Develop Reference

Terracotta server stuck at DIAGNOSTIC state

I am trying to run Terracotta server 10.11 from https://www.terracotta.org/downloads/ to connect it with Ehcache in my Spring boot application. But the problem is that when i run Terracotta server instance using the server\bin\start-tc-server.bat it does not give any error but put the server in DIAGNOSTIC state as shown in logs below.
2022-11-24 14:22:01,660 INFO - Terracotta 5.8.5, as of 2021-12-16 at 22:21:34 UTC (Revision 3695ab2f870d94491c564e87c266555a7d1c096b from UNKNOWN)
2022-11-24 14:22:01,660 INFO - Extensions:
2022-11-24 14:22:01,679 INFO - PID is 23344
2022-11-24 14:22:01,965 INFO - Did not find configuration directory at: C:\Users\user\terracotta\config
2022-11-24 14:22:01,965 INFO - Starting node from config file: C:\Users\user\Downloads\ehcache-clustered-3.10.0-kit\ehcache-clustered-3.10.0-kit\server\conf\cluster.cfg
2022-11-24 14:22:02,266 INFO - Found only one node information in config file: C:\Users\user\Downloads\ehcache-clustered-3.10.0-kit\ehcache-clustered-3.10.0-kit\server\conf\cluster.cfg
2022-11-24 14:22:02,267 INFO - Starting unconfigured node: default-node
2022-11-24 14:22:02,271 INFO - Bootstrapped nomad system with root: C:\Users\user\terracotta\config
2022-11-24 14:22:02,277 INFO - Startup configuration of the node:
client-lease-duration=150s
client-reconnect-window=120s
cluster-name=clustered
failover-priority=availability
offheap-resources=main\:512MB
stripe.1.node.1.bind-address=0.0.0.0
stripe.1.node.1.group-bind-address=0.0.0.0
stripe.1.node.1.group-port=9430
stripe.1.node.1.hostname=localhost
stripe.1.node.1.log-dir=%H/terracotta/logs
stripe.1.node.1.name=default-node
stripe.1.node.1.port=9410
stripe.1.stripe-name=default-stripe
2022-11-24 14:22:02,280 INFO - Logging directory is not set. Logging only to the console
2022-11-24 14:22:02,293 INFO - Available Max Runtime Memory: 1820MB
2022-11-24 14:22:02,314 INFO - Creating server nodeID: NodeID[localhost:9410]
2022-11-24 14:22:02,546 INFO - Initializing LeaseServiceProvider with default lease length of 150000 ms
2022-11-24 14:22:02,548 INFO - Initializing org.terracotta.lease.service.LeaseServiceProvider#4cf92ef3
2022-11-24 14:22:02,549 INFO - Initializing org.terracotta.client.message.tracker.OOOMessageHandlerProvider#40f5b3f9
2022-11-24 14:22:02,556 INFO - Registered MBean with name: DiagnosticRequestHandler
2022-11-24 14:22:02,557 INFO - Registered Diagnostic Service: org.terracotta.nomad.server.NomadServer
2022-11-24 14:22:02,557 INFO - Registered Diagnostic Service: org.terracotta.dynamic_config.api.service.DynamicConfigService
2022-11-24 14:22:02,558 INFO - Registered Diagnostic Service: org.terracotta.dynamic_config.api.service.TopologyService
2022-11-24 14:22:02,558 INFO - Initializing org.terracotta.diagnostic.server.DiagnosticServiceProvider#1bf35727
2022-11-24 14:22:02,561 INFO - Initializing org.terracotta.diagnostic.server.extensions.DiagnosticExtensionsServiceProvider#410ee45a
2022-11-24 14:22:02,804 INFO - Initializing org.terracotta.management.service.monitoring.MonitoringServiceProvider#65c7455b
2022-11-24 14:22:02,804 INFO - Initializing org.terracotta.platform.ServerInfoProvider#240d561b
2022-11-24 14:22:02,806 INFO - Registered dynamic configuration change handler for setting client-reconnect-window: org.terracotta.dynamic_config.server.service.handler.ClientReconnectWindowConfigChangeHandler#74d20602
