I have a web application running on Apache Tomcat 8.x. I have my custom users configured in tomcat-users.xml as follows.
<role rolename="admin"/>
<role rolename="user"/>
<user username="admin" password="admin" roles="admin, user"/>
<user username="user1" password="password1" roles="user"/>
<user username="user2" password="password2" roles="user"/>
I also have the following in tomcat-users.xml so that I can access the Tomcat admin console.
<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>
Is there a way, I could use the Tomcat Admin console to add more users to tomcat-users.xml without having to edit the xml file manually?
No.
If you need to secure your application with something that will have access to manage its own users then you should move away from text files.
Related
I have deployed WSO2ISasKM with WSO2APIM and I'm struggling to get the configuration right.
I can see there are a lot of scripts in the ../dbscripts folder. However, since I only share config+governance registry and userdb I created 2 dbs in which I only ran the script wso2is-km-5.7.0\dbscripts\postgresql.sql that created UM_ and REG_ tables. I am keeping the local registry in the WSO2CARBON_DB (H2). Is this correct?
I don't really make any use of scripts about IDENTITY and CONSENT that are shipped with the wso2IS binaries. Where should those scripts be launched?
I'm asking because there are some strange behaviour and errors about content in my logs.
This is how i configured the registry.xml of both IS and APIM:
<currentDBConfig>wso2registry</currentDBConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
<dbConfig name="wso2registry">
<dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>
<dbConfig name="sharedregistry">
<dataSource>jdbc/WSO2REG_DB</dataSource>
</dbConfig>
<remoteInstance url="https://fqdn of the IS/APIM:9443/registry">
<id>sharedreg</id>
<cacheId>reg_db_owner#jdbc:postgresql://carbondb.postgresql-wso2.com:5432/wso2_carbon_shared_reg</cacheId>
<dbConfig>sharedregistry</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount path="/_system/governance" overwrite="true">
<instanceId>sharedreg</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
<mount path="/_system/config" overwrite="true">
<instanceId>sharedreg</instanceId>
<targetPath>/_system/config</targetPath>
</mount>
This is how datasources got added in master-datasources.xml
<datasource>
<name>WSO2REG_DB</name>
<description>REGDB ON POSTGRES</description>
<jndiConfig>
<name>jdbc/WSO2REG_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:postgresql://carbondb.postgresql-wso2.com:5432/wso2_carbon_shared_reg</url>
<username>wso2</username>
<password>wso2</password>
<defaultAutoCommit>true</defaultAutoCommit>
<driverClassName>org.postgresql.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
The UM_DB entry is identical but it point to another database.
I also noticed that for REG_DB and UM_DB, with Postgresql-11, I have to set the defaultAutocommit must be set to true to avoid error in writing the registry.
Can you also explain what are the purpose of IDENTITY and CONSENT related tables?I read the docs but couldn't understand the practical use of them.
Thanks in advance.
If you're using APIM with IS as KM, you need to share AM_DB as well. The script is inside dbscripts/apimgt/. That script includes both Identity and Consent scripts. So you can ignore Identity and Consent scripts.
See more in: https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
Does anyone have an example of how to publish verification result back to the pact broker ?
I'm using maven implementation for all phases (Generate/Publish and verify)
The only page I found is this one: https://github.com/pact-foundation/pact_broker/wiki/Provider-verification-results
but it is not clear to me how to implement it by maven provider plugin
I believe this is the documentation you are looking for.
https://github.com/DiUS/pact-jvm/tree/master/pact-jvm-provider-maven#publishing-verification-results-to-a-pact-broker-version-354
Be aware that there is currently no configuration option to turn off the publishing of verifications when running verifications from your local machine (Ron will be adding it soon) so you need to ensure that your CI always runs after your local tests!
