Problems configuring https for Active Mq broker created in spring - spring

Edit
From some experimentation I have noticed if I change my connector to:
<amq:transportConnector name="ssl" uri="ssl://localhost:61617"/>
Everything works fine, so I believe the problem is related to me needing some sort of additional configuration when using an https connector. Unfortunately the information available consists of http://activemq.apache.org/http-and-https-transports-reference.html and http://docs.codehaus.org/display/JETTY/How%20to%20configure%20SSL. Perhaps I am missing an additional step?
I have followed these instructions: http://activemq.apache.org/how-do-i-use-ssl.html
I have created a certificate as follows:
sudo keytool -keystore broker.ks -alias jetty -genkey -keyalg RSA
I have then put the broker.ks file on the classpath of my project in eclipse. I then have the following spring configuration:
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:amq="http://activemq.apache.org/schema/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd">
<amq:broker useJmx="false" persistent="false">
<amq:persistenceAdapter>
<amq:kahaDB />
</amq:persistenceAdapter>
<!-- Configure ssl -->
<amq:sslContext>
<amq:sslContext keyStore="broker.ks" keyStorePassword="password"/>
</amq:sslContext>
<!-- Only allow connection through http -->
<amq:transportConnectors>
<amq:transportConnector name="https" uri="https://localhost:443"/>
</amq:transportConnectors>
</amq:broker>
My keystore is definately on the classpath and the password is definately 'password' for both my password and key. However on running the application I am prompted with:
org.eclipse.jetty.ssl.password
I then enter 'password', then I am prompted with:
org.eclipse.jetty.ssl.keypassword
I enter 'password' again an receive:
WARN : org.eclipse.jetty.util.log - FAILED SslSocketConnector#localhost:443: java.net.BindException: Permission denied
WARN : org.eclipse.jetty.util.log - FAILED org.eclipse.jetty.server.Server#225f1ae9: java.net.BindException: Permission denied
ERROR: org.apache.activemq.broker.BrokerService - Failed to start ActiveMQ JMS Message Broker. Reason: java.net.BindException: Permission denied
java.net.BindException: Permission denied
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:383)
at java.net.ServerSocket.bind(ServerSocket.java:328)
at java.net.ServerSocket.<init>(ServerSocket.java:194)
at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:106)
at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.<init>(SSLServerSocketImpl.java:108)
at com.sun.net.ssl.internal.ssl.SSLServerSocketFactoryImpl.createServerSocket(SSLServerSocketFactoryImpl.java:72)
at org.eclipse.jetty.server.ssl.SslSocketConnector.newServerSocket(SslSocketConnector.java:378)
at org.eclipse.jetty.server.bio.SocketConnector.open(SocketConnector.java:75)
at org.eclipse.jetty.server.AbstractConnector.doStart(AbstractConnector.java:358)
at org.eclipse.jetty.server.bio.SocketConnector.doStart(SocketConnector.java:146)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at org.eclipse.jetty.server.Server.doStart(Server.java:253)
at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
at org.apache.activemq.transport.http.HttpTransportServer.doStart(HttpTransportServer.java:119)
at org.apache.activemq.transport.https.HttpsTransportServer.doStart(HttpsTransportServer.java:66)
at org.apache.activemq.util.ServiceSupport.start(ServiceSupport.java:53)
at org.apache.activemq.broker.TransportConnector.start(TransportConnector.java:246)
at org.apache.activemq.broker.BrokerService.startTransportConnector(BrokerService.java:2162)
at org.apache.activemq.broker.BrokerService.startAllConnectors(BrokerService.java:2073)
at org.apache.activemq.broker.BrokerService.start(BrokerService.java:519)
at org.apache.activemq.xbean.XBeanBrokerService.afterPropertiesSet(XBeanBrokerService.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1536)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.apache.xbean.spring.context.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:161)
at org.apache.xbean.spring.context.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:51)
at com.bbconnecttxt.activeMq.Broker.main(Broker.java:7)
From what I am aware I shouldn't be prompted to enter password at all.

