Red Hat Training
A Red Hat training course is available for JBoss Enterprise SOA Platform
Installation and Configuration Guide
This guide is for installation teams.
Edition 5.3.1
David Le Sage
Suzanne Dorfield
Abstract
Preface
Chapter 1. Preface
1.1. Business Integration
1.2. What is a Service-Oriented Architecture?
A Service Oriented Architecture (SOA) is not a single program or technology. Think of it, rather, as a software design paradigm.
Note
1.3. Key Points of a Service-Oriented Architecture
- the messages being exchanged
- the agents that act as service requesters and providers
- the shared transport mechanisms that allow the messages to flow back and forth.
1.4. What is the JBoss Enterprise SOA Platform?
1.5. The Service-Oriented Architecture Paradigm
- Service Provider
- A service provider allows access to services, creates a description of a service and publishes it to the service broker.
- Service Requester
- A service requester is responsible for discovering a service by searching through the service descriptions given by the service broker. A requester is also responsible for binding to services provided by the service provider.
- Service Broker
- A service broker hosts a registry of service descriptions. It is responsible for linking a requester to a service provider.
1.6. Core and Components
1.7. Components of the JBoss Enterprise SOA Platform
- A full Java EE-compliant application server (the JBoss Enterprise Application Platform)
- an enterprise service bus (JBoss ESB)
- a business process management system (jBPM)
- a business rules engine (JBoss Rules)
- support for the optional JBoss Enterprise Data Services (EDS) product.
1.8. JBoss Enterprise SOA Platform Features
- The JBoss Enterprise Service Bus (ESB)
- The ESB sends messages between services and transforms them so that they can be processed by different types of systems.
- Business Process Execution Language (BPEL)
- You can use web services to orchestrate business rules using this language. It is included with SOA for the simple execution of business process instructions.
- Java Universal Description, Discovery and Integration (jUDDI)
- This is the default service registry in SOA. It is where all the information pertaining to services on the ESB are stored.
- Smooks
- This transformation engine can be used in conjunction with SOA to process messages. It can also be used to split messages and send them to the correct destination.
- JBoss Rules
- This is the rules engine that is packaged with SOA. It can infer data from the messages it receives to determine which actions need to be performed.
1.9. Features of the JBoss Enterprise SOA Platform's JBossESB Component
- Multiple transports and protocols
- A listener-action model (so that you can loosely-couple services together)
- Content-based routing (through the JBoss Rules engine, XPath, Regex and Smooks)
- Integration with the JBoss Business Process Manager (jBPM) in order to provide service orchestration functionality
- Integration with JBoss Rules in order to provide business rules development functionality.
- Integration with a BPEL engine.
- Be configured to work with a wide variety of transport mechanisms (such as e-mail and JMS),
- Be used as a general-purpose object repository,
- Allow you to implement pluggable data transformation mechanisms,
- Support logging of interactions.
Important
org.jboss.internal.soa.esb
and org.jboss.soa.esb
. Use the contents of the org.jboss.internal.soa.esb
package sparingly because they are subject to change without notice. By contrast, everything within the org.jboss.soa.esb
package is covered by Red Hat's deprecation policy.
1.10. Task Management
1.11. Integration Use Case
1.12. Utilising the JBoss Enterprise SOA Platform in a Business Environment
Part I. Introduction
Chapter 2. Introducing the JBoss Enterprise SOA Platform
2.1. Intended Audience
2.2. Aim of This Book
2.3. Back Up Your Data
Warning
2.4. The Service-Oriented Architecture Paradigm
- Service Provider
- A service provider allows access to services, creates a description of a service and publishes it to the service broker.
- Service Requester
- A service requester is responsible for discovering a service by searching through the service descriptions given by the service broker. A requester is also responsible for binding to services provided by the service provider.
- Service Broker
- A service broker hosts a registry of service descriptions. It is responsible for linking a requester to a service provider.
2.5. Out-of-the-Box Actions
2.6. JBoss Enterprise SOA Platform Out-of-the-Box Actions
- Transformers and Converters
- Use transformer and converter actions to change message data from one form to another.
- Business Process Management
- Use the business process management actions when integrating your software with the jBPM.
- Scripting
- Use scripting actions to automate tasks written in the supported scripting languages.
- Services
- Use service actions when integrating your code with Enterprise Java Beans.
- Routing
- Use routing actions when moving message data to destination services.
- Notifier
- Use notifier actions when sending data to ESB-unaware destinations.
- Web Services/SOAP
- Use web service actions when you need to support web services.
Chapter 3. Prerequisites
3.1. Prerequisites for Installing the JBoss Enterprise SOA Platform
- A supported Java Virtual Machine
- A supported Java Development Kit (for running the quickstarts)
- A supported database server (needed to run the JBoss Server)
- Apache Ant 1.7 or later (needed to run the Database Schema Configuration Tool and deploy the JBoss ESB quick start examples)
- An archiving tool (such as FileRoller, ark or tar). (You need this to extract the contents of compressed files)
- JBoss Developer Studio 5.0. (Obtain it from the Red Hat Customer Portal at https://access.redhat.com/home)
3.2. Install Open JDK on Red Hat Enterprise Linux
Procedure 3.1. Install Open JDK on Red Hat Enterprise Linux
Subscribe to the Base Channel
Obtain the OpenJDK from the RHN base channel. (Your installation of Red Hat Enterprise Linux is subscribed to this channel by default.)Install the Package
Use the yum utility to install OpenJDK:yum install java-1.7.0-openjdk-devel
Verify that OpenJDK is Now Your System Default
To ensure that the correct JDK is set as the system default, login as root and run the alternatives command:/usr/sbin/alternatives --config java
Select /usr/lib/jvm/jre-1.6.0-openjdk/bin/javaSet javac/usr/sbin/alternatives --config javac
Select /usr/lib/jvm/java-1.6.0-openjdk/bin/java
3.3. Apache Ant
3.4. Install Apache Ant
Procedure 3.2. Installing Apache Ant on Red Hat Enterprise Linux
Download Apache Ant
Open a terminal and input this command:sudo yum install ant-trax
Install Apache Ant
EnterY
when prompted to do so by the installer.Add the ANT_HOME Environment Variable
vi ~/.bash_profile
.- Add the following line:
export ANT_HOME=/FILEPATH/ant
where filepath is the directory in which Apache Ant was installed. Save and exit vi.Example 3.1.
export ANT_HOME=/opt/apache-ant-1.8.2
Append the Ant installation's
bin
directory to the Path environmental variable.vi ~/.bash_profile
.- Add the following line and then save and exit vi:
export PATH=$PATH:$ANT_HOME/bin
Test the installation
Go back to your terminal and runant -version
. The output should resemble the following:[localhost]$ ant -version Apache Ant(TM) version 1.8.2 compiled on July 6 2011
Procedure 3.3. Installing Apache Ant on Microsoft Windows
Download Apache Ant
Download the latest Apache Ant binary release from http://ant.apache.org/.Extract Apache Ant
Extract the files to a preferred installation location such as:c:\Program Files\Apache\Ant\
Add the ANT_HOME Environment Variable
- Click on the Start Menu.
- Open the Control Panel.
- Select System → Advanced → Environment Variables
- Create a new variable called
ANT_HOME
. - Configure the ANT_HOME variable so that it points to the Apache Ant directory.
Append the bin directory of the Ant installation to the Path environmental variable.
- Click on the Start Menu.
- Open the Control Panel.
- Select System → Advanced → Environment Variables → System Variables
- Edit the PATH variable and append the text:
;%ANT_HOME%\bin
Test the installation
Runant -version
in a command line terminal. The version number should appear.
Part II. Basic Installation and Operation
Chapter 4. Download the Product
4.1. Red Hat Customer Portal
4.2. Packages Available for Download
Table 4.1. Packages Available for Download
Package | Description |
---|---|
JBoss Enterprise SOA Platform Package | The SOA Platform package is a complete JBoss application deployment environment. This single installation provides a complete environment for deploying SOA applications. It includes Seam, Hibernate, clustering, and transaction services. |
JBoss Enterprise SOA Platform Standalone Edition Package | The SOA Standalone package provides a light-weight solution for deployments where only the core SOA functionality is needed. It does not support clustering. |
JBoss Enterprise SOA Platform Source Code Package | The source code package contains the complete source code for the JBoss Enterprise SOA Platform product. |
SOA Platform JavaDocs | The JavaDocs package contains the complete JavaDocs for the JBoss Enterprise SOA Platform's APIs. |
4.3. Differences Between Versions of the JBoss Enterprise SOA Platform
Table 4.2. Differences Between Versions of the JBoss Enterprise SOA Platform
SOA Platform Package | SOA Standalone Package | |
---|---|---|
JBoss ESB | YES | YES |
JBoss Rules | YES | YES |
JBoss JBPM | YES | YES |
JBoss EAP | YES | YES |
BPEL Engine | YES | YES |
EJB3 | YES | NO |
JBoss RestEasy | YES | NO |
JBoss Seam | YES | NO |
Support for JBoss Enterprise Data Services Deployment | YES | NO |
4.4. JavaDocs
4.5. Download Files From the Red Hat Customer Portal
Before you begin this task, you need a Customer Portal account. Browse to https://access.redhat.com and click the Register link in the upper right corner to create an account.
Procedure 4.1. Task:
- Browse to https://access.redhat.com and click the Log in link in the top right corner. Enter your credentials and click Log In.Result:
You are logged into RHN and you are returned to the main web page at https://access.redhat.com.
Navigate to the Downloads page.
Use one of the following options to navigate to the Downloads page.- Click the Downloads link in the top navigation bar.
- Navigate directly to https://access.redhat.com/downloads/.
Select the product and version to download.
Use one of the following ways to choose the correct product and version to download.- Step through the navigation one level at a time.
- Search for your product using the search area at the top right-hand side of the screen.
Download the appropriate file for your operating system and installation method of choice.
Depending on the product you choose, you may have the choice of a Zip archive, RPM, or native installer for a specific operating system and architecture. Click either the file name or the Download link to the right of the file you want to download.
The file is downloaded to your computer.
4.6. Checksum Validation
4.7. Verify the Downloaded File
Procedure 4.2. Verify the Downloaded File
- To verify that a file downloaded from the Red Hat Customer Portal is error-free, whilst still on the portal site, go to that package's Software Details page. Here you will find
MD5
andSHA256
"checksum" values that you will use to check the integrity of the file. - Open a terminal window and run either either the
md5sum
orsha256sum
command, supplying the filename of the downloadedZIP
as an argument. The program will output the checksum value for the file. - Compare the checksum value returned by the command to the corresponding value displayed on the Software Details page for the file.
Note
Microsoft Windows does not come equipped with a checksum tool. Users of that operating system will have to download a third-party product instead.
If the two checksum values are identical then the file has not been altered or corrupted and is, therefore, safe to use.
4.8. Red Hat Documentation Site
Chapter 5. Installation
5.1. Variable Name: SOA_ROOT Directory
jboss-soa-p-5
directory. In the Standalone edition, though, it is the jboss-soa-p-standalone-5
directory.
SOA_ROOT
. Substitute either jboss-soa-p-5
or jboss-soa-p-standalone-5
as appropriate whenever you see this name.
5.2. Variable Name: PROFILE
5.3. Install the JBoss Enterprise SOA Platform on Red Hat Enterprise Linux
Prerequisites
- a Java Development Kit (Red Hat recommends OpenJDK)
- a database server
- Apache Ant 1.7 or later
- an archiving tool that can open ZIP files
Warning
Procedure 5.1. Installation
- Extract the installation directory by running
unzip soa-p-VERSION.zip
. - Open the user account settings file in your text editor:
vi SOA_ROOT/jboss-as/server/default/conf/props/soa-users.properties
.The contents of this file using the following syntax:username=password
.#admin=admin
Confirm that the security roles for your admin account are enabled by removing a leading hash character, if it is present.Warning
Because this account is not secure and the password can be easily guessed, use admin=admin for test purposes only. Do not useadmin
as a password on production systems as this may compromise security. - Save the file and exit vi.
- Open the security permissions file in your text editor:
vi SOA_ROOT/jboss-as/server/default/conf/props/soa-roles.properties
.#admin=JBossAdmin,HttpInvoker,user,admin
Confirm that the security roles for your admin account are enabled by removing a leading hash character, if it is present. - Save the changes to the file and exit vi.
The JBoss Enterprise SOA Platform is now installed and configured for basic use.
5.4. Install the JBoss Enterprise SOA Platform on Microsoft Windows
Prerequisites
- a Java Development Kit
- a database server
- Apache Ant 1.7 or later
- an archiving tool that can open ZIP files
Warning
Procedure 5.2. Installation
- Extract the
soa-p-VERSION.zip
using the ZIP tool of your choice. - Confirm that the security roles for your admin account are enabled by removing a leading hash character, if it is present.
Warning
Because this account is not secure and the password can be easily guessed, use admin=admin for test purposes only. Do not useadmin
as a password on production systems as this may compromise security. - Save the file and exit Notepad.
- Open
SOA_ROOT\jboss-as\server\default\conf\props\soa-roles.properties
in Notepad.#admin=JBossAdmin,HttpInvoker,user,admin
Remove the hash to enable the security permissions for your admin account. - Save the file and exit Notepad.
The JBoss Enterprise SOA Platform is now installed and configured for basic use.
Chapter 6. Basic Operation Tutorial
6.1. Running the JBoss Enterprise SOA Platform for the First Time
In the following section you will learn how to launch and run the JBoss Enterprise SOA Platform for the first time. The simplest thing you can do is run the demonstration code found in the "Hello World" quick start.
6.2. Start the JBoss Enterprise SOA Platform
The following software must be installed:
- JBoss Enterprise SOA Platform
Procedure 6.1. Start the JBoss Enterprise SOA Platform
Start the SOA server in a server window
Red Hat Enterprise Linux
- Open a terminal and navigate to the
bin
directory by entering the commandcd SOA_ROOT/jboss-as/bin
. - Enter
./run.sh
to start the SOA server. (Because you are not specifying a server profile, "default" will be used.)
Microsoft Windows
- Open a terminal and navigate to the
bin
directory by entering the commandchdir SOA_ROOT\jboss-as\bin
. - Enter
run.bat
to start the SOA server. (Because you are not specifying a server profile, "default" will be used.)
The server starts. Note that this will take approximately two minutes, depending on the speed of your hardware.
Note
less SOA_ROOT/jboss-as/server/PROFILE/log/server.log
. As another check, open a web browser and go to http://localhost:8080. Make sure you can login to the admin console with the user name and password you have set.
6.3. Troubleshooting the Boot Process
- "Address already in use" - There is already a server running on port 8080.
- "Java not found" - The Java JRE may not be installed, or if it is, your PATH environment variable is not set to locate the java runtime.
- "Class not found" - The CLASSPATH environment variable is not set properly. You really don't need to set this variable as the server startup script sets it for you.
- If you see any of these errors, examine the server.log messages that come before and after the error message for additional information regarding the root cause of the error.
6.4. Running the "Hello World" Quickstart
6.4.1. Quickstart
SOA_ROOT/jboss-as/samples/quickstarts/
directory. Build and deploy every quickstart by using Apache Ant.
6.4.2. Important Notes About Quickstarts
- Each quickstart needs to be built and deployed using Apache Ant.
- Each quickstart uses the
samples/quickstarts/conf/quickstarts.properties
file to store environment-specific configuration options such as the directory where the server was installed. You must create aquickstarts.properties
file that matches your server installation. An example properties file (quickstarts.properties-example
) is included. - Each quickstart has different requirements. These are documented in their individual
readme.txt
files. - Not every quickstart can run under every server profile.
- The jBPM quickstarts require a valid jBPM Console user name and password. Supply these by adding them as properties in the
SOA_ROOT/jboss-as/samples/quickstarts/conf/quickstarts.properties
file:# jBPM console security credentials jbpm.console.username=admin jbpm.console.password=adminpassword
The quickstarts that are affected by this requirement arebpm_orchestration1
,bpm_orchestration2
,bpm_orchestration3
andbpm_orchestration4
. - You can only execute some of the quickstarts (such as groovy_gateway) if the server is not running in headless mode. (The JBoss Enterprise SOA Platform is configured to launch in headless mode by default.)
Important
Red Hat recommends that you run production servers in headless mode only.
6.4.3. Deploy the "Hello World" Quickstart on Your Test Server
Prerequisites
- Check that the setting in
SOA_ROOT/jboss-as/samples/quickstarts/conf/quickstarts.properties-example
matches the server configuration (default
in a testing environment).
Procedure 6.2. Deploy the "Hello World" Quickstart
- Check that the server has fully launched.
