Apache Dircetory Studio as Your LDAP User Store

1.  You can downlaod Apache Dirctory Stido from here

2. Then you can extract in to a directory in your file system

3. Start Apache Directory Studio by running executable file called ApacheDirectoryStudio

Lets create a LDAP Server.

4. If you can not see the ApacheDS server window, First you must view it.

Window -> Show View -> Other -> Select ApacheDS Server

Now you can see the Server management window.

5. Then Lets create a new server. Click on new server icon (ctrl+E) and you must only enter a name for the server and New server will be created with default configurations

By double-clicking you can view the configuration file (server.xml) of created server. Your can configure it as your options. But Here i am continuing with default configuration

6. Now just click on Run icon (ctr+R), Your server will be started.

Now we are going to create a connection to the running LDAP server to browse it.  (You can create connections with almost any LDAP server)

7. LDAP -> New Connection ,  New LDAP connection wizard will be promoted.

8. Configure Network parameters

Connection Name  - Any name you like
Host Name  - Host name of your LDAP server is running. Here LDAP server is also in within same machine. So localhost
Port - LDAP server running port.  Here 10386, default port or which has configured in server.xml file
Encryption Method - if you want  to secure the connection to LDAP server, use SSL. Also make sure to change user Port according ldap and ldaps

9. Configure Authentication  parameters

Authentication method  - You can select simple authentication , advance authentication method or no authentication, according what you have already configured in server.xml Here we must use the simple authentication.
Bind DN or User  -   uid=admin ,ou =system
Bind password    - secret

when new LDAP server is created, by default, admin user is created with above DN and password. If LDAP server already contain any users, you can use any DN that you want.  Browser option and edit option are kept as defaults and lets finished it.

10. Now open your connection by clicking open connection icon in your connection browser.

11. Then you can view your LDAP Browser by double clicking on your connection and display the tree of your LDAP Server.

Now you are able to create, delete and modify your entities in LDAP server....!!!

SSL profiles in WSO2 ESB

"SSL profiles" is new feature which was introduced in WSO2 ESB 3.0.0. Using SSL profiles WSO2 ESB can be configured  to communicate with SSL and Mutual SSL enabled target servers.  Lets see how to configure it.


1. First, You can download WSO2 ESB 3.0.0 for here. then you can extract in to a directory in your file system. Lets call as ESB_HOME

2. Then define the appropriate SSL profiles under the HTTPS transport sender configuration, in the axis2.xml file which can be found in ESB_HOME/repository/conf .

Following shows the example configuration i am going to use.
Here, I have used localhost:9444 server for SSL communication and localhost:9445 for Mutual SSL.  As you can see, it consists of a keystore-truststore pair. A single profile can be associated with one or more target servers. So you can define more than one target servers under one profile. A target server is identified by its hostname and port number. Once SSL profile is defined and associated with a target server, WSO2 ESB will use the truststore for SSL communicating and keystore-truststore pair for Mutual SSL communicating.

In this example configuration, localhost:9444 is WSO2 WSAS and localhost:9445 is WSO2 BPS server. Also It should be noted that trust-store must contains target server's certificate for SSL communication and target server must contains the key-store certificate for Mutual SSL communication


<parameter name="customSSLProfiles">

    <profile>
        <servers>www.test.org:80, localhost:9444</servers>
        <TrustStore>
            <Location>path/to/trust/store</Location>
            <Type>JKS</Type>
            <Password>password</Password>
        </TrustStore>
    </profile>

    <profile>
        <servers>localhost:9445</servers>
        <KeyStore>
            <Location>/path/to/identity/store</Location>
            <Type>JKS</Type>
            <Password>password</Password>
            <KeyPassword>password</KeyPassword>
        </KeyStore>
        <TrustStore>
            <Location>path/to/trust/store</Location>
            <Type>JKS</Type>
            <Password>password</Password>
        </TrustStore>
    </profile>

</parameter>


3. Start WSO2 ESB server,  Run the wso2server.sh (in unix) or wso2server.bat (in windows) file in the ESB_HOME/bin directory
Once the server starts, point your Web browser to https://localhost:9443/carbon/   You can see following info logs when starting, If you have configured SSL Profile successfully.

[2010-07-01 15:22:26,300]  INFO - HttpCoreNIOSSLSender Loading Trust Keystore from : path/to/trust/store
[2010-07-01 15:22:26,306]  INFO - HttpCoreNIOSSLSender Loading Identity Keystore from : /path/to/identity/store
[2010-07-01 15:22:26,310]  INFO - HttpCoreNIOSSLSender Loading Trust Keystore from : path/to/trust/store
[2010-07-01 15:22:26,322]  INFO - HttpCoreNIOSSLSender Custom SSL profiles initialized for 3 servers


4. Lets create simple proxy services which endpoints are hosted in localhost:9444 and localhost:9445.

I created following two proxies..