Some operating systems require superuser (root) privileges to bind a connection to a privileged port (ports below 1024).
The following message basically reports that you are trying to bind to a port 443 (which is a privileged port) and you are not allowed to do this by the OS:
WARN : org.eclipse.jetty.util.log - FAILED SslSocketConnector#localhost:443: java.net.BindException: Permission denied
Try to configure the HTTPS for the ActiveMQ server to use port higher than 1024 for HTTPS, e.g. 8443. In general, it would be possible to run ActiveMQ under root user (not recommended), or use a tool like authbind, but reconfiguring the port should be the most easy change.

Related

FileNet Configuration Manager fails to connect to WebSphere Application Server

I have an issue with FileNet configuration manager connecting to WAS when configuring CPE. Details are below
OS : Windows 10 Enterprise (This is where CPE 5.5 is installed)
WAS : 8.5.5.13
WAS Java : 1.8_64_bundled
FN Config Details
I'm able to login to WAS console and the SOAP port is also correct.
Things that I tried,
adding -Dhttps.protocols="TLSv1,TLSv1.1,TLSv1.2" in configmgr.ini of FileNet configuration manager
Verified SSL configuration on WAS
But noting seems to work. I see below error message on the FileNet configuration manager logs
!ENTRY com.ibm.ecm.configmgr.engine 4 0 2018-06-27 15:45:09.289
!MESSAGE An invalid profile path was specified. C:\IBM\FileNet\ContentEngine\tools\configure\profiles\dotnetclient does not contain any configuration information.
!SESSION 2018-06-27 16:05:40.995 -----------------------------------------------
eclipse.buildId=unknown
java.fullversion=JRE 1.7.0 IBM J9 2.6 Windows 8 x86-32 20170718_357001 (JIT disabled, AOT disabled)
J9VM - R26_Java726_SR10_20170718_1208_B357001
GC - R26_Java726_SR10_20170718_1208_B357001
J9CL - 20170718_357001
BootLoader constants: OS=win32, ARCH=x86, WS=win32, NL=en_US
Framework arguments: gui
Command-line arguments: -os win32 -ws win32 -arch x86 gui
!ENTRY com.ibm.ecm.configmgr.app.ce 4 0 2018-06-27 16:13:56.518
!MESSAGE Connection error: The connection to the application server cannot be established. Ensure the application server is running and that the SOAP connector port and host name are correct.
!STACK 0
com.ibm.ecm.configmgr.engine.ConfigurationManagerException: Connection error: The connection to the application server cannot be established. Ensure the application server is running and that the SOAP connector port and host name are correct.
at com.ibm.ecm.configmgr.engine.jmx.JMXInvoker.invokeConnectMethodAndMethods(JMXInvoker.java:243)
at com.ibm.ecm.configmgr.engine.jmx.JMXInvoker.invokeConnectMethodAndMethod(JMXInvoker.java:142)
at com.ibm.ecm.configmgr.engine.jmx.WebSphereJMXInvoker.connect(WebSphereJMXInvoker.java:86)
at com.ibm.ecm.configmgr.app.ce.applicationserver.WebsphereApplicationServer$TestActivity.testWork(WebsphereApplicationServer.java:371)
at com.ibm.ecm.configmgr.engine.profile.EnvironmentTestActivity.test(EnvironmentTestActivity.java:64)
at com.ibm.ecm.configmgr.ui.wizards.NewProfileWizardPageGetProfileEnvironmentProps$7.widgetSelected(NewProfileWizardPageGetProfileEnvironmentProps.java:604)
at org.eclipse.swt.widgets.TypedListener.handleEvent(TypedListener.java:240)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754)
at org.eclipse.jface.window.Window.runEventLoop(Window.java:825)
at org.eclipse.jface.window.Window.open(Window.java:801)
at com.ibm.ecm.configmgr.app.ce.handlers.ProfileNewHandler.execute(ProfileNewHandler.java:67)
at org.eclipse.ui.internal.handlers.HandlerProxy.execute(HandlerProxy.java:293)
at org.eclipse.core.commands.Command.executeWithChecks(Command.java:476)
