I have written a proxy service and deployed on WSO2 ESB 5 to receive some file content via http and use vfs transport to transfer that content to an ftp server. The service works as expected when I specify the connection parameters correctly but when I specify something wrong on the connection string to simulate a down server, I can not manage to control the behavior of the VFS transport using the parameters specified in [1]. What I'm looking for is to short the delay between the error occurred in VFS and the fault exception catched by Axis;
As you are going to see below I specify 0 retries and 0 wait time between retries but it seems the VFSTransportSender class is not able to read somehow those values because it does all the time the same number of retries and it waits the same number of seconds each time it is executed, I also changed the values and put others but the result is always the same, the server is always retrying 3 more times with 30 seconds delay between each other besides the original request before Axis is able to receive some information related to the error.
Here is my proxy service that works without any issues:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="ftpProxy"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="https,http">
<target>
<inSequence>
<log level="full"/>
<property expression="json-eval($.key)" name="file_name"/>
<property name="OUT_ONLY" value="true"/>
<property name="FORCE_SC_ACCEPTED" scope="axis2" value="true"/>
<property name="HTTP_SC" scope="axis2" value="200"/>
<property expression="fn:concat(get-property('file_name'), '.json')"
name="transport.vfs.ReplyFileName"
scope="transport"/>
<property name="OUT_ONLY" value="true"/>
</inSequence>
<endpoint name="ftp_endpoint">
<address uri="vfs:ftp://jairof_ftp:passftp#localhost:21">
<timeout>
<duration>2000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<progressionFactor>1.0</progressionFactor>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</address>
</endpoint>
</target>
<parameter name="transport.vfs.ReconnectTimeout">0</parameter>
<parameter name="transport.vfs.MaxRetryCount">0</parameter>
<description/>
</proxy>
And when I want to simulate the server is not reachable I just modify the address URI and I put this one where the user is incorrect:
<address uri="vfs:ftp://ja8irof_ftp:passftp#localhost:21">
I have also tried to set the transport.vfs parameters as properties before calling the endpoint but the result is exactly the same
Here you can inspect part of the log file where I cut some parts of the stack trace to keep the post simple:
[2016-10-29 12:23:01,134] ERROR - VFSTransportSender cannot resolve replyFile
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:23:34,223] ERROR - VFSTransportSender cannot resolve replyFile
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:24:07,842] ERROR - VFSTransportSender cannot resolve replyFile
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:24:07,844] ERROR - VFSTransportSender cannot resolve replyFile repeatedly: Could not connect to FTP server on "localhost".
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:24:07,846] ERROR - Axis2Sender Unexpected error during sending message out
org.apache.axis2.AxisFault: cannot resolve replyFile repeatedly: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:275)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.createClient(FTPClientWrapper.java:100)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.getFtpClient(FTPClientWrapper.java:134)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.<init>(FTPClientWrapper.java:59)
at org.apache.commons.vfs2.provider.ftp.FtpFileProvider.doCreateFileSystem(FtpFileProvider.java:128)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:155)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:119)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:88)
at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:738)
at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:626)
at org.apache.synapse.transport.vfs.VFSTransportSender.writeFile(VFSTransportSender.java:233)
... 19 more
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
Please send me any comments, suggestions... I would appreciate so much, thanks in advance for your time.
[1] https://docs.wso2.com/display/ESB500/VFS+Transport
Try appending parameters to the endpoint URL, like this.
<address uri="vfs:ftp://ja8irof_ftp:passftp#localhost:21?transport.vfs.MaxRetryCount=0&transport.vfs.ReconnectTimeout=0"/>
Related
I have a liberty server and an IHS server (both on different hosts). This is on rhel7.
I've followed a number of guides that I found that walk thru the setup of keystores and sharing of certs but still run into issues. For reference, I tried the methods detailed https://jazz.net/wiki/bin/view/Deployment/CreateIHSPLUGINFORLIBERTYPROFILE and https://www.ibm.com/support/knowledgecenter/en/SSEQTJ_9.0.5/com.ibm.websphere.ihs.doc/ihs/tihs_install_config_liberty.html.
