my application is sending below request to print a document which has special characters
*<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<udp tag="crypto"><luid url="https://w3.servername.com/ocp/<FnQ+xwAAAYXgbc3dgA4=>.kuid" uid="Rm5RK3h3QUFBWVhnYmMzZGdBND0="/></udp>*
From my application, request goes to OCP client for document printing. OCP client is running on a remote machine and we see below error on OCP client side
2023-01-25 08:42:43,013 ERROR [upd-Dispatcher] - Problem with JAXB
javax.xml.bind.UnmarshalException: Premature end of file.
- with linked exception:
[org.xml.sax.SAXParseException; lineNumber: 1; columnNumber: 1; Premature end of file.]
Same setup/flow works fine with Jboss 6.4 server. I added below properties in standalone file in jboss 7.3 but nothing works out. Any idea how this can be addressed in Jboss 7.3?
<property name="org.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL" value="true"/>
<property name="tomcat.util.http.parser.HttpParser.requestTargetAllow" value="!"#$%&'()*+,-./:;<=>?#[]^_`{|}~"/>
I tried adding below properties to escape the special characters and I was expecting it to work like it works in jboss 6.4 and print the document.
?#[]^_`{|}~"/>
Related
I have a liberty server and an IHS server (both on different hosts). This is on rhel7.
I've followed a number of guides that I found that walk thru the setup of keystores and sharing of certs but still run into issues. For reference, I tried the methods detailed https://jazz.net/wiki/bin/view/Deployment/CreateIHSPLUGINFORLIBERTYPROFILE and https://www.ibm.com/support/knowledgecenter/en/SSEQTJ_9.0.5/com.ibm.websphere.ihs.doc/ihs/tihs_install_config_liberty.html.
A quick summary of what I have done this past attempt... On the liberty server I added the following to my server.xml to add a plugin include (to keep things easier to read):
<include location="${server.config.dir}/plugin-join-include.xml" />
And the plugin-join-include.xml:
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="libertyKey" password="xxxx"
location="${server.config.dir}/resources/security/libkey.jks"/>
<pluginConfiguration webserverPort="10500" webserverSecurePort="10447"
pluginInstallRoot="/opt/IBM/wasadmin/Plugins"
sslKeyRingLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"
sslStashFileLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"
sslCertlabel="libertyKey"/>
On my IHS server the path for the root Plugin directory is as indicated above in the file at /opt/IBM/wasadmin/Plugins and the plugin-key.kdb and plugin-key.sth are located in the locations listed above.
I reboot the liberty server and it generated the plugin-cfg.xml in the logs/state directory:
<?xml version="1.0" encoding="UTF-8"?><!--HTTP server plugin config file for app generated on 2020.03.04 at 12:32:02 UTC-->
<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" ConfigHash="1077723051" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false">
<Log LogLevel="Error" Name="/opt/IBM/wasadmin/Plugins/logs/webserver1/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="PluginInstallRoot" Value="/opt/IBM/wasadmin/Plugins"/>
<!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->
<!-- The default_host contained only aliases for endpoint defaultHttpEndpoint.
The generated VirtualHostGroup will contain only configured web server ports:
webserverPort=10500
webserverSecurePort=10447 -->
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:10500"/>
<VirtualHost Name="*:10447"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="affms_default_node_Cluster" PostBufferSize="0" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60" ServerIOTimeoutRetry="-1">
<Server CloneID="412b3187-16c4-41b0-86e8-1e327c1c6b1b" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="20" MaxConnections="-1" Name="default_node_affms" ServerIOTimeout="900" WaitForContinue="false">
<Transport Hostname="libertyhost" Port="10500" Protocol="http"/>
<Transport Hostname="libertyhost" Port="10447" Protocol="https">
<Property Name="keyring" Value="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"/>
<Property Name="certLabel" Value="libertyKey"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="default_node_app"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="default_host_app_default_node_Cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/app/ui/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/adminCenter/*"/>
</UriGroup>
<Route ServerCluster="app_default_node_Cluster" UriGroup="default_host_app_default_node_Cluster_URIs" VirtualHostGroup="default_host"/>
I copy the plugin-cfg.xml over to the IHS server at /opt/IBM/wasadmin/Plugins/config/webserver1/plugin-cfg.xml
The plugin stuff works only the SSL portion between IHS and the app server give me issues.
On the IHS server I have created the plugin-key.kdb keystore with stash plugin-key.sth and imported the cert I extracted from the liberty server /opt/IBM/wlp/usr/servers/app/resources/security/key.p12 the default personal cert and copy it to the IHS server and add the default liberty cert to the plugin-key.kdb keystore.
