Develop Reference

SpringBoot and IBM MQ connection properties not overrided on deploy

I've a SpringBoot App with a local configuration to connect and listen a local Queue
ibm:
mq:
queueManager: LOCAL_QM
channel: DEV.ADMIN.SVRCONN
connName: localhost(1414)
user: admin
password: passw0rd
user-authentication-m-q-c-s-p: false
When a I deploy the app with Gitlab CI some properties are overrided (with a war_name.xml file in ../tomcat/current/conf/Catalina/localhost/) like database connection properties and mq connection properties to listen a Developpement or Qualification environment queue.
But when the app start the database connection is OK but not the MQ connection (The app use the local connection properties defined in the application.yml file)
When I check the xml file on the remote server, the properties are override.
And when I use a tool like spring actuator, I have the right properties override with the specific env properties.
But in the logs: /tomcat/current/logs/catalina.out I can read that the app try to connect to the local queue manage : LOCAL_QM not the specific environment queue.
2021-05-11 12:19:23.484 ERROR 14483 --- [ntContainer#0-1] o.s.j.l.DefaultMessageListenerContainer : Could not refresh JMS Connection for destination '***' - retrying using FixedBackOff{interval=5000, currentAttempts=16093, maxAttempts=unlimited}. Cause: JMSWMQ0018: Failed to connect to queue manager 'LOCAL_QM' with connection mode 'Client' and host name 'localhost(1414)'.; nested exception is com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2538' ('MQRC_HOST_NOT_AVAILABLE')
The properties are in the same xml file, it works for the database "spring.datasource" but not for MQ "ibm.mq"
<?xml version="1.0" encoding="UTF-8"?>
<Context>
<Environment name="spring.datasource.url" value="jdbc:postgresql://***:5432/**" type="java.lang.String"/>
<Environment name="spring.datasource.username" value="****" type="java.lang.String"/>
<Environment name="spring.datasource.password" value="****" type="java.lang.String"/>
<Environment name="ibm.mq.queueManager" value="***" type="java.lang.String"/>
<Environment name="ibm.mq.channel" value="***" type="java.lang.String"/>
<Environment name="ibm.mq.connName" value="***" type="java.lang.String"/>
<Environment name="ibm.mq.user" value="***" type="java.lang.String"/>
<Environment name="ibm.mq.password" value="" type="java.lang.String"/>
</Context>
Any idea why the properties are not overrided ?
Thanks

This started out as a comment, but as I wrote it I suspected that you are missing the relevant ibm.mq properties. If you don't provide the following properties:
ibm.mq.queueManager
ibm.mq.channel
ibm.mq.connName
ibm.mq.user
ibm.mq.password
then they default to
ibm.mq.queueManager=QM1
ibm.mq.channel=DEV.ADMIN.SVRCONN
ibm.mq.connName=localhost(1414)
ibm.mq.user=admin
ibm.mq.password=passw0rd
ie. localhost.
The mq-jms-spring-boot-starter makes use of
import org.springframework.boot.context.properties.ConfigurationProperties;
#ConfigurationProperties(prefix = "ibm.mq")
to read the connection properties. In this module https://github.com/ibm-messaging/mq-jms-spring/blob/master/mq-jms-spring-boot-starter/src/main/java/com/ibm/mq/spring/boot/MQConfigurationProperties.java
So it relies on spring to make the properties prefixed with ibm.mq available to it. ie. As long as spring through #ConfigurationProperties knows how to handle the overrides it will make them available to mq-jms-spring-boot-starter.

How can i enable only TLSv1.2 on my REST api

I have an API on which I have to enable only TLSv1.2 . Following is the configuration I have where i have set enabledProtocols="TLSv1.2".
<http:listener-config name="HTTPS_api-httpListenerConfig"
protocol="HTTPS" host="0.0.0.0" port="${https.port}"
doc:name="HTTP Listener Configuration">
<tls:context enabledProtocols="TLSv1.2">
<tls:trust-store insecure="true" />
<tls:key-store type="pkcs12" path="${keystore.pkcsstore}"
alias="${keystore.alias}" keyPassword="${keystore.password}"
password="${keystore.password}" />
</tls:context>
</http:listener-config>
Now when I deploy it in my local and try to consume it with the following client it works fine . unfortunately , when i deployed the same in cloudhub and try to consume it, its giving me following error even though i have explicitly set TLSv1.2 to use from client:
SSL handshake error: Client requested protocol TLSv1.1 not enabled or not supported
request config :
<http:request-config name="HTTP_Request_Configuration_basicAuth"
host="testtlsversion.cloudhub.io" port="443"
doc:name="HTTP Request Configuration" protocol="HTTPS"
responseTimeout="9999999">
<tls:context enabledProtocols="TLSv1.2">
<tls:trust-store path="${alert.keystore.path}" password="${alert.keystore.password}" type="jks" insecure="true"/>
</tls:context>
</http:request-config>

TLS V1.2 is not supported in current version .
Answer Here :https://forums.mulesoft.com/questions/84103/how-can-i-enable-only-tlsv12-on-my-rest-api.html?childToView=84150#answer-84150

Configuring Liberty with httpProxyRedirect

I am attempting to redirect traffic on insecure port to secure port as described here:
https://www.ibm.com/support/knowledgecenter/en/SSD28V_9.0.0/com.ibm.websphere.liberty.autogen.core.doc/ae/rwlp_config_httpProxyRedirect.html
Instead both ports are available and I see nothing in the logs. It's as if the httpProxyRedirect isn't being configured at all.
<?xml version="1.0" encoding="UTF-8"?>
<server description="CAST Liberty Server">
<!-- Enable features -->
<featureManager>
<feature>webProfile-7.0</feature>
</featureManager>
<application id="app" context-root="/" type="war" location="${war.name}">
<classloader apiTypeVisibility="spec, ibm-api, api, third-party" />
</application>
<httpProxyRedirect id="defaultHttpProxyRedirect" httpPort="${http.port}" httpsPort="${https.port}" />
<keyStore id="defaultKeyStore" password="pass" />
<httpEndpoint host="*" httpPort="${http.port}" httpsPort="${https.port}" id="defaultHttpEndpoint" />
<applicationMonitor updateTrigger="mbean" />
</server>

