How can I encrypt the data config portion here?:
<dataConfig>
<dataSource type="JdbcDataSource" driver="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://127.0.0.1;databaseName=emp" user="user" password="user"/>
<document name="reviews">
<entity name="COMMON" query="select id,name from users" >
<field column="id" name="id"/>
<field column="name" name="name"/>
</entity>
</document>
</dataConfig>
Basically, I don't want to expose the user and password.
Alternately, if data config files cannot be encrypted (partly or completely), can I do indexing of a database using SolrJ such that I do not have to configure a data config file? That is, I pass the url and authentication parameters using SolrJ apis?
A more secure option, I would suggest is to configure a JNDI in your webserver.
How to configure a JNDI? This Page explains how to do so with Tomcat. It can be done for other popular webservers as well.
You can use the JNDI name in your data config file as follows:
< dataSource name="xyz" jndiName="jdbc/xyz" type="JdbcDataSource"/>
See: https://wiki.apache.org/solr/SolrConfigXml#System_property_substitution
You can keep them as properties in the file <solr.home>/conf/solrcore.properties and refer them in your data config. So your data-config.xml will be like:
<dataSource type="JdbcDataSource"
driver="com.microsoft.sqlserver.jdbc.SQLServerDriver"
url="jdbc:sqlserver://${jdbc.host}:${jdbc.port}/${db.name}"
user="${jdbc.username}"
password="${jdbc.password}"/>
where everything in ${...} is a property in solrcore.properties like:
jdbc.host=http://127.0.0.1
jdbc.port=3306
db.name=emp
...
Related
I have deployed WSO2ISasKM with WSO2APIM and I'm struggling to get the configuration right.
I can see there are a lot of scripts in the ../dbscripts folder. However, since I only share config+governance registry and userdb I created 2 dbs in which I only ran the script wso2is-km-5.7.0\dbscripts\postgresql.sql that created UM_ and REG_ tables. I am keeping the local registry in the WSO2CARBON_DB (H2). Is this correct?
I don't really make any use of scripts about IDENTITY and CONSENT that are shipped with the wso2IS binaries. Where should those scripts be launched?
I'm asking because there are some strange behaviour and errors about content in my logs.
This is how i configured the registry.xml of both IS and APIM:
<currentDBConfig>wso2registry</currentDBConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
<dbConfig name="wso2registry">
<dataSource>jdbc/WSO2CarbonDB</dataSource>
</dbConfig>
<dbConfig name="sharedregistry">
<dataSource>jdbc/WSO2REG_DB</dataSource>
</dbConfig>
<remoteInstance url="https://fqdn of the IS/APIM:9443/registry">
<id>sharedreg</id>
<cacheId>reg_db_owner#jdbc:postgresql://carbondb.postgresql-wso2.com:5432/wso2_carbon_shared_reg</cacheId>
<dbConfig>sharedregistry</dbConfig>
<readOnly>false</readOnly>
<enableCache>true</enableCache>
<registryRoot>/</registryRoot>
</remoteInstance>
<mount path="/_system/governance" overwrite="true">
<instanceId>sharedreg</instanceId>
<targetPath>/_system/governance</targetPath>
</mount>
<mount path="/_system/config" overwrite="true">
<instanceId>sharedreg</instanceId>
<targetPath>/_system/config</targetPath>
</mount>
This is how datasources got added in master-datasources.xml
<datasource>
<name>WSO2REG_DB</name>
<description>REGDB ON POSTGRES</description>
<jndiConfig>
<name>jdbc/WSO2REG_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:postgresql://carbondb.postgresql-wso2.com:5432/wso2_carbon_shared_reg</url>
<username>wso2</username>
<password>wso2</password>
<defaultAutoCommit>true</defaultAutoCommit>
<driverClassName>org.postgresql.Driver</driverClassName>
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
The UM_DB entry is identical but it point to another database.
I also noticed that for REG_DB and UM_DB, with Postgresql-11, I have to set the defaultAutocommit must be set to true to avoid error in writing the registry.
Can you also explain what are the purpose of IDENTITY and CONSENT related tables?I read the docs but couldn't understand the practical use of them.
Thanks in advance.
If you're using APIM with IS as KM, you need to share AM_DB as well. The script is inside dbscripts/apimgt/. That script includes both Identity and Consent scripts. So you can ignore Identity and Consent scripts.
