I am setting up wso2 API manager to use an external LDAP so it connects to my company's user base for logins but I am getting the following error which I can't find the reason:
2016-09-09 10:44:32,436 [-] [Start Level Event Dispatcher] ERROR Activator Cannot start User Manager Core bundle
java.lang.NullPointerException
at org.wso2.carbon.user.core.config.RealmConfigXMLProcessor.buildRealmConfiguration(RealmConfigXMLProcessor.java:367)
at org.wso2.carbon.user.core.config.RealmConfigXMLProcessor.buildRealmConfiguration(RealmConfigXMLProcessor.java:281)
at org.wso2.carbon.user.core.common.DefaultRealmService.buildBootStrapRealmConfig(DefaultRealmService.java:136)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:84)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:113)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
Here is my user-mgt.xml:
<UserManager>
<Realm>
<Configuration>
<AddAdmin>false</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>procergs-felipe-schnack</UserName>
<!-- Password>admin</Password -->
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName> <!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
</Configuration>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ReadOnly">true</Property>
<Property name="ConnectionURL">ldap://ldap1.procergs.reders:389</Property>
<Property name="ConnectionName">uid=wso2,ou=U4S,ou=PROCERGS,o=estado,c=br</Property>
<Property name="ConnectionPassword">xxxx</Property>
<Property name="UserSearchBase">ou=procergs,o=Estado,c=BR</Property>
<Property name="UserNameAttribute">uid</Property>
<Property name="UserNameSearchFilter">uid=?</Property>
<Property name="UserNameListFilter">(objectClass=posixAccount)</Property>
<Property name="DisplayNameAttribute">displayname</Property>
<Property name="ReadGroups">false</Property>
<Property name="GroupSearchBase">ou=system</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=groupOfNames)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="BackLinksEnabled">false</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._-|//]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">true</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
<Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
</UserStoreManager>
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">false</Property>
</AuthorizationManager>
</Realm>
</UserManager>
What I am missing? I tried to lookup the source code in wso2 SVN repo but I am still lost.
Thanks!
Actually you need to point to a existing user in your LDAP to be the super user of the system. The super user is a special user in the system which has all the permissions to manage the system. Hence this configuration is required. You can use Ciper tool to encrypt your password and store it. You can refer this.
Related
I've configured the wso2 api manager with external LDAP i.e. Microsoft Active Directory. Connectivity is set up and I'm able to see all the users in WSO2 apim user store which are present in AD. I have 4 following users in AD
Users : WSo2 Admin, WSO2 User1, WSO2 User2
But I'm able to login with just one user which I'm assigning the admin role in configuration file like below snippet.
<AdminUser>
<UserName>Wso2 Admin</UserName>
<Password>abcdef#01</Password>
</AdminUser>
Now I'll be only able to login with WSo2 Admin only, same happens for other users if I assign admin role in config file I'll be able to login.