Most likely, you are missing the security-constraints in the web.xml. This configuration tells the server which URLs need to be accessed over a secure transport and then re-directs qualifying requests from the non-secure port to the secure port. This tutorial may help: https://docs.oracle.com/cd/E19798-01/821-1841/bncbk/index.html
Also, keep in mind that the httpProxyRedirect configuration in the server.xml is intended for redirecting when you have a proxy server in front of your application server. For example, you may have your proxy server on the main "www.ibm.com" host - listening on HTTP port 80 and HTTPS port 443. But that host may route some requests to your Liberty application server on some other host (like "app1host.internal.ibm.com") that listens on different ports (i.e. HTTP port 9080 and HTTPS port 9443). In that case, just using the security-constraints in the web.xml would attempt to redirect the client request on the Liberty server from 9080 to 9443 but on the www.ibm.com host - where nothing is listening on those ports. In this case, you should configure httpProxyRedirect like this:
<httpProxyRedirect httpPort="80" httpsPort="443" host="www.ibm.com" />
With the configuration, a client HTTP request to a secured URL will get redirected to www.ibm.com on port 443, where the proxy server will forward the request to app1host.internal.ibm.com port 9443.
Hope this helps,
Andy

This is the security constraint that i am using in my web.xml and it works well for both Tomcat and IBM Websphere 8.5.5.15:
<security-constraint>
<web-resource-collection>
<web-resource-name>Entire Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: make sure that you put it after your <servlet-mapping>.

Error connecting ActiveMQ

I am working on ActiveMQ JMS Spring application. I am using ActiveMQ instance which is present in Cloud server and i trying to read message from queue. In a configuration file i have configured broker URL as
<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<!-- brokerURL, You may have different IP or port -->
<constructor-arg index="0" value="tcp://ip address:8161" />
</bean>
but when i try to connect it gives me error
Caused by: org.apache.activemq.transport.InactivityIOException: Cannot send, channel has already failed: tcp://ip address:8161
at org.apache.activemq.transport.AbstractInactivityMonitor.doOnewaySend(AbstractInactivityMonitor.java:297)
at org.apache.activemq.transport.AbstractInactivityMonitor.oneway(AbstractInactivityMonitor.java:286)
at org.apache.activemq.transport.TransportFilter.oneway(TransportFilter.java:85)
at org.apache.activemq.transport.WireFormatNegotiator.oneway(WireFormatNegotiator.java:104)
at org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:68)
at org.apache.activemq.transport.ResponseCorrelator.asyncRequest(ResponseCorrelator.java:81)
at org.apache.activemq.transport.ResponseCorrelator.request(ResponseCorrelator.java:86)
at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1409)
... 21 more
Can you please suggest me is am i missing something here?

Spring RMI: handleRemoteConnectFailure

I have a RMI client/server configuration created with Spring 3.0.
When client and server run on the same machine at the url:
rmi://localhost:1099/myService
everything is ok. When I run the client on a different machine (server run now on 192.168.1.67) and the client "points" to:
rmi://192.168.1.67:1099/myService
I can see this error message from the client:
org.spring...RmiClientInterceptor handlerRemoteConnectFailure.
Could not connect to Rmi Service [rmi://192.1681.67:1099/myService]
The server is configured in this way:
<bean id="myService" class="org.springframework.remoting.rmi.RmiServiceExporter">
<property name="service" ref="myService"/>
<property name="serviceInterface" value="org.myapp.MyService"/>
<property name="serviceName" value="myService"/>
<property name="alwaysCreateRegistry" value="true"/>
</bean>
<bean id="myService" class="org.myapp.MyServiceImpl" />
and the client:
RmiProxyFactoryBean rpfb = new RmiProxyFactoryBean();
rpfb.setServiceInterface(MyService.class);
rpfb.setLookupStubOnStartup(true);
rpfb.setRefreshStubOnConnectFailure(true);
RMICustomClientSocketFactory socketFactory = new RMICustomClientSocketFactory();
socketFactory.setTimeout(5000);
rpfb.setRegistryClientSocketFactory(socketFactory);
rpfb.setServiceUrl(getRmiUrl(address, port));
rpfb.afterPropertiesSet();
I checked with a sniffer the port 1099 of the server, and when the client starts its process I can see some data "dispatched" on the server side:
JRMI..K
...192.168.1.65..
..192.168.1.65....
P....w"..........................D.M...;.t..myService
Q....w.....e...7B+#5..s}.....5org.springframework.remoting.rmi.RmiInvocationHandlerpxr..java.lang.reflect.Proxy.'. ..C....L..ht.%Ljava/lang/reflect/InvocationHandler;pxpsr.-java.rmi.server.RemoteObjectInvocationHandler...........pxr..java.rmi.server.RemoteObject.a...a3....pxpw2.
UnicastRef..127.0.1.1..../.T~.X.....e...7B+#5...x
R
S
T...e...7B+#5..
My question is: Why if client & server run on the same machine, everything is ok but on different machines I get this problem? and how to fix it?

I run the server on windows and client on linux (ubuntu) and everything was ok.
When I run the server on linux and client on windows I get the problem.
To fix it on linux just run the server with: -Djava.rmi.server.hostname=192.168.1.67.