2022-11-24 14:22:02,809 INFO - Registered dynamic configuration change handler for setting log-dir: org.terracotta.dynamic_config.server.service.handler.NodeLogDirChangeHandler#67c6fc00
2022-11-24 14:22:02,810 INFO - Registered dynamic configuration change handler for setting failover-priority: ConfigChangeHandler#accept()
2022-11-24 14:22:02,810 INFO - Registered dynamic configuration change handler for setting public-hostname: ConfigChangeHandler#accept()
2022-11-24 14:22:02,811 INFO - Registered dynamic configuration change handler for setting public-port: ConfigChangeHandler#accept()
2022-11-24 14:22:02,811 INFO - Registered dynamic configuration change handler for setting cluster-name: ConfigChangeHandler#accept()
2022-11-24 14:22:02,812 INFO - Registered dynamic configuration change handler for setting lock-context: ConfigChangeHandler#accept()
2022-11-24 14:22:02,812 INFO - Registered dynamic configuration change handler for setting logger-overrides: org.terracotta.dynamic_config.server.service.handler.LoggerOverrideConfigChangeHandler#3ba87843
2022-11-24 14:22:02,813 INFO - Registered dynamic configuration change handler for setting tc-properties: org.terracotta.dynamic_config.server.api.SelectingConfigChangeHandler#16df9889
2022-11-24 14:22:02,815 INFO - Initializing org.terracotta.dynamic_config.server.service.DynamicConfigServiceProvider#29ca0612
2022-11-24 14:22:02,815 INFO - Registering implementation-provided service com.tc.services.PlatformServiceProvider#16b645b2
2022-11-24 14:22:02,816 INFO - Registering implementation-provided service com.tc.services.EntityMessengerProvider#3c352805
2022-11-24 14:22:02,816 INFO - Initializing com.tc.objectserver.persistence.NullPlatformStorageServiceProvider#149f57c4
2022-11-24 14:22:02,818 INFO - Registering implementation-provided service com.tc.services.LocalMonitoringProducer#5baa3715
2022-11-24 14:22:02,830 INFO - Creating 4 worker comm threads for default-node - L2_L1
2022-11-24 14:22:02,910 INFO - Registering implementation-provided service com.tc.services.CommunicatorService#7d51aa32
2022-11-24 14:22:02,920 INFO - HealthChecker Started
2022-11-24 14:22:02,952 INFO - Started the server in diagnostic mode
2022-11-24 14:22:02,967 INFO - Server started as default-node
2022-11-24 14:22:02,959 INFO - Terracotta Server instance has started diagnostic listening on all interfaces (address:/0.0.0.0 port:9410)
2022-11-24 14:22:03,177 INFO - Moved to State[ DIAGNOSTIC ]
According to the documentation it should be in ACTIVE state to be running properly. Still i tried to make connection with the server from my Spring boot application but it was also unable to reach it and gave TimeoutException.
I am using the following command to run the server instance:
./start-tc-server.bat -f C:\Users\user\Downloads\ehcache-clustered-3.10.0-kit\ehcache-clustered-3.10.0-kit\server\conf\cluster.cfg
Does anyone have any clue why its not getting to ACTIVE state ? maybe try to run it on your end and see if the server gets to ACTIVE state. Or is there anything i am missing ?
Thanks in Advance.
P.S I tried running older version of Terracotta server from the same downloads page and it easily goes to active state but i cannot use old version since it is not compaitable with Ehcache 3.x