But i want to login with every user which are present in AD i.e. WSo2 Admin, WSO2 User1, WSO2 User2
Here is my configuration file:
<?xml version="1.0" encoding="UTF-8"?>
<UserManager>
<Realm>
<Configuration>
<AddAdmin>false</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>Wso2 Admin</UserName>
<Password>abcdef#01</Password>
</AdminUser>
<EveryOneRoleName>everyone</EveryOneRoleName>
<!-- By default users in this role sees the registry root -->
<Property name="isCascadeDeleteEnabled">true</Property>
<Property name="initializeNewClaimManager">true</Property>
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
<UserStoreManager class="org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager">
<Property name="TenantManager">org.wso2.carbon.user.core.tenant.CommonHybridLDAPTenantManager</Property>
<Property name="ConnectionURL">ldap://test.xxxx.com:389</Property>
<Property name="ConnectionName">CN=Wso2 Admin,OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
<Property name="ConnectionPassword">abcdef#01</Property>
<Property name="AnonymousBind">false</Property>
<Property name="UserSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
<Property name="UserEntryObjectClass">user</Property>
<Property name="UserNameAttribute">cn</Property>
<Property name="UserNameSearchFilter">(&(objectClass=user)(cn=?))</Property>
<Property name="UserNameListFilter">(objectClass=user)</Property>
<Property name="DisplayNameAttribute"/>
<Property name="ReadGroups">true</Property>
<Property name="WriteGroups">true</Property>
<Property name="GroupSearchBase">OU=wso2test,DC=test,DC=xxxx,DC=com</Property>
<Property name="GroupEntryObjectClass">group</Property>
<Property name="GroupNameAttribute">cn</Property>
<Property name="GroupNameSearchFilter">(&(objectClass=group)(cn=?))</Property>
<Property name="GroupNameListFilter">(objectcategory=group)</Property>
<Property name="MembershipAttribute">member</Property>
<Property name="MemberOfAttribute">memberOf</Property>
<Property name="BackLinksEnabled">true</Property>
<Property name="Referral">follow</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="UsernameJavaRegExViolationErrorMsg">Username pattern policy violated</Property>
<Property name="PasswordJavaRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">^[\S]{5,30}$</Property>
<Property name="PasswordJavaRegExViolationErrorMsg">Password length should be within 5 to 30 characters</Property>
<Property name="RolenameJavaRegEx">[a-zA-Z0-9._\-|//]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">^[\S]{3,30}$</Property>
<Property name="SCIMEnabled">false</Property>
<Property name="IsBulkImportSupported">true</Property>
<Property name="EmptyRolesAllowed">true</Property>
<Property name="PasswordHashMethod">PLAIN_TEXT</Property>
<Property name="MultiAttributeSeparator">,</Property>
<Property name="isADLDSRole">false</Property>
<Property name="userAccountControl">512</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="MaxRoleNameListLength">100</Property>
<Property name="MembershipAttributeRange">1500</Property>
<Property name="kdcEnabled">false</Property>
<Property name="defaultRealmName">WSO2.ORG</Property>
<Property name="UserRolesCacheEnabled">true</Property>
<Property name="ConnectionPoolingEnabled">false</Property>
<Property name="LDAPConnectionTimeout">5000</Property>
<Property name="ReadTimeout"/>
<Property name="RetryAttempts"/>
</UserStoreManager>
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
<Property name="AdminRoleManagementPermissions">/permission</Property>
<Property name="AuthorizationCacheEnabled">true</Property>
<Property name="GetAllRolesOfUserEnabled">true</Property>
</AuthorizationManager>
</Realm>
</UserManager>
To the administrative console only admins (members of the admin group) are allowed to log in.
If you want any user to log in, you may try to find role Internal/everyone and add a permission Login to the role.
However the users by default will be able only to change their password (even that's not true until you use ldaps connection instead of ldap)
p:order="1" what does have it means to my application.
Is is any kind of priority of loading of beans classes in my application.
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<property name="order" value="2" />
<property name="interceptors">
<list>
<ref bean="localeChangeInterceptor"/>
</list>
</property>
<property name="defaultHandler">
<bean class="org.springframework.web.servlet.mvc.UrlFilenameViewController"/>
</property>
</bean>
<bean id="ajaxViewResolver" class="org.springframework.js.ajax.AjaxUrlBasedViewResolver" p:order="1">
<property name="viewClass" value="org.springframework.js.ajax.tiles3.AjaxTilesView"/>
</bean>
<bean id="tilesViewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver" p:order="2">
<property name="viewClass" value="org.springframework.web.servlet.view.tiles3.TilesView"/>
</bean>
in second code p:order="1" is the order of deployment/loading beans in container
I found It Helpful so sharing it.The order is an order of resolving the views by Spring framework.
Went to a blog and a documentation.
A spring Blog
Documentation
When chaining ViewResolvers, a UrlBasedViewResolver always needs
to be last, as it will attempt to resolve any view name, no matter whether
the underlying resource actually exists.