Thanks #Beth
I had to add the following section into my plugin setup in order to publish the results back:
<pactBroker>
<url></url>
<authentication>
<username></username>
<password></password>
</authentication>
</pactBroker>
This is how my plugin looks like:
<plugin>
<groupId>au.com.dius</groupId>
<artifactId>pact-jvm-provider-maven_2.11</artifactId>
<version>3.5.5</version>
<configuration>
<pactBrokerUrl></pactBrokerUrl>
<pactBrokerUsername></pactBrokerUsername>
<pactBrokerPassword></pactBrokerPassword>
<projectVersion>1.0.0</projectVersion>
<serviceProviders>
<serviceProvider>
<name>${project.artifactId}</name>
<protocol>http</protocol>
<host>${K8S_APP_URL}</host>
<port>${K8S_NODE_PORT}</port>
<path>/</path>
<pactFileDirectory>target/pacts</pactFileDirectory>
<pactBroker>
<url></url>
<authentication>
<username></username>
<password></password>
</authentication>
</pactBroker>
</serviceProvider>
</serviceProviders>
</configuration>
</plugin>
I have an issue working in IBM Mobile First v7.0 Analytics console.
In analytics console the data was not loaded from mobile first server.but all data are stored in Worklight database...
The following configuration i did for my application and deployed in production server...
Worklight.proerties file enable JNDI proerties
wl.analytics.url=http://192.168.1.3:9080/analytics-service/data
wl.analytics.console.url=http://192.168.1.3:9080/analytics/console
Keep the analytics.ear file in my application foler...
C:\IBM\WebSphere\Liberty\usr\servers\testserver\apps
Server.xml
<feature>jndi-1.0</feature>
</featureManager>
<application location="analytics.ear"
name="analytics-ear"
type="ear">
<application-bnd>
<security-role name="worklightadmin">
<user name="admin"/>
</security-role>
<security-role name="worklightdeployer">
<user name="deployer"/>
</security-role>
<security-role name="worklightmonitor">
<user name="monitor"/>
</security-role>
<security-role name="worklightoperator">
<user name="operator"/>
</security-role>
</application-bnd>
</application>
If I did any mistake, kindly anyone help me
Since you are using security roles on your analytics console you need to send data with a username and password. Inside your server.xml for your Operations Console, you can set these username and password with the following JNDI properties:
<jndiEntry jndiName="AppName/wl.analytics.username" value="admin"/>
<jndiEntry jndiName="AppName/wl.analytics.password" value="admin"/>
Also, make sure that your security roles an constraints match your server.xml to the WEB.xml in your analytics-service.war. Default is the security configuration below:
<security-constraint>
<security-role>
<role-name>worklightadmin</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>allAccess</web-resource-name>
<url-pattern>/data/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>worklightadmin</role-name>
<role-name>worklightdeployer</role-name>
<role-name>worklightmonitor</role-name>
<role-name>worklightoperator</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
The role-names will need to match the names that you use in your basic registry.
I've just created a WiX v3.5 installer to install my Web application to IIS7. I have custom actions to allow the user to choose which website and app pool they want and to name the Virtual directory via the dialogs.
But now I've come to authentication and I'm stumped. I am trying to enable impersonation and allow the user to enter their impersonation login and password. I had this working fine in my Visual Studion 2010 setup projects so now I need to replicate the same in WiX.
Aparently this can be done via an appcmd as per this question: Is setting "ASP.NET Impersonation" possible using WiX 3.x with IISExtension? but I can't seem to get this working. Can i add this in my product.wxs and wrap it in a custom action? Any ideas anyone? Any help would be appreciated?
