I know i can disable for the server or application in the xsp.properties via:
xsp.client.validation=false
And at the control level via:
disableClientSideValidation="true"
Short of setting disableClientSideValidation for each control, is there any way to disable at the XPage level?
Please try the following:
<?xml version="1.0" encoding="UTF-8"?>
<xp:view xmlns:xp="http://www.ibm.com/xsp/core">
<xp:this.properties>
<xp:parameter name="xsp.client.validation" value="false" />
</xp:this.properties>
</xp:view>
Related
We have a java application running on Webshere Application Server 8.5.5. There are two processes running in separate JVMs.
The application is doing some integration using an IBM Webshere Queue Manager and an Oracle 11c database. Both JMS and JDBC resources are configured to use XA transactions.
PROCESS 1:
Read a message from a MESSAGES queue and extract a message key used to identify related messages
Saves message to the database.
Check if the message key does not exist in a KEYS table and if it doesn't it inserts it
ONLY if the insert above happens it puts a message key into a KEYS queue
Commit the transaction
PROCESS 2:
Gets the message key from the KEYS queue
Deletes the message key from the KEYS table
Process all messages associated with received message key from MESSAGES table
What we observed is that in about 5 percent of the cases after getting the message key from the KEYS queue the PROCESS 2 sometimes cannot find the record to delete from the KEYS table just to become available milliseconds later. Trying to delete it multiple times fixed the problem but it became clear that even if PROCESS 1 is XA enabled it commits the JMS resource first and then the JDBC bringing for a very short period of time the data in an inconsistent state.
So here is my question:
Is there a way to force transaction manager to commit JDBC first and then the JMS?
We find this on IBM knowledge center and we try to configure commit-priority like this:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar-ext xmlns="http://websphere.ibm.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ejb-jar-ext_1_0.xsd"
version="1.0">
<session name="RepositoryInstanceFacade">
<resource-ref name="jms/MQConnectionFactory" commit-priority="1" isolation-level="TRANSACTION_READ_COMMITTED"/>
<resource-ref name="jdbc/MessageManagerDB" commit-priority="2" isolation-level="TRANSACTION_READ_COMMITTED"/>
</session>
</ejb-jar-ext>
However this did not solve our problem. I am sure we are not the only ones facing this problem but I just ran out of idea about what to try more. We ended up by putting the message key back in the KEYS queue and that solved the problem but it looks to me like a very unorthodox work around rather than a good solution for a critical 24 x 7 application.
Thank you in advance for your inputs.
UPDATE
I added this resource bindings file ibm-ejb-jar-bnd.xml file in the META-INF folder of my ejb application but still no luck. As part of the deployment I could see IBM manipulated that file and transformed it into an XMI file
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar-bnd
xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee
http://websphere.ibm.com/xml/ns/javaee/ibm-ejb-jar-bnd_1_0.xsd"
version="1.0">
<session name="RepositoryInstanceFacade">
<resource-ref name="jdbc/MessageManagerDB" binding-name="jdbc/MessageManagerDB"/>
</session>
</ejb-jar-bnd>
UPDATE 2
I ended up with below configuration in two JVMs each JVM running its own application:
application.xml:
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd"
version="6">
...
<resource-ref>
<description>XA Message Manager Data Source</description>
<res-ref-name>java:app/env/jdbc/MessageManagerDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</application>
ibm-aplication-bnd.xml:
<?xml version="1.0" encoding="UTF-8"?>
<application-bnd
xmlns="http://websphere.ibm.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee
http://websphere.ibm.com/xml/ns/javaee/ibm-application-bnd_1_0.xsd"
version="1.0">
<resource-ref name="java:app/env/jdbc/MessageManagerDB" binding-name="jdbc/MessageManagerDB"/>
</application-bnd>
ibm-ejb-jar-ext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar-ext xmlns="http://websphere.ibm.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ejb-jar-ext_1_0.xsd"
version="1.0">
<session name="RepositoryInstanceFacade">
<resource-ref name="java:app/env/jdbc/MessageManagerDB" isolation-level="TRANSACTION_READ_COMMITTED" commit-priority="2"/>
</session>
</ejb-jar-ext>
spring data source bean:
<jee:jndi-lookup id="messageManagerDB" jndi-name="java:app/env/jdbc/MessageManagerDB"/>
And run again my tests. I was very happy during the test run as no warning messages came in the logs. However giving the test was running for a few hours it was hard to manually check all the time. In the end there were still three warning messages showing that JMS message was still read from the queue before the database insert was available. Am I still missing something?