You need to activate the server.
In the kit that you downloaded navigate to /tools/bin and you need to run config-tool.bat activate -f ../../server/conf/cluster.cfg
This will create a folder C:\Users\{user}\terracotta that will contain the configs and logs for the terracotta server, so the next time you start it will use the configs in the folder and automatically go to activate state.
If you need to change configs delete the folder, restart terracotta and activate it again using the config tool.

Error in OAuth mediator version WSO2 EI 7.0.2

I am trying to use OAuth mediator for validating an API . I am using WSO2IS as my IAM server . OAUth mediator is configured to connect WSO2IS server . using URL 'https://localhost:9443/services' while invoking i get followign exceptions . Please see Exception stack below
[
2020-05-27 13:47:27,939] WARN {org.apache.synapse.commons.util.MiscellaneousUtil} - Error loading properties from a file at from the System defined location: nhttp.properties
[2020-05-27 13:48:01,105]
INFO {org.apache.axis2.transport.http.HTTPSender} - Unable to sendViaPost to url[https://localhost:9443/services/OAuth2TokenValidationService]
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:450)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.verifyHostName(SSLProtocolSocketFactory.java:276)
at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:186)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
at

I have updated keystore and it was working

JSP page not rendering with Spring Boot in Spring Tool Suite IDE

I ended up getting this log as a result of running my Spring Boot App with a jsp.
2017-12-29 13:30:52.412 WARN 12631 --- [nio-8080-exec-2]
o.s.web.servlet.PageNotFound No mapping found for HTTP
request with URI [/SpringBootTrial/] in DispatcherServlet with name
'dispatcherServlet'
2017-12-29 13:30:56.463 WARN 12631 --- [nio-8080-exec-3]
o.s.web.servlet.PageNotFound No mapping found for HTTP
request with URI [/SpringBootTrial/display] in DispatcherServlet with
name 'dispatcherServlet'
2017-12-29 13:30:56.464 ERROR 12631 --- [nio-8080-exec-3]
o.s.boot.web.support.ErrorPageFilter : Cannot forward to error
page for request [/welcome] as the response has already been
committed. As a result, the response may have the wrong status code.
If your application is running on WebSphere Application Server you may
be able to resolve this problem by setting
com.ibm.ws.webcontainer.invokeFlushAfterService to false
It's evident that in Spring Boot, manual configuration is not needed. So, how should I fix this error?
I am clueless how to fix. I configured the jsp resolver in application.properties.
spring.mvc.view.prefix=/WEB-INF/view/
spring.mvc.view.suffix=.jsp
I have tomcat-embedded-jasper in the pom.xml.

Spring Security Active Directoty Authentication

I am using Spring Security and Active Directly for authentication. Below my configuration
registry
.ldapAuthentication()
.ldapAuthoritiesPopulator(customLdapAuthoritiesPopulator)
.userDnPatterns("cn={0},cn=Users")
.contextSource() .managerDn("cn=Administrator,cn=Users,cn=COMPANY,cn=COM,cn=TN")
.managerPassword("xxxxxxx")
.url("ldap://xxx.xxx.xxx.xxxx:389/cn=COMPANY,cn=COM,cn=TN") ;
When I am trying to connect with a valid user I've got this log:
23:30:49.321 [http-bio-8080-exec-8] DEBUG o.s.s.authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
23:30:49.322 [http-bio-8080-exec-8] DEBUG o.s.s.l.a.LdapAuthenticationProvider - Processing authentication request for user: ben
23:30:49.344 [http-bio-8080-exec-8] DEBUG o.s.s.l.a.BindAuthenticator - Attempting to bind as cn=ben,cn=Users,cn=COMPANY,cn=COM,cn=TN
23:30:49.345 [http-bio-8080-exec-8] DEBUG o.s.s.l.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=ben,cn=Users,cn=COMPANY,cn=COM,cn=TN
23:30:52.371 [http-bio-8080-exec-8] DEBUG o.s.s.l.a.BindAuthenticator - Failed to bind as cn=ben,cn=Users: org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580

Sorry, it was a stupid mistake: I used CN instead of DC.