See more in: https://docs.wso2.com/display/AM260/Configuring+WSO2+Identity+Server+as+a+Key+Manager
I am working with the Oracle Fusion Middleware 12.1.3, and I am developing a BPEL process which has to invoke a remote REST service that needs a Basic Authentication.
I created an External reference to the Rest Service, and in my composite.xml, it looks like this :
....
<component name="MyCompositeBASProcess" version="2.0">
<implementation.bpel src="BPEL/MyCompositeBASProcess.bpel"/>
<componentType>
<service name="mycompositebasprocess_client" ui:wsdlLocation="WSDLs/MyCompositeBASProcess.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/myPartitionSOA/MyCompositeBAS/MyCompositeBASProcess#wsdl.interface(MyCompositeBASProcess)"
callbackInterface="http://xmlns.oracle.com/myPartitionSOA/MyCompositeBAS/MyCompositeBASProcess#wsdl.interface(MyCompositeBASProcessCallback)"/>
</service>
<reference name="CMProxyRS" ui:wsdlLocation="WSDLs/CMProxyRS.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/myPartitionSOA/MyCompositeBAS/CMProxyRS#wsdl.interface(CMProxyRS_ptt)"/>
</reference>
</componentType>
<property name="bpel.config.oneWayDeliveryPolicy" type="xs:string" many="false">async.persist</property>
</component>
<reference name="CMProxyRS" ui:wsdlLocation="WSDLs/CMProxyRS.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/myPartitionSOA/MyCompositeBAS/CMProxyRS#wsdl.interface(CMProxyRS_ptt)"/>
<binding.rest config="Adapters/CMProxyRS.wadl" location="http://server_WITHOUT_basic-auth/cmproxy/resources/v2/" />
</reference>
....
With this code I invoke a REST service which is not secured by a BASIC_Auth, and it works fine.
Now, when I switch to a remote environment which needs a basic authentication, I did not manage to succeed.
I found some examples to invoke SOAP services with basic auth, but nothing really interesting for REST services. But, in the Oracle Fusion stack 12.1.3, REST services are "adapted" to SOAP services before being used, so I thought that I could use the examples I found.
So, I updated my composite.xml to add the user/password and the policy :
....
<reference name="CMProxyRS" ui:wsdlLocation="WSDLs/CMProxyRS.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/myPartitionSOA/MyCompositeBAS/CMProxyRS#wsdl.interface(CMProxyRS_ptt)"/>
<binding.rest config="Adapters/CMProxyRS.wadl" location="http://server_WITH_basic-auth/cmproxy/resources/v2/">
<wsp:PolicyReference URI="oracle/wss_username_token_client_policy" orawsp:category="security" orawsp:status="enabled"/>
<!-- <property name="oracle.webservices.auth.username">weblogic</property> -->
<!-- <property name="oracle.webservices.auth.password">password</property> -->
<property name="oracle.webservices.preemptiveBasicAuth">true</property>
<property name="javax.xml.ws.security.auth.username" many="false" override="may">weblogic</property>
<property name="javax.xml.ws.security.auth.password" many="false" override="may">password</property>
</binding.rest>
</reference>
....
As you can see, I tried with the javax.xml.ws.security.auth. properties and with the oracle.webservices.auth. properties. But both failed : on the remote, I do not get any Basic Authentication in the requests.
I also updated my CMProxyRS.wadl to add the Authorization key in the HTTP Header. For example :
<resources>
<resource path="/documents">
<method name="GET" soa:wsdlOperation="searchDocument">
<request>
<param name="Authorization" style="header" soa:expression="$msg.request/tns:Authorization" default="" type="xsd:string"/>
<param name="queryText" style="query" soa:expression="$msg.request/tns:queryText" default="" type="xsd:string"/>
<param name="fields" style="query" soa:expression="$msg.request/tns:fields" default="id,name,originalName,originalFormat,originalExtension,alternateFormat,alternateExtension,revision" type="xsd:string"/>
<param name="waitForIndexing" style="query" soa:expression="$msg.request/tns:waitForIndexing" default="false" type="xsd:boolean"/>
</request>
<response status="200">
....
