Jason De Silva's Blog: 2015

Sunday, November 15, 2015

How to connect to informix db without username & password (Enable trusted connection)

IBM Informix DB supports trusted connections where you do not want to provide a user name and password when connecting to the DB. You can refer my previous blog from here to get started with informix from here. So lets see how we can make a trusted connection in informix and how to connect to the DB.

Step 1 Create a trusted connection in informix DB

For this you will need the ip of the connection that will try to connect to the DB and the user name of that respective connection. So in my example the details is as follows,

IP - 192.168.1.5
User - Simple

Launch a server instance and access the instance via "dbaccess". Navigate to "Query - Language" then you will be asked for a database to select. Select one of your desired databases and press "Enter". Now click on "New", you will be taken to the "Query Editor" (Refer below pic)

Now first grant permission to the user to enable him to grant privileges to create trusted connections for that you can use the following query,

1) GRANT DBSECADM TO {INFORMIX_USER};

Now that we granted the user permission to create trusted connections now lets look at the sample query that will enable informix to identify a user who is trying to connect to the DB without providing a username and password in the connection string.

2 ) CREATE TRUSTED CONTEXT tcx1 USER Sample ATTRIBUTES (ADDRESS '192.168.1.5') ENABLE;

3) GRANT CONNECT TO Sample;

In query 2 "Sample" is the username that I am going to provide permission to connect without providing a username and password. The address 192.168.1.5 is the address that the user will try to connect to the DB. Query 3 is to grant permission regarding to connection for the server. After executing the above two queries we have now configured user "Sample" to connect without username and password.

Step 2 Connect and test the trusted connection without credentials

I will be using DBeaver as the DB client to test this connection. DBeaver is a universal db connection tool which can be downloaded from here.

Now run the DBeaver client and create a new informix connection and provide the connection details as below.

jdbc:informix-sqli://192.168.1.5:9093/{DB_NAME}:INFORMIXSERVER={SERVER_NAME};TRUSTED_CONTEXT=TRUE

Now test the connection without providing a user name and password. You will be successfully connected to the DB(refer below pic).

Monday, November 2, 2015

Integrate WSO2 ESB as a message consumer from WSO2 MB using SSL

WSO2 ESB can be used to consume / produce messages to WSO2 MB via different ways. Using proxies, MS/MP & inbound endpoints. This post will be on how to use the ESB as a message consumer from WSO2 MB via SSL connection.

Step 1 Download the products

For this I am using WSO2 ESB 4.9.0 which can be found from here. WSO2 MB RC1 which can be found from here.

Step 2 Configure SSL in WSO2 MB and WSO2 ESB

WSO2 MB
To configure a new keystore and configure it in WSO2 MB refer my previous blog post from here. Also remember to set a port offset as 1 for WSO2 MB.

WSO2 ESB
In ESB side since we are using inbound endpoint it is very limited areas that we need to change.

Copy the client libraries from WSO2 MB which is located at {WSO2_MB_HOME}/client-libs to {WSO2_ESB_HOME}repository/components/lib
Configure the jndi.properties file as follows. The jndi file can be found at {WSO2_ESB_HOME}repository/conf

Create the queue connection factory as shown below

connectionfactory.QueueConnectionFactorySSL = amqp://admin:admin@carbon/carbon?brokerlist='tcp://localhost:8673?ssl='true'&ssl_cert_alias='RootCA'&trust_store='{PATH TO TRUST STORE}/client-truststore.jks'&trust_store_password='wso2carbon'&key_store='{PATH TO KEY STORE/mykeystore.jks'&key_store_password='mypkpasswordd''

Step 3 Creating a SSL enabled inbound endpoint in ESB

Now that we configure WSO2 MB and ESB lets create the queue and connect via SSL to MB. Navigate to WSO2 ESB console and click on inbound endpoint section. From there give a name and select JMS. Refer the below pic to complete the fields. Remember to point to the jndi file and also give the connection factory and the initial connection factory.

Step 4 Testing the connection

Ones the above inbound endpoint is created a queue will be created in WSO2 MB with an active subscription.