Processing SAML response with Spring SAML

I developed a Service Provider by using Spring SAML.
I've configured several IdPs, each of them with a different naming conventions for the attributes.
Could I log (on Tomcat's logs/catalina.out file) an entire SAML response after a successful AuthN process?
Are there some native features in order to define an association between a certain IdP's EntityID and the attribute that maps the returned userID?
I'm also reading about the OID format: how can I properly decode this kind of data?
Update:
About the first question, according to the documentation, I setup up both debug logging and authentication logging as follows:
// Logger for SAML messages and events
#Bean
public SAMLDefaultLogger samlDefaultLogger() {
SAMLDefaultLogger samlDefaultLogger = new SAMLDefaultLogger();
samlDefaultLogger.setLogMessages(true);
samlDefaultLogger.setLogErrors(true);
return samlDefaultLogger;
}
Then, by defining a log4j.properties as follows:
log4j.logger.org.springframework.security.saml=DEBUG
log4j.logger.org.opensaml=DEBUG
And by properly configuring the Maven pom.xml
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
Despite that, the complete SAML response doesn't appear (I'm expecting an XML message). The output is as follows:
[2014-07-29 14:13:51.985] boot - 1118 DEBUG [http-bio-443-exec-38] --- MetadataCredentialResolver: Attempting to retrieve credentials from cache using index: [http:/test.idp.prv/services/trust,{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor,urn:oasis:names:tc:SAML:2.0:protocol,SIGNING]
[2014-07-29 14:13:51.985] boot - 1118 DEBUG [http-bio-443-exec-38] --- MetadataCredentialResolver: Retrieved credentials from cache using index: [http:/test.idp.prv/services/trust,{urn:oasis:names:tc:SAML:2.0:metadata}IDPSSODescriptor,urn:oasis:names:tc:SAML:2.0:protocol,SIGNING]
[2014-07-29 14:13:51.985] boot - 1118 DEBUG [http-bio-443-exec-38] --- EvaluableCredentialCriteriaRegistry: Registry located evaluable criteria class org.opensaml.xml.security.credential.criteria.EvaluableUsageCredentialCriteria for criteria class org.opensaml.xml.security.criteria.UsageCriteria
[2014-07-29 14:13:51.986] boot - 1118 DEBUG [http-bio-443-exec-38] --- EvaluableCredentialCriteriaRegistry: Registry located evaluable criteria class org.opensaml.xml.security.credential.criteria.EvaluableKeyAlgorithmCredentialCriteria for criteria class org.opensaml.xml.security.criteria.KeyAlgorithmCriteria
[2014-07-29 14:13:51.986] boot - 1118 DEBUG [http-bio-443-exec-38] --- EvaluableCredentialCriteriaRegistry: Registry located evaluable criteria class org.opensaml.xml.security.credential.criteria.EvaluableEntityIDCredentialCriteria for criteria class org.opensaml.xml.security.criteria.EntityIDCriteria
[2014-07-29 14:13:51.986] boot - 1118 DEBUG [http-bio-443-exec-38] --- EvaluableCredentialCriteriaRegistry: Registry could not locate evaluable criteria for criteria class org.opensaml.security.MetadataCriteria
[2014-07-29 14:13:51.987] boot - 1118 DEBUG [http-bio-443-exec-38] --- BaseSignatureTrustEngine: Attempting to verify signature and establish trust using KeyInfo-derived credentials
[2014-07-29 14:13:51.987] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: Found 0 key names: []
[2014-07-29 14:13:51.987] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: Processing KeyInfo child with qname: {http://www.w3.org/2000/09/xmldsig#}X509Data
[2014-07-29 14:13:51.987] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: Provider org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
[2014-07-29 14:13:51.988] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: Provider org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider doesn't handle objects of type {http://www.w3.org/2000/09/xmldsig#}X509Data, skipping
[2014-07-29 14:13:51.988] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: Processing KeyInfo child {http://www.w3.org/2000/09/xmldsig#}X509Data with provider org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider
[2014-07-29 14:13:51.988] boot - 1118 DEBUG [http-bio-443-exec-38] --- InlineX509DataProvider: Attempting to extract credential from an X509Data
[2014-07-29 14:13:51.993] boot - 1118 DEBUG [http-bio-443-exec-38] --- InlineX509DataProvider: Found 1 X509Certificates