At the bottom of the httpd.conf is:
LoadModule was_ap22_module /opt/IBM/wasadmin/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/wasadmin/Plugins/config/webserver1/plugin-cfg.xml
I bounce the apachectl and go to the url for the application on port 8443 https://hostname:8443/app/ui and get a "500 Internal Server Error".
The http_plugin.log plugin logs show:
[04/Mar/2020:18:23:48.31652] 00002f26 3cff9700 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=hostname,OU=app,O=ibm,C=us, Serial=xxxxxxxxxxx
[04/Mar/2020:18:23:48.31655] 00002f26 3cff9700 - ERROR: Ensure correct certificate is marked as default certificate in plugin-key.kdb. Consult documentation regarding Administering application security and Securing communications for more information.
[04/Mar/2020:18:23:48.31657] 00002f26 3cff9700 - ERROR: Last validation error [575010]: GSKVAL_ERROR_NO_CHAIN_BUILT
[04/Mar/2020:18:23:48.31658] 00002f26 3cff9700 - ERROR: Subject [[Class=]GSKVALMethod::PKIX[Issuer=]OU=memberRoot,O=xxxx-xxx-xxx-xxx-xxxxxxxx,DC=com.ibm.ws.collective[#=]082d6a83e5ec[Subject=]CN=hostname,OU=app,O=ibm,C=us] failed certificate validation
[04/Mar/2020:18:23:48.31659] 00002f26 3cff9700 - ERROR: X509 Certificate validation log: [[Class=]GSKVALMethod::PKIX[Time=]2020:3:4:18:23:48.316[buildChain=][Error=]GSKVAL_ERR_NO_CHAIN_BUILT[Info=]OU=memberRoot,O=xxx-xxx-xxx-xxx-xxx,DC=com.ibm.ws.collective[Cert=][Issuer=]OU=memberRoot,O=xxx-xxx-xxx-xxx-xxxx,DC=com.ibm.ws.collective[#=]082d6a83e5ec[Subject=]CN=hostname,OU=app,O=ibm,C=us[=Cert][=buildChain]^M
]
[04/Mar/2020:18:23:48.31664] 00002f26 3cff9700 - ERROR: ws_common: websphereGetStream: Could not open stream
[04/Mar/2020:18:23:48.31667] 00002f26 3cff9700 - ERROR: ws_common: websphereExecute: Failed to create the stream
[04/Mar/2020:18:23:48.31668] 00002f26 3cff9700 - ERROR: ws_common: websphereHandleRequest: Failed to execute the transaction to 'default_node_app' on host 'hostname:10447'; will try another one
[04/Mar/2020:18:23:48.31669] 00002f26 3cff9700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find an app server to handle this request
[04/Mar/2020:18:23:48.31670] 00002f26 3cff9700 - ERROR: ESI: getResponse: failed to get response: rc = 2
[04/Mar/2020:18:23:48.31671] 00002f26 3cff9700 - ERROR: [xxx.xx.xx.17://app/ui/] ws_common: websphereHandleRequest: Failed to handle request rc=2
Thank you!
You said "imported" I assume this means an "add" operation in ikeyman/gskcmd/gskcapicmd? The two verbs in these tools have a different meaning.
I suspect you added the issued certificate (CN=hostname...) instead of the CA that issued the certificate (memberroot). The debug information in the WAS Plugin message implies that it couldn't chase the certificate up to a trusted root (as opposed to finding some X509 error w/ the root it had access to).
But, it could also be that you imported the "wrong" certificate with cn=memberroot. WebSphere does not always add the necessary Subject Key Identifier/Authority Key Identifier to be sure, so check carefully.
Ok, I got this working finally. It seems having a collective setup which used DefaultKeyStore id was somehow causing conflict with my Liberty plugin keystore.
I ended up re-creating everything (plugin-key.kdb keystore and the liberty plugin keystore which I named LibertyKeystore.jks). I dumped the collective stuff (not needed at this time anyways) and made an include as above called plugin-join-include.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<server description="IHS plugin join include file">
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="password"
location="${server.config.dir}/resources/security/LibertyKeystore.jks" />
<pluginConfiguration webserverPort="80" webserverSecurePort="8443"
pluginInstallRoot="/opt/IBM/wasadmin/Plugins"
sslKeyRingLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"
sslStashFileLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"
sslCertlabel="LibertyKeystore"/>
</server>
I exchanged keys between the liberty server LibertyKeystore.jks and the IHS plugin-key.kdb keystores and pushed the newly generated plugin to the IHS server and bounced everything and it all seems to function without issue.