You can verify whether SSL is working correctly by changing the jndi connection with a false password. Then an exception will be thrown.

Sunday, November 1, 2015

How to configure a new keystore in WSO2 MB

WSO2 products are shipped with a default keystore. However in production it is not recomended to use it as it is publicly available. So it is recomended to create a new keystore in order to use SSL communication. This blog post will be a guide on how to configure new keystore in WSO2 MB.

Step 1 Create a new keystore

There is a good blog post which explains the steps in order to create a newkeystore - Hasini Gunasinghe's blog - Installing a new keystore into WSO2 Carbon based products.. Follow the first 3 steps in order to create the new keystore

Step 2 Change the configurations as per the new keystore

Now that you have added the new keystore to {WSO2MB}/repository/resources/security folder next step is to change the configuartion files. In WSO2 MB there are 3 configuartion files that is needed to be edited.

carbon.xml
broker.xml
catalina-server.xml

These files can be located under {WSO2MB}/repository/conf folder. Below are the snippets where the respective files needs to be amended.

carbon.xml

<Location>${carbon.home}/repository/resources/security/mykeystore.jks</Location>

<Password>mypkpassword</Password>

<KeyAlias>mycert</KeyAlias>

<KeyPassword>mypkpassword</KeyPassword>

</KeyStore>

broker.xml

<location>repository/resources/security/mykeystore.jks</location>

<password>mypkpassword</password>

</keyStore>

<location>repository/resources/security/client-truststore.jks</location>

<password>wso2carbon</password>

</trustStore>

</sslConnection>

</amqp>

<location>repository/resources/security/mykeystore.jks</location>

<password>mypkpassword</password>

</keyStore>

<location>repository/resources/security/client-truststore.jks</location>

<password>wso2carbon</password>

</trustStore>

</sslConnection>

catalina-server.xml

Navigate to " <Connector protocol="org.apache.coyote.http11.Http11NioProtocol" section and set the new keystore name and the password as shown below.

keystoreFile="${carbon.home}/repository/resources/security/mykeystore.jks"

keystorePass="mypkpassword"

That is it, now you have configured the new keystore, you may have seen the below log printed when the default keystore was present. It should ideally not be printed at server startup now.

"[2015-11-01 13:10:31,953] WARN {org.wso2.carbon.core.bootup.validator.util.ValidationResultPrinter} - Carbon is configured to use the default keystore (wso2carbon.jks). To maximize security when deploying to a production environment, configure a new keystore with a unique password in the production server profile.

[2015-11-01 13:10:31,953] WARN {org.wso2.carbon.core.bootup.validator.util.ValidationResultPrinter} - Carbon is configured to use the default keystore (wso2carbon.jks). To maximize security when deploying to a production environment, configure a new keystore with a unique password in the production server profile.

Wednesday, October 28, 2015

Creating databases and testing the connection of a IBM Informix DB

This blog post will be mainly focused on how to start / stop the informix server. Create a database and table etc.

Login from informix user and run the server instance

Login with the informix windows user that was created during the installation and simply search for informix under start and you will find a server instance similar to "ol_informix1210". Run the server instance as Administrator.

Basic commands to get started with informix

Run the below commands in the cmd that was open.

Start informix server - oninit -ivy
Shut down informix server - onmode -ky
Check server status - onstat -g dis

Create Informix DB

Use the command "dbaccess" cmd to navigate to db creation section. You will be getting the following options.

Navigate to Database - > Create

Provide a suitable name for the database which needs to be created.

Select a DB space

After selecting a DB space select "Create-new-database" and click enter. This will create the new database.

Create a table

Select the DB that was created and go to tables section the select "Create" and provide a table name.

Add columns as your requirement refer below pic to get an idea.

Once you are done select "Build-new-table" this will create the table.

Connect and test the informix DB created

You can use a client like DBeaver to connect to the database you created. You have to provide the host, Port, server,database/Schema, username and password in order to connect to the server.

NOTE - Informix by default binds a ipv6 for the port. So to connect to the db follow the below sample.

