Wednesday, November 13, 2013

Configuring LDAP failover with Fuse/A-MQ

When using the org.apache.karaf.jaas.modules.ldap.LDAPLoginModule in the Karaf container it is possible to configure one or mode provider URLS to connect to.

The JVM supports multiple providers as detailed in the JndiTutorial

Then just add the multiple providers into the LDAPLoginModule config e.g.

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<jaas:config name="JAASMultiLdap" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=cn=Manager,dc=redhat,dc=com
connection.password=mytestPW
connection.url=" ldap://192.168.2.10:389 ldap://192.168.1.132:389 "
user.base.dn=ou=Users,dc=redhat,dc=com
user.filter=(uid=%u)
user.search.subtree = true
role.base.dn=ou=roles,dc=redhat,dc=com
role.filter=(member:=uid=%u)
role.name.attribute=cn
role.search.subtree = true
authentication = simple
</jaas:module>
</jaas:config>
</blueprint>

The multiple providers are specified in the connection.url property. 
Note the spaces around the LDAP urls are critical to how Karaf and subsequently the JNDI context parses the list of urls. 

There should be a space at the start of the list after the " and one before the end quote.
Posted by at No comments:

Monday, April 8, 2013

Camel AMQP component and MRG-M/QPID

The Camel AMQP component documentation here is pretty basic when it comes to demonstrating how to integrate camel and qpid. It basically shows the URL structure and not much more.

IMHO the most powerful aspects of AMQP 0.10 is the concepts of exchanges and routing/binding keys and the flexibility that these features provide when building messaging solutions.

 To use an AMQP 0.10 address in camel just specify it as you would in a normal java application.

 For example, the following route will create an auto-delete queue on the default exchange 
<route id="ampqIN">
    <from uri="amqp:queue:TestQueueIN;{create:always,node:{x-declare:{auto-delete:True}}}?concurrentConsumers=1&amp;jmsKeyFormatStrategy=passthrough"/>
    <log message="The current message contains ${headers} ${body}"/>
    <to uri="amqp:topic:amq.topic?concurrentConsumers=1&amp;jmsKeyFormatStrategy=passthrough"/>
</route>

The following example specifies an address using an exchange/subject pair 
    <camelContext trace="false" id="blueprintContext"
        xmlns="http://camel.apache.org/schema/blueprint">
        <route id="ampqIN">
            <from
                uri="amqp:queue:nocexc/TestQueueIN?concurrentConsumers=1&amp;jmsKeyFormatStrategy=passthrough" />
            <log message="The current message contains ${headers} ${body}" />
            <to
                uri="amqp:queue:TestExchange/?concurrentConsumers=1&amp;jmsKeyFormatStrategy=passthrough" />
        </route>
    </camelContext>

You can also specify the exchange & routing keys using multiple formats:




<!--  <to uri="amqp:queue:BURL:fanout://TestExc//Boing?concurrentConsumers=1&amp;jmsKeyFormatStrategy=passthrough"/>-->



        <to uri="amqp:queue:testq;{create:never,node:{type:queue,durable:True,x-bindings:[{exchange: TextExc}]}}?concurrentConsumers=1&amp;jmsKeyFormatStrategy=passthrough"/>
Posted by at No comments:

Thursday, June 16, 2011

Relocating JBoss 5.x directories

By default JBoss requires a number of work/tmp directories to be available at runtime.
For example work, tmp, data and log are created and used under the running profile to store application data, compiled JSPs, transaction details and log files.
By default it is assumed that these directories will have the jboss-as/server/profile directory as its parent.
However it is possible to take these working directories and relocate them outside of the standard JBoss directory structure.


To relocate the logging directory specify the new location via the following system property
-Djboss.server.log.dir=/tmp/prod/log

To relocate the data directory specify the new location via the following system property
-Djboss.server.data.dir=/tmp/prod/data

To relocate the tmp directory specify the new location via the following system property
-Djboss.server.temp.dir=/tmp/prod/data

1. Gotchas
Unfortunately its not just as easy as specifying system properties. Some xml configuration changes are also required.

In the jboss-as/server/profile/conf/jboss-service.xml file, edit XML configuration for the following mbean to specify the location of its data directory

<mbean code="org.jboss.system.pm.AttributePersistenceService"
name="jboss:service=AttributePersistenceService"
xmbean-dd="resource:xmdesc/AttributePersistenceService-xmbean.xml">
<!-- the AttributePersistenceService is persistent, itself -->

<attribute name="AttributePersistenceManagerClass">org.jboss.system.pm.XMLAttributePersistenceManager</attribute>
<attribute name="AttributePersistenceManagerConfig">
<data-directory>file://${jboss.server.data.dir}/xmbean-attrs</data-directory>
</attribute>
<attribute name="ApmDestroyOnServiceStop">false</attribute>
<attribute name="VersionTag"></attribute>
</mbean>

The directory mbean-attrs directory has to exist within the directory or the container will fail to start.

The embedded Tomcat instance also has to be informed of the location of where it has to store its compiled JSP pages. This is done by editing the jboss-as/server/noc-default/deploy/jbossweb.sar/server.xml and the workDir attribute

<Host name="localhost" workDir="${jboss.server.work.dir}">

Finally run JBoss with the required system properties

./run.sh -c prod -Djboss.server.data.dir=/tmp/prod/data -Djboss.server.temp.dir=/tmp/prod/tmp -Djboss.server.log.dir=/tmp/prod/log -Djboss.server.work.dir=/tmp/prod/work
Posted by at 2 comments:

Thursday, April 7, 2011

Keys for client certificates in SSL

Generate the server keystore and export the servers key
keytool -genkey -alias alias -keystore app.keystore

Export the cert and convert for the client app
keytool -export -alias alias -keystore app.keystore -file exported-der.crt
openssl x509 -out exporter-pem.crt -outform pem -in exported-der.crt -inform der

Generate the client cert
keytool -genkey -alias clientCert -keystore client.keystore
keytool -export -alias clientcert -keystore client.keystore -file exported-client-der.crt

Import the client cert into the servers truststore
keytool -import -alias clientCert -keystore app.truststore -file exported-client-der.crt

For non java apps extract the clients private key using Portecle to make it available to the app
Add the servers key to the clients truststore e.g. keytool -import........
Posted by at No comments:

Friday, March 4, 2011

Sort requests using response times from apache access logs

cat apache_access.log | awk '/Mar/ {print $1,$6,$7,$10}'|sort -k4 -n
Posted by at 1 comment:

Tuesday, February 22, 2011

Classloading isolation in SOA-P

Add the file jboss-classloading.xml to the META-INF directory with the following contents

<classloading xmlns="urn:jboss:classloading:1.0"
domain="IsolatedDomain"
parent-first="false"
import-all="true"
export-all="NON_EMPTY"/>
Posted by at No comments:

Thursday, February 17, 2011

Handling tab delimited fields in Smooks

The separator field is passed as unicode

<?xml version="1.0"?>
<smooks-resource-list xmlns="http://www.milyn.org/xsd/smooks-1.1.xsd"
       xmlns:csv="http://www.milyn.org/xsd/smooks/csv-1.2.xsd">
    <csv:reader fields="GenbankAccessionNumber_Nucleotide,GenbankAccessionNumber_Protein1,Protein_CR1,GenbankAccessionNumber_Protein2,Protein_CR2" separator="&#009;"/>

</smooks-resource-list>
Posted by at No comments:
Subscribe to: Posts (Atom)