- Open a second terminal window and navigate to the directory containing the quick start:
cd SOA_ROOT/jboss-as/samples/quickstarts/helloworld
(orchdir SOA_ROOT\jboss-as\samples\quickstarts\helloworld
in Microsoft Windows). - Run
ant deploy
to deploy the quickstart. Look for messages such as this to confirm if the deployment was successful:deploy-esb: [copy] Copying 1 file to /jboss/local/53_DEV2/jboss-soa-p-5/jboss-as/server/default/deploy deploy-exploded-esb: quickstart-specific-deploys: [echo] No Quickstart specific deployments being made. display-instructions: [echo] [echo] ****************** [echo] Quickstart deployed to target JBoss ESB/App Server at '/jboss/local/53_DEV2/jboss-soa-p-5/jboss-as/server/default/deploy'. [echo] 1. Check your ESB Server console to make sure the deployment was executed without errors. [echo] 2. Run 'ant runtest' to run the Quickstart. [echo] 3. Check your ESB Server console again. The Quickstart should have produced some output. [echo] ****************** deploy: BUILD SUCCESSFUL
Also, check for this in theSOA_ROOT/jboss-as/server/default/log/server.log
:10:58:52,998 INFO [NamingHelper] JNDI InitialContext properties:{} 11:00:58,154 INFO [QueueService] Queue[/queue/quickstart_helloworld_Request_esb] started, fullSize=200000, pageSize=2000, downCacheSize=2000 11:00:58,186 INFO [QueueService] Queue[/queue/quickstart_helloworld_Request_gw] started, fullSize=200000, pageSize=2000, downCacheSize=2000 11:00:58,427 INFO [EsbDeployment] Starting ESB Deployment 'Quickstart_helloworld.esb'
- Run the quickstart by issuing this command:
ant runtest
. When the quickstart is run, messages such as this are written to theSOA_ROOT/jboss-as/server/default/log/server.log
:11:03:02,190 INFO [STDOUT] &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& 11:03:02,191 INFO [STDOUT] Body: Hello World 11:03:02,191 INFO [STDOUT] &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&& 11:03:02,192 INFO [STDOUT] Message structure: 11:03:02,192 INFO [STDOUT] [Hello World].
The words "Hello World" will appear on the server terminal. This message will also be appended to the SOA_ROOT/jboss-as/server/default/log/server.log
file.
6.4.4. ant deploy
ant deploy
compiles a quickstart's source code in the build
directory, then generates an .ESB file (such as Quickstart_helloworld.esb
) in the server profile's deploy
directory. (Note that it generates .JAR files for BPEL quickstarts.) The server detects the presence of the new .esb archive and deploys it. In the .ESB archive is a deployment.xml file that ant deploy
uses to configure a queue.
ant deploy
also uses an XSL template to transform generic JMS queue names into the specific JMS queues needed by the target server's messaging provider. Ant selects the correct messaging provider by examining the server for a messaging provider deployment. Only JBoss Messaging, JBoss MQ, and HornetQ are detected by the build script. Other messaging providers are not supported by the quick start. Ant then puts the deployment.xml
file into the build/META-INF
directory before including it in the same .ESB archive as the rest of the quickstart.
6.4.5. ant runtest
ant runtest
sends an ESB-unaware "Hello World" message (which is a plain String object) to the JMS Queue (queue/quickstart_helloworld_Request_gw
). It instructs Java to run the sender class (in the case of the "Hello World" quick start, this is called org.jboss.soa.esb.samples.quickstart.helloworld.test.sendJMSMessage
). By doing so, it sends a message directly to the deployed process.
6.4.6. ant sendesb
ant sendesb
command sends an ESB message to the SOA Server. It sends the ESB-aware message directly to the ESB listener, meaning that it does not have to utilize a gateway.
6.4.7. Undeploy the "Hello World" Quickstart
Procedure 6.3. Task
- Navigate to the quickstart's directory:
cd SOA_ROOT/jboss-as/samples/quickstarts/helloworld
(orchdir SOA_ROOT\jboss-as\samples\quickstarts\helloworld
if you are running Microsoft Windows). - Run the
ant undeploy
command. You should see messages such as this displayed:undeploy: [delete] Deleting: /jboss/local/53_DEV2/jboss-soa-p-5/jboss-as/server/default/deploy/Quickstart_helloworld.esb BUILD SUCCESSFUL
And messages such as this written to the server.log:11:10:08,205 INFO [EsbDeployment] Stopping 'Quickstart_helloworld.esb' 11:10:08,577 INFO [EsbDeployment] Destroying 'Quickstart_helloworld.esb'
6.5. Stop the JBoss Enterprise SOA Platform Server
Procedure 6.4. Stop the JBoss Enterprise SOA Platform Server
Stop the SOA server
Press ctrl-c in the server window (the terminal window where the SOA server was started).
The server will shut down. Note that this process will take a few minutes. Look for this line in the server.log
file to confirm that the server has shut down successfully:
12:17:02,786 INFO [ServerImpl] Shutdown complete
6.6. Examining the "Hello World" Quickstart
6.6.1. Overview of How the "Hello World" Quickstart Works
Figure 6.1. Image
- The JBoss Enterprise SOA Platform server is launched in
Window1
and then theFirstServiceESB:SimpleListener
service is added to the Service Registry service when the helloworld quickstart is deployed. - A JMS client sends an ESB-unaware "Hello World" message, (it is a plain
String
object), to the JMS Queue (queue/quickstart_helloworld_Request_gw
). - The JMS Gateway Listener receives the ESB-unaware message and creates from it an ESB-aware message for use by ESB-aware end-points.
- The
JMS Gateway Listener
uses theservice registry
to find theFirstServiceESB:SimpleListener
service's end-point reference (EPR). In this case, the EPR is thequeue/quickstart_helloworld_Request_esb
JMS queue. - The
JMS Gateway Listener
takes the new ESB-aware message and sends it to thequeue/quickstart_helloworld_Request_esb
JMS queue. - The
FirstServiceESB:SimpleListener
service receives the message. - The
FirstServiceESB:SimpleListener
service extracts the payload from the message and outputs it to the console.
6.6.2. ESB Message
org.jboss.soa.esb.message
interface. This standardized format consists of a header, body (payload) and attachments. All ESB-aware clients and services communicate with one another using messages.
6.6.3. Components of an ESB Message
- Header
- The header contains such information as the destination end-point reference, the sender end-point reference, and where the reply goes. This is all general message-level functional information.
- Context
- This is additional information that further explains the message; for example, transaction or security data, the identity of the ultimate receiver or HTTP-cookie information.
- Body
- The actual contents of the message.
- Fault
- Any error information associated with the message.
- Attachment
- Any attachments (additional files) associated with the message.
- Properties
- Any message-specific properties.(For example, the jbossesb.message.id property specifies a unique value for each message).
<xs:complexType name="Envelope"> <xs:attribute ref="Header" use="required"/> <xs:attribute ref="Context" use="required"/> <xs:attribute ref="Body" use="required"/> <xs:attribute ref="Attachment" use="optional"/> <xs:attribute ref="Properties" use="optional"/> <xs:attribute ref="Fault" use="optional"/> </xs:complexType>
6.6.4. How Message Objects are Sent to the Queue
The JBoss Enterprise SOA Platform product uses a properties object that is populated with parameters to identify the presence of JNDI on the local server. It is then used as the parameter for a call to create a new Naming Context which is used to obtain the ConnectionFactory. The Connection Factory, in turn, creates the QueueConnection, which creates the QueueSession. This QueueSession creates a Sender object for the Queue. The Sender object is used to create an ObjectMessage for the sender and to then send it to the Queue.
6.6.5. Properties Object
6.6.6. Naming Context
6.6.7. ConnectionFactory
org.jboss.jms.client.JBossConnectionFactory
) that creates a QueueConnection. The Naming Contect obtains the ConnectionFactory from JNDI.
6.6.8. QueueConnection
6.6.9. QueueSession
6.6.10. SOA_ROOT/jboss-as/samples/quickstarts/helloworld/build.xml
build.xml
file contains the instructions used by ant deploy
to compile the quickstart's source code in the build
directory. You can edit this file to add your own custom instructions.
6.6.11. SOA_ROOT/jboss-as/samples/quickstarts/helloworld/deployment.xml
deployment.xml
file is used by ant runtest
to create and configure a messaging queue.
ant deploy
generates the deployment.xml
file in the build/META-INF
directory during the compilation process. It then populates it when it determines which of the hard-coded JMS queues should be used. Once populated, the file is packaged as part of the .ESB archive. (Ant uses an XSL template to transform generic JMS queue names into the specific JMS queues required by the target server's messaging provider. It is from this template that the deployment.xml
file is created.)
6.6.12. Messaging Queues
6.6.13. Message Listeners
org.jboss.soa.esb.message.Message
format. Each gateway listener must have a corresponding ESB listener defined.
6.6.14. ESB-Awareness
6.6.15. Gateway Listener
org.jboss.soa.esb.message.Message
format. This conversion happens in a variety of different ways, depending on the gateway type. Once the conversion has occurred, the gateway listener routes the data to its correct destination.
6.6.16. Senders
send
method is called by its QueueSession's ObjectMessage when ant runtest
is executed. When this happens, the client sends a message to the queue.
6.6.17. Learn More About a Quickstart
Procedure 6.5. Task
- Study the quickstart's
readme.txt
file. - Run the
ant help
command in the quickstart's directory.
6.7. The "Hello World" Quickstart's Source Code
6.7.1. SOA_ROOT/jboss-as/samples/quickstarts/helloworld/src
src
directory contains the uncompiled programming instructions. The classes are in files nested in subdirectories. ant deploy compiles this source code.
6.7.2. SOA_ROOT/jboss-as/samples/quickstarts/helloworld/lib
lib
directory contains the classes needed by ant deploy
, (in addition to the source code), to compile the quick start.
6.7.3. SOA_ROOT/jboss-as/server/SERVER_PROFILE/deploy
ant deploy
moves the compiled version of a quick start (in the form of an .ESB archive file) from the build
directory to the /jboss-as/server/default/deploy/
directory. The JBoss Enterprise SOA Server is polling this directory and, when it detects the presence of a new .ESB file, it deploys it.
Part III. Account Management
Chapter 7. Configuring User Accounts
7.1. User Accounts
soa-users.properties
and soa-roles.properties
) to check a user's password and determine their level of access. SOA uses the Java Authentication and Authorization Service (JAAS) to authenticate user accounts.
Warning
7.2. Create User Accounts
Procedure 7.1. Add a New User
- Open the
soa-users.properties
file in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/conf/props/soa-users.properties
. Add the user's name and password on a new line, using this syntax:username=password
.Here is an example for a user with the login name "Harold":harold=@dm1nU53r
Note
Any line in this file that begins with a hash (#) is ignored. (You can use this convention to temporarily disable a user account.) - Save the changes to the file and exit the text editor.
- Open the
soa-roles.properties
file in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/conf/props/soa-roles.properties
. Add the user and the roles you wish to assign to them on a new line, using this syntax:username=role1,role2,role3
.harold=JBossAdmin,HttpInvoker,user,admin
Note
You can assign any number of roles. Note that a user must be assigned theJBossAdmin
,HttpInvoker
,user
andadmin
roles in order to be able to log into the server consoles.Any line in this file that begins with a hash (#) is ignored. You can use this convention to temporarily disable user roles. - Save the changes to the file and exit the text editor.
The user will now be able to log in to the server console at http://localhost:8080. You do not have to restart the server.
7.3. Security Roles
Table 7.1. List of Security Permissions for JBoss Enterprise SOA Platform Console Users
Role | Description |
---|---|
JBossAdmin | The JBossAdmin role is required to log into the various management components of SOA. It is the primary role so all system administrators should be assigned this role. |
HttpInvoker | The HttpInvoker role is used by the Http Invoker to access JNDIs and EJBs from remote locations. |
user | This is used to grant user access to services deployed in SOA if they are configured to utilize the JAAS security domains. The jBPM Console relies on this one role only. |
admin | This is used to grant administrative access to services deployed in SOA if they are configured to utilize the JAAS security domains. |
7.4. Java Authentication and Authorization Service (JAAS)
7.5. Disable a User's Account
Procedure 7.2. Disable a User's Account
- Open the
soa-users.properties
file in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/conf/props/soa-users.properties
. Either delete the entire line containing the user's name and password or simply put a hash (#) in front of it to "comment it out."Here is an example for a user with the login name "Harold":#harold=@dm1nU53r
- Save the changes to the file and exit the text editor.
The user will no longer be able to log in to the server console. You do not have to restart the server.
Part IV. Advanced Configuration Options
Chapter 8. Configuring the Default Database
8.1. Hypersonic Database
8.2. Hypersonic is Not Supported
- No transaction isolation thread and socket leaks (connection.close() does not tidy up resources)
- Persistence quality (logs commonly become corrupted after a failure, preventing automatic recovery)
- Database corruption stability under load (database processes cease when dealing with too much data)
- Not viable in clustered environments
8.3. H2 Database
8.4. Database Configuration Tool
SOA_ROOT/jboss-as/tools/schema/
directory) is an Apache Ant script. It sets the database to be used by the JBoss Enterprise SOA Platform. A list of the supported databases can be found at http://www.jboss.com/products/platforms/soa/supportedconfigurations/.
8.5. Configure a Database for Production System Use
Prerequisites
- Apache Ant
- the database that you wish to use must already exist
- a user with permission to make changes to that database must already exist.
- the JDBC driver JAR file for the database must be in the server configuration's
lib/
directory.
Warning
Back Up Your Server Profile
Make a copy of the server profile for which you plan to configure your database as the Database Configuration Tool modifies the configuration settings.cp -R SOA_ROOT/jboss-as/server/Profile /path/to/backup/folder
.Running the Database Configuration Tool
Change to the directory containing the Database Configuration script:cd SOA_ROOT/jboss-as/tools/schema
Run Ant
Run theant
command to launch the script.Enter Data
Following the prompts, enter the following information as it is requested:- the type of database being used,
- the name of the database,
- the host name or IP Address of the database,
- the TCP port being used for the database,
- the user name needed to access the database, and
- the password for this user account.
Note
You could also add these values directly to thebuild.properties
file (found in the same directory) before running the script. The Database Schema Tool will not prompt you for these properties if it finds you have already added them to the file.
The Tool updates the relevant configuration files and exits.
Important
to jbpm.esb/jbpm-ds.xml
:
<datasources> <local-tx-datasource> <jndi-name>BPELDB</jndi-name> ... <transaction-isolation>TRANSACTION_READ_COMMITTED</transaction-isolation> <new-connection-sql>SET TRANSACTION ISOLATION LEVEL SNAPSHOT;</new-connection-sql> ... </local-tx-datasource> </datasources>
8.6. SOA_ROOT/jboss-as/tools/schema/build.xml
SOA_ROOT/jboss-as/tools/schema/build.xml
contains the settings for the Database Schema Tool. It is used by the ant
command to run through the database setting options.
8.7. SOA_ROOT/jboss-as/tools/schema/build.properties
Chapter 9. Configure the Service Registry
9.1. Service Registry
9.2. jUDDI Registry
9.3. jUDDI and the JBoss Enterprise SOA Platform
The JBoss Enterprise SOA Platform product includes a pre-configured installation of a jUDDI registry. You can use a specific API to access this registry through your custom client. However, any custom client that you build will not covered by your SOA Platform support agreement. You can access the full set of jUDDI examples, documentation and APIs from: http://juddi.apache.org/.
9.4. Other Supported Service Registries
- SOA Software SMS
- HP Systinet
9.5. Universal Description, Discovery and Integration (UDDI) Registry
9.6. UDDI Page Types
- Green Pages
- Green Pages provide information that enables you to bind a client to the service being provided.
- Yellow Pages
- Yellow Pages are used to categorize businesses based upon the industries to which they belong.
- White Pages
- White Pages contain general information, such as the name, address and other contact details for the company providing the service.
9.7. The Service Registry and the JBoss Enterprise SOA Platform
9.8. jUDDI and the ESB
9.9. How the Registry Works
- The JBoss Enterprise Service Bus funnels all interaction with the Registry through the registry interface.
- It then calls a JAXR implementation of this interface.
- The JAXR API needs to utilize a JAXR implementation. (By default, this is Apache Scout.)
- Apache Scout, in turn, calls the Registry.
9.10. Apache Scout
org.jboss.soa.esb.scout.proxy.transportClass
class, one each for SOAP, SAAJ, RMI and Embedded Java (Local).
9.11. Java API for XML Registries (JAXR)
9.12. Registry Interface
9.13. Configuring the Registry
Normally, you will automatically configure the jUDDI Registry when you run the Database Configuration Tool.
9.14. Configure the Registry Manually
Procedure 9.1. Task
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Scroll down to the "registry" section and alter the settings as you wish.