* You can use a simple tool such as cports to view the ports and the address that it is bind to or you can use the command

netstat -a | findstr 'Port number'

jdbc connection URL looks like this, which needs for the connection.

jdbc:informix-sqli://{hostip}:{port}/{DBName}:INFORMIXSERVER={InformixServerName}

jdbc:informix-sqli://fe80::f16e:99a8:22ca:682:9088/test:INFORMIXSERVER=ol_informix1210

Now you can view the table that was created via dbeaver client

Binding the Port to a IP V4

After the installation you will be able to see a separate option called the 'IBM informix' in the start menu. You can create any number of server instances from the 'Server Instance Manager' tool under that option the Start Menu.

In informix you have the possibility to create a server with a IP V4 or IP V6. We can create a IP V4 from the 'Server Instance Manager'.

From there you will be asked to set a 'service name' and a 'port number' while proceeding. Set the desired values for these fields, So they can be referred lately.

Wednesday, October 21, 2015

How to apply security (QOS) to a proxy in WSO2 ESB 4.9.0 using WSO2 Developer Studio

From WSO2 ESB 4.9.0 on-wards applying security for a proxy / service should be done via WSO2 Developer Studio. This post will be a simple guide on how to create a proxy and apply basic qos to it. I will be using User Name token authentication to apply qos.

Find the links below to download the latest releases of the two products.

Step 1 Extract and run the two products

After you download the two products extract them to a preferred location. And start WSO2 ESB by navigating to <ESB_HOME>/bin and run wso2server.sh if you are on linux or wso2server.bat if your are on windows. Go to <DEVSTUDIO_HOME> and launch by double clicking eclipse icon.

Step 2 Create a registry project

Lets start first by creating a registry project - Open Developer studio dash board and select "Registry Resource" project

Dev studio dashboard

Now lets create a registry resource file. Right click on the project created then search for "Registry Resource" and click next and follow the below 3 steps to create the registry resource file.

Step 1 - Select registry resource

Step 2 - Select From existing template

Step 3 - Select Template and registry project

Select the Template as WS - Policy and Select the registry project name ( by default it will be selected) and click on Finish.

Step 3 Select user token security policy and grant permission

Double click on the registry resource file that was created which will lead show the scenarios that are available as the below pic shows.

Select "UsernameToken" and click on "User Roles" and a window will be opened as below. Now point to the esb instance URL and provide user name and password as admin/admin. Now click on Get Roles. This will fetch all the user roles that is available in ESB. Lets select admin and click on ok.

Now click on the source view and the source will be shown as below. Note that the user role admin can be seen in the source. Refer below pic.

Step 4 Create the proxy project

Select "Proxy Service" project from the dev studio dashboard. In the window that popups provide any name for the proxy, leave the proxy type as Pass Through Proxy and click on "Create a new ESB project" and create a project. Finally provide the endpoint url for this I have used the default echo service that is been shipped in ESB.

After creating the proxy select and double click on the proxy file which resides in proxy- services(refer below pic)

Now in the graphical view select the proxy as the below picture shows.

Now set "Security Enabled" to true and click on Service policies which will open a window as shown in below pic where you can select the policy key

Browse to the eclipse project by selecting work-space.

Select the registry resource file from the works pace as shown in below pic and save the changes.

Click on source view then you will see that the security policy is been added.

Step 4 Create a Car file

To deploy the proxy and the registry file we need to bundle it in a Composite Application Project and then export it which will create a .car extension file which can be then uploaded to ESB. Lets see how it is done.

Select the Composite Application Project from dashboard and then select the two projects that were created. Refer below pic.

Remember to change the server role to Enterprise Service Bus in the registry project.

Now right click on the project created and click on "Export Composite Application Project" This will create the .car file.

Step 5 Deploy the project in WSO2 ESB

Now that we created the car file its just a matter of deploying it in ESB to secure the echo service. To do that go to ESB home and navigate to Carbon Applications section and browse to the car file created and upload the car file. If it is successfully deployed the ESB log will be as below.