at org.eclipse.core.commands.ParameterizedCommand.executeWithChecks(ParameterizedCommand.java:508)
at org.eclipse.ui.internal.handlers.HandlerService.executeCommand(HandlerService.java:169)
at org.eclipse.ui.internal.handlers.SlaveHandlerService.executeCommand(SlaveHandlerService.java:241)
at org.eclipse.ui.menus.CommandContributionItem.handleWidgetSelection(CommandContributionItem.java:829)
at org.eclipse.ui.menus.CommandContributionItem.access$19(CommandContributionItem.java:815)
at org.eclipse.ui.menus.CommandContributionItem$5.handleEvent(CommandContributionItem.java:805)
at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:84)
at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:1053)
at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:4165)
at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3754)
at org.eclipse.ui.internal.Workbench.runEventLoop(Workbench.java:2701)
at org.eclipse.ui.internal.Workbench.runUI(Workbench.java:2665)
at org.eclipse.ui.internal.Workbench.access$4(Workbench.java:2499)
at org.eclipse.ui.internal.Workbench$7.run(Workbench.java:679)
at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:332)
at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:668)
at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:149)
at com.ibm.ecm.configmgr.app.ce.rcp.Application.start(Application.java:86)
at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110)
at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:344)
at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:622)
at org.eclipse.equinox.launcher.Main.basicRun(Main.java:577)
at org.eclipse.equinox.launcher.Main.run(Main.java:1410)
Caused by: java.lang.Exception: The connection to the application server cannot be established. Ensure the application server is running and that the SOAP connector port and host name are correct.
at com.ibm.ecm.configmgr.utils.websphere.WebSphereJMXUtil.connect(WebSphereJMXUtil.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at com.ibm.ecm.configmgr.engine.jmx.JMXInvoker.invokeConnectMethodAndMethods(JMXInvoker.java:191)
... 45 more
*************************telenet response**************************
When did telenet and after a few seconds, I see the below error
HTTP/1.1 408 Request Timeout Content-Type: text/html Content-Length: 117 Connection: close <HTML><TITLE>408 - Request Timeout</TITLE><BODY><h1>408 Connection timed out while reading request</h1></BODY></HTML> Connection to host lost. C:\Windows\system32>
*****************************workaround*****************************
Ok once the profile is created and ran first steps, I disabled global security and restarted websphere. Configuration manager is able to connect to WAS now (looks like issue with security. I verified Quality of protection (QoP) settings
with ssl.client.properties and it was selected as TLSv2. Then I changed it to TSLv1.2 and modified ssl.client.properties also. Still it did not work) I will updated this topic later.
Check default path Webshere.
C:\Program Files\IBM\WebSphere\AppServer
C:\Program Files\IBM\WebSphere\AppServer\profiles\your_profile
VS
C:\Program Files (x86)\IBM\WebSphere\AppServer
C:\Program Files (x86)\IBM\WebSphere\AppServer\profiles\your_profile
The Configuration Manager right now seems to support only older protocols. If you specify TLSv1 in WebSphere console, as opposed to TLSv1.2 for example, Test Connection will work. That will create you another problem though. Newer browsers don't support older protocols and you will not be able to open your WebSphere console in say, Firefox. On Windows, you can use your old but still included IE configured to use these older protocols - Tools -> Internet Options -> Advanced -> Security -> Use * . You'll get your console back that way.