<properties name="registry"> <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/> <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.v3.client.transport.wrapper.UDDIInquiryService#inquire"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.v3.client.transport.wrapper.UDDIPublicationService#publish"/> <property name="org.jboss.soa.esb.registry.securityManagerURI" value="org.apache.juddi.v3.client.transport.wrapper.UDDISecurityService#secure"/> <property name="org.jboss.soa.esb.registry.user" value="root"/> <property name="org.jboss.soa.esb.registry.password" value="root"/> <property name="org.jboss.soa.esb.scout.proxy.uddiVersion" value="3.0"/> <property name="org.jboss.soa.esb.scout.proxy.uddiNameSpace" value="urn:uddi-org:api_v3"/> <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/> <!-- specify the interceptors, in order --> <property name="org.jboss.soa.esb.registry.interceptors" value="org.jboss.internal.soa.esb.services.registry.InVMRegistryInterceptor, org.jboss.internal.soa.esb.services.registry.CachingRegistryInterceptor"/> <!-- The following properties modify the cache interceptor behaviour --> <property name="org.jboss.soa.esb.registry.cache.maxSize" value="100"/> <property name="org.jboss.soa.esb.registry.cache.validityPeriod" value="600000"/> <!-- Organization Category to be used by this deployment. --> <property name="org.jboss.soa.esb.registry.orgCategory" value="org.jboss.soa.esb.:category"/> </properties>
- Save the file and exit.
9.15. Table of Registry Configuration Options
Table 9.1. Registry Properties
Property | Description |
---|---|
org.jboss.soa.esb.registry.implementationClass |
This is a class that implements the JBoss ESB Registry interface. One implementation,
JAXRRegistryImpl , is included. It uses the JAXRRegistry interface.
|
org.jboss.soa.esb.registry.factoryClass |
This is the class name of the JAXR ConnectionFactory implementation.
|
org.jboss.soa.esb.registry.queryManagerURI |
This is the URI used by JAXR to query services.
|
org.jboss.soa.esb.registry.lifeCycleManagerURI |
This the URI that JAXR uses for editing.
|
org.jboss.soa.esb.registry.user |
This is the username utilized for editing.
|
org.jboss.soa.esb.registry.password |
This is the password for the specified user.
|
org.jboss.soa.esb.scout.proxy.uddiVersion |
This is the UDDI version of the query.
|
org.jboss.soa.esb.scout.proxy.uddiNameSpace |
This is the UDDI namespace.
|
org.jboss.soa.esb.scout.proxy.transportClass |
This is the class used by Apache Scout to send items to the UDDI Registry.
|
org.jboss.soa.esb.registry.interceptors |
This is the list of interceptors that are applied to the Registry. The ESB provides two interceptors, one for handling InVM registrations and one that supplies the Registry with a cache.
The default interceptor list contains only one entry, that for the InVM interceptor.
|
org.jboss.soa.esb.registry.cache.maxSize |
This is the maximum number of server entries allowed in the cache. If this value is exceeded, entries will be removed on a "Least Recently Used" basis. The default value is
100 .
|
org.jboss.soa.esb.registry.cache.validityPeriod |
This is the period of validity that has been set for the caching interceptor. The value is specified in milliseconds and defaults to
600000 (ten minutes). Set this value to 0 to if you do not wish the cache to expire.
|
org.jboss.soa.esb.registry.orgCategory |
This is the name of the ESB's organization category. The default is
org.jboss.soa.esb.:category .
|
9.16. Registry Configuration Use Cases
- To change the queryManagerURI/lifeCycleManagerURI/securityManagerURI to match the locations of a UDDI registry.
- To change the registry user/password.
- To provide a custom org.jboss.soa.esb.registry.orgCategory
- To specify custom registry interceptors
9.17. Embedding the Registry
9.18. Embed the Registry
Procedure 9.2. Task
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Scroll down to the "registry" section and alter the settings like this:
<properties name="registry"> <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/> <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.registry.local.PublishService#publish"/> <property name="org.jboss.soa.esb.registry.securityManagerURI" value="org.apache.juddi.registry.local.SecurityService#secure"/> <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/> <property name="org.jboss.soa.esb.registry.password" value="password"/> <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/> </properties>
- Save the file and exit.
9.19. Configuring the Registry to Use Remote Method Invocation
jbossesb.sar
archive and it is this same archive that also automatically registers a remote method invocation service.)
9.20. Configure the Registry to Use Remote Method Invocation
Procedure 9.3. Task
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Scroll down to the "registry" section and alter the settings like this:
<properties name="registry"> <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/> <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="jnp://localhost:1099/InquiryService?org.apache.juddi.registry.rmi.Inquiry#inquire"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="jnp://localhost:1099/PublishService?org.apache.juddi.registry.rmi.Publish#publish"/> <property name="org.jboss.soa.esb.registry.securityManagerURI" value="jnp://localhost:1099/PublishService?org.apache.juddi.registry.rmi.Publish#publish"/> <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/> <property name="org.jboss.soa.esb.registry.password" value="password"/> <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.RMITransport"/> </properties>
- Save the file and exit.
- Open the
web.xml
file in your text editor. - Configure it like this:
<!-- uncomment if you want to enable making calls in juddi with rmi --> <servlet> <servlet-name>RegisterServicesWithJNDI</servlet-name> <servlet-class>org.apache.juddi.registry.rmi.RegistrationService</servlet-class> <load-on-startup>1</load-on-startup> </servlet>
- Save the file and exit.
- Open the jUDDI configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/standard/deploy/juddi-service.sar/juddi.war/WEB-INF/juddi.properties
. - Configure it like this:
# JNDI settings (used by RMITransport) java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory java.naming.provider.url=jnp://localhost:1099 java.naming.factory.url.pkgs=org.jboss.naming
- Save the file and exit.
- Add
scout-client.jar
to the RMI client's class-path.
9.21. Remote Method Invocation Using a Custom JNDI Registration of the RMI Service
juddi.war
archive, you can configure one of the Enterprise Service Bus components running in the same Java Virtual Machine as the jUDDI Registry to register the RMI service.
9.22. Configure RMI Using Your Own JNDI Registration
- For a local application, open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Scroll down to the "registry" section and alter the local settings like this:
<properties name="registry"> <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/> <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.registry.local.PublishService#publish"/> <property name="org.jboss.soa.esb.registry.securityManagerURI" value="org.apache.juddi.registry.local.SecurityService#secure"/> <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/> <property name="org.jboss.soa.esb.registry.password" value="password"/> <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/> </properties>
- Save the file and exit.
- For a remote application, open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Scroll down to the "registry" section and alter the remote method invocation settings like this:
<properties name="registry"> <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/> <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="jnp://localhost:1099/InquiryService?org.apache.juddi.registry.rmi.Inquiry#inquire"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="jnp://localhost:1099/PublishService?org.apache.juddi.registry.rmi.Publish#publish"/> <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/> <property name="org.jboss.soa.esb.registry.password" value="password"/> <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.RMITransport"/> </properties>
- Save the file and exit.
- Point the host names of the
queryManagerURI
andlifeCycleManagerURI
classes to the host on which the jUDDI Registry is running (this is also where the local is running). Note that the local application needs to have access to a naming service. - Use these settings to register the application:
//Getting the JNDI setting from the config Properties env = new Properties(); env.setProperty(RegistryEngine.PROPNAME_JAVA_NAMING_FACTORY_INITIAL,factoryInitial); env.setProperty(RegistryEngine.PROPNAME_JAVA_NAMING_PROVIDER_URL, providerURL); env.setProperty(RegistryEngine.PROPNAME_JAVA_NAMING_FACTORY_URL_PKGS, factoryURLPkgs); InitialContext context = new InitialContext(env); Inquiry inquiry = new InquiryService(); log.info("Setting " + INQUIRY_SERVICE + ", " + inquiry.getClass().getName()); mInquery = inquiry; context.bind(INQUIRY_SERVICE, inquiry); Publish publish = new PublishService(); log.info("Setting " + PUBLISH_SERVICE + ", " + publish.getClass().getName()); mPublish = publish; context.bind(PUBLISH_SERVICE, publish);
- Include the
scout-client.jar
file on the RMI client's class-path.
9.23. Communicate with the jUDDI Registry via SOAP
9.24. Simple Object Access Protocol (SOAP)
9.25. Configure Apache Scout to Use SOAP
Procedure 9.4. Task
- Shut down the RMI service by "commenting out" the
web.xml
file's RegisterServicesWithJNDI servlet. - Deploy the
juddi.war
archive. - Configure the data-source.Here are some sample properties:
<properties name="registry"> <property name="org.jboss.soa.esb.registry.implementationClass" value="org.jboss.internal.soa.esb.services.registry.JAXRRegistryImpl"/> <property name="org.jboss.soa.esb.registry.factoryClass" value="org.apache.ws.scout.registry.ConnectionFactoryImpl"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="http://localhost:8080/juddi/inquiry"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="http://localhost:8080/juddi/publish"/> <property name="org.jboss.soa.esb.registry.user" value="jbossesb"/> <property name="org.jboss.soa.esb.registry.password" value="password"/> <property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.AxisTransport"/> </properties>
9.26. jUDDI Console
9.27. Grant Access to the jUDDI Console
Prerequisites
- A user with the name "root" who has been assigned the security roles of "user" and "admin".
Procedure 9.5. Task
- Open a web browser session and go to the jUDDI Console at http://localhost:8080/uddi-console/. Log in as root.
- Click "Publisher".
- From the Publisher ID list, click on the username.
- Select the "Is Admin" checkbox.
The user you selected now has administrative rights.
9.28. Install JBoss Developer Studio Plug-Ins for SOA
Prerequisites
- JBoss Developer Studio
- JBDS JBoss Tools Component
Procedure 9.6. Task
- Launch JBoss Developer Studio
- Go to JBoss Central screen
- Download the plug-ins you require to do your SOA development work.
Chapter 10. Advanced Service Registry Configuration Options
10.1. Configure an Alternative JAXR Implementation
Procedure 10.1. Task
- Choose a specific JAXR implementation.
- Set the property to configure the class. (Because the JBoss Enterprise SOA Platform uses Apache Scout by default, this property is set to the Scout factory class, namely
org.apache.ws.scout.registry.ConnectionFactoryImpl
.) - Configure the JAXR implementation by providing it with the Registry's location. Do so by editing
org.jboss.soa.esb.registry.queryManagerURI
,org.jboss.soa.esb.registry.lifeCycleManagerURI
andorg.jboss.soa.esb.registry.securityManagerURI
.
10.2. Configure an Alternative API to JAXR
Procedure 10.2. Task
- Write a new
SystinetRegistryImplemtation
class and provide a reference to it from within this property.
10.3. Using Transports
org.jboss.soa.esb.scout.proxy.transportClass
. This is the transport class that facilitates communications between Scout and the jUDDI Registry.
LocalTransport
and configure the file to make use of the jUDDI registry's transports (InVM, RMI and WS). This file defines the Registry's nodes.
10.5. Select a Transport
Procedure 10.3. Task
- Edit the node definition file:
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.sar/esb.juddi.client.xml
- Use the node settings to select which transport to use:
<node> <!-- required 'default' node --> <name>default</name> <description>Main jUDDI node</description> <properties> <property name="serverName" value="localhost" /> <property name="serverPort" value="8880" /> </properties> <!-- JAX-WS Transport <proxyTransport>org.apache.juddi.v3.client.transport.JAXWSTransport</proxyTransport> <custodyTransferUrl>http://${serverName}:${serverPort}/juddiv3/services/custody-transfer?wsdl</custodyTransferUrl> <inquiryUrl>http://${serverName}:${serverPort}/juddiv3/services/inquiry?wsdl</inquiryUrl> <publishUrl>http://${serverName}:${serverPort}/juddiv3/services/publish?wsdl</publishUrl> <securityUrl>http://${serverName}:${serverPort}/juddiv3/services/security?wsdl</securityUrl> <subscriptionUrl>http://${serverName}:${serverPort}/juddiv3/services/subscription?wsdl</subscriptionUrl> <subscriptionListenerUrl>http://${serverName}:${serverPort}/juddiv3/services/subscription-listener?wsdl</subscriptionListenerUrl> <juddiApiUrl>http://${serverName}:${serverPort}/juddiv3/services/juddi-api?wsdl</juddiApiUrl> --> <!-- In VM Transport Settings <proxyTransport>org.jboss.internal.soa.esb.registry.client.JuddiInVMTransport</proxyTransport> <custodyTransferUrl>org.apache.juddi.api.impl.UDDICustodyTransferImpl</custodyTransferUrl> <inquiryUrl>org.apache.juddi.api.impl.UDDIInquiryImpl</inquiryUrl> <publishUrl>org.apache.juddi.api.impl.UDDIPublicationImpl</publishUrl> <securityUrl>org.apache.juddi.api.impl.UDDISecurityImpl</securityUrl> <subscriptionUrl>org.apache.juddi.api.impl.UDDISubscriptionImpl</subscriptionUrl> <subscriptionListenerUrl>org.apache.juddi.api.impl.UDDISubscriptionListenerImpl</subscriptionListenerUrl> <juddiApiUrl>org.apache.juddi.api.impl.JUDDIApiImpl</juddiApiUrl> --> <!-- RMI Transport Settings --> <proxyTransport>org.apache.juddi.v3.client.transport.RMITransport</proxyTransport> <custodyTransferUrl>/juddiv3/UDDICustodyTransferService</custodyTransferUrl> <inquiryUrl>/juddiv3/UDDIInquiryService</inquiryUrl> <publishUrl>/juddiv3/UDDIPublicationService</publishUrl> <securityUrl>/juddiv3/UDDISecurityService</securityUrl> <subscriptionUrl>/juddiv3/UDDISubscriptionService</subscriptionUrl> <subscriptionListenerUrl>/juddiv3/UDDISubscriptionListenerService</subscriptionListenerUrl> <juddiApiUrl>/juddiv3/JUDDIApiService</juddiApiUrl> <javaNamingFactoryInitial>org.jnp.interfaces.NamingContextFactory</javaNamingFactoryInitial> <javaNamingFactoryUrlPkgs>org.jboss.naming</javaNamingFactoryUrlPkgs> <javaNamingProviderUrl>jnp://localhost:1099</javaNamingProviderUrl> </node>
- By default, the Remote Method Invocation (RMI) settings are enabled. To switch transports, comment those ones out and enable the ones you want to use.
- Save the file and exit.
10.6. Remote Invocation Class
10.7. Transport Settings
- a
proxyTransport
- a URL for all of the supported UDDI application programming interfaces (
inquiry
,publish
,security
,subscription
,subscription-listener
andcustodytransfer
) - a jUDDI application programming interface URL.
- the RMI transport (which also includes JNDI settings)
10.8. Configure Apache Scout
Procedure 10.4. Task
- Check that the
transportClass
is set to LocalTransport in theuddi.xml
file. - Configure the
uddi.xml
file to utilize the Registry's transports (these being InVM, RMI and WS, respectively). The file is located inSOA_ROOT/jboss-as/server/all/deploy/jbossesb.sar/esb.juddi.client.xml
- Create a schema in the jUDDI registry by adding the
jbossesb publisher
to it.Note
Theproduct/install/jUDDI-registry
directory containsdatabase-create
scripts for most common databases. These files are located inSOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb-registry.sar/juddi-sql
.Note
The system can generate the database automatically if the user has been granted permission to create tables. (The Registry can create a database of any type for which there exists an associated Hibernate dialect.) - Check that the
SOA_ROOT/jboss-as/server/default/deploy/jbossesb-registry.sar/esb.juddi.xml
andSOA_ROOT/jboss-as/server/all/deploy/jbossesb.sar/esb.juddi.client.xml
exist. These files contain the Registry's configuration settings.Note
If you want the software to communicate with another UDDI registry, use Apache Scout's JAXR transports. There are four implementations of this class and they are also based on SOAP, SAAJ, RMI and Embedded Java. - If you decide to change the transport, always change the query and life-cycle uniform resource indicators as well. Here is sample code that demonstrates how to do so:
SOAP queryManagerURI http://localhost:8080/juddi/inquiry lifeCycleManagerURI http://localhost:8080/juddi/publish transportClass org.apache.ws.scout.transport.AxisTransport RMI queryManagerURI jnp://localhost:1099/InquiryService?org.apache.juddi.registry.rmi.Inquiry#inquire lifeCycleManagerURI jnp://localhost:1099/PublishService?org.apache.juddi.registry.rmi.Publish#publish transportClass org.apache.ws.scout.transport.RMITransport Local queryManagerURI org.apache.juddi.registry.local.InquiryService#inquire lifeCycleManagerURI org.apache.juddi.registry.local.PublishService#publish transportClass org.apache.ws.scout.transport.LocalTransport
10.9. Interceptor
- service the request
- provide direct responses to the request
- augment the responses received from a lower interceptor or registry implementation
10.10. The LocalRegistryInterceptor
LocalRegistryInterceptor
is the class that is responsible for processing local services.