A quick summary of what I have done this past attempt... On the liberty server I added the following to my server.xml to add a plugin include (to keep things easier to read):
<include location="${server.config.dir}/plugin-join-include.xml" />
And the plugin-join-include.xml:
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="libertyKey" password="xxxx"
location="${server.config.dir}/resources/security/libkey.jks"/>
<pluginConfiguration webserverPort="10500" webserverSecurePort="10447"
pluginInstallRoot="/opt/IBM/wasadmin/Plugins"
sslKeyRingLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"
sslStashFileLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"
sslCertlabel="libertyKey"/>
On my IHS server the path for the root Plugin directory is as indicated above in the file at /opt/IBM/wasadmin/Plugins and the plugin-key.kdb and plugin-key.sth are located in the locations listed above.
I reboot the liberty server and it generated the plugin-cfg.xml in the logs/state directory:
<?xml version="1.0" encoding="UTF-8"?><!--HTTP server plugin config file for app generated on 2020.03.04 at 12:32:02 UTC-->
<Config ASDisableNagle="false" AcceptAllContent="false" AppServerPortPreference="HostHeader" ChunkedResponse="false" ConfigHash="1077723051" FIPSEnable="false" IISDisableNagle="false" IISPluginPriority="High" IgnoreDNSFailures="false" RefreshInterval="60" ResponseChunkSize="64" SSLConsolidate="false" TrustedProxyEnable="false" VHostMatchingCompat="false">
<Log LogLevel="Error" Name="/opt/IBM/wasadmin/Plugins/logs/webserver1/http_plugin.log"/>
<Property Name="ESIEnable" Value="true"/>
<Property Name="ESIMaxCacheSize" Value="1024"/>
<Property Name="ESIInvalidationMonitor" Value="false"/>
<Property Name="ESIEnableToPassCookies" Value="false"/>
<Property Name="PluginInstallRoot" Value="/opt/IBM/wasadmin/Plugins"/>
<!-- Configuration generated using httpEndpointRef=defaultHttpEndpoint-->
<!-- The default_host contained only aliases for endpoint defaultHttpEndpoint.
The generated VirtualHostGroup will contain only configured web server ports:
webserverPort=10500
webserverSecurePort=10447 -->
<VirtualHostGroup Name="default_host">
<VirtualHost Name="*:10500"/>
<VirtualHost Name="*:10447"/>
</VirtualHostGroup>
<ServerCluster CloneSeparatorChange="false" GetDWLMTable="false" IgnoreAffinityRequests="true" LoadBalance="Round Robin" Name="affms_default_node_Cluster" PostBufferSize="0" PostSizeLimit="-1" RemoveSpecialHeaders="true" RetryInterval="60" ServerIOTimeoutRetry="-1">
<Server CloneID="412b3187-16c4-41b0-86e8-1e327c1c6b1b" ConnectTimeout="5" ExtendedHandshake="false" LoadBalanceWeight="20" MaxConnections="-1" Name="default_node_affms" ServerIOTimeout="900" WaitForContinue="false">
<Transport Hostname="libertyhost" Port="10500" Protocol="http"/>
<Transport Hostname="libertyhost" Port="10447" Protocol="https">
<Property Name="keyring" Value="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"/>
<Property Name="stashfile" Value="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"/>
<Property Name="certLabel" Value="libertyKey"/>
</Transport>
</Server>
<PrimaryServers>
<Server Name="default_node_app"/>
</PrimaryServers>
</ServerCluster>
<UriGroup Name="default_host_app_default_node_Cluster_URIs">
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/app/ui/*"/>
<Uri AffinityCookie="JSESSIONID" AffinityURLIdentifier="jsessionid" Name="/adminCenter/*"/>
</UriGroup>
<Route ServerCluster="app_default_node_Cluster" UriGroup="default_host_app_default_node_Cluster_URIs" VirtualHostGroup="default_host"/>
I copy the plugin-cfg.xml over to the IHS server at /opt/IBM/wasadmin/Plugins/config/webserver1/plugin-cfg.xml
The plugin stuff works only the SSL portion between IHS and the app server give me issues.