appcmd set config /commit:WEBROOT/section:identity /impersonate:true
Hi I managed to get this working myself , so if anyone else is having the same issue , i fixed this by modifying my web.config during my install:
To do this i added the following code to my product.wsx to edit my web.config , using properties which i assigned to text boxes in a new dialog to allow the user to enter the impersonation username and password on install :
<Component Id="Web.config" Guid="2ED81B77-F153-4003-9006-4770D789D4B6">
<File Id="Web.config" Name="Web.config" Source="$(var.SolutionDir)MyWebApp\Web.config" DiskId="1" KeyPath="yes" />
<util:XmlFile Id="system.webidentity" File="[INSTALLLOCATION]Web.config" Action="createElement" ElementPath="/configuration/system.web" Name="identity" Sequence="1" />
<util:XmlFile Id="system.webIdentityAttribute" Action="setValue" File="[INSTALLLOCATION]Web.config" ElementPath="/configuration/system.web/identity" Name="impersonate" Value="true" Sequence="2" />
<util:XmlFile Id="system.webIdentityAttribute2" Action="setValue" File="[INSTALLLOCATION]Web.config" ElementPath="/configuration/system.web/identity" Name="password" Value="[IMPERSONATIONUSERPASSWORD]" Sequence="3" />
<util:XmlFile Id="system.webIdentityAttribute3" Action="setValue" File="[INSTALLLOCATION]Web.config" ElementPath="/configuration/system.web/identity" Name="userName" Value="[IMPERSONATIONUSER]" Sequence="4" />
Note if you are adding your files automatically to your Wix project using msbuild and heat , you'll have to ensure you arent copying your web.config here , or if you are , remove my web.config your Target settings. Otherwise you'll get duplication errors .
<Target Name="BeforeBuild">
<MSBuild Projects="%(ProjectReference.FullPath)" Targets="Package" Properties="Configuration=$(Configuration);Platform=AnyCPU" Condition="'%(ProjectReference.PackageThisProject)'=='True'" />
<Delete Files="%(ProjectReference.RootDir)%(ProjectReference.Directory)obj\$(Configuration)\Package\PackageTmp\web.config">
</Delete>
<PropertyGroup>
<LinkerBaseInputPaths>%(ProjectReference.RootDir)%(ProjectReference.Directory)obj\$(Configuration)\Package\PackageTmp\</LinkerBaseInputPaths>
</PropertyGroup>
<HeatDirectory OutputFile="%(ProjectReference.Filename).wxs" Directory="%(ProjectReference.RootDir)%(ProjectReference.Directory)obj\$(Configuration)\Package\PackageTmp\" DirectoryRefId="INSTALLLOCATION" ComponentGroupName="%(ProjectReference.Filename)_Project" SuppressCom="true" SuppressFragments="true" SuppressRegistry="true" SuppressRootDirectory="true" AutoGenerateGuids="false" GenerateGuidsNow="true" ToolPath="$(WixToolPath)" Condition="'%(ProjectReference.PackageThisProject)'=='True'" /> </Target>
I have installed Tridion UI and getting below warning in the log file. Except this warning nothing is logged wrong in the log files even in debug mode.
“WARN AmbientDataContext - There is no current ambient data context -
the ambient data framework is not properly initialised”
This warning get logged in my session preview web service cd_core.2012-11-11.log file and in same log file of staging web application also.
I am suspecting that due to this warning I am not getting updated preview of page in the UI interface. Please see below attached screenshot for the UI error –
I also tried to update the preview by clicking on "update the page preview" button, but no luck.
To resolve this error I followed almost all answers related to this in the stack overflow.
If I refer the answer in this below question.
Tridion UI - Preview Not Updating
So we are correct on this point as content get published in the right place always. I would like to explore the similar point from the setting in the cd_dynamic_conf.xml of Session Preview service is something like below –
<URLMappings>
<StaticMappings>
<Publications>
<Publication Id="241">
<Host Domain="xyz" Port="80" Protocol="http" Path="/" />
</Publication>
<Publication Id="121">
<Host Domain="xyz" Port="80" Protocol="http" Path="/" />
</Publication>
</Publications>
</StaticMappings>
<StorageMapping IdentifyPublicationByProperty="publicationUrl"/>
</URLMappings>
And in the of the staging application
<URLMappings>
<StaticMappings>
<Publications>
<Publication Id="241">
<Host Domain="xyz" Port="80" Protocol="http" Path="/" />
</Publication>
</Publications>
</StaticMappings>
<StorageMapping IdentifyPublicationByProperty="publicationUrl"/>
</URLMappings>
And SiteEdit mark-up get created something like this –
For component presentation
<!-- Start SiteEdit Component Presentation: {"ID":"cp_5", "ComponentID":"tcm:240-22393", "ComponentVersion":19, "ComponentTemplateID":"tcm:240-23899-32", "IsQueryBased":false} -->
For page setting
<!-- SiteEdit Settings: {"PageID":"tcm:240-22507-64", "PageVersion":49, "TargetTypeID":"tcm:0-1-65438", "ComponentPresentationLocation":1} -->
Here I want to highlight few Important points as below -
1- I have web site in 2 languages one with /en and one with /fr under the same IIS directory.