10.11. Configure the Interceptor Stack
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Modify the org.jboss.soa.esb.registry.interceptors properties.
- Save the file and exit.
10.12. Interceptor Settings
Table 10.1. Interceptor Properties
Property | Description |
---|---|
org.jboss.internal.soa.esb.services.registry.InVMRegistryInterceptor |
The InVM registry interceptor is responsible for handling any InVM end-point references. These are registered by any of the services executing within the same server instance. The information about the InVM EPR and its associated service will be cached within the interceptor, will not be propagated to subsequent interceptors and will be returned to the caller by augmenting results from subsequent interceptors or registry queries.
|
org.jboss.internal.soa.esb.services.registry.CachingRegistryInterceptor |
The caching registry interceptor retains a cache of end-point references and their associated services, evicting information from the cache on a LRU basis or after the information has expired.
The interceptor can be configured through the org.jboss.soa.esb.registry.cache.maxSize and org.jboss.soa.esb.registry.cache.validityPeriod properties within jbossesb-properties.xml
|
Chapter 11. Service Registry Integration with the BPEL Engine
11.1. BPEL Engine
Note
11.2. Business Process Execution Language (BPEL)
11.3. BPEL and the Service Registry
11.4. Activate BPEL-Service Registry Integration
Procedure 11.1. Task
- Integration is turned on by default. To confirm this, open
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/riftsaw.sar/bpel.properties.xml
and ensure that is set as follows:bpel.uddi.registration=true
.
11.5. Partner Link
11.6. Partner Link Channel
11.7. esb.juddi.client.xml
SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.sar/esb.juddi.client.xml
file is the client configuration file for the jUDDI Service Registry.
11.8. bpel.properties Configuration Settings
Table 11.1. The UDDI-related properties in the bpel.properties file
attribute | type (default) | description |
---|---|---|
bpel.uddi.registration | boolean (true) | If set to 'false', the UDDI integration is turned off. The RiftSaw installation process sets this value to 'true' only if the jbossesb-registry.sar is detected containing a jUDDI v3 registry. In every other case it is automatically set to false. |
bpel.webservice.secure | boolean (false) | The UDDI Registration process registers an WSDL AccessPoint in the BindingTemplate for the BPEL Service it is registering. The BPEL server exposes the service WSDL Endpoint on the WS stack (Currently Red Hat supports JBossWS and CXF). If your webservice stack is configured to use a secure protocol (such as https), you need to switch this setting to 'true'. (Note that this setting is used during the registration process only.) |
bpel.uddi.client.impl | String (org.jboss.soa.bpel.uddi.UDDIRegistrationImpl) | This is the name of the class that implements the org.jboss.soa.bpel.runtime.engine.ode.UDDIRegistration interface. |
bpel.uddi.clerk.config | String (not used by default) | This defines the path to the bpel.uddi.client.xml configuration file. This can be left "commented out" if you want to use the riftsaw.sar/META-INF/riftsaw.uddi.xml . In this case, a bpel.uddi.clerk.manager must be defined. |
bpel.uddi.clerk.manager | String (riftsaw-manager) | This defines the name of the ClerkManager that will be used if the riftsaw.uddi.xml is left commented out. This value should correspond to the name of the manager in the esb.juddi.client.xml . Note that if the bpel.uddi.clerk.config is defined, the bpel.uddi.clerk.manager setting is ignored. |
bpel.uddi.clerk | String (BPEL_clerk) | This defines the name of the clerk that will be used. This value should correspond to the name of the clerk in the riftsaw.uddi.xml . (By default this is set to BPEL_clerk.) |
bpel.uddi.lookup | boolean (true) | If this is set to true, the creating process of the partner channel will do a lookup by serviceName in the UDDI, and a WSDL Endpoint is retrieved. This process makes it easier to move process deployment around within your server farm, without having to update the partnerlink WSDL files in your BPEL process deployments. If more than one end-point (BindingTemplate) is found, the default policy used by the ServiceLocator is 'PolicyLocalFirst'. Note that it is still a requirement to deploy the initial partnerlink WSDL file for each partnerLink. |
Note
bpel.properties
file.
11.9. Clerk
org.apache.juddi.v3.client.config.UDDIClerk
) is responsible for registering service end-points in the Service Registry.
11.10. Set the Properties to be Used by the Clerk When Registering Services
Procedure 11.2. Task
- Open the
esb.juddi.client.xml
file in your text editor:vi SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.sar/esb.juddi.client.xml
- Configure the settings. For example:
</nodes> <clerks registerOnStartup="false"> <clerk name="SOAExample" node="default" publisher="root" password="root"/> </clerks> </manager> </uddi>
- Save the file and exit.
- Put another copy of the file in here (the files must always correspond:
SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb-registry.sar/juddi_custom_install_data/
- Save the file and exit.
11.11. Default Settings for the Service Registry Clerk
Table 11.2. Default Settings
Property | Value |
---|---|
keyDomain | esb.jboss.org |
businessKey | redhat-jboss |
serviceDescription | BPEL Service deployed by Riftsaw |
bindingDescription | BPEL Endpoint deployed by Riftsaw |
Important
SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb-registry.sar/esb.juddi.xml
file contains a property called juddi.seed.always which is set to false. This means that it is always trying to load the root seed data when the server starts.
11.12. UDDI Registration
11.13. UDDI End-Point Look-Up
Chapter 12. Configuring a Java Message Service Provider
12.1. Java Message Service
12.2. Configuring a Java Message Service Provider
You can choose from a number of Java Message Service applications to use in conjunction with the JBoss Enterprise SOA Platform.
Important
Important
- the JMS provider is running on localhost
- the connection-factory is
ConnectionFactory
- the destination-type is
queue
- the destination-name is
queue/A
12.3. Supported Java Message Services
12.4. HornetQ
12.5. Configure HornetQ for Use as the Java Message Service Provider
Warning
Procedure 12.1. Task
- Go to the HornetQ Directory:
cd SOA_ROOT/jboss-as/extras/hornetq
. Deploy It
Runant
.
12.6. Configure JBoss Messaging for Use as the Java Message Service Provider
Procedure 12.2. Task
Configure the JMS Provider
To configure JBoss Messaging, open the configuration file in a text editor:vi jboss-esb.xml
.- Modify these settings:
jndi-URL="localhost” jndi-context-factory="org.jnp.interfaces.NamingContextFactory" connection-factory="ConnectionFactory" destination-type="queue" destination-name="queue/myqueue"
Important
Always include thejboss-messaging-client.jar
file on the class-path. (This file is found in theSOA_ROOT/jboss-as/client/jboss-messaging-client.jar
archive.)Note
If you want to use load balancing and fail-over capabilities, you must configure JBoss Messaging for clustering. This functionality is constantly evolving. To learn how to configure it, please consult the JBoss Messaging documentation. - Check that JBoss Messaging's Service Binding Manager configuration matches that found in the
SOA_ROOT/seam/bootstrap/deploy/remoting-service.xml
file.
12.7. ActiveMQ Java Message Service Provider
Important
12.8. IBM Websphere MQ Installation Options
- As a JCA Provider by using the Websphere MQ JCA Adapter through the <jms-jca-provider> configuration.
- As a standard JMS provider through the jms-provider configuration.
12.9. Configure IBM Websphere MQ for Use as the Java Message Service Provider
Procedure 12.3. Task
- Copy the IBM Websphere wmq.jmsra.rar file to the JBoss Enterprise SOA Platform:
cp wmq.jmsra.rar SOA_ROOT/jboss-as/server/PROFILE/deploy/
- Copy the IBM Websphere com.ibm.mqetclient.jar to the JBoss Enterprise SOA Platform:
cp com.ibm.mqetclient.jar SOA_ROOT/jboss-as/lib/
. - Open run.conf in your text editor:
vi SOA_ROOT/jboss-as/bin/run.conf
- Add this setting by modifying the JAVA_OPTS in
run.conf
:JAVA_OPTS="-DtraceEnabled=true -DtraceDestination=wmq_jca.trc -DtraceLevel=10 -DlogWriterEnabled=false"
- Save the file and exit.
- Open the jboss-esb.xml file in your text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.esb/META-INF/jboss-esb.xml
- Add these settings:
<jms-jca-provider name="WMQ-JCA" connection-factory="MyAppXAConnectionFactory" adapter="wmq.jmsra.rar" jndi-URL="10.12.10.110:1414/CH1" jndi-context-factory="com.ibm.mq.jms.context.WMQInitialContextFactory"> <property name="max-xa-sessions-per-connection" value="1" /> <jms-bus busid="quickstartEsbChannel"> <jms-message-filter dest-type="QUEUE" dest-name="Q1" transacted="true"/> </jms-bus> <activation-config> <property name="queueManager" value="QM1" /> <property name="channel" value="CH1" /> <property name="hostName" value="10.12.10.110" /> <property name="port" value="1515" /> <property name="transportType" value="CLIENT" /> <property name="useJNDI" value="false" /> </activation-config> </jms-jca-provider>
- Save the file and exit.
- Run
crtmqm -q QM1
- Run
strmqm QM1
define channel (CH.1) chltype (RCVR) trptype (TCP) start channel (CH.1) define qlocal (Q1) define listener(QM1.LISTENER) trptype(TCP) port(30001) ipaddr(10.12.58.110) start listener (QM1.LISTENER)
12.10. IBM Websphere MQ Configuration Checklist
com.ibm.mq.pcf.jar
mqcontext.jar
dhbcore.jar
com.ibm.mq.jar
(clientJAR
)com.ibm.mqjms.jar
(clientJAR
)
Websphere MQ v7.0 Client JAR
files, add the following to the items to the class-path:
com.ibm.mq.commonservices.jar
com.ibm.mq.headers.jar
com.ibm.mq.jmqi.jar
Note
JAR
files differ between MQ 5.3 and MQ 6.0. However the 6.0 JAR
files should be backward-compatible. They are not open source and therefore Red Hat does not provide them. You will have to obtain them from your WAS and MQ installs.
12.11. Java Message Service and JNDI
12.12. Configure IBM Websphere MQ to Use JNDI
Prerequisites
- IBM Websphere MQ must be installed on your system.
- Ensure Java is on your classpath.
Procedure 12.4. Task
- Run this command:
/opt/mqm/java/bin/JMSAdmin -v
java -Dcom.ibm.msg.client.commonservices.log.outputName=$MQ_JAVA_DATA_PATH/log -Dcom.ibm.msg.client.commonservices.trace.outputName=$MQ_JAVA_DATA_PATH/trace -DMQJMS_INSTALL_PATH=$MQ_JAVA_INSTALL_PATH com.ibm.mq.jms.admin.JMSAdmin $*
- Open JMSAdmin.config in your text editor:
vi JMSAdmin.config
- Edit the file as per this sample code:
INITIAL_CONTEXT_FACTORY=com.ibm.mq.jms.context.WMQInitialContextFactory PROVIDER_URL=localhost:30002/SYSTEM.DEF.SVRCONN SECURITY_AUTHENTICATION=none
Note
If you have a listener on a different port, use it instead. (The default is 1414). - Save the file and exit.
- Define objects with these commands:
InitCtx> def cf(ConnectionFactory) qmgr(QM1) tran(CLIENT) host(10.12.58.105) BROKERQMGR(QM1)
andInitCtx> def qcf(QueueConnectionFactory) qmgr(QM1) tran(CLIENT) host(10.12.58.105)
- If you are having problems with JMSAdmin, troubleshoot the logs:
less /var/mqm/errors/AMQERR01.LOG
andless /var/mqm/qmgrs/QUEUE MANAGER NAME/errors/AMQERR01.LOG
Note
For more information, refer to http://www.ibm.com/developerworks/websphere/techjournal/0502_woolf/0502_woolf.html.
12.13. JNDI Objects Viewable with JMSAdmin
InitCtx> display qcf(QM1)
- ASYNCEXCEPTION(-1)
- CCSID(819)
- CHANNEL(SYSTEM.DEF.SVRCONN)
- CLIENTRECONNECTTIMEOUT(1800)
- COMPHDR(NONE )
- COMPMSG(NONE )
- CONNECTIONNAMELIST(10.12.58.105(1414))
- CONNOPT(STANDARD)
- FAILIFQUIESCE(YES)
- HOSTNAME(10.12.58.105)
- LOCALADDRESS()
- MAPNAMESTYLE(STANDARD)
- MSGBATCHSZ(10)
- MSGRETENTION(YES)
- POLLINGINT(5000)
- PORT(1414)
- PROVIDERVERSION(UNSPECIFIED)
- QMANAGER(QM1)
- RESCANINT(5000)
- SENDCHECKCOUNT(0)
- SHARECONVALLOWED(YES)
- SSLFIPSREQUIRED(NO)
- SSLRESETCOUNT(0)
- SYNCPOINTALLGETS(NO)
- TARGCLIENTMATCHING(YES)
- TEMPMODEL(SYSTEM.DEFAULT.MODEL.QUEUE)
- TEMPQPREFIX()
- TRANSPORT(CLIENT)
- USECONNPOOLING(YES)
- VERSION(7)
- WILDCARDFORMAT(TOPIC_ONLY)
InitCtx> display q(Q1)
- CCSID(1208)
- ENCODING(NATIVE)
- EXPIRY(APP)
- FAILIFQUIESCE(YES)
- MDMSGCTX(DEFAULT)
- MDREAD(NO)
- MDWRITE(NO)
- MSGBODY(UNSPECIFIED)
- PERSISTENCE(APP)
- PRIORITY(APP)
- PUTASYNCALLOWED(AS_DEST)
- QMANAGER(QM1)
- QUEUE(Q1)
- READAHEADALLOWED(AS_DEST)
- READAHEADCLOSEPOLICY(DELIVER_ALL)
- REPLYTOSTYLE(DEFAULT)
- TARGCLIENT(JMS)
- VERSION(7)
InitCtx> display cf(ConnectionFactory)
- ASYNCEXCEPTION(-1)
- BROKERCCSUBQ(SYSTEM.JMS.ND.CC.SUBSCRIBER.QUEUE)
- BROKERCONQ(SYSTEM.BROKER.CONTROL.QUEUE)
- BROKERPUBQ(SYSTEM.BROKER.DEFAULT.STREAM)
- BROKERQMGR(QM1)
- BROKERSUBQ(SYSTEM.JMS.ND.SUBSCRIBER.QUEUE)
- BROKERVER(UNSPECIFIED)
- CCSID(819)
- CHANNEL(SYSTEM.DEF.SVRCONN)
- CLEANUP(SAFE)
- CLEANUPINT(3600000)
- CLIENTRECONNECTTIMEOUT(1800)
- CLONESUPP(DISABLED)
- COMPHDR(NONE )
- COMPMSG(NONE )
- CONNECTIONNAMELIST(10.12.58.105(1414))
- CONNOPT(STANDARD)
- FAILIFQUIESCE(YES)
- HOSTNAME(10.12.58.105)
- LOCALADDRESS()
- MAPNAMESTYLE(STANDARD)
- MSGBATCHSZ(10)
- MSGRETENTION(YES)
- MSGSELECTION(CLIENT)
- OPTIMISTICPUBLICATION(NO)
- OUTCOMENOTIFICATION(YES)
- POLLINGINT(5000)
- PORT(1414)
- PROCESSDURATION(UNKNOWN)
- PROVIDERVERSION(UNSPECIFIED)
- PUBACKINT(25)
- QMANAGER(QM1)
- RECEIVEISOLATION(COMMITTED)
- RESCANINT(5000)
- SENDCHECKCOUNT(0)
- SHARECONVALLOWED(YES)
- SPARSESUBS(NO)
- SSLFIPSREQUIRED(NO)
- SSLRESETCOUNT(0)
- STATREFRESHINT(60000)
- SUBSTORE(BROKER)
- SYNCPOINTALLGETS(NO)
- TARGCLIENTMATCHING(YES)
- TEMPMODEL(SYSTEM.DEFAULT.MODEL.QUEUE)
- TEMPQPREFIX()
- TEMPTOPICPREFIX()
- TRANSPORT(CLIENT)
- USECONNPOOLING(YES)
- VERSION(7)
- WILDCARDFORMAT(TOPIC_ONLY)
12.14. Configure IBM Websphere MQ Using the jms-jca-provider
Procedure 12.5. Task
Configure the Adapter
The adapter name iswmq.jmsra.rar
. Copy this file into the JBoss Enterprise SOA Platform'sSOA_ROOT/jboss-as/server/PROFILE/deploy
directory.Check the Context Factory
Ensure that the initial context factory iscom.ibm.mq.jms.context.WMQInitialContextFactory
.Configure the QueueManager
Ensure that the queueManager configuration is in the <activation-config>. You will need to configure a queue manager in your own Websphere MQ installation. (Note that all of your destination queues are configured in your queue manager.)Configure the Channel
Ensure that the channel configuration is in the <activation-config> property.Note
You can configure a queue manager to use a number of different types of channel. Clients connect through server connection channels. A default server connection channel (SYSTEM.DEF.SVRCONN), is added as part of the Websphere MQ installation but it is a good idea to also create your own dedicated channels, especially if you are using extended (XA) transactions.Configure the transportType
Edit the transportType. The configuration for this is in the <activation-config> property. Websphere MQ supports two transport types ( Client and Binding).Edit the Settings
Open the configuration file in a text editor and edit it.Here is an example of a <jms-jca-provider> configuration. It shows how to set a gateway provider configuration:<jms-jca-provider adapter="wmq.jmsra.rar" connection-factory="MyAppXAConnectionFactory" jndi-context-factory="com.ibm.mq.jms.context.WMQInitialContextFactory" name="WMQ-JCA"> <property name="max-xa-sessions-per-connection" value="1"/> <jms-bus busid="quickstartGwChannel"> <jms-message-filter dest-name="QUEUE1_JMS" dest-type="QUEUE" transacted="true"/> </jms-bus> <activation-config> <property name="queueManager" value="TQM"/> <property name="channel" value="Q1CONN"/> <property name="hostName" value="localhost"/> <property name="port" value="1414"/> <property name="transportType" value="CLIENT"/> </activation-config> </jms-jca-provider>
Note
It is actually the <jms-listener> configuration that determines the gateway/message-aware characteristics of a listener. However, as far as Websphere MQ is concerned, this is only of use as a gateway listener provider. In other words, this configuration would not work as a message-aware listener for Websphere MQ. This is because it does not specify an appropriate JNDI provider URL (as used by the ServiceInvoker) for routing ESB messages to the destinations (buses) defined on the provider.Configure the JCA Adapter
The <activation-config> configures the JCA adapter so that it obtains messages from the destinations. It does not determine how messages are to be delivered to the destinations. Here is an example of a configuration that could be used as a message-aware listener's provider:<jms-jca-provider adapter="wmq.jmsra.rar" connection-factory="MyAppXAConnectionFactory" jndi-URL="localhost:1414/CHANX" jndi-context-factory="com.ibm.mq.jms.context.WMQInitialContextFactory" name="WMQ-JCA"> <property name="max-xa-sessions-per-connection" value="1"/> <jms-bus busid="quickstartEsbChannel"> <jms-message-filter dest-name="QUEUE2_JMS" dest-type="QUEUE" transacted="true"/> </jms-bus> <activation-config> <property name="queueManager" value="TQM"/> <property name="channel" value="Q2CONN"/> <property name="hostName" value="localhost"/> <property name="port" value="1414"/> <property name="transportType" value="CLIENT"/> </activation-config> </jms-jca-provider>
Creating a Standard JMS Provider
The settings for creating a standard JMS provider configuration are similar:<jms-provider connection-factory="MyAppConnectionFactory" jndi-URL="localhost:1414/CHAN1" jndi-context-factory="com.ibm.mq.jms.context.WMQInitialContextFactory" name="JMS"> <jms-bus busid="quickstartGwChannel2"> <jms-message-filter dest-name="QUEUE3_JMS" dest-type="QUEUE"/> </jms-bus> </jms-provider>
Note
With the standard provider, there is neither an adapter nor any <activation-config> configurations. Listeners receiving messages from the destinations defined in a standard provider do not use a JCA Adapter Inflow to obtain the messages. Instead, they need to use JNDI to find the destination and obtain the messages. This means that, for Websphere MQ, the jndi-URL must always be specified (remember that for JCA it is only required for destinations that service a Message-Aware listener).Save
Save the file and exit.