Note that I took out any setting for JMS connection factory as according with the IBM documentation it would stay set to zero so it would have a lower commit priority than JDBC.
UPDATE 3
As advised by the comment and by IBM support I ended up with the following settings below:
ejb-jar.xml:
<session name="RepositoryInstanceFacade">
...
<resource-ref>
<description>XA Message Manager Data Source</description>
<res-ref-name>jdbc/MessageManagerDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</session>
ibm-ejb-jar-bnd.xml:
<resource-ref name="jdbc/MessageManagerDB" binding-name="jdbc/MessageManagerDB"/>
ibm-ejb-jar-ext.xml:
<session name="RepositoryInstanceFacade">
<resource-ref name="jdbc/MessageManagerDB" isolation-level="TRANSACTION_READ_COMMITTED" commit-priority="2"/>
</session>
spring data source bean:
<jee:jndi-lookup id="messageManagerDB" jndi-name="java:comp/env/jdbc/MessageManagerDB"/>
With these settings in place JMS is still committed first and the JDBC last so it is still not working as expected.
Per the question that I asked in the comments, the resource reference is not actually being used to look up the resource, which is why the commit-priority attribute isn't being honored. In the UPDATE section of the question, you've gotten closer by adding the resource reference binding for the JDBC resource (you'll also need an equivalent for the JMS resource). You will also need to define the resource references in an ejb-jar.xml deployment descriptor (or annotation equivalent if you prefer), and then to look up the resources from your application, you need to use the namespace for the resource reference, which by default is java:comp/env, so you will need to look up the resources as java:comp/env/jms/MQConnectionFactory and java:comp/env/jdbc/MessageManagerDB. If you need visibility outside of the component level, you could would need to define at another scope such as java:module/env or java:app/env which would mean updating the resource reference name to the corresponding value as well.
UPDATE: example of ejb deployment descriptor/bindings/extensions with java:app name
ejb-jar.xml:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/javaee" version="3.0" metadata-complete="false">
<enterprise-beans>
<session>
<ejb-name>RepositoryInstanceFacade</ejb-name>
<resource-ref>
<description>XA Message Manager Data Source</description>
<res-ref-name>java:app/env/jdbc/MessageManagerDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
</session>
</enterprise-beans>
</ejb-jar>
ibm-ejb-jar-bnd.xml:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar-bnd xmlns="http://websphere.ibm.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ejb-jar-bnd_1_0.xsd"
version="1.0">
<session name="RepositoryInstanceFacade">
<resource-ref name="java:app/env/jdbc/MessageManagerDB" binding-name="jdbc/MessageManagerDB"/>
</session>
</ejb-jar-bnd>
ibm-ejb-jar-ext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar-ext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://websphere.ibm.com/xml/ns/javaee"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-ejb-jar-ext_1_0.xsd"
version="1.0">
<session name="RepositoryInstanceFacade">
<resource-ref name="java:app/env/jdbc/MessageManagerDB" isolation-level="TRANSACTION_READ_COMMITTED" commit-priority="2"/>
</session>
</ejb-jar-ext>
Application code to look up the data source and verify that the isolation level from the extensions is being used:
DataSource ds = InitialContext.doLookup("java:app/env/jdbc/MessageManagerDB");
Connection con = ds.getConnection();
try {
int iso = con.getTransactionIsolation();
System.out.println("Isolation level is " + iso);
} finally {
con.close();
}
If the above code outputs 2 (the value of java.sql.Connection.TRANSACTION_READ_COMMITTED), rather than the default isolation level of 4, this demonstrates that the bindings/extensions are being applied.
If after this point, you still don't seeing the commit-priority being honored, then it's a transaction management bug and I recommend reporting it to IBM support.
I need to know how I could disable ability to retrieve list of js/css files from browser when user tries to access resource folder instead of file itself (e.g. by typing http://domain/appname/resources/js) on webshere 8.5.
According IBM Knowledge Center documentation Web Container default value for directoryBrowsingEnabled is false which suggest that I do not necessary need define: <enable-directory-browsing value="false"/> on ibm-web-ext.xml in the first place.