On the IHS server I have created the plugin-key.kdb keystore with stash plugin-key.sth and imported the cert I extracted from the liberty server /opt/IBM/wlp/usr/servers/app/resources/security/key.p12 the default personal cert and copy it to the IHS server and add the default liberty cert to the plugin-key.kdb keystore.
At the bottom of the httpd.conf is:
LoadModule was_ap22_module /opt/IBM/wasadmin/Plugins/bin/64bits/mod_was_ap22_http.so
WebSpherePluginConfig /opt/IBM/wasadmin/Plugins/config/webserver1/plugin-cfg.xml
I bounce the apachectl and go to the url for the application on port 8443 https://hostname:8443/app/ui and get a "500 Internal Server Error".
The http_plugin.log plugin logs show:
[04/Mar/2020:18:23:48.31652] 00002f26 3cff9700 - ERROR: lib_stream: openStream: Failed in r_gsk_secure_soc_init: GSK_ERROR_BAD_CERT(gsk rc = 414) PARTNER CERTIFICATE DN=CN=hostname,OU=app,O=ibm,C=us, Serial=xxxxxxxxxxx
[04/Mar/2020:18:23:48.31655] 00002f26 3cff9700 - ERROR: Ensure correct certificate is marked as default certificate in plugin-key.kdb. Consult documentation regarding Administering application security and Securing communications for more information.
[04/Mar/2020:18:23:48.31657] 00002f26 3cff9700 - ERROR: Last validation error [575010]: GSKVAL_ERROR_NO_CHAIN_BUILT
[04/Mar/2020:18:23:48.31658] 00002f26 3cff9700 - ERROR: Subject [[Class=]GSKVALMethod::PKIX[Issuer=]OU=memberRoot,O=xxxx-xxx-xxx-xxx-xxxxxxxx,DC=com.ibm.ws.collective[#=]082d6a83e5ec[Subject=]CN=hostname,OU=app,O=ibm,C=us] failed certificate validation
[04/Mar/2020:18:23:48.31659] 00002f26 3cff9700 - ERROR: X509 Certificate validation log: [[Class=]GSKVALMethod::PKIX[Time=]2020:3:4:18:23:48.316[buildChain=][Error=]GSKVAL_ERR_NO_CHAIN_BUILT[Info=]OU=memberRoot,O=xxx-xxx-xxx-xxx-xxx,DC=com.ibm.ws.collective[Cert=][Issuer=]OU=memberRoot,O=xxx-xxx-xxx-xxx-xxxx,DC=com.ibm.ws.collective[#=]082d6a83e5ec[Subject=]CN=hostname,OU=app,O=ibm,C=us[=Cert][=buildChain]^M
]
[04/Mar/2020:18:23:48.31664] 00002f26 3cff9700 - ERROR: ws_common: websphereGetStream: Could not open stream
[04/Mar/2020:18:23:48.31667] 00002f26 3cff9700 - ERROR: ws_common: websphereExecute: Failed to create the stream
[04/Mar/2020:18:23:48.31668] 00002f26 3cff9700 - ERROR: ws_common: websphereHandleRequest: Failed to execute the transaction to 'default_node_app' on host 'hostname:10447'; will try another one
[04/Mar/2020:18:23:48.31669] 00002f26 3cff9700 - ERROR: ws_common: websphereWriteRequestReadResponse: Failed to find an app server to handle this request
[04/Mar/2020:18:23:48.31670] 00002f26 3cff9700 - ERROR: ESI: getResponse: failed to get response: rc = 2
[04/Mar/2020:18:23:48.31671] 00002f26 3cff9700 - ERROR: [xxx.xx.xx.17://app/ui/] ws_common: websphereHandleRequest: Failed to handle request rc=2
Thank you!
You said "imported" I assume this means an "add" operation in ikeyman/gskcmd/gskcapicmd? The two verbs in these tools have a different meaning.