Warning
Message: Unable to get a MQ series Queue Manager or Queue Connection. Reason: failed to create connection javax.jms. JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager
12.15. Configure IBM Websphere MQ to Use the JMS Router
Procedure 12.6. Task
Edit the JMSRouter Configuration
Open the JMSRouter's configuration file in a text editor and modify the settings in yourjboss-esb.xml
. Here is an example of a JMSRouter configuration for routing messages to Websphere MQ from inside an ESB action pipeline:<action class="org.jboss.soa.esb.actions.routing.JMSRouter" name="routeToORDERSQueue"> <property name="jndi-context-factory" value="com.ibm.mq.jms.context.WMQInitialContextFactory"/> <property name="jndi-URL" value="wmqserver:1414/CHANX"/> <property name="connection-factory" value="WMQConnectionFactory"/> <property name="jndiName" value="ORDERS"/> </action>
Save
Save the file and exit.
12.16. Configure IBM Websphere MQ to Use an Extended Transaction Client
Prerequisites
- The Extended Transactional Client bundle from IBM (not part of the default Websphere MQ installation) must be installed on the class-paths of your application server and any external client applications
- The XA Connection Factories must be configured for your WMQ JNDI namespace. See http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/umj_pjcfm.html. (Once you have configured the XA Connection Factories, you can reference them using their JNDI name in the connection-factory property of the JNDI connection property.)
Procedure 12.7. Task
Edit the jms-jca-provider Configuration
Edit thejboss-esb.xml
file in a text editor. Here is how the jms-jca-provider configuration would look for an Extended Transaction Client configuration. (In this example, the XA Connection Factory that has been configured in the WMQ JNDI namespace is called WMQXAConnectionFactory.)Note
Inflow related configurations (adapter, <activation-config> etc) were intentionally omitted as they are not relevant to the Extended Client configuration:<jms-jca-provider name="WMQ" connection-factory="WMQXAConnectionFactory" jndi-URL="wmqserver:1414/CHANXA_SEND" jndi-context-factory="com.ibm.mq.jms.context.WMQInitialContextFactory"> <property name="max-xa-sessions-per-connection" value="1" /> <jms-bus busid="ordersGwChannel"> <jms-message-filter dest-type="QUEUE" dest-name="ORDERS" transacted="true"/> </jms-bus> <activation-config> <!-- Used by inflow... not relevant to client See section on JMS and JCA. --> </activation-config> </jms-jca-provider>
Configuring for Use with the JMSRouter
This example shows how to use the same XA Connection Factory on the JMSRouter:<action name="routeToORDERSQueue" class="org.jboss.soa.esb.actions.routing.JMSRouter"> <property name="jndi-context-factory" value="com.ibm.mq.jms.context.WMQInitialContextFactory"/> <property name="jndi-URL" value="wmqserver:1414/CHANXA_SEND"/> <property name="connection-factory" value="WMQXAConnectionFactory"/> <property name="jndiName" value="ORDERS"/> <property name="max-xa-sessions-per-connection" value="1"/> <!-- etc... --> </action>
Important
An important point to note about Websphere MQ and XA is that it does not support both getting and putting messages concurrently on the same Queue Manager Channel. For this reason, it is a good idea to configure a dedicated channel for each component that gets or puts messages into a Websphere MQ destination in the context of XA transactions.- Set the max-xa-sessions-per-connection property in
jboss-esb.xml
to1
. Save
Save the file and exit.- Configure a dedicated queue manager channel for each component that obtains or sends messages to a Websphere MQ destination.
- Make sure the GET and PUT properties on each of the Websphere MQ destinations are not set to
Inhibit
. (This can be happen when the destination is created and it results in the ESB being unable to obtain or send messages.)
12.17. Configure IBM Websphere MQ to Use Plain JMS Interactions
Prerequisites
- IBM Websphere MQ pre-configured as the JBoss Enterprise SOA Platform's JMS provider
Procedure 12.8. Task
- Navigate to the
bin
directory:cd /opt/mqm/java/bin
. - Launch
JMSAdmin
. - Use this program to administer your JNDI settings and obtain a ConnectionFactory for Plain JMS interactions.
Note
For more information about using JMSAdmin, refer to http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp.
12.18. Validate Your IBM Websphere MQ Installation
Prerequisites
- IBM Websphere MQ pre-configured as the JBoss Enterprise SOA Platform's JMS provider
Procedure 12.9. Task
- Make a queue manager called QM1:
crtmqm -q QM1
- Start runmqsc:
runmqsc QM1
- Input the following settings when prompted:
define channel (CH.1) chltype (RCVR) trptype (TCP) start channel (CH.1) define qlocal (Q1) define listener(QM1.LISTENER) trptype(TCP) port(30001) ipaddr(10.12.58.110) start listener (QM1.LISTENER) (end)
- Exit the program.
- Copy
com.ibm.mqetclient.jar
from your Websphere MQ installation to your server:cp com.ibm.mqetclient.jar SOA_ROOT/jboss-as/PROFILE/lib/
- Copy
wmq.jmsra.ivt.ear
from your Websphere MQ installation to your server:cp wmq.jmsra.ivt.ear SOA_ROOT/jboss-as/server/PROFILE/deploy
- Copy
wmq.jmsra.rar
from your Websphere MQ installation to your server:cp wmq.jmsra.rar SOA_ROOT/jboss-as/server/PROFILE/deploy
- Create a data source file in a text editor (be sure to change the IP address to that of your WSMQ server):
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/wsmq-ds.xml
Here is a sample configuration:<?xml version="1.0" encoding="UTF-8"?> <connection-factories> <!-- connection factory definition --> <tx-connection-factory> <jndi-name>IVTCF</jndi-name> <xa-transaction /> <rar-name>wmq.jmsra.rar</rar-name> <connection-definition> javax.jms.ConnectionFactory </connection-definition> <config-property name="channel" type="java.lang.String">SYSTEM.DEF.SVRCONN</config-property> <config-property name="hostName" type="java.lang.String"> 10.12.58.110 </config-property> <config-property name="username" type="java.lang.String">mqm</config-property> <config-property name="password" type="java.lang.String">mqm</config-property> <config-property name="port" type="java.lang.String">30001</config-property> <config-property name="queueManager" type="java.lang.String">QM1</config-property> <config-property name="transportType" type="java.lang.String">CLIENT</config-property> <security-domain-and-application>JmsXARealm</security-domain-and-application> </tx-connection-factory> <!-- admin object definition --> <mbean code="org.jboss.resource.deployment.AdminObject" name="jca.wmq:name=ivtqueue"> <attribute name="JNDIName"> IVTQueue </attribute> <depends optional-attribute-name="RARName"> jboss.jca:service=RARDeployment,name='wmq.jmsra.rar' </depends> <attribute name="Type">javax.jms.Queue</attribute> <attribute name="Properties"> baseQueueManagerName=QM1 baseQueueName=Q1 </attribute> </mbean> </connection-factories>
- Save the file as
and exit your text editor.
- Launch a web browser and go to http://localhost:8080/WMQ_IVT/.This brings up the IVT ("Install Verification Test").
- Run the normal test and the transactional test.
Note
For more information, refer to http://www.ibm.com/developerworks/websphere/library/techarticles/0710_ritchie/0710_ritchie.html.
12.19. IBM Websphere MQ Java Message Service Provider Diagnostic Tracing Functionality
12.20. Enable Diagnostic Tracing for the IBM Websphere MQ JCA Adapter
./run.sh
shell script, you should use the following approach:
Procedure 12.10. Task
Open the run.conf File
Open the file in a text editor:vi SOA_ROOT/jboss-as/bin/run.conf
.Edit the run.conf File
Appending the following lines onto the end of the file:# Settings to enable WebSphere MQ resource adapter trace JAVA_OPTS="$JAVA_OPTS -DtraceEnabled=true -DtraceDestination=wmq_jca.trc -DtraceLevel=10 -DlogWriterEnabled=false"
Enable Client Logging
Still in the text editor, set the MQJMS_TRACE_LEVEL property:# Settings to enable WebSphere MQ resource adapter and client trace JAVA_OPTS="$JAVA_OPTS -DtraceEnabled=true -DtraceDestination=wmq_jca.trc -DtraceLevel=10 -DlogWriterEnabled=false -DMQJMS_TRACE_LEVEL=base"
Save
Save the file and exit.
12.21. Enable Diagnostic Tracing for the IBM Websphere MQ Java Client
Procedure 12.11. Task
Call the enableTrace Static Method
Call thecom.ibm.mq.MQEnvironment
's enableTrace static method.
12.22. Configure Red Hat Enterprise (MRG) Messaging for Use as the Java Message Service Provider
Procedure 12.12. Task
Edit the Configuration
Open the configuration file in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.esb/META-INF/jboss-esb.xml
.- Add these parameters:
<property name="jndi-prefixes" value="connectionFactory. , destination"/> <property name="jndi-connection-factory" value="org.apache.qpid.jndi.PropertiesFileInitialContextFactory"/> <property name="connectionFactory.qpidConnectionFactory" value="amqp:// guest:guest@clientid/virtualHost?brokerlist='tcp://localhost:5672'"/> <property name="destination.[queueName]Queue" value="direct://amq.direct//[queueName]? routingkey=[routingkeyname]"/>
Save
Save the file and exit.Add the Requisite Files to the Class-Path
Add these .JAR files to the classpath:qpid-common-0.6.jar
qpid-client-0.6.jar
12.23. Configure Tibco Enterprise Message Service for Use as the Java Message Service Provider
Procedure 12.13. Task
Edit the Configuration
Open the configuration file in a text editor (vi SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.esb/META-INF/jboss-esb.xml
) and set these parameters:jndi-URL="tcp://localhost:7222” jndi-context-factory=”com.tibco.tibjms.naming.TibjmsInitialContextFactory" connection-factory="QueueConnectionFactory" destination-type="queue" destination-name="myqueue"
Save
Save the file and exit.Add the Requisite Files to the Class-Path
Add these .JAR files to the classpath (they are located in thetibco/ems/clients/java
directory):jaxp.jar
jndi.jar
tibcrypt.jar
tibjmsapps.jar
tibrvjms.jar
jms.jar
jta-spec1_0_1.jar
tibjmsadmin.jar
tibjms.jar
12.24. Configuring JBoss to Use the SOA Service Manager Registry
- To configure the settings, open the properties file:
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/jbossesb.sar/jbossesb-properties.xml
- Locate the following lines:
<property name="org.jboss.soa.esb.registry.queryManagerURI" value="org.apache.juddi.registry.local.InquiryService#inquire"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="org.apache.juddi.registry.local.PublishService#publish"/>
Change them to this:<property name="org.jboss.soa.esb.registry.queryManagerURI" value="http://<server-name>:9901/uddi/inquiry_v2"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="http://<server-name>:9901/uddi/publish_v2"/> <property name="org.jboss.soa.esb.registry.uddi.maxRows" value="100"/>
- Edit the queryManagerURI and the lifeCycleManagerURI to match the URLs from your installation of SOA Workbench:
<property name="org.jboss.soa.esb.registry.uddi.maxRows" value="100"/> <property name="org.jboss.soa.esb.registry.queryManagerURI" value="http://<server-name>:9901/uddi/inquiry_v2"/> <property name="org.jboss.soa.esb.registry.lifeCycleManagerURI" value="http://<server-name>:9901/uddi/publish_v2"/>
- Locate this line:
<property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.LocalTransport"/>
Change it to this:<property name="org.jboss.soa.esb.scout.proxy.transportClass" value="org.apache.ws.scout.transport.AxisTransport"/>
- Within jbossesb-properties.xml, change this to match the SOA Workbench username and password that you will be using:
<property name="org.jboss.soa.esb.registry.user" value="administrator"/> <property name="org.jboss.soa.esb.registry.password" value="password"/>
- Save the file and exit.
12.25. Adding Axis and Common-Discovery Files
- Download axis-bin-1_4.tar.gz from http://ws.apache.org/axis/ and extract axis-1.4.jar and commons-discovery-0.2.jar (or later).
- Copy these two files into the lib directory:
cp *jar SOA_ROOT/jboss-as/server/PROFILE/lib
.
12.26. Configuring the SOA Workbench
- To apply the guest role to a guest user to grant anonymous access, go into the Organization Tree and click on the top-level registry node in the SOA Workbench hierarchy.
Note
SOA Workbench is a section of the SOA Service Manager Registry that acts as a third party UDDI registry provider. - Click on the second-level “Security” tab (within the Workbench hierarchy).
- Click “Manage Role” for “Guest” under “Role Memberships.
- Search for the user “guest”.
- Select the checkbox next to “guest” and click “Apply".
12.27. Configuring the Workflow
- To change the workflow so that services are published upon creation, click on the “Configure” tab and then select “Workflow”.
- View the Workflow Definition, save it to your local disk, and then change the function type line under @create to <function type="publish" /> and the step attribute to “100”.
- Save this.
- Update the workflow to the local copy you have just saved.
12.28. Managing Services
- Use the "Search" option to find services. This feature also displays information about each service, including a description, its current state, its version number and the number of alerts it has generated. Services are registered in the SOA Service Workbench so manage them directly through its graphical user interface.