On my case WebSphere generates ibm-web-ext.xml with content:
<?xml version="1.0" encoding="UTF-8"?>
<web-ext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://websphere.ibm.com/xml/ns/javaee"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-web-ext_1_0.xsd" version="1.0">
<jsp-attribute name="reloadEnabled" value="true"/>
<jsp-attribute name="reloadInterval" value="5"/>
</web-ext>
In case I modify and replace ibm-web-ext.xml with content:
<?xml version="1.0" encoding="UTF-8"?>
<web-ext xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://websphere.ibm.com/xml/ns/javaee"
xsi:schemaLocation="http://websphere.ibm.com/xml/ns/javaee http://websphere.ibm.com/xml/ns/javaee/ibm-web-ext_1_0.xsd" version="1.0">
<jsp-attribute name="reloadEnabled" value="true"/>
<jsp-attribute name="reloadInterval" value="5"/>
<enable-directory-browsing value="false"/>
</web-ext>
After application restart seems nothing changed.
Why CSS / JS resources files list accessible from browser even if directoryBrowsingEnabled flag is set to false? Seems like directoryBrowsingEnabled alone isn't enough. What do I missing?
If you want to disable static file browsing in the web application level, Set the "fileServingEnabled" property to FALSE as well in the ibm-web-ext.xml file.
fileServingEnabled="false"
If you want to disable it globally (All the applications in the application server), then Use the com.ibm.ws.webcontainer.disallowAllFileServing custom property
Short answer: directory browsing for WAS is already disabled by default.
Please note that 'directory browsing' mean to be FTP style directory browsing when user can navigate directories by clicking folders upwards / downwards.
My case browsers responds with 200 code by downloading folder as plain text file when user hits http://domain/appname/resources/js. So it's not previously mentioned 'FTP' style browsing case.
Along with other static resource configuration there was spring mvc resource tag.
<mvc:resources mapping="/**" location="/resources/" />
I do not think that tag alone was cause of this issue. However, by removing it resource directories URL no longer resulting in 200 status code.
By the way of removing
<mvc:resources mapping="/**" location="/resources/" />
The application also cannot retrieve some resources for displaying.
I'm building a restful API using Spring 4.1.6 and spring-boot-starter-data-rest.
To make the rest api fully functional I need the last piece of the puzzle: security. Now I noticed spring has it's own spring-security-* packages that can aid with that task.
I tried using spring-security-config and spring-security-web and it works like a charm, with the exception that if the user is not authenticated, spring will redirect the user to login, thus giving a HTML login form.
Because it's a Restful API, I just need an error to be returned in a JSON object if the user lacks the credentials or does not have enough permissions to read a particular resource.
I'm sure I'm not the first to ask this question and searched all over the web for people asking the same thing, but couldn't quite find was I was looking for. So.. should I continue my research in this direction with spring-security, or should I find something?
Any advice is welcome,
thank you
To change the Login Form response to a custom Http Response you need to configure a custom http response handler for Http Security config. If you are using xml for your security configuration use the configuration shown below, failureHandler used is the one available in Spring Security package. Update the URL to match yours.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd">
<!-- Rest authentication entry point configuration -->
<http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
<intercept-url pattern="/api/**" />
<sec:form-login authentication-failure-handler-ref="myFailureHandler" />
<logout />
</http>
<!-- Using default failure handler -->
<beans:bean id="myFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" />
</beans:beans>
I'm trying to connect Mule 3.5 to the Google API (Tasks, Calender etc) but I'm having all sorts of problems with the OAuth2 authentication.
Could anybody give me an example .xml file of a Mule project with a working Google OAuth2 Example (and maybe the settings in Google's API Console), please.
A link would do too.
You need to create an application in your Google Developer account (https://console.developers.google.com/) using the create project button. Take note of your project ID you will need this in the Google connector configuration.
You then need to click on the application and go to APIs & Auth. Make sure the API that you need is set to status 'ON'. In this case you probably want to turn Calendar on and anything else you don't need off. Be aware that significant numbers of calls to the Calendar service might incur costs or quota limits.
Also under the APIs & Auth section of the left side of the Google developer console you need to select credentials. Then click the red button Create new client ID. This will give you two critical pieces of information:
Client ID - This goes into your 'consumerKey' in the Google connector in Mule
Client Secret - This goes into your 'consumerSecret' in the Mule
connector
The other important thing to set up is the redirect URI. This will need to be something like:
http://localhost:8081/oauth2callback
This needs to match what you put into your connector configuration. If you're running your Mule server behind a firewall you will need to configure things such as your proxy so this callback can reach your server.
Here is a crude example that I've managed to get working. Be sure to replace the clientID clientSecret and application name as appropriate.