And this Authorization was "replicated" in the WSDL.CMProxyRS.wsdl :
<element name="searchDocument_params">
<complexType>
<sequence>
<element name="Authorization" type="string"/>
<element name="queryText" type="string"/>
<element name="fields" type="string"/>
<element name="waitForIndexing" type="boolean"/>
</sequence>
</complexType>
</element>
This did not help. In fact, I am really not sure that what I added in my composite.xml (the properties username, password, preemptiveBasicAuth) is used by the SOA Engine to build the REST request.
(I would like to specify that it is not a user/password issue : when I test this REST query with the same user/password from Postman, it work fine.)
How can I manage to invoke a REST service with basic Authentication from a soa-composite ?
You can send custom HTTP headers in BPEL.
Take a look at this post. You need to add oracle.webservices.http.headers on the reference service and then you can populate variables and send them on your REST invoke acticity in BPEL.
You can try OWSM oracle/http_jwt_token_client_policy to pass the required headers in the request.
I had the same issue initially trying to invoke WADL from Oracle SOA 12c.
It started working after applying the following OWSM security policy:
oracle/http_jwt_token_client_policy
I used the following code in c# to get policies\rules from deployed application in BizTalk server.
BTSTask.exe ListApp -ApplicationName:"EAISolution" -ResourceSpec:"c:\EAISolution.PolicyInf
o.xml" /Server:VHYDTRBELSUP-02 /Database:BizTalkMgmtDb
From above command I got the output as below
<?xml version="1.0" encoding="utf-16" ?>
<ResourceSpec xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" ApplicationName="EAISolution" xmlns="http://schemas.microsoft.com/BizTalk/ApplicationDeployment/ResourceSpec/2004/12">
<Resources>
<Resource Type="System.BizTalk:BizTalkAssembly" Luid="EAIOrchestration, Version=1.0.0.0, Culture=neutral, PublicKeyToken=97e0f507fd7fd10d" />
<Resource Type="System.BizTalk:BizTalkAssembly" Luid="EAIServices, Version=1.0.0.0, Culture=neutral, PublicKeyToken=97e0f507fd7fd10d" />
<Resource Type="System.BizTalk:BizTalkAssembly" Luid="FFSchemasTest, Version=1.0.0.0, Culture=neutral, PublicKeyToken=97e0f507fd7fd10d" />
<Resource Type="System.BizTalk:Rules" Luid="RULE/ProcessPurchaseOrder/1.0" />
<Resource Type="System.BizTalk:BizTalkBinding" Luid="Application/EAISolution" />
</Resources>
</ResourceSpec>
and from BizTalk server I got the below output using policy export in BizTalk server administration
<?xml version="1.0" encoding="utf-8" ?>
<brl xmlns="http://schemas.microsoft.com/businessruleslanguage/2002">
<ruleset name="ProcessPurchaseOrder">
<version major="1" minor="0" description="" modifiedby="username" date="2013-05- 27T12:04:55.6121122+05:30" />
<configuration />
<bindings>
<xmldocument ref="xml_31" doctype="RuleTest.PO" instances="16" selectivity="1" instance="0">
<selector>/*[local-name()='PurchaseOrder' and namespace-uri() ='http://EAISolution.PurchaseOrder']/*[local-name()='Item' and namespace-uri()='']</selector>
<selectoralias>/PurchaseOrder/Item</selectoralias>
<schema>....\PO.xsd</schema>
</xmldocument>
<xmldocument ref="xml_32" doctype="RuleTest.PO" instances="16" selectivity="1" instance="0">
<selector>/*[local-name()='PurchaseOrder' and namespace-uri()='http://EAISolution.PurchaseOrder']
</selector>
<selectoralias>/PurchaseOrder</selectoralias>
<schema>....\PO.xsd</schema>
</xmldocument>
</bindings>
<rule name="ApprovalRule" priority="0" active="true">
<if>
<compare operator="less than or equal to">
<vocabularylink uri="3f0e9bcc-6212-4e6a-853c-e517f157a626" element="d4eb2deb-06d3-42c4-af49-ceb21331b1cc" />
<lhs>
<function>
<xmldocumentmember xmldocumentref="xml_31" type="int" sideeffects="false">
<field>*[local-name()='Quantity' and namespace-uri()='']</field>
<fieldalias>Quantity</fieldalias>
</xmldocumentmember>
</function>
</lhs>
<rhs>
<constant>
<int>500</int>
</constant>
</rhs>
</compare>
</if>
<then>
<function>
<xmldocumentmember xmldocumentref="xml_32" type="string" sideeffects="true">
<field>*[local-name()='Status' and namespace-uri()='']</field>
<fieldalias>Status</fieldalias>
<argument>
<constant>
<string>Approved</string>
</constant>
</argument>
</xmldocumentmember>
</function>
</then>
</rule>
</ruleset>
</brl>
So please let me know how to get the output of second using command line.