12.29. Diagnostics
- If you encounter an error when configuring and updating the
Workflow
, you can verify it has been modified correctly by checking that its configuration has changed from the original configuration (which looked like this):<action id="1" name="@create"> <results> <unconditional-result old-status="Created" status="Draft" step="100" owner="${caller}"/> </results> <post-functions> <function type="setLifecycleStage"> <arg name="stage">Design</arg> </function> </post-functions> </action>
Rather, it should now look like this:<action id="1" name="@create"> <results> <unconditional-result old-status="Created" status="Draft" step="100" owner="${caller}"/> </results> <post-functions> <function type="publish"> </function> </post-functions> </action>
Chapter 13. Other Java Message Service Provider Configuration Options
13.1. Configure Java Message Service Listeners and Gateways
jboss-esb.xml
configuration file:
Procedure 13.1. Task
Open the Configuration File
vi jboss-esb.xml
Edit the File
Specify the following parameters:- jndi-URL
- jndi-context-factory
- jndi-pkg-prefix
- connection-factory
- destination-type
- destination-name
Important
Make sure you include your JMS provider's client's JAR files in the class-path.Save
Save the file and exit the text editor.
13.2. JmsConnectionPool
13.3. Set the Maximum Number of Sessions Per Connection
Procedure 13.2. Task
Open the Relevant Configuration File
Open the component in question's JNDI configuration file in a text editor.Set the relevant Properties
You can edit these two properties: max-sessions-per-connection and max-xa-sessions-per-connectionYou must set the parameters as generic properties in the JMS provider configuration files. This example code demonstrates how to do so:<jms-provider ...> <property name="max-sessions-per-connection" value="5" /> <property name="max-xa-sessions-per-connection" value="1" /> <!-- And add providers.... --> </jms-provider>
Note
If you do not configure either of these parameters, then the JmsConnectionPool creates a single JMS connection and derives every session from it.
13.4. JNDI Configuration File Properties
Table 13.1. JNDI Configuration File Properties
Property | Description |
---|---|
max-sessions-per-connection | This is the maximum total number of sessions allowed per connection (for both extended (XA) and non-XA session instances.) The default value is the same as the maximum number of JMS sessions allowed for the JmsConnectionPool as a whole, (which you can configure by changing the setting in the jbossesb-properties.xml file. The default is twenty.) |
max-xa-sessions-per-connection | This is the maximum number of XA sessions allowed per connection. The default value is the same as that which has been set for max-sessions-per-connection. |
13.5. jms-jca-provider
13.6. Configure the jms-jca-provider
Procedure 13.3. Task
Edit the Configuration File
Open the configuration file in a text editor and modify the settings. Here is a sample:<jms-jca-provider connection-factory="XAConnectionFactory" name="JBossMessaging"> <jms-bus busid="ordersGwChannel"> <jms-message-filter dest-name="queue/orders" dest-type="QUEUE" transacted="true"/> </jms-bus> <activation-config> <property name="dLQMaxResent" value="5"/> </activation-config> </jms-jca-provider>
Save
Save the file and exit.
13.7. jms-jca-provider Configuration Options
- The JCA inflows (which are on the server side).You can configure these items for them:
- The JCA Adapter Name. This is configured as an attribute on the <jms-jca-provider>element.
- The JCA Provider Adapter JNDI. This is configured as an attribute on the <jms-jca-provider> element.
- The JCA Endpoint Class. This is configured as an attribute on the <jms-jca-provider> element.
- The transacted flag. This is configured as an attribute on the <jms-jca-provider> element.
- The message type. This is configured as an attribute on the <jms-jca-provider> element.
- The JCA bridge. This is configured as an attribute on the <jms-jca-provider> element.
- The JCA adapter activation configuration. This is configured in the <activation-config> element inside the <jms-jca-provider>.
Note
The JCA activation configuration also extracts some configuration properties for the JCA Inflow from the <jms-bus> and <jms-message-filter> that are nested inside the <jms-jca-provider> element. These include the destination type, destination name and message selector. - The JMS connection details (which are on the client side), used to deliver messages to the JMS JCA inflows (which are either gateways or ESB-aware listeners.)These settings are used to generate the end-point reference for clients connecting to the JMS JCA inflow. They include the following:
- The JMS connection factory to be used by the client. This is configured as an attribute on the <jms-jca-provider> element.
- The JMS JNDI properties to be used by the client for connecting to the JMS provider. These are configured as an attributes on the <jms-jca-provider> element (
jndi-*
). - The JMS bus endpoint destination configurations. These are configured on the <jms-message-filter> elements inside the <jms-bus> within the <jms-jca-provider> element.
ServiceInvoker
class, as well as other components that use the system's connection pooling functionality. (It is important to avoid using this to pool JCA-managed connections.)
- Routing actions that use the
ServiceInvoker
class such as the static- and content-based routers. - Any gateway listeners that deliver messages to an action pipeline that is serviced by an ESB-aware JMS listener that, in turn, uses a JCA JMS provider. (Most of these gateway listeners deliver messages using the
ServiceInvoker
class.) - The JMS Router.
13.8. JNDI Extension Properties
java.naming
.
13.9. Configure JNDI Extension Properties
Procedure 13.4. Task
Add the jndi-prefixes for the Appropriate JMS Provider Element
Open the configuration file in a text editor and add the jndi-prefixes for the appropriate JMS provider element with a comma-separated list of the additional prefixes you want to use:<jms-provider name="JMS" connection-factory="ConnectionFactory"> <property name="jndi-prefixes” value="test.prefix." /> <property name="test.prefix.extension1" value="extension1" /> <property name="test.prefix.extension2" value="extension2" /> </jms-provider>
Note
You can also configure the extensions property in this same location.Save
Save the file and exit.
Chapter 14. Configuring jBPM
14.1. jBPM
14.2. jBPM 3 and JBoss Enterprise SOA Platform Integration
<service name="message" factory="org.jbpm.msg.db.DbMessageServiceFactory" /> <service name="scheduler" factory="org.jbpm.scheduler.db.DbSchedulerServiceFactory" /> <bean name="jbpm.job.executor" class="org.jbpm.job.executor.JobExecutor"> ... </bean>
jbpm.esb
only provides support for the JBoss Messaging JMS provider.
Important
14.3. Change the jBPM Integration Service
Procedure 14.1. Task
- Go into the
jbpm.esb
archive'sconfig
directory. - Locate the configuration file for the service you want to use.
- To replace the active configuration, remove the one found in the
jbpm.esb
directory and replace it with the configuration file you wish to use (having first removed the.config
suffix from its name).
14.4. jBPM Job Executor
14.5. Configure the jBPM Job Executor
Procedure 14.2. Task
- To use the jBPM Job Executor in a web application, open the application's
web.xml
file in a text editor and add the following code:<!-- Job executor launcher --> <listener> <description> Starts the job executor on initialization and stops it on destruction. </description> <listener-class>org.jbpm.web.JobExecutorLauncher</listener-class> </listener> <!-- Job executor launcher -->
- Save the file and exit.
14.6. Use a Remote Java Message Service Provider
Note
JMSProviderAdapter
, as used within the standard application server's JCA Inflow configuration.
Procedure 14.3. Task
- Open a
service.xml
file in a text editor and add an MBean to itNote
You can either make this specific to the jBPM (adding it to thejbpm-service.xml
file) or it can be shared with otherJCA inflow
configurations.The following example code creates a provider adapter which refers to a remote JMS provider executing at this address: 192.168.1.1:1099.<mbean code="org.jboss.jms.jndi.JMSProviderLoader" name="jboss.messaging:service=JMSProviderLoader,name=RemoteProviderLoader"> <attribute name="ProviderName">RemoteProviderAdapter</attribute> <attribute name="ProviderAdapterClass">org.jboss.jms.jndi.JNDIProviderAdapter</attribute> <attribute name="QueueFactoryRef">XAQueueConnectionFactory</attribute> <attribute name="TopicFactoryRef">XATopicConnectionFactory</attribute> <attribute name="Properties"> java.naming.provider.url=192.168.1.1:1099 </attribute> </mbean>
Note
Use the value set for the Properties attribute to create theInitialContext
for the JNDI. - Provide references to the provider adapter within the
JMSMessageServiceFactory
file. Open it in a text editor:vi JMSMessageServiceFactory
- Add the location of the JNDI in the providerAdapterJNDI field:
<service name="message"> <factory> <bean class="org.jboss.soa.esb.services.jbpm.integration.msg.JmsMessageServiceFactory"> <field name="providerAdapterJNDI"><string value="RemoteProviderAdapter"/></field> </bean> </factory> </service>
- Save the file and exit.
- Provide references to the provider adapter within the
JMSSchedulerServiceFactory
file in a text editor:vi JMSSchedulerServiceFactory
- Add the location of the JNDI in the providerAdapterJNDI field.
- Save the file and exit.
Chapter 15. Advanced Installation Options
15.1. JBOSS_HOME Environmental Variable
.bash_profile
setting. You do not normally need to configure this setting but some scripts and third-party software require it.
Important
15.2. Configure the JBOSS_HOME Environmental Variable
Procedure 15.1. Task
Add the Variable on a Red Hat Enterprise Linux System
Open the file with thevi ~./bash_profile
command and add the following line:export JBOSS_HOME=path
(exportJBOSS_HOME=/path/to/SOA_ROOT
.)- Save and exit.
Add the Variable on a Microsoft Windows System
Click on Control Panel → System → Advanced → Environment Variables and then New. Set the variable name to JBOSS_HOME and the variable value to the SOA_ROOT directory.
15.3. Native Components Package
15.4. Install Native JBoss Components
Procedure 15.2. Task
- Refer to the JBoss Enterprise Application Platform's Installation Guide for instructions.
Note
That Guide instructs you to install the files into thejboss-eap-5.1
directory. Substitute your SOA_ROOT every time you see mention of that directory.
15.5. MRG-M
15.6. Install MRG-M
Procedure 15.3. Task
Download the Package
Download the MRG JCA Adapter from the Red Hat Customer Portal. Save it in theSOA_ROOT/jboss-as/server/PROFILE/deploy
directory.Create Queues
To create queues, use theqpid-config add queue
command.Edit the Configuration File
Open the configuration file:vi qpid-jca-ds.xml
. In here, there are three JCA administration objects. You must set the destination addresses for the inbound (MRG-ESB_GW) and outbound ( MRG-ESB_RESP) queues and the routingKey for the outbound queue.Save
Save the file and exit.
Note
15.7. File Transfer Protocol
15.8. File Transfer Protocol and the JBoss Enterprise SOA Platform
15.9. Configure File Transfer Protocol Settings
Procedure 15.4. Task
Edit the Properties
Open the global settings file in a text editor:vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. Search for org.jboss.soa.esb.ftp.renameretry and alter the value for this setting. It will look like this:<property name="org.jboss.soa.esb.ftp.renameretry" value="10"/>
Save
Save the file and exit.
This changes the number of retry attempts.
Note
Part V. Security
Chapter 16. Securing Your System
16.1. Security Assertion Markup Language (SAML)
16.2. Issuing a SAML Security Token
Procedure 16.1. Task
- Obtain the Login Module (LM) located in org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
- Open the LM's configuration file.
- Enter the following code, inserting the names of the services you wish to use:
<application-policy name="saml-issue-token"> <authentication> <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule" flag="required"> <module-option name="configFile">picketlink-sts-client.properties</module-option> <module-option name="endpointURI">http://security_saml/goodbyeworld</module-option> </login-module> <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required"> <module-option name="configFile">picketlink-sts-client.properties</module-option> </login-module> </authentication> </application-policy>
This configuration uses a stacked LM. The security token from the first LM is later used by the second LM which will validate the security token. Having two separate LMs for this can be useful as there can be situations where you only need to validate a security token. - Specify the picketlink-sts-client properties:
serviceName=PicketLinkSTS portName=PicketLinkSTSPort endpointAddress=http://localhost:8080/picketlink-sts/PicketLinkSTS username=admin password=admin
Note
The username and password in this file are only used by the STSValidatingLoginModule. The username and password may also be stacked or provided by a callback. - To use this LM in JBossESB you need to update your server's login-config.xml with the above application-policy. You must also point the ESB service to where you want this LM to be used.For example, this is how you could configure it in jboss-esb.xml:
<service category="SamlSecurityQuickstart" name="issueTokenService" invmScope="GLOBAL" description="This service demonstrates how a service can be configured to issue and validate a security token"> <security moduleName="saml-issue-token" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSIssueCallbackHandler"> <!-- disable the security context timeout so that our security context is re-evaluated --> <property name="org.jboss.soa.esb.services.security.contextTimeout" value="0"/> </security> ... </service>
The callbackHandler that is is specified is specific to the ESB. This is because it requires access to the authentication request in the ESB for retreiving the username and password of the user for whom a security token should be issued.
16.3. Validating a SAML Security Token
Procedure 16.2. Task
- Open the Login Module (LM) from org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule.
- Configure the properties file as shown in the example below:
<application-policy name="saml-validate-token"> <authentication> <login-module code="org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule" flag="required"> <module-option name="configFile">picketlink-sts-client.properties</module-option> </login-module> </authentication> </application-policy> And in jboss-esb.xml: <service category="SamlSecurityQuickstart" name="securedSamlService" invmScope="GLOBAL" description="This service demonstrates that an ESB service can be configured to only validate a security token."> <security moduleName="saml-validate-token" callbackHandler="org.jboss.soa.esb.services.security.auth.login.JBossSTSTokenCallbackHandler"> <!-- disable the security context timeout so that our security context is re-evaluated --> <property name="org.jboss.soa.esb.services.security.contextTimeout" value="0"/> </security> ... </service>
Note
The callbackHandler that is specified is specific to the ESB. This is because it requires access to the authentication request in the ESB for retreiving the SAML Token which is to be validated.Note
An example of SAML support in JBossESB can be found in the security_saml quickstart. More information about the Login Modules provied by PicketLink can be found at http://www.jboss.org/community/wiki/STSLoginModules
16.4. PicketLink
16.5. Integration Between SAML and PicketLink
- The client must first obtain the SAML assertion from PicketLink STS by sending a WS-Trust request to the token service. This process usually involves authentication of the client.
- After obtaining the SAML assertion from the STS, the client includes the assertion in the security context of the EJB request before invoking an operation on the bean.
- Upon receiving the invocation, the EJB container extracts the assertion and validates it by sending a WS-Trust message to the STS. If the assertion is deemed valid by the STS (and the proof of possession token has been verified if needed), the client is authenticated.
- In JBoss, the SAML assertion validation process is handled by the SAML2STSLoginModule. It reads properties from a configurable file (specified by the configFile option) and establishes communication with the STS based on these properties.
- If the assertion is valid, a Principal is created using the assertion subject name. If the assertion contains roles, these roles are also extracted and associated with the caller's Subject.
16.6. Securing Your JBoss Enterprise SOA Platform Installation
The JBoss Enterprise SOA Platform can be made secure, in the sense that you can configure the product so that services will only be executed if caller authentication succeeds and said caller possesses the correct permissions. The default security implementation is based on JAAS.
- through a gateway
- directly via the ServiceInvoker.
UsernameToken
or the BinarySecurityToken
from the SOAP header's security element.
16.7. Java Authentication and Authorization Service (JAAS)
16.8. JaasSecurityService
16.9. Secure Your System
Procedure 16.3. Task
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
.
- Scroll down to the section that contains properties name="security" and edit the settings to suit your system:
<properties name="security"> <property name="org.jboss.soa.esb.services.security.implementationClass" value="org.jboss.internal.soa.esb.services.security.JaasSecurityService"/> <property name="org.jboss.soa.esb.services.security.callbackHandler" value= "org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"/> <property name="org.jboss.soa.esb.services.security.sealAlgorithm" value="TripleDES"/> <property name="org.jboss.soa.esb.services.security.sealKeySize" value="168"/> <property name="org.jboss.soa.esb.services.security.contextTimeout" value="30000"/> <property name= "org.jboss.soa.esb.services.security.contextPropagatorImplemtationClass" value= "org.jboss.internal.soa.esb.services.security.JBossASContextPropagator"/> <property name="org.jboss.soa.esb.services.security.publicKeystore" value="/publicKeyStore"/> <property name="org.jboss.soa.esb.services.security.publicKeystorePassword" value="testKeystorePassword"/> <property name="org.jboss.soa.esb.services.security.publicKeyAlias" value="testAlias"/> <property name="org.jboss.soa.esb.services.security.publicKeyPassword" value="testPassword"/> <property name="org.jboss.soa.esb.services.security.publicKeyTransformation" value="RSA/ECB/PKCS1Padding"/> </properties>
- Save the file and exit.