I am running postgres sql 9.2.1 and for the application I am building I am using Hibernate 4.2.8. I have enabled all the necessary stuffs concerning the batch processing in the hibernate config file. Also in my pojo I am using the GenerationType.SEQUENCE for my ids since I am using POstgres sequence features.
However whenever I am doing bacth update it only executes one request and return this :
o.h.e.j.batch.internal.BatchingBatch - Executing batch size: 1
This is portion of my hibernate config file:
<property name="hibernate.connection.driver_class">org.postgresql.Driver</property>
<property name="hibernate.connection.password">xxx</property>
<property name="hibernate.connection.url">jdbc:postgresql:testdb</property>
<property name="hibernate.connection.username">xxx</property>
<property name="hibernate.dialect">org.hibernate.dialect.PostgreSQL82Dialect</property>
<property name="hibernate.show_sql">true</property>
<property name="hibernate.current_session_context_class">thread</property>
<property name="hibernate.connection.autocommit">false</property>
<property name="hibernate.transaction.auto_close_session">false</property>
<property name="hibernate.transaction.flush_before_completion">false</property>
<property name="hibernate.default_entity_mode">pojo</property>
<property name="hibernate.jdbc.batch_size">40</property>
<property name="hibernate.cache.use_second_level_cache">false</property>
<property name="hibernate.order_updates">true</property>
<property name="hibernate.jdbc.batch_versioned_data">true</property>
<property name="hibernate.cache.use_query_cache">false</property>
<property name="hibernate.order_inserts">true</property>
Please assist me. I have done many searches so far but I have not come accross any that works for me.
I want to run the extension
("C:\Alfresco\tomcat\shared\classes\alfresco\extension\scheduled-action-services-context.xml)
I have made some changes in it, however when I restart the server I don't see it in my log files.
Do I need something else to start it.
EDIT:
Here is the content of my scheduled action services:
<!--
Define the model factory used to generate object models suitable for use with freemarker templates.
-->
<bean id="templateActionModelFactory" class="org.alfresco.repo.action.scheduled.FreeMarkerWithLuceneExtensionsModelFactory">
<property name="serviceRegistry">
<ref bean="ServiceRegistry"/>
</property>
</bean>
<!--
Execute the script /Company Home/Record Management/testscript.js
-->
<bean id="runScriptAction" class="org.alfresco.repo.action.scheduled.SimpleTemplateActionDefinition">
<property name="actionName">
<value>script</value>
</property>
<property name="parameterTemplates">
<map>
<entry>
<key>
<value>script-ref</value>
</key>
<!-- Note that as of Alfresco 4.0, due to a Spring upgrade, the FreeMarker ${foo} entries must be escaped -->
<value>\$\{selectSingleNode('workspace://SpacesStore', 'lucene', 'PATH:"/app:company_home/app:dictionary/app:scripts/cm:send_mail.js"' )\}</value>
</entry>
</map>
</property>
<property name="templateActionModelFactory">
<ref bean="templateActionModelFactory"/>
</property>
<property name="dictionaryService">
<ref bean="DictionaryService"/>
</property>
<property name="actionService">
<ref bean="ActionService"/>
</property>
<property name="templateService">
<ref bean="TemplateService"/>
</property>
</bean>
<!--
Run the script every minute - select the single node company home that is not used ...