BTSTask will only export the policy as part of an MSI (see below).
You could then extract the MSI (see How to extract msu/msp/msi fileds from the command line) to get the policy file.
From How to Import a Policy
BTSTask does not provide a specific command for importing (or exporting) policies; however you can use the ExportApp command of BTSTask to selectively export only the policies in an application that you want, including no other application artifacts. Then you can use the ImportApp command to import the .msi file into an application in a different BizTalk group. This is the approach described in this topic. When you do this, the policy is automatically imported and published in the BizTalk group and added to the specified application.
The below steps will get export the policy, but as part of an MSI.
From How to Export a Policy
Use the BTSTask ListApp command with the /ResourceSpec option to generate an XML file that lists the artifacts in the BizTalk application from which you want to export a policy, as described in ListApp Command.
Edit the XML file generated in the previous step, deleting all of the artifacts except for the policy or policies that you want to export.
Use the BTSTask ExportApp command, and specify the modified XML file for the /ResourceSpec parameter. For more information, see ExportApp Command.
BTSTask exports the specified policies and all of their associated vocabularies into an application .msi file.
I want to enable "Directory Browsing" for the for the following virtual web directory using WIX.
<iis:WebVirtualDir Id="LogsVirDir" Alias="Logs" Directory="ESGLOGFILES" />
How do I accomplish this using WIX?
Wouldn't a simpler solution be to use the web.config system.webserver property like :
<directoryBrowse enabled="true"/>
Based on my research Wix currently does not have any capability to enable Directory Browsing using the standard set of actions. The one way I have found to do this is using a combination of Wix Custom Actions and IIS's Appcmd.exe. Note this command will create a web.config file if one does not exist.
<CustomAction Id="EnableDirectoryBrowsing"
Execute="deferred"
ExeCommand='[WindowsFolder]system32\inetsrv\APPCMD.EXE set config "ESG Website/logs" /section:directoryBrowse /enabled:true'
Directory="TARGETDIR"
Return="check"
Impersonate="no"/>
<InstallExecuteSequence>
<Custom Action="EnableDirectoryBrowsing" Before="InstallFinalize">Not Installed</Custom>
</InstallExecuteSequence>
Im using wix v3.8
try adding ConfigurableDirectory in your Feature
ex: <Feature Id='TestName' Title='Test Web' ConfigurableDirectory='INSTALLDIR' Level='1'>
Use the following code
<Control Id="Browse" Type="PushButton" X="304" Y="210" Width="56" Height="17" Text="!(loc.CustomizeDlgBrowse)">
<Publish Event="SelectionBrowse" Value="BrowseDlg">1</Publish>
</Control>
Take the value of this in the variable you want and use it.
I am working on big ASP.NET project(we using ASP.NET 3.5) which comprised of 5 different WebSites and some shared assemblies. Recently I added custom section into web.config files for each site. When I deploy all these applications, each site is deployed separately under same app pool.
Is there any way to make this section editable in IIS on site level, just like you can edit ConnectionString section for each site?
Sections I added all look like this:
<sectionGroup name="RegistriesCustomSettings">
<section name="RegistriesSettings"
type="Registries.Business.Utilities.RegistriesConfigurations"/>
</sectionGroup >
<RegistriesCustomSettings>
<RegistriesSettings ContextCommandTimeout="30"
logLinq="true" DisplayUser="true" BaseReportPath="/DDD/"
ReportingServer="http://patriot-regdev:8000/ReportServer"
TopInstitution="1000001" />
</RegistriesCustomSettings>
We using are IIS 7.0, 2008 RC 2.
Yes there is a way to do this by extending the IIS configuration schema.
