDetailsMapper that's been ignored, authentication and role assignment is working fine.
<authentication-manager>
<ldap-authentication-provider server-ref="contextSource"/>
</authentication-manager>
You don't need to configure the in-built UserDetailsContextMapper classes. Spring Security automatically picks up the correct UserDetailsContextMapper based on the type of LdapUserDetails class requested, which is configured by user-details-class attribute of ldap-authentication-provider. If you are using your own context mapper then configure it using the attribute user-context-mapper-ref.