-->
UNTIL_FIRST_FAILURE
IGNORE
lucene
workspace://SpacesStore
+#ia\:fromDate:\$\{luceneDateRange(now, \"P10D\")\} AND +PATH:"/app:company_home/st:sites/cm:prova/cm:calendar//*"</value>-->
+PATH:"/app:company_home/st:sites/cm:valdel/cm:calendar//*" AND +#ia\:fromDate:[NOW TO MAX]
</property>
<property name="cronExpression">
<value>0 * 8 * * ?</value>
</property>
<property name="jobName">
<value>jobD</value>
</property>
<property name="jobGroup">
<value>jobGroup</value>
</property>
<property name="triggerName">
<value>triggerD</value>
</property>
<property name="triggerGroup">
<value>triggerGroup</value>
</property>
<property name="scheduler">
<ref bean="schedulerFactory"/>
</property>
<property name="actionService">
<ref bean="ActionService"/>
</property>
<property name="templateActionModelFactory">
<ref bean="templateActionModelFactory"/>
</property>
<property name="templateActionDefinition">
<ref bean="runScriptAction"/> <!-- This is name of the action (bean) that gets run -->
</property>
<property name="transactionService">
<ref bean="TransactionService"/>
</property>
<property name="runAsUser">
<value>System</value>
</property>
</bean>
AND WHEN I CHECK THE STDOUT, I'M SEEEING THIS ERROR:
2012-03-30 11:00:00,230 ERROR [freemarker.runtime] [DefaultScheduler_Worker-8] Template processing error: "No nodes selected"
No nodes selected
The problematic instruction:
==> ${selectSingleNode('workspace://SpacesStore', 'lucene', 'PATH:"/app:company_home/app:dictionary/app:scripts/cm:send_mail.js"' )} [on line 1, column 1 in string://fixed]
Java backtrace for programmers:
freemarker.template.TemplateModelException: No nodes selected
at org.alfresco.repo.action.scheduled.FreeMarkerWithLuceneExtensionsModelFactory$QueryForSingleNodeFunction.exec(FreeMarkerWithLuceneExtensionsModelFactory.java:180)
Could someone explain me this.. I have written a cron to run every 8 minutes but its not working
"Run the extension" doesn't really make sense. When you start Tomcat, the Alfresco web application will load that Spring configuration file automatically because it is on the classpath (assuming you have set up your shared classloader correctly) and it ends in "context.xml". If you aren't seeing something you expect in the log files, check log4j.properties to make sure you have a logger set. If all else fails, use a remote debugger like Eclipse and set a breakpoint in one of the Java classes referred to by your context file.
Maybe your error is because of https://issues.alfresco.com/jira/browse/ALF-9981
I'm trying to set up an environment with Spring MVC and Apache Shiro. I'm following articles mentioned in shiro.apache.org.
I'm using Spring's DelegatingFilterProxy as Shiro Filter in web.xml.
The current filtering is done using :
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"/>
<property name="loginUrl" value="/login"/>
<property name="successUrl" value="/dashboard"/>
<property name="unauthorizedUrl" value="/unauthorized"/>
<property name="filterChainDefinitions">
<value>
/** = authc, user, admin
/admin/** = authc, admin
/login = anon
</value>
</property>
</bean>
Question is, how do I use shiro.ini file defining security settings?
You don't need to use shiro.ini. All of the rest of your configuration can (and should, since you're using ShiroFilterFactoryBean) be done in Spring.
For example, adding a securityManager and ehCache based cache manager to your shiroFilter:
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"/>
<property name="sessionMode" value="native"/>
<property name="sessionManager" ref="sessionManager"/>
<property name="cacheManager" ref="cacheManager"/>
</bean>
<bean id="cacheManager" class="org.apache.shiro.cache.ehcache.EhCacheManager">
<property name="cacheManager" ref="ehCacheManager"/>
</bean>
<bean id="ehCacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<bean id="sessionDAO"
class="org.apache.shiro.session.mgt.eis.EnterpriseCacheSessionDAO"/>
<bean id="sessionManager"
class="org.apache.shiro.web.session.mgt.DefaultWebSessionManager">
<property name="sessionDAO" ref="sessionDAO"/>
</bean>
<bean id="myRealm" class="com.foo.MyRealm"/>
You can check shiro documentation here http://shiro.apache.org/reference.html, it contains everything, in spring, as Les said, usually define different beans instead of using the shiro.ini file, but also you can use this file for authentication, use IniRealm like:
<bean id="myRealm" class="org.apache.shiro.realm.text.IniRealm">
<property name="resourcePath" value="classpath:/shiro.ini" />
</bean>
more detail refers to here