Create a file called RegistriesSchema.xml and copy and paste the following XML:
<configSchema>
<sectionSchema name="RegistriesCustomSettings">
<element name="RegistriesSettings">
<attribute name="ContextCommandTimeout"
type="int"
validationType="integerRange"
validationParameter="1,600"
allowInfinite="true"
defaultValue="30" />
<attribute name="logLinq"
type="bool"
defaultValue="True" />
<attribute name="DisplayUser"
type="bool"
defaultValue="True" />
<attribute name="BaseReportPath"
type="string"
validationType="nonEmptyString" />
<attribute name="ReportingServer"
type="string"
validationType="nonEmptyString" />
<attribute name="TopInstitution"
type="string"
validationType="nonEmptyString" />
</element>
</sectionSchema>
</configSchema>
Grab a copy of a tool called IisSchema.exe from here:
IISSCHEMA.EXE - A tool to register IIS7 configuration sections
Unzip and make sure both the exe and the xml schema file are in the same folder.
From an administrator command line (i.e. open cmd.exe using "Run As Administrator"):
IISSCHEMA.EXE /install RegistriesSchema.xml
This will do two things:
drops the schema file into %systemroot%\system32\inetsrv\config\schema
adds the following XML to applicationHost.config:
<section name="RegistriesCustomSettings"
overrideModeDefault="Allow"
allowDefinition="Everywhere" />
4 . Launch IIS Manager and open the feature settings for your website and open the Configuration Editor:
5 . Select the Section drop down list:
If all is good you should see "RegistriesCustomSettings", select this item.
6 . You can now edit these settings and they'll be added to your site's web.config file:
This is just a demonstration so the schema settings may not be quite right and will probably need some fine tuning.
What To Do With <sectionGroup name="RegistriesCustomSettings">?:
You will still need to add the configSection/sectionGroup xml to your web.config file for each site or you could add it to the root machine.config file for whatever version of ASP.NET you're using, i.e.:
For .NET Framework 2.0 (which also applies to .NET3.0 and 3.5):
%systemroot%\Microsoft.NET\Framework\v2.050727\CONFIG\machine.config
%systemroot%\Microsoft.NET\Framework64\v2.050727\CONFIG\machine.config
For .NET Framework 4.0:
%systemroot%\Microsoft.NET\Framework\v4.0.30319\CONFIG\machine.config
%systemroot%\Microsoft.NET\Framework64\v4.0.30319\CONFIG\machine.config
If you put your assembly's configSection/sectionGroup in your machine.config file(s) then you don't need to declare it in every site's web.config. If quite a few sites are going to be using this assembly then this may be good timesaver.
Update:
There seems to be a bug or limitation in the IIS7.5 Configuration Editor. It appears that if you have your own custom configSections <sectionGroup> or <section> declarations in your site's web.config file this breaks the IIS7.5 Configuration Editor. I'm trying to get to the bottom of this:
ASP.NET custom configuration section declaration breaks IIS Manager Configuration Editor
Update 2:
I think the MS docs on this are a bit bogus particularly where your custom config section needs to be consumable by ASP.NET and editable in the IIS Manager Configuration Editor. The trick seems to be to declare the schema as follows in the RegistriesSchema.xml file:
<configSchema>
<sectionSchema name="RegistriesCustomSettings/RegistriesSettings">
<attribute name="ContextCommandTimeout"
type="int"
validationType="integerRange"
validationParameter="1,600"
allowInfinite="true"
defaultValue="30" />
<attribute name="logLinq"
type="bool"
defaultValue="True" />
<attribute name="DisplayUser"
type="bool"
defaultValue="True" />
<attribute name="BaseReportPath"
type="string"
validationType="nonEmptyString" />
<attribute name="ReportingServer"
type="string"
validationType="nonEmptyString" />
<attribute name="TopInstitution"
type="string"
validationType="nonEmptyString" />
</sectionSchema>
</configSchema>
Also, and importantly, remove the section reference from applicationHost.config:
<section name="RegistriesCustomSettings"
overrideModeDefault="Allow"
allowDefinition="Everywhere" />
This is not required.
Additionally, you don't actually need to use the iisschema.exe tool, just grab a copy of NotePad2 (it's a 64bit editor, you need this to edit anything in inetsrv\config) and create the RegistriesSchema.xml file directly in inetsrv\config\schema.
You can find out more about extending the IIS7 schema here:
Extending IIS 7.0 Schema and Accessing the Custom Sections Using MWA
You can poke about the existing schema files to learn more about how to construct these settings. They can be found in:
%systemroot%\system32\inetsrv\config\schema
Caveat: The example above was tested on IIS7.5 x64 RTM on Windows 7 x64 Ultimate. You mention that you're running a release candidate so your mileage may vary because of that.