I suspect you added the issued certificate (CN=hostname...) instead of the CA that issued the certificate (memberroot). The debug information in the WAS Plugin message implies that it couldn't chase the certificate up to a trusted root (as opposed to finding some X509 error w/ the root it had access to).
But, it could also be that you imported the "wrong" certificate with cn=memberroot. WebSphere does not always add the necessary Subject Key Identifier/Authority Key Identifier to be sure, so check carefully.
Ok, I got this working finally. It seems having a collective setup which used DefaultKeyStore id was somehow causing conflict with my Liberty plugin keystore.
I ended up re-creating everything (plugin-key.kdb keystore and the liberty plugin keystore which I named LibertyKeystore.jks). I dumped the collective stuff (not needed at this time anyways) and made an include as above called plugin-join-include.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<server description="IHS plugin join include file">
<featureManager>
<feature>ssl-1.0</feature>
</featureManager>
<keyStore id="defaultKeyStore" password="password"
location="${server.config.dir}/resources/security/LibertyKeystore.jks" />
<pluginConfiguration webserverPort="80" webserverSecurePort="8443"
pluginInstallRoot="/opt/IBM/wasadmin/Plugins"
sslKeyRingLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.kdb"
sslStashFileLocation="/opt/IBM/wasadmin/Plugins/config/webserver1/plugin-key.sth"
sslCertlabel="LibertyKeystore"/>
</server>
I exchanged keys between the liberty server LibertyKeystore.jks and the IHS plugin-key.kdb keystores and pushed the newly generated plugin to the IHS server and bounced everything and it all seems to function without issue.
I do now notice in the /opt/IBM/wasadmin/HTTPServer/logs the error log streams:
[Wed Mar 04 21:32:28 2020] [error] [client xxx.xx.xx.17:65261] [7ff5a0000910] [19831] SSL0279E: SSL Handshake Failed due to fatal alert from client. Client sent fatal alert [level 2 (fatal), description 46 (certificate_unknown)] [xxx.xx.xx.17:65261 -> xxx.xx.xx.87:8443] [21:32:28.000934048] 0ms
The access logs show 200's. Maybe a non plugin "issue" at this point.
I have an hazelcasrCLient-xml and have configured the port to as i have limitation on using the 5701 port :
<hazelcast-client>
<group>
<name>dev</name>
<password>dev-pass</password>
</group>
<network>
<cluster-members>
<address>135.46.61.34:28019</address>
</cluster-members>
<smart-routing>true</smart-routing>
<redo-operation>true</redo-operation>
<connection-attempt-limit>10</connection-attempt-limit>
</network>
</hazelcast-client>
also for hte server side the configuration in hazelcast.xml is :
<hazelcast>
<group>
<name>dev</name>
<password>dev-pass</password>
</group>
<instance-name>hzpunInstance1</instance-name>
<network>
<port auto-increment="true">28019</port>
</network>
<partition-group enabled="false" />
<executor-service name="default">
<pool-size>16</pool-size>
<!--Queue capacity. 0 means Integer.MAX_VALUE. -->
<queue-capacity>0</queue-capacity>
</executor-service>
<hazelcast>
the server is running on cloud whereas the client in on another VM
so when the client tries to connect to the hazelcast server i get an error :
8/18/16 10:36:23:982 GMT] 00000022 ServletWrappe E com.ibm.ws.webcontainer.servlet.ServletWrapper service SRVE0014E: Uncaught service() exception root cause appServlet: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalStateException: Unable to connect to any address in the config! The following addresses were tried:[/135.46.61.34:28019]
.........
Caused by: java.lang.IllegalStateException: Unable to connect to any address in the config! The following addresses were tried:[/135.46.61.34:28019]....
an so on
Can anyone suggest what could be the fix or where am i going wrong?
What I understand from your config is that hazelcast nodes (server-side) are configured to use port 28019 with auto-increment option activated. So potentially, used port is anywhere between 28019 and 28119 (default value of port-count is 100).