- Open the log-in configuration file in your text editor:
vi SOA_ROOT/server/PROFILE/conf/login-config.xml
- Configure the JAAS log-in modules by editing the settings in this file. (You can use either a pre-configured option or create your own custom solution.)
- Save the file and exit.
16.10. Create an Encrypted Password File
Procedure 16.4. Task
- Go to the
conf
directory:cd SOA_ROOT/jboss-as/server/PROFILE/conf
- Execute this command:
java -cp ../../../lib/jbosssx.jar org.jboss.security.plugins.FilePassword welcometojboss 13 testpass esb.password
An encrypted password file is created.
16.11. Encryption Options
Table 16.1. Encryption Options
Option | Description |
---|---|
Salt |
This is the "salt" used to encrypt the password file. (In the example above, it is the
welcometojboss string .)
|
Iteration |
This is the number of iterations. (In the example above, it is the number
13 .)
|
Password File Name |
This is the name of the file where the encrypted password will be saved. In the example above, it is the
esb.password string.
|
testpass |
This is the test password.
|
16.12. Clear-Text Password
16.13. Password Mask
16.14. Masking Passwords
Passwords are secret authentication tokens that are used to limit access to resources to authorized parties only. For a JBoss services to access password-protected resources, the password must obviously be made available to it.
Important
16.15. Mask a Clear-Text Password
Important
jboss-keystore_pass.dat
file and repeat the procedure. Be aware that if you change the key store any masked passwords that were previously generated will no longer function.
Procedure 16.5. Task
- Generate a key pair using this command:
keytool -genkey -alias jboss -keyalg RSA -keysize 1024 -keystore password.keystore
and follow the prompts:keytool -genkey -alias jboss -keyalg RSA -keysize 1024 -keystore password.keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Bob Bobson What is the name of your organizational unit? [Unknown]: Corporate_IT What is the name of your organization? [Unknown]: XYZ What is the name of your City or Locality? [Unknown]: BRISBANE What is the name of your State or Province? [Unknown]: QLD What is the two-letter country code for this unit? [Unknown]: AU Is CN=Bob Bobson, OU=Corporate_IT, O=XYZ, L=BRISBANE, ST=QLD, C=AU correct? [no]: yes Enter key password for jboss (RETURN if same as keystore password):
Note
You must specify the same password for the key store and key pair. - Run
chown
to change ownership to the JBoss Application Server process owner, andchmod 600 password.keystore
to make sure only the file's owner can read it.Note
The process owner should not have console log-in access. In that case you will be performing these operations as another user. Creating masked passwords requires read access to the key store, so you may wish to complete configuration of masked passwords before restricting the key store file permissions. - Navigate to the
jboss-as/bin
directory:cd SOA_ROOT/jboss-as/bin
- Run the password tool, using the command
./password_tool.sh
on Red Hat Enterprise Linux systems, (orpassword_tool.bat
on Microsoft Windows-based systems.) - Select
0: Encrypt Keystore Password
by pressing 0, then Enter. - Enter the key store password you specified above.
- Enter a random string of characters to aid with encryption strength. This is the salt.
- Enter a whole number for the iterator count to aid with encryption strength.
- Select
5: Exit
to exit.Note
The password tool will exit with the message:Keystore is null. Cannot store.
This is normal. - Use the
chown
command to change ownership of thepassword/jboss_keystore_pass.dat
file to the process owner, andchmod 600 jboss-keystore_pass.dat
to ensure that only that owner can read the file. - Navigate to the
jboss-as/bin
directory:cd SOA_ROOT/jboss-as/bin
- Run the password tool, using the command
./password_tool.sh
on Red Hat Enterprise Linux systems (orpassword_tool.bat
on Microsoft Windows systems). - Select
1: Specify KeyStore
by pressing 1 then Enter. - Enter the path to the key store you created above. (You can specify an absolute path, or the path relative to
SOA_ROOT/jboss-as/bin
. This should beSOA_ROOT/jboss-as/bin/password.keystore
, unless you have changed the defaults.) - Enter the key alias. This should be "jboss" (unless you have performed an advanced installation and changed the defaults).
- Select
2: Create Password
by pressing 2, then Enter. You will be prompted for the security domain. Follow the prompts on screen./password_tool.sh ********************************** **** JBoss Password Tool******** ********************************** Error while trying to load data:Encrypted password file not located Maybe it does not exist and need to be created. 0: Encrypt Keystore Password 1:Specify KeyStore 2:Create Password 3: Remove a domain 4:Enquire Domain 5:Exit 1 Enter Keystore location including the file name password.keystore Enter Keystore alias jboss 0: Encrypt Keystore Password 1:Specify KeyStore 2:Create Password 3: Remove a domain 4:Enquire Domain 5:Exit 2 Enter security domain: default Enter passwd: passwordmask Password created for domain:default 0: Encrypt Keystore Password 1:Specify KeyStore 2:Create Password 3: Remove a domain 4:Enquire Domain 5:Exit
- Enter a name for the password mask. This is an arbitrary unique name that you will use to identify the password mask in configuration files.
- Enter the password that you wish to mask.
- Repeat the password mask creation process to create masks for all passwords you wish to mask.
- Exit the program by choosing
5: Exit
- Navigate to the
password
directory:cd SOA_ROOT/jboss-as/bin/password
16.16. Replace a Clear Text Password with its Password Mask
Prerequisites
- Pre-existing password masks
Procedure 16.6. Task
- Launch a text editor and replace each occurrence of a clear text password in the configuration files with an annotation referencing its mask.This is the general form of the annotation:
<annotation> @org.jboss.security.integration.password.Password(securityDomain=MASK_NAME, methodName=setPROPERTY_NAME) </annotation>
As a concrete example, the JBoss Messaging password is stored in the server profile'sdeploy/messaging/messaging-jboss-beans.xml
file. If you create a password mask named "messaging", then the before and after snippet of the configuration file will looks like this:<property name="suckerPassword"> CHANGE ME!! </property>
<annotation> @org.jboss.security.integration.password.Password(securityDomain=messaging, methodName=setSuckerPassword) </annotation>
16.17. Change the Default Password Mask Settings
SOA_ROOT/jboss-as/bin/password/password.keystore
, and the key alias "jboss". If you store the key pair used for password masking elsewhere, or under a different alias, you will need to update the server profiles with the new location or key alias.
Procedure 16.7. Task
- Open the security configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/security/security-jboss-beans.xml
. - Edit the key store location and key alias. Here are some example settings:
<!-- Password Mask Management Bean--> <bean name="JBossSecurityPasswordMaskManagement" class="org.jboss.security.integration.password.PasswordMaskManagement" > <property name="keyStoreLocation">password/password.keystore</property> <property name="keyStoreAlias">jboss</property> <property name="passwordEncryptedFileName">password/jboss_password_enc.dat</property> <property name="keyStorePasswordEncryptedFileName">password/jboss_keystore_pass.dat</property> </bean>
- Save the file and exit.
16.18. Global Configuration File Security Settings
Table 16.2. jbossesb-properties.xml
Security Settings
Property | Description | Required? |
---|---|---|
org.jboss.soa.esb.services.security.implementationClass |
This is the "concrete"SecurityService implementation that should be used. The default setting is
JaasSecurityService .
|
Yes
|
org.jboss.soa.esb.services.security.callbackHandler |
This is a default
CallbackHandler implementation, utilized when a JAAS-based SecurityService is employed. See “Customizing Security” for more information about the CallbackHandler property.
|
No
|
org.jboss.soa.esb.services.security.sealAlgorithm |
This is the algorithm to use when "sealing" the
SecurityContext .
|
No
|
org.jboss.soa.esb.services.security.sealKeySize |
This is the size of the secret/symmetric key used to encrypt/decrypt the
SecurityContext .
|
No
|
org.jboss.soa.esb.services.security.contextTimeout |
This is the amount of time (in milliseconds) for which a security context is valid. A global setting, this may be over-ridden on a per-service basis. To do so, specify the property of the same name that exists on the security element in the
jboss-esb.xml file.
|
No
|
org.jboss.soa.esb.services.security.contextPropagatorImplementationClass |
Use this to configure a global
SecurityContextPropagator . (For more details on the SecurityContextPropagator , please refer to the section on “Advanced Security Options”.)
|
No
|
org.jboss.soa.esb.services.security.publicKeystore |
This is the Keystore which holds the keys used to encrypt and decrypt that data which is external to the Enterprise Service Bus. The Keystore is used to encrypt the
AuthenticationRequest .
|
No
|
org.jboss.soa.esb.services.security.publicKeystorePassword |
This is the password for the public keystore.
|
No
|
org.jboss.soa.esb.services.security.publicKeyAlias |
This is the alias to use for the public key.
|
No
|
org.jboss.soa.esb.services.security.publicKeyPassword |
This is the password for the alias if one was specified upon creation.
|
No
|
org.jboss.soa.esb.services.security.publicKeyPassword |
This is a cipher transformation. It is in this format:
algorithm/mode/padding . If this is not specified, the "keys" algorithm will be used by default.
|
No
|
16.19. Key Pair
16.20. Keystore
SOA_ROOT/jboss-as/samples/quickstarts/security_cert/keystore
. Do not use this in a production environment. It is provided as an example only.
16.21. JBoss Rules
16.22. Content Based Routing Using the JBoss Rules Engine
action classes
, these being:
- a routing rule set, written in the
JBoss Rules
engine's DRL language (alternatively, you can use the DSL language if you prefer it); - the message content. This is the data that goes into the JBoss Rules engine (it comes in either XML format or as objects embedded in the message);
- the destination (which is derived from the resultant information coming out of the engine).
Note
content-based router
, a rule-set will evaluate its content and return a set of service destinations.
- org.jboss.soa.esb.actions.ContentBasedRouter: This action class implements the content-based routing pattern. It routes a message to one or more destination services, based on the message content and the rule set against which it is evaluating that content. The content-based router throws an exception when no destinations are matched for a given rule set or message combination. This action will terminate any further pipeline processing, so always position it last in your pipeline.
- org.jboss.soa.esb.actions.ContentBasedWiretap: This implements the WireTap pattern. The
WireTap
is an enterprise integration pattern that sends a copy of the message to a control channel. TheWireTap
is identical in functionality to the standard content-based router, however it does not terminate the pipeline. It is this latter characteristic which makes it suitable to be used as a wire-tap, hence its name. For more information, see http://www.eaipatterns.com/WireTap.html. - org.jboss.soa.esb.actions.MessageFilter: This implements the message filter pattern. The message filter pattern is used in cases where messages can simply be dropped if certain content requirements are not met. In other words, it functions identically to the content-based router except that it does not throw an exception if the rule set does not match any destinations, it simply filters the message out. For more information, see http://www.eaipatterns.com/Filter.html.
16.23. Rule Base
16.25. Deserialize
16.26. JBoss Rules and Security
Important
16.27. Enable Serialization on the Server
Procedure 16.8. Task
- Navigate to the SOA_ROOT directory:
cd SOA_ROOT
. - Run the
keytool
command and follow the prompts on screen:keytool -genkey -alias droolsKey -keyalg RSA -keystore MyDroolsPrivateKeyStore.keystore Enter keystore password: Re-enter new password: What is your first and last name? [Unknown]: Test User What is the name of your organizational unit? [Unknown]: HR What is the name of your organization? [Unknown]: Test Org What is the name of your City or Locality? [Unknown]: Brisbane What is the name of your State or Province? [Unknown]: QLD What is the two-letter country code for this unit? [Unknown]: AU Is CN=Test User, OU=HR, O=Test Org, L=Brisbane, ST=QLD, C=AU correct? [no]: yes Enter key password for droolsKey (RETURN if same as keystore password): Re-enter new password:
After answering all of the questions, a password-protected file namedMyDroolsPrivateKeyStore.keystore
is created. This keystore file has a private key called droolsKey with the password "drools". Store this file in a safe location in your environment, which will hereafter be referred to as thekeystoredir
.Important
The passwords above are examples only and should not be used in production. - Open the configuration file:
vi jboss-as/server/default/deploy/properties-service.xml
- Configure the JBoss Enterprise SOA Platform to use the JBoss Rules serialization feature by adding this snippet to
properties-service.xml
:<mbean code="org.jboss.varia.property.SystemPropertiesService" name="jboss:type=Service,name=SystemProperties"> <attribute name="Properties"> # Drools Security Serialization specific properties drools.serialization.sign=true drools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsPrivateKeyStore.keystore drools.serialization.private.keyStorePwd=drools drools.serialization.private.keyAlias=droolsKey drools.serialization.private.keyPwd=drools </attribute> </mbean>
- Set the drools.serialization.sign property to "true":
drools.serialization.sign=true
- drools.serialization.private.keyStoreURL=<RL> is the URL of the private keystore location.
- In the example above, replace
keystoredir
andMyDroolsKeyStore.keystore
with your keystore directory and the name of the keystore you created with the keytool - drools.serialization.private.keyStorePwd=<password> is the password to access the private keystore.
- drools.serialization.private.keyAlias=<key> is the key alias (identifier) of the private key.
- drools.serialization.private.keyPwd=<password> is the private key password.
- Save the file and exit.
- Restart the server instance.
Warning
If the system properties were not configured properly, you will see this error when you try to build a rules package:An error occurred building the package. Error signing object store: Key store with private key not configured. Please configure it properly before using signed serialization
16.28. Enable Serialization on the Client
Prerequisites
- Server serialization must already be enabled.
Procedure 16.9. Task
- Create a public key certificate from the private keystore. (You can access the keytool by running
keytool -genkey -alias droolsKey -keyalg RSA -keystore
.):keytool -export -alias droolsKey -file droolsKey.crt -keystore
MyDroolsPrivateKeyStore.keystore Enter keystore password: Certificate stored in file <droolsKey.crtU>
- Import the public key certificate into a public keystore. (This is where it will be used by your client applications):
keytool -import -alias droolsKey -file droolsKey.crt -keystore
MyPublicDroolsKeyStore.keystore Enter keystore password: Re-enter new password: Owner: CN=Test User, OU=Dev, O=XYZ Corporation, L=Brisbane, ST=QLD, C=AU Issuer: CN=Test User, OU=Dev, O=XYZ Corporation, L=Brisbane, ST=QLD, C=AU Serial number: 4ca0021b Valid from: Sun Sep 26 22:31:55 EDT 2010 until: Sat Dec 25 21:31:55 EST 2010 Certificate fingerprints: MD5: 31:1D:1B:98:59:CC:0E:3C:3F:57:01:C2:FE:F2:6D:C9 SHA1: 4C:26:52:CA:0A:92:CC:7A:86:04:50:53:80:94:2A:4F:82:6F:53:AD Signature algorithm name: SHA1withRSA Version: 3 Trust this certificate? [no]: yes Certificate was added to keystore
- Open the server configuration file:
vi grep drools jboss-as/server/default/deploy/properties-service.xml
- Replace keystoredir and MyPublicDroolsKeyStore.keystore with your keystore directory, and the name of the public keystore you created previously:
# Drools Client Properties for Security Serialization drools.serialization.public.keyStoreURL=file://$keystoredir/MyPublicDroolsKeyStore.keystore drools.serialization.public.keyStorePwd=drools
- Save the file and exit.
- Restart the JBoss Enterprise SOA Platform server.
- For Java client applications, set the system properties in your code like this:
// Set the client properties to deserialize the signed packages URL clientKeyStoreURL = getClass().getResource( "MyPublicDroolsKeyStore.keystore" ); System.setProperty( KeyStoreHelper.PROP_SIGN, "true" ); System.setProperty( KeyStoreHelper.PROP_PUB_KS_URL, clientKeyStoreURL.toExternalForm() ); System.setProperty( KeyStoreHelper.PROP_PUB_KS_PWD, "drools" ); ...
Alternatively, open therun.sh
shell script (vi SOA_ROOT/jboss-as/bin/run.sh
) script and edit the JAVA_OPTS section:# Serialization Security Settings JAVA_OPTS="-Ddrools.serialization.sign=true $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyStoreURL=file://$keystoredir/MyDroolsKeyStore.keystore $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyStorePwd=drools $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyAlias=droolsKey $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.private.keyPwd=drools $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.public.keyStoreURL=file://$keystoredir/MyPublicDroolsKeyStore.keystore $JAVA_OPTS" JAVA_OPTS="-Ddrools.serialization.public.keyStorePwd=drools $JAVA_OPTS"
Replace the values shown above with ones specific to your environment, and then restart the server instance.
16.29. Disable Serialization Signing
- Open the configuration file:
vi SOA_ROOT/jboss-as/server/PROFILE/deploy/properties-service.xml
. - Remove the drools.serialization.sign property's value.
- Save the file and exit.An alternative way to do this task is to open the
run.sh
shell script (vi SOA_ROOT/jboss-as/bin/run.sh
) and edit it as follows:JAVA_OPTS="-Ddrools.serialization.sign=false $JAVA_OPTS"
- Restart the server instance.