I do now notice in the /opt/IBM/wasadmin/HTTPServer/logs the error log streams:
[Wed Mar 04 21:32:28 2020] [error] [client xxx.xx.xx.17:65261] [7ff5a0000910] [19831] SSL0279E: SSL Handshake Failed due to fatal alert from client. Client sent fatal alert [level 2 (fatal), description 46 (certificate_unknown)] [xxx.xx.xx.17:65261 -> xxx.xx.xx.87:8443] [21:32:28.000934048] 0ms
The access logs show 200's. Maybe a non plugin "issue" at this point.
My app uses Hibernate and c3po, and isn't starting under windows 10 + eclipse Oxygen + Tomcat 8, while under Linux works fine with the same configuration.
These are some lines the console shows when starting Tomcat
2017/11/27 18:21:03 WARN com.mchange.v2.async.ThreadPoolAsynchronousRunner - com.mchange.v2.async.ThreadPoolAsynchronousRunner$DeadlockDetector#15cc07ce -- APPARENT DEADLOCK!!! Creating emergency threads for unassigned pending tasks!
This should a connection problem as reported here .
This seems confirmed by an exception I get:
2017/11/27 18:21:14 WARN com.mchange.v2.resourcepool.BasicResourcePool - com.mchange.v2.resourcepool.BasicResourcePool$AcquireTask#1e723184 -- Acquisition Attempt Failed!!! Clearing pending acquires. While trying to acquire a needed new resource, we failed to succeed more than the maximum number of allowed acquisition attempts (30). Last acquisition attempt exception:
org.postgresql.util.PSQLException: FATALE: the remaining connection slots are reserveed to non replica superusers connections
at org.postgresql.core.v3.ConnectionFactoryImpl.readStartupMessages(ConnectionFactoryImpl.java:469)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:112)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:66)
at org.postgresql.jdbc2.AbstractJdbc2Connection.<init>(AbstractJdbc2Connection.java:125)
at org.postgresql.jdbc3.AbstractJdbc3Connection.<init>(AbstractJdbc3Connection.java:30)
at org.postgresql.jdbc3g.AbstractJdbc3gConnection.<init>(AbstractJdbc3gConnection.java:22)
at org.postgresql.jdbc4.AbstractJdbc4Connection.<init>(AbstractJdbc4Connection.java:30)
at org.postgresql.jdbc4.Jdbc4Connection.<init>(Jdbc4Connection.java:24)
at org.postgresql.Driver.makeConnection(Driver.java:393)
From postgresql log I see there are many connection until the db says it cannot allocate more. The connections are far above 10, while I have this in my hibernate.cfg.xml
<property name="hibernate.c3p0.min_size">1</property>
<property name="hibernate.c3p0.max_size">3</property>
<property name="hibernate.c3p0.timeout">1800</property>
<property name="hibernate.c3p0.max_statements">50</property>
<property name="hibernate.c3p0.idle_test_period">3000</property>
psql -h localhost -U user db works fine
I used Wireshark and RawCap under Windows to capture the connections and it seems the connections are acquired, as the log says, but after seeing Postgres saying "ready for queries", they are closed, if I saw well.
What else can I look at to debug what's happening??
It turned out that I was using the wrong postgresql driver. I have java 8, and using PostgreSQL JDBC 4.2 Driver, 42.1.4 solved the issue.
I have followed this manual to migrate from GlassFish to WildFly:
http://wildfly.org/news/2014/02/06/GlassFish-to-WildFly-migration/
However I'm getting the following error when running my application in WildFly:
ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "exampleProject-ear-1.0-SNAPSHOT.ear")]) - failure description: {"WFLYCTL0180: Services with missing/unavailable dependencies" => [
"jboss.persistenceunit.\"exampleProject-ear-1.0-SNAPSHOT.ear/exampleProject-web-1.0-SNAPSHOT.war#exampleProjectPU\".FIRST_PHASE is missing [jboss.naming.context.java.jdbc.__TimerPool]",
"jboss.persistenceunit.\"exampleProject-ear-1.0-SNAPSHOT.ear/exampleProject-web-1.0-SNAPSHOT.war#exampleProjectPU\" is missing [jboss.naming.context.java.jdbc.__TimerPool]"
]}
The error talks about jboss.naming.context.java.jdbc.__TimerPool. Any idea of what should I do? I'm using WildFly 10 and MySQL as database.
Forget about this. __TimerPool was the name of a Datasource in GlassFish and I was using it without knowing it, I simply removed the persistence.xml file that contained it and it worked.
Check your standalone.xml. It must be having a datasource with pool-name "exampleProjectPU" . Something like this. Please remove the full xml block.