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:json="http://www.mulesoft.org/schema/mule/json"
xmlns:https="http://www.mulesoft.org/schema/mule/https"
xmlns:tracking="http://www.mulesoft.org/schema/mule/ee/tracking"
xmlns:objectstore="http://www.mulesoft.org/schema/mule/objectstore"
xmlns:http="http://www.mulesoft.org/schema/mule/http"
xmlns:google-calendars="http://www.mulesoft.org/schema/mule/google-calendars"
xmlns="http://www.mulesoft.org/schema/mule/core"
xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans" version="EE-3.4.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core
http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http
http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/google-calendars
http://www.mulesoft.org/schema/mule/google-calendars/1.0/mule-google-calendars.xsd
http://www.mulesoft.org/schema/mule/objectstore
http://www.mulesoft.org/schema/mule/objectstore/1.0/mule-objectstore.xsd
http://www.mulesoft.org/schema/mule/ee/tracking
http://www.mulesoft.org/schema/mule/ee/tracking/current/mule-tracking-ee.xsd
http://www.mulesoft.org/schema/mule/https
http://www.mulesoft.org/schema/mule/https/current/mule-https.xsd
http://www.mulesoft.org/schema/mule/json
http://www.mulesoft.org/schema/mule/json/current/mule-json.xsd">
<!-- The 'consumerKey' is Client ID of you google application
The 'consumerSecret' is the Client Secret of the google application
The 'applicationName' is the application name you supplied (or Google created for you) when you created your application
on the google developer console
-->
<google-calendars:config-with-oauth
name="Google_Calendars"
consumerKey="replace-with-client-ID"
consumerSecret="replace-with-client-secret" doc:name="Google Calendars"
applicationName="replace-with-application-name">
<!-- The values here need to match the redirect URL you authorized for your Google Application
In this case the callback URL would be http://localhost:8081/ouath2callback
-->
<google-calendars:oauth-callback-config
domain="localhost" localPort="8081" path="oauth2callback" remotePort="8081" />
</google-calendars:config-with-oauth>
<!-- This is the objectstore that stores your Auth key which is used in the second flow -->
<objectstore:config name="ObjectStore" doc:name="ObjectStore" />
<!-- The first flow is executed when you go to http://localhost:8080/oauth-authorize
It initiates the Google authentication and if successful gets the auth key and puts it into the object store -->
<flow name="authorizationAndAuthenticationFlow" doc:name="authorizationAndAuthenticationFlow">
<http:inbound-endpoint exchange-pattern="request-response"
host="localhost" port="8080" path="oauth-authorize" doc:name="HTTP" />
<google-calendars:authorize config-ref="Google_Calendars"
doc:name="Google Calendars" />
<!-- Your Auth token is store in the key 'accessTokenId' -->
<objectstore:store config-ref="ObjectStore" key="accessTokenId"
value-ref="#[flowVars['OAuthAccessTokenId']]" overwrite="true"
doc:name="ObjectStore" />
</flow>
<!-- This flow can be called after the authentication is complete. It uses the previously stored token and to retreive your
Calendars and return them as JSON -->
<flow name="getInformationFromCalendar" doc:name="getInformationFromCalendar">
<http:inbound-endpoint exchange-pattern="request-response"
host="localhost" port="8081" doc:name="HTTP" />
<!-- The enricher adds the access token to your message -->
<enricher target="#[flowVars['accessTokenId']]" doc:name="Message Enricher">
<objectstore:retrieve config-ref="ObjectStore"
key="accessTokenId" defaultValue-ref="#['']" doc:name="Get AccessToken" />
</enricher>
<expression-filter expression="#[flowVars['accessTokenId'] != '']"
doc:name="Is Access Token Set" />
<!-- gets your first 200 calendars using the accessToken that you enriched the message with-->
<google-calendars:get-calendar-list
config-ref="Google_Calendars" maxResults="200"
pageToken="#[flowVars['GoogleCalendar_NEXT_PAGE_TOKEN']]" doc:name="Google Calendars"
accessTokenId="#[flowVars['accessTokenId']]" />
<json:object-to-json-transformer
doc:name="Object to JSON" />
</flow>
</mule>
The Google Connectors Suite for Mule has a complete example, including a Mule XML configuration.
We've since published documentation on how to use OAuth connectors. Let us know if it's helpful.
I want to be able to process generic AJAX requests that do more than just updating an existent component. How can I override the default PartialViewContext in the FacexContext?
It would appear you can specify your own PartialViewContextFactory in the faces-config file, like this:
<faces-config ...>
<application>
<factory>
<partial-view-context-factory>
com.yourcompany.jsfextention.MyPartialViewContextFactory
</partial-view-context-factory>
</factory>
...
</application>
...
</faces-config>