[2015-10-18 12:04:52,063] INFO - ApplicationManager Deploying Carbon Application : QOS_Composite_Proj_1.0.0.car...
[2015-10-18 12:04:53,100] INFO - ProxyService Building Axis service for Proxy service : QOS_PROXY_PROJECT
[2015-10-18 12:04:53,111] INFO - ProxyService Adding service QOS_PROXY_PROJECT to the Axis2 configuration
[2015-10-18 12:04:53,112] INFO - DeploymentInterceptor Deploying Axis2 service: QOS_PROXY_PROJECT {super-tenant}
[2015-10-18 12:04:53,115] INFO - ProxyService WS-Security is enabled for service : QOS_PROXY_PROJECT
[2015-10-18 12:04:53,116] INFO - ProxyService Successfully created the Axis2 service for Proxy service : QOS_PROXY_PROJECT
[2015-10-18 12:04:53,116] INFO - ProxyServiceDeployer ProxyService named 'QOS_PROXY_PROJECT' has been deployed from file : /home/jasons/Products/ESB/QOS/wso2esb-4.9.0-RC4-SNAPSHOT/tmp/carbonapps/-1234/1445150092064QOS_Composite_Proj_1.0.0.car/QOS_PROXY_PROJECT_1.0.0/QOS_PROXY_PROJECT-1.0.0.xml
[2015-10-18 12:04:53,116] INFO - ApplicationManager Successfully Deployed Carbon Application : QOS_Composite_Proj_1.0.0 {super-tenant}

To verify whether the proxy is been secured go to Services -> List section verify that the secured symbol is available as shown in below pic.

Step 6 Test the service

Now lets verify that the service is secured. For this I will be using SOPA UI. Create a SOAP project and give the wsdl of the proxy created. Then copy the https endpoint and set it as the url. Set the user name and the password. Now invoke the web-service to echo a string and you will be able to see the result. Try it with false credentials and you will not be able to echo the message.

Wednesday, October 7, 2015

How to enable Email as the user name in WSO2 Products

Let us see how to enable email to be used as the user name in WSO2 Products. This feature by default is disabled which can be enabled with ease. For this example I will be using WSO2 Message Broker.

Step 1 - Download and extract the WSO2 MB product

Step 2 - Change configuration in carbon.xml

Open the carbon.xml which can be found under <WSO2MBHOME>/repository/conf/carbon.xml. Un-comment the below section,

Step 3 - Change configuration in user-mgt.xml

Replace,
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>

with -

Now lets set up the admin account with a email address,

<UserName>jason@yopmail.com</UserName>

</AdminUser>

Step 4 - Login to management console

Start message broker by issuing the command <WSO2MBHOME>/bin/wso2server.sh start if you are using linux distro or <PRODUCT_HOME>\bin\wso2server.bat if you are on windows and navigate to https://localhost:9443/carbon. Now you can login to console with the above credentials.

Sunday, September 13, 2015

How to create users and assign permissions in Apache ActiveMQ broker using Simple Authentication Plugin

Recently I wanted to create a user in Apache ActiveMQ with permission only to Publish and subscribe but not to create queues. So, I was playing around with the broker and found out a simple quick way to configure and create users and permissions.

I will be using the Simple Authentication Plugin in order to configure this.

Follow the below steps in order to create a user and assign user roles.

Step 1 Download Apache ActiveMQ

Download Apache ActiveMQ link.

Step 2 Open Activemq.xml

Extract the downloaded ActiveMQ pack to a desired location and navigate to {ACTIVEMQ_HOME}/conf/activemq.xml

Step 3 Create ActiveMQ User

The below snippet will invoke the Simple Authentication Plugin. I have created two users with passwords and assigned groups. Groups represent the permissions that the respective user is given. These groups can be given different levels of permissions.