<datasources>
<datasource jndi-name="xxx:exampleProjectPU" pool-name="exampleProjectPU" enabled="true">
<connection-url>jdbc:oracle:thin:#//host:port/SID</connection-url>
<driver>oracle</driver>
<security>
<user-name></user-name>
<password></password>
</security>
</datasource>
Go to deployments folder and check if there is any sample project with name "example project.war". If yes, remove it and start the server again. It should work fine.
try to change your mysql-connecter to bin file like mysql-connector-java-5.1.47-bin
make sure the name in is the some in jndi-name
I'm using OpenAM, with its embedded OpenDJ as the LDAP service, to protect my web application running on JBoss 7.
When I start my JBoss I get this error:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ldapUserDN'
...
Caused by: javax.naming.NameNotFoundException: ldap/idp/userDN -- service jboss.naming.context.java.ldap.idp.userDN
So apparently Spring is looking for the JNDI node ldap/idp/userDN. But the jboss configuration file that I got with the project has these entries:
<simple name="ldap/opendj/url" value="ldap://localhost:50389"/>
<simple name="ldap/opendj/userDN" value="cn=Directory Manager"/>
<simple name="ldap/opendj/password" value="mypassword"/>
<simple name="ldap/opendj/baseDN" value="dc=opensso,dc=java,dc=net"/>
And these properties are added to my JNDI tree on JBoss.
If I change these to "ldap/idp/userDN", for instance, then I get rid of the error, but I was wondering if there's anywhere, where "ldap/opendj/userDN" should be mapped to "ldap/idp/userDN", that I've missed.
If you're using Spring LDAP, the actual configuration of the ldap-context-source goes in the a spring config file, and might look like this:
<jee:jndi-lookup jndi-name="ldap/idp/url" id="ldapUrl"/>
<jee:jndi-lookup jndi-name="ldap/idp/userDN" id="ldapUserDN"/>
<jee:jndi-lookup jndi-name="ldap/idp/password" id="ldapPassword"/>
<jee:jndi-lookup jndi-name="ldap/idp/baseDN" id="ldapBaseDN"/>
<ldap:context-source url="#{ldapUrl}"
username="#{ldapUserDN}"
password="#{ldapPassword}"
base="#{ldapBaseDN}"
native-pooling="true"/>
So the jndi entries in your jboss config file should match the ones above.
I get the following exception when deploying a JSR 286 portlet into Oracle WebLogic Server 11g (to deploy it later in Oracle WebCenter 11g):
<19-ene-2010 13H32' CET> <Error> <oracle.portlet.server.containerimpl.PortletApplicationImpl> <BEA-000000> <Error al procesar el archivo "/WEB-INF/portlet.xml" en la lÝnea 6 columna 68.
org.xml.sax.SAXParseException: cvc-elt.1: Cannot find the declaration of element 'portlet-app'
The error message is in spanish. It means:
"Error processing the file "/WEB-INF/portlet.xml at line 6 column 68"
The portlet.xml of my portlet seems to be correct and I've deployed it in other portal servers. So I don't understand the error message.
This is the portlet.xml of my portlet (eclipse XML validator said it was a valid XML)
<?xml version="1.0" encoding="UTF-8"?>
<portlet-app version="2.0"
xmlns="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd
http://java.sun.com/xml/ns/portlet/portlet-app_2_0.xsd"
xmlns:dnd="http://www.denodo.com/widget/portlet/portletjsr286">
<portlet>
<description>Test Inter Portlet Communication (JSR286)</description>
<portlet-name>Test IPC</portlet-name>
<display-name>Test IPC</display-name>
<portlet-class>com.denodo.ipc.TestIPCPortlet</portlet-class>
<supports>
<mime-type>text/html</mime-type>
<portlet-mode>VIEW</portlet-mode>
</supports>
<supported-locale>en</supported-locale>
<resource-bundle>PortletMessages</resource-bundle>
<portlet-info>
<title>Test IPC</title>
<short-title>Test IPC</short-title>
<keywords>Test IPC,Denodo</keywords>
</portlet-info>
</portlet>
</portlet-app>
How do I deploy my portlet
I convert my portlet into to a WSRP portlet by executing
java -jar wsrp-predeploy.jar source EAR target EAR
as explained in http://download.oracle.com/docs/cd/E12839_01/webcenter.1111/e12405/wcadm_portlet_prod.htm#CHDECJHI)
I try to deploy it into WebLogic with the WebLogic Console and I get this exception.
My Environment
WebCenter Suite (11.1.1.2.0) + WebLogic Server (10.3.2) downloaded from the oracle.com. Default configuration
S.O: Windows XP SP3
Thanks in advance for your time.
Have you tried using the openPortal portlet-container? The doc says it will install onto weblogic: https://portlet-container.dev.java.net/public/Download.html
Update: I just installed the portlet-container into the weblogic container and successfully deployed one of the sample portlets from this page: \http://portlet-container.dev.java.net/public/Samples.html