However you client is only configured to try port 28019. There is no auto-increment option for the client, it only attempts to connect to addresses specified in the client configuration (135.46.61.34:28019 in your case)... and fails.
If you are using auto-increment for your cluster, then you must explicitly add all possible addresses int the client conf. For example:
Serverver-side config
<port portcount="10" auto-increment="true">28019</port>
Client-side config
<cluster-members>
<address>135.46.61.34:28019</address>
<address>135.46.61.34:28020</address>
<address>135.46.61.34:28021</address>
<address>135.46.61.34:28022</address>
<address>135.46.61.34:28023</address>
<address>135.46.61.34:28024</address>
<address>135.46.61.34:28025</address>
<address>135.46.61.34:28026</address>
<address>135.46.61.34:28027</address>
<address>135.46.61.34:28028</address>
</cluster-members>
I'm using database connection through JDBC in tomcat.
Our environment is Tomcat 7 + JDK 8 and Oracle 12c.
As I can only connect to Oracle database through TCPS (and which we are using Oracle's wallet), so I have to modify my current Tomcat server.xml to create JDBC connection to Oracle.
My updated configuration snippet
<Resource auth="Container" driverClassName="oracle.jdbc.driver.OracleDriver"
initialSize="10"
jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=10000)"
jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100"
maxWait="10000"
name="jdbc/jndiconnection" password="XXXXXX" removeAbandoned="true"
type="javax.sql.DataSource" url=""jdbc:oracle:thin:#(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=hostname)(PORT=1234))(CONNECT_DATA=(SERVICE_NAME=servicename)))"
username="XXXXXXXX" validationInterval="30000" validationQuery="SELECT 1 FROM DUAL" />
I added truststore/trusttypey/keystore/keytype as parameters,however I got error:
Caused by: oracle.net.ns.NetException: Unable to initialize ssl context.
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:296)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
... 73 more
Caused by: oracle.net.ns.NetException: Unable to initialize the key store.
at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:369)
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:279)
... 76 more
Caused by: java.security.KeyStoreException: SSO not found
at java.security.KeyStore.getInstance(KeyStore.java:851)
at oracle.net.nt.CustomSSLSocketFactory.getKeyManagerArray(CustomSSLSocketFactory.java:357)
... 77 more
Caused by: java.security.NoSuchAlgorithmException: SSO KeyStore not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
at java.security.Security.getImpl(Security.java:695)
at java.security.KeyStore.getInstance(KeyStore.java:848)
... 78 more
Then I followed the instruction from : https://sysapp.wordpress.com/2010/08/31/how-to-oracle-wallet-with-jdbc-thin-driver-datasource-tomcat/
However in the article it is using PROTOCAL as TCP but not TCPS.
<Resource
name="jdbc/confluence"
auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:/#mywallet"
connectionProperties=”oracle.net.wallet_location=/opt/wallet"/>
Then I got error:
Caused by: oracle.net.ns.NetException: The method specified in wallet_location is not supported. Location: /opt/wallet
at oracle.net.nt.CustomSSLSocketFactory.getSSLSocketFactory(CustomSSLSocketFactory.java:219)
at oracle.net.nt.TcpsNTAdapter.connect(TcpsNTAdapter.java:117)
at oracle.net.nt.ConnOption.connect(ConnOption.java:133)
at oracle.net.nt.ConnStrategy.execute(ConnStrategy.java:370)
... 73 more
I have written Java sample code to connect through TCPS and the connection works fine.
Did I missed some key points in the configuration file? And is there any other way to create Oracle's TCPS connection through JDBC?
”oracle.net.wallet_location=/opt/wallet"
That's not what the property is supposed to be. It is supposed to be :
(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/opt/wallet)))
The error message you get is because it cannot find a "METHOD=" in the one you provided.
There are a few steps that you need to follow.
(1) Make sure you have oraclepki.jar, osdt_core.jar, osdt_cert.jar in the classpath
(2) Also, specify the location of cwallet.sso file through the following system property. You can create a setenv.sh and add required system properties.