<syn:proxy name="BPSProxy" transports="https http" startOnLoad="true" trace="disable">
        <syn:target>
            <syn:inSequence>
                <syn:send>
                    <syn:endpoint>
                        <syn:address uri="https://localhost:9444/services/TestE4XService"/>
                    </syn:endpoint>
                </syn:send>
            </syn:inSequence>
            <syn:outSequence>
                <syn:send/>
            </syn:outSequence>
        </syn:target>
    </syn:proxy>

    <syn:proxy name="WSASProxy" transports="https http" startOnLoad="true" trace="disable">
        <syn:target>
            <syn:inSequence>
                <syn:send>
                    <syn:endpoint>
                        <syn:address uri="https://localhost:9445/services/HelloService"/>
                    </syn:endpoint>
                </syn:send>
            </syn:inSequence>
            <syn:outSequence>
                <syn:send/>
            </syn:outSequence>
        </syn:target>
    </syn:proxy>

5. Now send your request messages to two proxy services, You can see ESB will successfully communicate with SSL and Mutual SSL enabled target servers using SSL Profiles.

Enabling JMS Transport in WSO2 BPS

As I highlighted in my previous blog post, WSO2 BPS is a powerful open source BPEL engine.Here i am going to enable JMS Transport in WSO2 BPS.  You can use any JMS provider as you preferred. I'm going to use Apache ActiveMQ-5.2.0 for this example.


1. You can download WSO2BPS (version 1.1.1) from here. then you can extract in to a directory in your file system. Lets call as BPS_HOME

2. Start ActiveMQ message broker. Go to (ActiveMQ_Install_directory)/bin and run activemq.sh (or activemq.bin in DOS)

3. Copy ActiveMQ libraries to BPS_HOME/repository/components/lib directory

activemq-core-5.2.0.jar and geronimo-j2ee-management_1.0_spec-1.0

4. Enable JMS Transport in WSO2 BPS.  Uncomment following parameters in axis2.xml (BPS_HOME/conf directory) Here I have configured it for ActiveMQ environment.

For Receiver

<parameter name="myTopicConnectionFactory">
            <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
            <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
            <parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
        </parameter>


        <parameter name="myQueueConnectionFactory">
            <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
            <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
            <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
        </parameter>


        <parameter name="default">
            <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
            <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
            <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
        </parameter>

For Sender
    <transportSender name="jms"
                     class="org.apache.axis2.transport.jms.JMSSender"/>

5. Start BPS server running  the wso2server.sh (in unix) or wso2server.bat (in windows)
You can see following Logs when starting if you have correctly configured

[2010-05-27 22:19:55,019]  INFO -  JMS ConnectionFactory : default initialized
[2010-05-27 22:19:55,021]  INFO -  JMS ConnectionFactory : myTopicConnectionFactory initialized
[2010-05-27 22:19:55,022]  INFO -  JMS ConnectionFactory : myQueueConnectionFactory initialized
[2010-05-27 22:19:55,022]  INFO -  JMS Transport Receiver/Listener initialized...

We can see JMS endpoint has been added to BPEL service (See the wsdl also)

Note:-

Step 4,   You can enable JMS and configure it using UI.

Home

> Manage

> Transports

But there are some issues when disabling  JMS from UI. So i recommended to use axis2.xml configure JMS in WSO2BPS version 1.1.1. This will be fixed in next WSO2BPS release.....!!!

WSO2 BPS in Cluster

Clustering is one of a major requirement for web servers which are in production environment. because these servers have to fulfill two basic needs, high availability and scalability.

WSO2 carbon based web products comes with the clustering functionality (Please refer this article for more information on WSO2 carbon clustering) Here I am going to introduce to configure the WSO2BPS in a clustering environment.
 

1. You can download WSO2BPS (version 1.1.1) from here.

2. All nodes in BPS cluster would share the  same persistence storage (BPS datasource) and same registry. So Each node must be connected to external datasource and external registry. This Post is described configuration of  external BPS datasource. Use same configuration for all nodes, But don't forget to use different provider port for each node, if you are starting all nodes in same machine (same url).

3. Then registry.xml and user-mgt.xml (Both are in WSO2BPS/conf directory)must be configured to use a one central registry. Use same configuration for all nodes.