Jboss Https configuration with p7b certificate fails

We are implementing Http to Https conversion for our application, which uses Jboss as the application server. We made the following changes in the standalone.xml file.
<subsystem xmlns="urn:jboss:domain:web:1.1" native="false" default-virtual-server="default-host">
<connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
<ssl name="ssl" key-alias="mykey" password="changeit" certificate-key-file="C:\Programs\Siemens\JBoss7.1.0\domain\configuration\winstore.jks" protocol="TLSv1" verify-client="false"/>
</connector>
<virtual-server name="default-host" enable-welcome-root="false">
<alias name="localhost"/>
<alias name="example.com"/>
</virtual-server>
</subsystem>
The keystore command lists the presence of the key as below:
[code=java]C:\Programs\Siemens\JBoss7.1.0\domain\configuration>keytool -list -keystore C:\Programs\Siemens\JBoss7.1.0\domain\configuration\winstore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
mykey, Jun 23, 2017, trustedCertEntry,
Certificate fingerprint (SHA1): 8D:64:10:8B:F6:0D:1E:17:01:52:1C:97:8A:89:75:80:2D:2F:45:6B
We received the certificate from our certification team in p7b format, which we had to convert to CER format and then add it to keystore - winstore.jks which we are using in the path above. But with the above configurations in place, we are getting the below error while trying to restart jBoss.
11:46:19,692 ERROR [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-4) Error initializing endpoint: java.io.IOException: Alias name mykey does not identify a key entry
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:517) [jbossweb-7.0.10.Final.jar:]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:452) [jbossweb-7.0.10.Final.jar:]
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:168) [jbossweb-7.0.10.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:977) [jbossweb-7.0.10.Final.jar:]
at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:190) [jbossweb-7.0.10.Final.jar:]
at org.apache.catalina.connector.Connector.init(Connector.java:983) [jbossweb-7.0.10.Final.jar:]
at org.jboss.as.web.WebConnectorService.start(WebConnectorService.java:267) [jboss-as-web-7.1.0.Final.jar:7.1.0.Final]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) [jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_75]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_75]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_75]
Please let us know what could be the potential problem as these are our initial steps towards understanding Https.
Please note that if the certificate is a self signed one, the problem is not coming into picture.
Thanks,
Pavan.2

WSO2 VFS FTP Proxy does not read parameters

I have written a proxy service and deployed on WSO2 ESB 5 to receive some file content via http and use vfs transport to transfer that content to an ftp server. The service works as expected when I specify the connection parameters correctly but when I specify something wrong on the connection string to simulate a down server, I can not manage to control the behavior of the VFS transport using the parameters specified in [1]. What I'm looking for is to short the delay between the error occurred in VFS and the fault exception catched by Axis;
As you are going to see below I specify 0 retries and 0 wait time between retries but it seems the VFSTransportSender class is not able to read somehow those values because it does all the time the same number of retries and it waits the same number of seconds each time it is executed, I also changed the values and put others but the result is always the same, the server is always retrying 3 more times with 30 seconds delay between each other besides the original request before Axis is able to receive some information related to the error.