Also, enable another system property as shown here.
export JAVA_OPTS="$CATALINA_OPTS -Doracle.net.wallet_location='(SOURCE=(METHOD=file)(METHOD_DATA=(DIRECTORY=/test/wallet/)))'"
export JAVA_OPTS="$CATALINA_OPTS -Doracle.net.ssl_server_dn_match=true"
(3) Make sure you have the certificate information in the URL as shown here.
Please copy the 'security' part of the URL from your certificate.
(description=
(address=(protocol=tcps)(port=1522)(host=myorclhostname))
(connect_data=(service_name=myorcldb))
(security=(ssl_server_cert_dn=
"CN=CMAN, O=Oracle Database , C=US"))
)
(4) You need to activate oracle PKI provider. To statically enable it:
Change java.security file of JRE (JRE_HOME/jre/lib/security/java.security):
security.provider.7=oracle.security.pki.OraclePKIProvider
Refer to "SSL with JDBC driver" for more details.
I managed to set up a Mule project to download a file from a FTP, and save it on a local disk. However after transferring the file, Mule keeps trying to delete the remote file on the FTP.
Is there a way to tell Mule not to delete the original file and just leave it as it is?
Here's my project XML:
<?xml version="1.0" encoding="UTF-8"?>
<mule ...>
<flow name="copy-remote-fileFlow1" doc:name="copy-remote-fileFlow1">
<ftp:inbound-endpoint host="ftp.secureftp-test.com" port="21" path="subdir1" user="test" password="test" pollingFrequency="60000" responseTimeout="10000" doc:name="FTP">
<file:filename-wildcard-filter pattern="box.ico" />
</ftp:inbound-endpoint>
<file:outbound-endpoint path="I:\test\" outputPattern="fromMule.ico" responseTimeout="10000"
doc:name="File" /> </flow>
</mule>
And in my case, I don't have the rights to delete the file so I get an exception:
ERROR 2013-05-24 17:35:47,286 [[copy-remote-file].connector.ftp.mule.default.receiver.02] org.mule.exception.DefaultSystemExceptionStrategy: Caught exception in Exception Strategy: Failed to delete file box.ico. Ftp error: 550
java.io.IOException: Failed to delete file box.ico. Ftp error: 550
at org.mule.transport.ftp.FtpMessageReceiver.postProcess(FtpMessageReceiver.java:202)
at com.mulesoft.mule.transport.ftp.EEFtpMessageReceiver.postProcess(EEFtpMessageReceiver.java:71)
at org.mule.transport.ftp.FtpMessageReceiver$FtpWork.run(FtpMessageReceiver.java:316)
at org.mule.work.WorkerContext.run(WorkerContext.java:311)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Your only option consists in extending org.mule.transport.ftp.FtpMessageReceiver in order to override the postProcess method, which is the one that takes care of deleting the file on the FTP server.
To register your custom FtpMessageReceiver use the service-overrides configuration element on your FTP connector:
<ftp:connector name="nonDeletingFtpConnector">
<service-overrides messageReceiver="com.amce.NonDeletingFtpMessageReceiver" />
</ftp:connector>
Adding few things to what David already mentioned. The NonDeletingFtpMessageReceiver class constructor should look like this :
public NonDeletingFtpMessageReceiver(EEFtpConnector connector,
Flow flowConstruct, DefaultInboundEndpoint endpoint,
long frequency, String value1, String value2, long value3)
throws CreateException {
super(connector, flowConstruct, endpoint, frequency);
}
Another solution is to set streaming="true" on the FTP connector which would disable the file deletion.
When there are more than one <Resource> elements in context.xml and more than one <resource-ref> elements in web.xml, my application begins to throw
TNS:no appropriate service handler found
and
ORA-01017: invalid username/password; logon denied
However, if there is only one of the data sources in JNDI, meaning the other one use regular JDBC data source, the application runs like a charm
Both data sources come from same db URL but use different schema.
My guess is that it may be caused by the same database URL of each resources with different username/password(schema). But tomcat should be capable of handling such situation, so my reasoning is that there maybe some configuration I missed?