Sample configuration of registry.xml for Mysql database

        <dbConfig name="wso2registry">
            <url>jdbc:mysql://10.100.1.1:3306/regdb</url>
            <userName>regadmin</userName>
            <password>regadmin</password>
            <driverName>com.mysql.jdbc.Driver</driverName>
            <maxActive>80</maxActive>
            <maxWait>6000</maxWait>
            <minIdle>5</minIdle>
       </dbConfig>

Sample configuration of user-mgt.xml

 <Database>
         <URL>jdbc:mysql://10.100.1.1:3306/regdb</URL>
         <UserName>regadmin</UserName>
         <Password>regadmin</Password>
         <Dialect>mysql</Dialect>
         <Driver>com.mysql.jdbc.Driver</Driver>
          <maxActive>30</maxActive>
          <maxWait>60000</maxWait>
          <minIdle>5</minIdle>
    </Database>


4. Then One BPS node must be started as the group management node. you can simply do this by configuring following basic parameters in axis2.xml (WSO2BPS/conf directory)

# Enable clustering for this node

<clustering class="org.apache.axis2.clustering.tribes.TribesClusteringAgent" enable="true"> 
  
# Clustering domain/group

<parameter name="domain">bps</parameter>

# Enable the group Management

<groupManagement enable="true">
            <applicationDomain name="bps" description="BPS group" agent="org.apache.axis2.clustering.management.DefaultGroupManagementAgent"/>
</groupManagement>

5.  Other BPS nodes also should be started with enabling the clustering (Can enable or disable node management, but there is no effect for BPS. So here i did not use it)

# Enable clustering for this node

<clustering class="org.apache.axis2.clustering.tribes.TribesClusteringAgent" enable="true">
  
# Clustering domain/group

<parameter name="domain">bps</parameter>


6. Start every BPS node running  the wso2server.sh (in unix) or wso2server.bat (in windows) file in the WSO2BPS/bin directory.  Don't forget to use different http and https port for each node, if you are starting all nodes in same machine (same url). Configuration can be found in transport.xml and axis2.xml

By looking at Debug and INFO message you can understand what is happening there.

But WSO2BPS (version 1.1.1) have some limitations when setting on clustering ( Retiring of BPEL process not propagate to other node, Managing BPEL packages and processes should be disable for member nodes) which would be resolved in next BPS release.........!!!

How to create a Password Callback class

Most of web services have been secured using various WS security  methods. Therefore we need to implements clients that support WS-Security to invoke these web services.

If you are using Rampart or WSS4J for WS-Security for processing in client side,  you may need to create a password callback class for following

1) Get the password to build the username token

2) Get the private key password for signture or decryption


It is very easy to write a Password callback. Following Java code is for simple Password callback class

package org.wso2.samples.pwcb;

import org.apache.ws.security.WSPasswordCallback;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import java.io.IOException;

public class PWCBHandler implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {

            for (int i = 0; i < callbacks.length; i++) {
                WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
                String id = pwcb.getIdentifer();
                int usage = pwcb.getUsage();


                   if (usage == WSPasswordCallback.USERNAME_TOKEN) {
                   // Logic to get the password to build the username token
                        if ("admin".equals(id)) {pwcb.setPassword("admin");}
                } else if (usage == WSPasswordCallback.SIGNATURE || usage == WSPasswordCallback.DECRYPT) {
                // Logic to get the private key password for signture or decryption
                        if ("client".equals(id)) {pwcb.setPassword("apache");}
                        if ("service".equals(id)) {pwcb.setPassword("apache");}
                }

            }
        }
}

Lets see how you can use this password class back class with the WSO2 products such as ESB and BPS. For ESB, we need a class back class to invoke a secured BE services where ESB Proxy service would act as client for BE service.  Also when external partner service is invoked by a BPEL is act as a client to the external web service.

Therefore we need to create a jar file ... 

Step1 : Creating a jar file 

Note :  If you are familiar with maven. Please find the maven project of callback class from here 

1. Copy sample Password callback in to text file and save it as PWCBHandler.java

2. Create a directory called "temp"  ...any where you like,

3. Go in to temp directory and create following directory structure   org/wso2/samples/pwcb

4. Copy PWCBHandler.java in to pwcb directory

5. Download wss4j.jar from here (http://ws.apache.org/wss4j/) and copy it to temp directory

6. Compile PWCBHandler.java pointing classpath to wss4j.jar from pwcb directory

Ex:-
#javac PWCBHandler.java -classpath /home/asela/temp/PWC/org/wso2/samples/pwcb/wss4j-1.5.8.jar

7. Go in to temp directory and create a jar file issuing following

#jar cf PWCBHandler.jar org/wso2/samples/pwcb/*.class

Step2 : Adding jar file in to classpath

1. Now you have created your  PWCBHandler.jar and Copy jar in to <CARBON_HOME> /repository/components/lib

2. Restart Server


That All........!!!