Here is my proxy service that works without any issues:
<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
name="ftpProxy"
startOnLoad="true"
statistics="disable"
trace="disable"
transports="https,http">
<target>
<inSequence>
<log level="full"/>
<property expression="json-eval($.key)" name="file_name"/>
<property name="OUT_ONLY" value="true"/>
<property name="FORCE_SC_ACCEPTED" scope="axis2" value="true"/>
<property name="HTTP_SC" scope="axis2" value="200"/>
<property expression="fn:concat(get-property('file_name'), '.json')"
name="transport.vfs.ReplyFileName"
scope="transport"/>
<property name="OUT_ONLY" value="true"/>
</inSequence>
<endpoint name="ftp_endpoint">
<address uri="vfs:ftp://jairof_ftp:passftp#localhost:21">
<timeout>
<duration>2000</duration>
<responseAction>fault</responseAction>
</timeout>
<suspendOnFailure>
<errorCodes>-1</errorCodes>
<progressionFactor>1.0</progressionFactor>
</suspendOnFailure>
<markForSuspension>
<errorCodes>-1</errorCodes>
</markForSuspension>
</address>
</endpoint>
</target>
<parameter name="transport.vfs.ReconnectTimeout">0</parameter>
<parameter name="transport.vfs.MaxRetryCount">0</parameter>
<description/>
</proxy>
And when I want to simulate the server is not reachable I just modify the address URI and I put this one where the user is incorrect:
<address uri="vfs:ftp://ja8irof_ftp:passftp#localhost:21">
I have also tried to set the transport.vfs parameters as properties before calling the endpoint but the result is exactly the same
Here you can inspect part of the log file where I cut some parts of the stack trace to keep the post simple:
[2016-10-29 12:23:01,134] ERROR - VFSTransportSender cannot resolve replyFile
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:23:34,223] ERROR - VFSTransportSender cannot resolve replyFile
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:24:07,842] ERROR - VFSTransportSender cannot resolve replyFile
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:24:07,844] ERROR - VFSTransportSender cannot resolve replyFile repeatedly: Could not connect to FTP server on "localhost".
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
[2016-10-29 12:24:07,846] ERROR - Axis2Sender Unexpected error during sending message out
org.apache.axis2.AxisFault: cannot resolve replyFile repeatedly: Could not connect to FTP server on "localhost".
... (the rest of stack trace)
...
Caused by: org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "localhost".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:275)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.createClient(FTPClientWrapper.java:100)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.getFtpClient(FTPClientWrapper.java:134)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.<init>(FTPClientWrapper.java:59)
at org.apache.commons.vfs2.provider.ftp.FtpFileProvider.doCreateFileSystem(FtpFileProvider.java:128)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:155)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:119)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:88)
at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:738)
at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:626)
at org.apache.synapse.transport.vfs.VFSTransportSender.writeFile(VFSTransportSender.java:233)
... 19 more
Caused by: org.apache.commons.vfs2.FileSystemException: Could not login to FTP server on "localhost" as user "ja8irof_ftp".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory.createConnection(FtpClientFactory.java:210)
... 29 more
Please send me any comments, suggestions... I would appreciate so much, thanks in advance for your time.
[1] https://docs.wso2.com/display/ESB500/VFS+Transport
Try appending parameters to the endpoint URL, like this.
<address uri="vfs:ftp://ja8irof_ftp:passftp#localhost:21?transport.vfs.MaxRetryCount=0&transport.vfs.ReconnectTimeout=0"/>