<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="super" password="super" groups="admins"/>
<authenticationUser username="jason" password="jason" groups="jrole"/>
</users>
</simpleAuthenticationPlugin>
</plugins>

Step 4 Assign Permission to the groups

Now that we created a user lets see how we can assign permission to the groups "jrole" & "admins" which we created. There are 3 main roles in ActiveMQ,

Write - Publish rights
Read - Consume rights
Admin - Create rights

Below snippet describes how we can assign permission to the group that we created.

<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
<authorizationEntry queue=">" write="jrole" read="jrole" />
<authorizationEntry topic=">" write="jrole" read="jrole" admin="jrole"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>

So for "admins" role we have given write, read and admins permission for both queues and topics. This means users who are given this role can create, consume and publish from queues and topics.
The "jrole" role is also given the same permissions but you can see that the queue admin rights is not given.

If you try to create a queue from user jason now it will be refused from the broker.

Plugin configuration

Below is the full plugin snippet, place it between the <broker> </broker> tag in activemq.xml config file.

<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="super" password="super" groups="admins"/>
<authenticationUser username="jason" password="jason" groups="jrole"/>
</users>
</simpleAuthenticationPlugin>
</simpleAuthenticationPlugin>
<authorizationPlugin>
<map>
<authorizationMap>
<authorizationEntries>
<authorizationEntry queue=">" write="admins" read="admins" admin="admins" />
<authorizationEntry topic=">" write="admins" read="admins" admin="admins" />
<authorizationEntry queue=">" write="jrole" read="jrole" />
<authorizationEntry topic=">" write="jrole" read="jrole" admin="jrole"/>
</authorizationEntries>
</authorizationMap>
</map>
</authorizationPlugin>
</plugins>

Sunday, July 26, 2015

How to use Apache JMeter as a JMS client to publish and subscribe messages with WSO2 Message Broker

In this blog post I will describe how to use Apache JMeter to publish and subscribe to a queue via WSO2 Message Broker.

Step 1 - Download Apache JMeter

Download Apache JMeter from the link and extract it to a desired folder.

Step 2 - Download and start WSO2 Message Broker

Download WSO2 Message Broker from the link and extract it to a desired folder. Then start the Message Broker by WSO2_MB_HOME/bin wso2server.sh or wso2server.bat file depending on the OS you are running on.

Step 3 - Add required client libraries

In order to use JMeter to pub / sub via WSO2 MB we need to add couple of jar files to JMeter. Go to WSO2_MB_HOME/client-libs and copy the below libraries to JMETER_HOME/lib folder.

andes-client-2.6.0.jar
geronimo-jms_1.1_spec-1.1.0.wso2v1.jar
slf4j-1.5.10.wso2v1.jar
log4j-1.2.13.jar
org.wso2.carbon.logging-4.4.1.jar
org.wso2.securevault-1.0.0-wso2v2.jar

Step 4 - Create a JNDI

To use WSO2 MB you need to create a jndi.properties file in order to create the connection. Refer below image to create a sample jndi property file.

Connection factory - give the user name and password ( admin is default user name and password ) and the IP of the broker.
Give a queue name, in the example I have used the queue name is "QueOne"

jndi.properties

Step 5 - Create a JMS Subscriber from JMeter to consume messages

Now start JMeter by navigating to JMETER_HOME/bin and run jmeter.sh / jmeter.bat depending on your OS.

To create a test plan first add a thread group and then right click on the thread group and from "Sampler" section add "JMS Subscriber".

Then fill the sampler as follows,

Initial Context Factory - org.wso2.andes.jndi.PropertiesFileInitialContextFactory
Provider URL - /home/jasons/Softwares/Jmeter2/apache-jmeter-2.9/wso2mb/jndi.properties (Path to created jndi)
Connection Factory - QueueConnectionFactory
Destination - QueueOne

JMS Subscriber

After creating the subscriber run the subscriber ones and stop the subscriber this will create the queue in the WSO2 message broker(Note that you can manually create a queue from the Message Broker management console too)

Step 6 - Create a JMS Publisher

To create a publisher you can do so by creating a thread group and then from "Sampler" section add "JMS Publisher" sampler.