In above setting publication id 241 is for my en version of website .so I also tried below setting
<Publication Id="240">
<Host Domain="xyz" Port="80" Protocol="http" Path="/en" />
</Publication>
But again no luck.
I can provide more information such as log files etc., if they are still required to investigate the issue.
Please help me to get rid of this very irritating issue on very earlier basis.
Edit -1 Please also find below config files for same
cd_ambient_conf.xml for Session Preview webservice
<?xml version="1.0" encoding="UTF-8" standalone="no" ?>
<Configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Version="6.1" xsi:noNamespaceSchemaLocation="schemas/cd_ambient_conf.xsd">
<!-- Cookies settings -->
<!-- <Cookies> <Cookie Type="Tracking" Name="myTrackingCookie" Path="/"/> <Cookie Type="Session" Name="mySessionCookie" Path="/"/> </Cookies> -->
<Cartridges>
<!-- Example cartridge definition -->
<!--
<Cartridge File="cd_ambient_cartridge_conf.xml"/>
-->
<Cartridge File="cd_webservice_preview_cartridge.xml"/>
</Cartridges>
</Configuration>
cd_ambient_conf.xml for stagging website
<?xml version="1.0" encoding="UTF-8"?>
<Configuration Version="6.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="schemas/cd_ambient_conf.xsd">
<Cartridges>
<Cartridge File="cd_webservice_preview_cartridge.xml"/>
<Cartridge File="footprint_cartridge_conf.xml"/>
</Cartridges>
<ClaimStoreProvider>com.tridion.siteedit.preview.PreviewClaimStoreProvider</ClaimStoreProvider>
</Configuration>
cd_ambient_cartridge_conf.xml for Staging website
<ClaimProcessorDefinitions>
<ClaimProcessorDefinition Uri="tcd:claimprocessor:example:userdetails" ImplementationClass="com.tridion.ambientdata.processing.ExampleClaimProcessor1"
Description="Example claim processor that gets user details.">
<RequestStart>
<InputClaims>
<ClaimDefinition Uri="tcd:claim:userid" />
</InputClaims>
<OutputClaims>
<ClaimDefinition Uri="tcd:claim:username" />
<ClaimDefinition Uri="tcd:claim:usersex" />
<ClaimDefinition Uri="tcd:claim:userage" />
</OutputClaims>
</RequestStart>
</ClaimProcessorDefinition>
<ClaimProcessorDefinition Uri="tcd:claimprocessor:example:example2"
ConfigProviderClass="com.tridion.ambientdata.processing.ExampleClaimProcessorConfigProvider" />
</ClaimProcessorDefinitions>
</CartridgeDefinition>
NOTE:- Reason why we have cd_ambient_cartridge_conf.xml for staging website and not for
Session preview website
during setting UI up , staging website was throwing an error in which it was expecting cd_ambient_cartridge_conf.xml file.So we put a sample file in this website.Even it is no where mentioned in the documentation to have this file. but in case of session preview website ,it was not expecting any such file.
You can safely ignore the WARN message in the log. Preview is not up to date message is unrelated to this WARN message.
If you are using virtual paths for your web sites (like /en, /fr etc..) then you need to have the hotfix "CD_2011.1.1.81686" installed on preview application. You do not need to add virtual paths to cd_dynamic_conf.xml file. You should keep it just "/"
Lastly, related to "preview is not up to date", You need to add the cd_ambient_catridge_conf.xml to your web service also in addition to your preview too. I don't believe this is documented but AFAIR you need to add this, I don't have my VM readily accessible but I can confirm this later. Please make sure you comment out all the Example ClaimProcessors.
Also, make sure you have Session Preview enabled in CMS , Inline Editing settings (Disable Session Preview should be NO)
Hope this helps.