Another interesting finding is:
When I use jdbc url jdbc:oracle:thin:#myhost:1521:orcl with SQL Developer to setup a connection, sometimes it connects without issue, but sometimes it gets rejected with the same issue: appropriate service handler found while this web application is active at the same time. However, the same JDBC URL works fine with another Spring application with regular JDBC connection(not JNDI). So what is the trick?
Here are the details of current config:
In Context.xml
<Resource name="jdbc/app_A" auth="Container" type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:#myhost:1521:orcl"
username="usernameA" password="passwordA" maxActive="20" maxIdle="10" maxWait="-1" />
<Resource name="jdbc/app_B" auth="Container" type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:#myhost:1521:orcl"
username="usernameB" password="usernameB" maxActive="20" maxIdle="10" maxWait="-1" />
In Web.xml of the application:
<resource-ref>
<description>Oracle Datasource for app_A</description>
<res-ref-name>jdbc/app_A</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<resource-ref>
<description>Oracle Datasource for app_B</description>
<res-ref-name>jdbc/app_B</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
In ApplicationContext.xml
<jee:jndi-lookup id="dataSource1" jndi-name="java:comp/env/jdbc/app_A" resource-ref="true" />
<jee:jndi-lookup id="dataSource2" jndi-name="java:comp/env/jdbc/app_B" resource-ref="true" />
And finally I get exception piled up like this:
Jan 31, 2013 3:36:55 PM org.apache.catalina.core.NamingContextListener addResource
WARNING: Failed to register in JMX: javax.naming.NamingException: ORA-01017: invalid username/password; logon denied
Jan 31, 2013 3:36:56 PM org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:412)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:531)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:221)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:503)
at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:699)
at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:631)
at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:485)
at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:143)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
at org.apache.tomcat.jdbc.pool.DataSourceFactory.createDataSource(DataSourceFactory.java:539)
at org.apache.tomcat.jdbc.pool.DataSourceFactory.getObjectInstance(DataSourceFactory.java:237)
at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:143)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at org.apache.naming.NamingContext.lookup(NamingContext.java:843)
at org.apache.naming.NamingContext.lookup(NamingContext.java:154)
at org.apache.naming.NamingContext.lookup(NamingContext.java:831)
at org.apache.naming.NamingContext.lookup(NamingContext.java:168)
at org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1061)
at org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:671)
at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:270)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5173)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1100)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1618)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: oracle.net.ns.NetException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:385)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1042)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:301)
... 38 more
Jan 31, 2013 3:36:56 PM org.apache.catalina.core.NamingContextListener addResource
WARNING: Failed to register in JMX: javax.naming.NamingException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
Jan 31, 2013 3:36:56 PM org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
Really not sure why the no appropriate service handler found error pops up, it seems the connection is not accepted/understood by orcl Listener.
Here is what I insert into persisntence.xml
<persistence-unit name="persistenceUnit1">
....
<jta-data-source>jdbc/app_A</jta-data-source>
....
</persistence-unit>
<persistence-unit name="persistenceUnit2">
....
<jta-data-source>jdbc/app_B</jta-data-source>
....
</persistence-unit>
ORA-12519, TNS:no appropriate service handler found error might be the result of using an old-style JDBC connection string. According to chapter 8 Data Sources and URLs of Oracle 11.1 JDBC Developer's Guide and Reference, connection string format is following:
jdbc:oracle:thin:#//host_name:port_number/service_name
There's also a note saying "Starting Oracle Database 10g, Oracle Service IDs are not supported". So the syntax you're using must have been suitable for Oracle 9i. It might work on newer versions, but that's not guaranteed.
So consider changing the format of your JDBC connection strings to follow the format suggested in the guide.
Also, for Oracle 9i onwards you should use oracle.jdbc.OracleDriver rather than oracle.jdbc.driver.OracleDriver as Oracle have stated that oracle.jdbc.driver.OracleDriver is deprecated and support for this driver class will be discontinued.