Initial Context Factory - org.wso2.andes.jndi.PropertiesFileInitialContextFactory
Provider URL - /home/jasons/Softwares/Jmeter2/apache-jmeter-2.9/wso2mb/jndi.properties (Path to created jndi)
Connection Factory - QueueConnectionFactory
Destination - QueueOne
Message - Provide a file or text message I have used a text messge for this example

JMS Publisher

After creating the publisher add a desired number of message count to be published this can be set from "loop count" which is located under the "Thread Group" JMeter which will publish x number of messages. For my example I have set it to 100.

Step 7 - View published message stats in Message Broker

Login to Message Broker Management console by going to https://localhost:9443/carbon/ provide user name and password as admin. Then you can navigate to Queues section and view the published messages and queue details.

WSO2 Message Broker console

Now run the Subscriber and the messages that was published will be consumed. You can view the details via JMeter buy adding a desired listener to examine the message status etc.

Sunday, July 19, 2015

How to browse the H2 database management tool in WSO2 products

Hi, in this blog post I shall show you how to access and view the H2 DB management tool that is shipped with all WSO2 products.

This can be easily done by following the below steps.

Step 1 - Download a WSO2 product

For this example I am using WSO2 ESB but this configuration is common to most WSO2 products which can be downloaded from here.

Step 2 - Go to carbon.xml

Extract the downloaded product to a desired location and open the carbon.xml which is located at <ESB_HOME>/repository/conf.

Step 3 - Edit the carbon.xml

Un-comment H2 DB configuration as shown below.


</H2DatabaseConfiguration-->

Now start the ESB from wso2server.sh / wso2server.bat depending on the OS you are using which is located at <ESB_HOME>/bin

Step 4 - View H2 DB Management tool in browser

Open the browser and go to http://localhost:8082/ and give the JDBC URL which is similar to <ESB_HOME>/repository/database/WSO2CARBON_DB and test the connection.

When it displays successful. Then click on "Connect"

You can see the databases and query it as you like.

Sunday, July 12, 2015

Create a Apache Axis2 web service using eclipse and monitor requests / responses using TCPMon

This blog post will guide you to create a Apache Axis2 web service and a client plus to monitor the requests and responses via TCPMon.

Step 1 - Create a axis2 web service and client

I found this descriptive blog post which guides you on how to create a axis2 web service using eclipse and also create a client to consume the service. After creating the service and the client lets move to the next step.

Step 2 - Run TCPMon

TCPMon can be found in almost all the WSO2 products here is the link to download WSO2 Application Server. After downloading the WSO2 AS extract it to a desired location. Then go to {WSO2ASHome}/bin folder.

Run "tcpmon.bat" file if your using Windows as the OS or run the "tcpmon.sh" if you are on a Linux distro.

Step 3 - Create a listener in TCPMon

By creating a listener we can monitor the requests and responses that flows between the web service and client. This is where TCPMon comes in to play.

Add the below settings in TCPMon – Admin section to set up a listener

Listen Port# = 8585(Port which the TCPMon will listen to)
"Act as a.." section = Select “Listener” radio button
Target Host-name = 127.0.0.1 (tomcat server host ip)
Target port = 8080 (the port which the tomcat server is utilizing)

You can also add proxy support and/or simulate a slow connection scenario. For this demonstration I have added a time delay to simulate a slow network (refer below image). After you are done with the settings click on “Add”.

Step 4 - Modify the client stub class

Now that we set up a listener lets point the client to the listener port. Before the configuration change make sure the created server and client is working. Next,in your client code simply pass the endpoint to the constructor of the stub class and your ready to go. You can set your desired endpoint as shown in the below figure. Line number 12 if you are using the soap11 endpoint or line number 13 if you are using hoping to use soap12 endpoint.

Step 5 - View requests/responses in TCPMon

Run the client application and go to the TCPMon you can see the requests and responses.

Below are couple of screen shots of TCPMon. Note that the "Elapsed Time" is a bit long because I configured a slow connection.

Without slow simulation

With slow simulation

This way you can monitor and simulate different scenarios to check your web service and how the client will consume it.