[2014-07-29 14:13:51.993] boot - 1118 DEBUG [http-bio-443-exec-38] --- InlineX509DataProvider: Found 0 X509CRLs
[2014-07-29 14:13:51.993] boot - 1118 DEBUG [http-bio-443-exec-38] --- InlineX509DataProvider: Single certificate was present, treating as end-entity certificate
[2014-07-29 14:13:51.994] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: Credentials successfully extracted from child {http://www.w3.org/2000/09/xmldsig#}X509Data by provider org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider
[2014-07-29 14:13:51.994] boot - 1118 DEBUG [http-bio-443-exec-38] --- BasicProviderKeyInfoCredentialResolver: A total of 1 credentials were resolved
[2014-07-29 14:13:51.994] boot - 1118 DEBUG [http-bio-443-exec-38] --- EvaluableCredentialCriteriaRegistry: Registry could not locate evaluable criteria for criteria class org.opensaml.xml.security.keyinfo.KeyInfoCriteria
[2014-07-29 14:13:51.994] boot - 1118 DEBUG [http-bio-443-exec-38] --- SignatureValidator: Attempting to validate signature using key from supplied credential
[2014-07-29 14:13:51.994] boot - 1118 DEBUG [http-bio-443-exec-38] --- SignatureValidator: Creating XMLSignature object
[2014-07-29 14:13:51.995] boot - 1118 DEBUG [http-bio-443-exec-38] --- SignatureValidator: Validating signature with signature algorithm URI: http://www.w3.org/2000/09/xmldsig#rsa-sha1
[2014-07-29 14:13:51.995] boot - 1118 DEBUG [http-bio-443-exec-38] --- SignatureValidator: Validation credential key algorithm 'RSA', key instance class 'sun.security.rsa.RSAPublicKeyImpl'
[2014-07-29 14:13:51.999] boot - 1118 DEBUG [http-bio-443-exec-38] --- SignatureValidator: Signature validated with key from supplied credential
[2014-07-29 14:13:51.999] boot - 1118 DEBUG [http-bio-443-exec-38] --- BaseSignatureTrustEngine: Signature validation using candidate credential was successful
[2014-07-29 14:13:51.999] boot - 1118 DEBUG [http-bio-443-exec-38] --- BaseSignatureTrustEngine: Successfully verified signature using KeyInfo-derived credential
[2014-07-29 14:13:51.999] boot - 1118 DEBUG [http-bio-443-exec-38] --- BaseSignatureTrustEngine: Attempting to establish trust of KeyInfo-derived credential
[2014-07-29 14:13:51.999] boot - 1118 DEBUG [http-bio-443-exec-38] --- ExplicitKeyTrustEvaluator: Successfully validated untrusted credential against trusted key
[2014-07-29 14:13:52.000] boot - 1118 DEBUG [http-bio-443-exec-38] --- BaseSignatureTrustEngine: Successfully established trust of KeyInfo-derived credential
[2014-07-29 14:13:52.000] boot - 1118 DEBUG [http-bio-443-exec-38] --- WebSSOProfileConsumerImpl: Processing Bearer subject confirmation
[2014-07-29 14:13:52.000] boot - 1118 DEBUG [http-bio-443-exec-38] --- WebSSOProfileConsumerImpl: Verifying received AuthnContext org.opensaml.saml2.core.impl.AuthnContextImpl#3ab2fc5f against requested null
[2014-07-29 14:13:52.001] boot - 1118 INFO [http-bio-443-exec-38] --- PrismaUserDetailsServiceImpl: SAML Response EntityID: urn:com:vdenotaris:mysp
[2014-07-29 14:13:52.001] boot - 1118 INFO [http-bio-443-exec-38] --- PrismaUserDetailsServiceImpl: SAML Response RemoteEntityID: http:/test.idp.prv/services/trust
Note that the last two lines are defined manually by me.

You can use either debug logging (chapter 6.5), or authentication log (chapter 9.5) with logMessages property set to true. Both are able to log messages to catalina.out (as they just send logs to slf4j).
No, you need to implement such logic to your SAMLUserDetailsService
You can load all received attributes from the SAMLCredential object by calls to getAttributeByName and getAttributes, the returned Attribute object contains methods which allow you to parse any received attribute structure. There are no specific parsers included inside Spring SAML.
The attributes with data in some OID type are typically encoded as xsd:string or xsd:xsd:base64Binary and you can get the raw string value for both as in the example of chapter 9.4. Providing additional possibilities to parse the encoded string into a corresponding Java type (based on OID) is out of scope for Spring SAML.
Is there some paricular type/OID you're interested it? Are you referring to this profile?

How about adding this:
log4j.logger.PROTOCOL_MESSAGE=DEBUG
Or this for Logback:
<logger name="PROTOCOL_MESSAGE" level="DEBUG" />