Error with datastax enterprise with hadoop enable and kerberos enable

I have configured dse with hadoop enable and kerberos authentication. But I see this ERROR in the log. I can execute dse hadoop fs commands and nodetool commands but cannot run map reduce jobs.
The following is the log :-
ERROR [TASK-TRACKER-INIT] 2014-02-07 20:45:03,813 TaskTrackerRunner.java (line 128) Hadoop Task Tracker caused an exception in state STARTING:
java.io.IOException: Cannot run program "/usr/share/dse/hadoop/native/Linux-amd64- 64/bin/task-controller" (in directory "."): error=13, Permission denied
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1041)
at org.apache.hadoop.util.Shell.startProcess(Shell.java:199)
at org.apache.hadoop.util.Shell.runCommand(Shell.java:225)
at org.apache.hadoop.util.Shell.run(Shell.java:182)
at org.apache.hadoop.util.Shell$ShellCommandExecutor.execute(Shell.java:401)
at org.apache.hadoop.mapred.LinuxTaskController.setup(LinuxTaskController.java:137)
at org.apache.hadoop.mapred.TaskTracker.<init>(TaskTracker.java:1470)
at com.datastax.bdp.hadoop.mapred.TaskTrackerRunner.initService(TaskTrackerRunner.java:104)
at com.datastax.bdp.hadoop.mapred.TaskTrackerRunner.initService(TaskTrackerRunner.java:31)
at com.datastax.bdp.hadoop.mapred.ServiceRunner.run(ServiceRunner.java:121)
at java.lang.Thread.run(Thread.java:724)
Caused by: java.io.IOException: error=13, Permission denied
at java.lang.UNIXProcess.forkAndExec(Native Method)
at java.lang.UNIXProcess.<init>(UNIXProcess.java:135)
at java.lang.ProcessImpl.start(ProcessImpl.java:130)
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1022)
... 10 more
ERROR [Thrift:8] 2014-02-07 20:45:12,624 TNegotiatingServerTransport.java (line 293) An error occurred during transport negotiation
com.datastax.bdp.transport.common.TTransportNegotiationException: Improper authentication type requested. Requested auth: No authentication with service principal: FRAMED_TRANSPORT_FAKE_PRINCIPAL, Allowed auth: Kerberos
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getUnderlyingFactory(TNegotiatingServerTransport.java:485)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.handleTransportNegotiation(TNegotiatingServerTransport.java:286)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:192)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:517)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:408)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:193)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
ERROR [Thrift:8] 2014-02-07 20:45:12,625 TNegotiatingServerTransport.java (line 524) Failed to open server transport.
com.datastax.bdp.transport.common.TTransportNegotiationException: An error occurred during transport negotiation
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.handleTransportNegotiation(TNegotiatingServerTransport.java:294)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:192)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:517)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:408)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:193)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: com.datastax.bdp.transport.common.TTransportNegotiationException: Improper authentication type requested. Requested auth: No authentication with service principal: FRAMED_TRANSPORT_FAKE_PRINCIPAL, Allowed auth: Kerberos
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getUnderlyingFactory(TNegotiatingServerTransport.java:485)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.handleTransportNegotiation(TNegotiatingServerTransport.java:286)
... 7 more
ERROR [Thrift:8] 2014-02-07 20:45:12,626 CustomTThreadPoolServer.java (line 219) Error occurred during processing of message.
java.lang.RuntimeException: Failed to open server transport: unknown
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:525)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:408)
at org.apache.cassandra.thrift.CustomTThreadPoolServer$WorkerProcess.run(CustomTThreadPoolServer.java:193)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
Caused by: com.datastax.bdp.transport.common.TTransportNegotiationException: An error occurred during transport negotiation
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.handleTransportNegotiation(TNegotiatingServerTransport.java:294)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.open(TNegotiatingServerTransport.java:192)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getTransport(TNegotiatingServerTransport.java:517)
... 5 more
Caused by: com.datastax.bdp.transport.common.TTransportNegotiationException: Improper authentication type requested. Requested auth: No authentication with service principal: FRAMED_TRANSPORT_FAKE_PRINCIPAL, Allowed auth: Kerberos
at com.datastax.bdp.transport.server.TNegotiatingServerTransport$Factory.getUnderlyingFactory(TNegotiatingServerTransport.java:485)
at com.datastax.bdp.transport.server.TNegotiatingServerTransport.handleTransportNegotiation(TNegotiatingServerTransport.java:286)
... 7 more
WARN [TASK-TRACKER-INIT] 2014-02-07 20:45:13,828 MetricsSystemImpl.java (line 200) Source name ugi already exists!
This is the task controller :-
-rwsr-x--- 1 root cassandra 40111 Jan 9 18:14 /usr/share/dse/hadoop/native/Linux-amd64-64/bin/task-controller
I am using
DSE 3.2.3
Java 1.7.0_25
I have configured properly in cassandra.yaml, dse.yaml, core-site.xml, mapre-site.xml, /etc/default/dse files
You should not start the daemon from root home directory. This sounds weird but try to start the daemon other than root home Directory.
/usr/share/dse/hadoop/native/Linux-amd64- 64/bin/task-controller" (in directory "."): error=13, Permission denied
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1041)
Above clearly shows the user doesn't have the permission to run it. Change the permission so that it has execute permission for the user. Use chmod to change the permission

Tomcat 6/7 JNDI with multiple datasources

When there are more than one <Resource> elements in context.xml and more than one <resource-ref> elements in web.xml, my application begins to throw
TNS:no appropriate service handler found
and
ORA-01017: invalid username/password; logon denied
However, if there is only one of the data sources in JNDI, meaning the other one use regular JDBC data source, the application runs like a charm
Both data sources come from same db URL but use different schema.
My guess is that it may be caused by the same database URL of each resources with different username/password(schema). But tomcat should be capable of handling such situation, so my reasoning is that there maybe some configuration I missed?
Another interesting finding is:
When I use jdbc url jdbc:oracle:thin:#myhost:1521:orcl with SQL Developer to setup a connection, sometimes it connects without issue, but sometimes it gets rejected with the same issue: appropriate service handler found while this web application is active at the same time. However, the same JDBC URL works fine with another Spring application with regular JDBC connection(not JNDI). So what is the trick?
Here are the details of current config:
In Context.xml
<Resource name="jdbc/app_A" auth="Container" type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:#myhost:1521:orcl"
username="usernameA" password="passwordA" maxActive="20" maxIdle="10" maxWait="-1" />
<Resource name="jdbc/app_B" auth="Container" type="javax.sql.DataSource"
driverClassName="oracle.jdbc.driver.OracleDriver" url="jdbc:oracle:thin:#myhost:1521:orcl"
username="usernameB" password="usernameB" maxActive="20" maxIdle="10" maxWait="-1" />
In Web.xml of the application:
<resource-ref>
<description>Oracle Datasource for app_A</description>
<res-ref-name>jdbc/app_A</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
<resource-ref>
<description>Oracle Datasource for app_B</description>
<res-ref-name>jdbc/app_B</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
In ApplicationContext.xml
<jee:jndi-lookup id="dataSource1" jndi-name="java:comp/env/jdbc/app_A" resource-ref="true" />
<jee:jndi-lookup id="dataSource2" jndi-name="java:comp/env/jdbc/app_B" resource-ref="true" />
And finally I get exception piled up like this:
Jan 31, 2013 3:36:55 PM org.apache.catalina.core.NamingContextListener addResource
WARNING: Failed to register in JMX: javax.naming.NamingException: ORA-01017: invalid username/password; logon denied
Jan 31, 2013 3:36:56 PM org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:412)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:531)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:221)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:503)
at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:699)
at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:631)
at org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:485)
at org.apache.tomcat.jdbc.pool.ConnectionPool.<init>(ConnectionPool.java:143)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.pCreatePool(DataSourceProxy.java:116)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:103)
at org.apache.tomcat.jdbc.pool.DataSourceFactory.createDataSource(DataSourceFactory.java:539)
at org.apache.tomcat.jdbc.pool.DataSourceFactory.getObjectInstance(DataSourceFactory.java:237)
at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:143)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at org.apache.naming.NamingContext.lookup(NamingContext.java:843)
at org.apache.naming.NamingContext.lookup(NamingContext.java:154)
at org.apache.naming.NamingContext.lookup(NamingContext.java:831)
at org.apache.naming.NamingContext.lookup(NamingContext.java:168)
at org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1061)
at org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:671)
at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:270)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5173)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:618)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1100)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1618)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: oracle.net.ns.NetException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
at oracle.net.ns.NSProtocol.connect(NSProtocol.java:385)
at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1042)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:301)
... 38 more
Jan 31, 2013 3:36:56 PM org.apache.catalina.core.NamingContextListener addResource
WARNING: Failed to register in JMX: javax.naming.NamingException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
Jan 31, 2013 3:36:56 PM org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.sql.SQLException: Listener refused the connection with the following error:
ORA-12519, TNS:no appropriate service handler found
Really not sure why the no appropriate service handler found error pops up, it seems the connection is not accepted/understood by orcl Listener.
Here is what I insert into persisntence.xml
<persistence-unit name="persistenceUnit1">
....
<jta-data-source>jdbc/app_A</jta-data-source>
....
</persistence-unit>
<persistence-unit name="persistenceUnit2">
....
<jta-data-source>jdbc/app_B</jta-data-source>
....
</persistence-unit>
ORA-12519, TNS:no appropriate service handler found error might be the result of using an old-style JDBC connection string. According to chapter 8 Data Sources and URLs of Oracle 11.1 JDBC Developer's Guide and Reference, connection string format is following:
jdbc:oracle:thin:#//host_name:port_number/service_name
There's also a note saying "Starting Oracle Database 10g, Oracle Service IDs are not supported". So the syntax you're using must have been suitable for Oracle 9i. It might work on newer versions, but that's not guaranteed.
So consider changing the format of your JDBC connection strings to follow the format suggested in the guide.
Also, for Oracle 9i onwards you should use oracle.jdbc.OracleDriver rather than oracle.jdbc.driver.OracleDriver as Oracle have stated that oracle.jdbc.driver.OracleDriver is deprecated and support for this driver class will be discontinued.

Resources