- To turn signing off for Java client applications, remove the drools.serialization.sign property or add the following snippet to each application's code:
System.setProperty( KeyStoreHelper.PROP_SIGN, "false" );
16.30. Configure Security on a Per-Service Basis
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jboss-esb.xml
. - Scroll down to the service you want to configure.
- Add a security element. This setting shows you how to do so:
<service category="Security" name="SimpleListenerSecured"> <security moduleName="messaging" runAs="adminRole" rolesAllowed="adminRole, normalUsers" callbackHandler="org.jboss.internal.soa.esb.services.security.UserPassCallbackHandler"> <property name="property1" value="value1"/> <property name="property2" value="value2"/> </security> ... </service>
- Save the file and exit.
16.31. Per-Service Security Properties
Table 16.3. Security Properties
Property | Description | Required? |
---|---|---|
moduleName |
This is a module that exists in the
SOA_ROOT/jboss-as/server/PROFILE/conf/login-config.xml file.
| No |
runAs |
This is the runAs role.
| No |
rolesAllowed |
This is an comma-separated list of those roles that have been granted the ability to execute the service. This is used as a check that is performed after a caller has been authenticated, in order to verify that they are indeed belonging to one of the roles specified. The roles will have been assigned after a successful authentication by the underlying security mechanism.
| No |
callbackHandler |
This is the
CallbackHandler that will override that which was defined in the jbossesb-properties.xml file.
| No |
property |
These are optional properties that, once defined, will be made available to the
CallbackHandler implementation.
| No |
16.32. Override Global Security Settings
Procedure 16.10. Task
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Configure the setting in question. Here is an example:
<security moduleName="messaging" runAs="adminRole" rolesAllowed="adminRole"> <property name="org.jboss.soa.esb.services.security.contextTimeout" value="50000"/> <property name= "org.jboss.soa.esb.services.security.contextPropagatorImplementationClass" value="org.xyz.CustomSecurityContextPropagator" /> </security>
- Save the file and exit.
16.33. Security Property Overrides
Table 16.4. Security Property Overrides:
Property | Description | Required? |
---|---|---|
org.jboss.soa.esb.services.security.contextTimeout |
This property lets the service override the global security context time-out (milliseconds) that is specified in the
jbossesb-properties.xml file.
| No |
org.jboss.soa.esb.services.security.contextPropagatorImplementationClass |
This property lets the service to override the "global security context propagator" class implementation, that is specified in the
jbossesb-properties.xml file.
| No |
16.34. Security Context
16.35. Authentication Request
16.36. SecurityConfig
SecurityConfig
class grants access to the security configuration specified in the jboss-esb.xml
file. This class is made available to the Callback Handler.
16.37. Add an Authentication Class to a Message Object
Procedure 16.11. Task
- Execute this code:
byte[] encrypted = PublicCryptoUtil.INSTANCE.encrypt((Serializable) authRequest); message.getContext.setContext(SecurityService.AUTH_REQUEST, encrypted);
The authentication context is encrypted and then set within the message context. (It is later decrypted by the Enterprise Service Bus so that it can authenticate the request.)
16.38. security_basic Quick Start
SOA_ROOT/jboss-as/samples/quickstarts/security_basic
quick start demonstrates how to prepare the security on a message before you use the SecurityInvoker. The quick start also demonstrates how to configure the jbossesb-properties.xml
global configuration file for use by client services.
16.39. Set a Time Limit for the Security Context Globally
Procedure 16.12. Task
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Scroll down to the section that contains security.contextTimeout. Set the time-out value (in milliseconds).
- Save the file and exit.
16.40. Set a Time Limit for the Security Context on a Per-Service Basis
Procedure 16.13. Task
- Open the service's configuration file in a text editor:
vi jboss-esb.xml
. - Scroll down to the section that contains Security Context. Set the time-out value (in milliseconds).
- Save the file and exit.
Chapter 17. Advanced Security Options
17.1. Security Propagation
17.2. SecurityContextPropagator
17.3. SecurityContextPropagator Implementations
Table 17.1. Implementations of SecurityContextPropagator
Class | Description |
---|---|
Package: org.jboss.internal.soa.esb.services.security
Class: JBossASContextPropagator
|
This propagator will send security credentials to the ESB. If you need to write your own implementation you only have to write a class that implements
org.jboss.internal.soa.esb.services.security.SecurityContextPropagator and then either specify that implementation in jbossesb-properties.xml or jboss-esb.xml .
|
17.4. Add a Custom Log-In Module
Procedure 17.1. Task
- Open the log-in configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/conf/login-config.xml
- Add the details of your custom log-in module.
- Save the file and exit.
- Since different log-in modules require different information, you must specify the CallbackHandler attribute to be used. Open the specific security configuration for that service.
- Make sure that the
CallbackHandler
specifies a fully-qualified classname for the class which implements theEsbCallbackHandler
interface. This code shows you how to do so:public interface EsbCallbackHandler extends CallbackHandler { void setAuthenticationRequest(final AuthenticationRequest authRequest); void setSecurityConfig(final SecurityConfig config); }
- Add both the "principle" and the credentials needed to authenticate a caller to the
AuthenticationRequest
class.
JaasSecurityService is replaced with your custom security implementation.
17.5. Certificate Log-In Module
17.6. Certificate Log-In Module Properties
<security moduleName="CertLogin" rolesAllowed="worker" callbackHandler="org.jboss.soa.esb.services.security.auth.loginUserPass CallbackHandler"> <property name="alias" value="certtest"/> </security>
Table 17.2. Properties
Property | Description |
---|---|
moduleName
|
This identifies the JAAS Login module to use. This module will be specified in JBossAS login-config.xml.
|
rolesAllow
|
This is a comma-separated list of the roles that are allowed to execute this service.
|
alias
|
This is the alias which is used to look up the local key-store and which will be used to verify the caller's certificate.
|
17.7. Certificate Log-In Module Configuration File Properties
<application-policy name="CertLogin"> <authentication> <login-module code="org.jboss.soa.esb.services.security.auth.login.CertificateLoginModule" flag = "required" > <module-option name="keyStoreURL"> file://pathToKeyStore </module-option> <module-option name="keyStorePassword">storepassword</module-option> <module-option name="rolesPropertiesFile"> file://pathToRolesFile </module-option> </login-module> </authentication> </application-policy>
Table 17.3. Certificate Log-In Module Configuration File Properties
Property | Description |
---|---|
keyStoreURL
|
This is the path to the key-store used to verify the certificates. It can be a file on the local file system or on the class-path.
|
keyStorePassword
|
This is the password for the key-store above.
|
rolesPropertiesFile
|
This is optional. It is the path to a file containing role mappings. Refer to the “Role Mapping” section of the Getting Started Guide for more details about this.
|
17.8. Callback Handler
17.9. Role Mapping
17.10. Enable Role Mapping
Procedure 17.2. Task
- Open the log-in configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/conf/login-config.xml
- Set the rolesPropertiesFile property. (This property can point to a file located on either the local file system or the class-path).
- Map users to roles. This example code shows how to do so:
# user=role1,role2,... guest=guest esbuser=esbrole # The current implementation will use the Common Name(CN) specified # for the certificate as the user name. # The unicode escape is needed only if your CN contains a space Andy\u0020Anderson=esbrole,worker
- Save the file and exit.
17.11. security_cert Quickstart
17.12. Security Service
SecurityService
interface is the Enterprise Service Bus' central security component.
17.13. Customize the Security Service Interface
Procedure 17.3. Task
- Implement the
SecurityService
interface:public interface SecurityService { void configure() throws ConfigurationException; void authenticate( final SecurityConfig securityConfig, final SecurityContext securityContext, final AuthenticationRequest authRequest) throws SecurityServiceException; boolean checkRolesAllowed( final List<String> rolesAllowed, final SecurityContext securityContext); boolean isCallerInRole( final Subject subject, final Principle role); void logout(final SecurityConfig securityConfig); void refreshSecurityConfig(); }
- Open the global configuration file in a text editor:
vi SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
. - Configure the file to use the customized
SecurityService
- Save the file and exit.
17.14. Remote Invocation Class
17.15. Secure Non-Remote Method Invocation Classes on Port 8083
port 8083
. However, you can also configure the system's Remote Method Invocation settings to allow client applications to download any deployed resources you desire.
Procedure 17.4. Task
Edit the Settings in the jboss-service.xml File
Open the file in a text editor:vi SOA_ROOT/server/PROFILE/conf/jboss-service.xml
Configure the Settings in the File
Here is an example:<attribute name="DownloadServerClasses">false</attribute>
Set this value to false to ensure that client applications can only download Enterprise Java Bean classes.Important
By default, this value is set to false in the SOA Platform's 'production' profile. The value is set to true in all other cases, including the SOA Standalone version's default profile. Note that this is not a secure configuration and should only be used in development environments.
Chapter 18. Securing the Service Registry
18.1. Service Registry Authentication
Here is a theoretical understanding of how the authentication process works.
Authenticator
interface.
GetAuthToken
request is made. The goal of this phase is to turn a user id and credentials into a valid publisher id. The publisher id (referred to as the authorized name in UDDI terminology) is the value that assigns ownership within UDDI. Whenever a new entity is created, it must be tagged with ownership by the authorized name of the publisher.
GetAuthToken
request, an authentication token
is issued to the caller.
GetAuthToken
request. This leads to the identify phase.
UddiEntityPublisher
object. This object contains all the properties necessary to handle ownership of UDDI entities. Thus, the token (or publisher id) is used to identify the publisher.
Publisher
entity, which is a sub-class of UddiEntityPublisher
. This sub-class makes publisher properties persist within the jUDDI Registry.
18.3. authToken and the Service Registry
authToken
.
Important
18.4. Obtain an authToken
Procedure 18.1. Task
- Make a
GetAuthToken()
request. - A
GetAuthToken
object is returned. Set a userid and credential (password) on this object:org.uddi.api_v3.GetAuthToken ga = new org.uddi.api_v3.GetAuthToken(); ga.setUserID(pubId); ga.setCred(""); org.uddi.api_v3.AuthToken token = securityService.getAuthToken(ga);
- Locate the
juddi.properties
configuration file inSOA_ROOT/jboss-as/server/PROFILE/deploy/juddi-service.sar/juddi.war/WEB-INF
. Open it in a text editor. - Configure the juddi.authenticator property to how the Service Registry will check the credentials passed to it by the
GetAuthToken
request. (By default it uses thejUDDIAuthenticator
implementation.) - Save the file and exit.
18.5. Security Authentication Implementations Available for the Service Registry
- jUDDI Authentication
Warning
Do not use this authentication method in a production environment. It accepts any credentials provided, and effectively removes the need for clients to authenticate when accessing the registry.The default authentication mechanism provided by the Service Registry is thejUDDIAuthenticator
.jUDDIAuthenticator
's authenticate phase checks to see if the, user ID submitted matches against a record in thePublisher
table. No credentials checks are made. If, during the authentication process, the Publisher record is found to be non-existent, it is added "on-the-fly".In the identify phase, the publisher ID is used to retrieve the Publisher record and return it. The Publisher inherits every property it needs fromUddiEntityPublisher
:juddi.authenticator = org.apache.juddi.auth.JUDDIAuthentication
- XMLDocAuthentication
- The authenticate phase checks that the user id and password match a value in the XML file. The identify phase uses the user ID to populate a new
UddiEntityPublisher
. - CryptedXMLDocAuthentication
- The
CryptedXMLDocAuthentication
implementation is similar to theXMLDocAuthentication
implementation, but the passwords are encrypted:juddi.authenticator = org.apache.juddi.auth.CryptedXMLDocAuthentication juddi.usersfile = juddi-users-encrypted.xml juddi.cryptor = org.apache.juddi.cryptor.DefaultCryptor
Here, the user credential file isjuddi-users-encrypted.xml
, and the content of the file will be similar to this:<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <juddi-users> <user userid="anou_mana" password="+j/kXkZJftwTFTBH6Cf6IQ=="/> <user userid="bozo" password="Na2Ait+2aW0="/> <user userid="sviens" password="+j/kXkZJftwTFTBH6Cf6IQ=="/> </juddi-users>
TheDefaultCryptor
implementation usesBEWithMD5AndDES
andBase64
to encrypt the passwords.Note
You can use the code in theAuthenticatorTest
to learn more about how to use this Authenticator implementation. You can plug in your own encryption algorithm by implementing theorg.apache.juddi.cryptor.Cryptor
interface and referencing your implementation class in the juddi.cryptor property.The authenticate phase checks that the user ID and password match values in the XML file. The identify phase uses the user ID to populate a newUddiEntityPublisher
. - LDAP Authentication
- Use
LdapSimpleAuthenticator
to authenticate users via LDAP's simple authentication functionality. This class allows you to authenticate a user based on an LDAP principle, provided that the principle and the jUDDI publisher ID are identical. - JBoss Authentication
- A final alternative is to interface with third-party credential stores. You can link it to the JBoss Application Server's authentication component.You will find the
JBossAuthenticator
class provided in thedocs/examples/auth
directory. This class enables jUDDI deployments on JBoss to use a server security domain to authenticate users.
18.6. Configure XMLDocAuthentication
Procedure 18.2. Task
- Create a text file called
juddi-users.xml
and save it injbossesb-registry.sar
.<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <juddi-users> <user userid="sscholl" password="password" /> <user userid="dsheppard" password="password" /> <user userid="vbrittain" password="password" /> </juddi-users>
- Save the file and exit.
- Add the file to the class-path.
- Open the
juddi.properties
file in your text editor (located inSOA_ROOT/jboss-as/server/PROFILE/deploy/juddi-service.sar/juddi.war/WEB-INF
). - Modify the file so that it looks like this:
juddi.authenticator = org.apache.juddi.auth.XMLDocAuthentication juddi.usersfile = juddi-users.xml
- Save the file and exit.
18.7. Lightweight Directory Access Protocol (LDAP)
18.8. Configure LDAP Authentication
Procedure 18.3. Task
- Locate the
juddi.properties
file inSOA_ROOT/jboss-as/server/PROFILE/deploy/juddi-service.sar/juddi.war/WEB-INF
. Open it in your text editor. - Add the following configuration settings:
juddi.authenticator=org.apache.juddi.auth.LdapSimpleAuthenticator juddi.authenticator.url=ldap://localhost:389
The juddi.authenticator.url property tells theLdapSimpleAuthenticator
class where the LDAP server resides. - Save the file and exit.
18.9. Configure JBoss Authentication
Procedure 18.4. Task
- Locate the
juddi.properties
file inSOA_ROOT/jboss-as/server/PROFILE/deploy/juddi-service.sar/juddi.war/WEB-INF
. Open it in your text editor. - Add the following lines to the file:
uddi.auth=org.apache.juddi.auth.JBossAuthenticator juddi.securityDomain=java:/jaas/other
The juddi.authenticator property connects theJbossAuthenticator
class to the jUDDI Registry's Authenticator framework. Thejuddi.security.domain
tellsJBossAuthenticator
where it can find the Application Server's security domain. It uses this domain to perform the authentications.Note that JBoss creates one security domain for each application policy element in theSOA_ROOT/jboss-as/server/PROFILE/conf/login-config.xml
file. These domains are bound to the server JNDI tree with this name:java:/jaas/<application-policy-name>
. (If a look-up refers to a non-existent application policy, a policy namedother
will be used by default.) - Save the file and exit.
Part VI. Operation
Chapter 19. Running the JBoss Enterprise SOA Platform in a Production Environment
19.1. Server Profiles
Table 19.1. Server Profiles
Profile | Description |
---|---|
default | Use this profile for development and testing. This profile uses less memory than the production profile but clustering is not enabled in this mode. In addition, this profile provides more verbose logging than the "all" and "production" profiles. This verbose logging provides you with additional information, but adversely affects server performance. Unless you explicitly specify a different profile, this profile is used when the server is started. |
production | Use this profile on production servers. This profile provides clustering and maximizes performance by using more memory and providing less verbose logging and screen console output than the "all" or "default" profiles. Note that output (such as the message from the "Hello World" quick start) does not appear on the console screen in this mode. It is written to the log only. |
minimal | Enables the minimum features needed for a functioning system. No archives are deployed. No ESB or SOA features are enabled. The BPEL Engine is not available. |
standard | This provides standard functionality for testing. No web, ESB, or SOA features are enabled. The BPEL Engine is not available. |
web | The jbossweb.sar archives are deployed when this profile is run. No ESB, or SOA features are enabled. The BPEL Engine is not available. |
all | All of the pre-packaged ESB archives are deployed when this profile is run. This profile offers less performance and scalability than the "production" profile, but requires less memory to run. |
19.2. run.sh Optional Switches
Table 19.2. ./run.sh Optional Switches
Switch | Purpose | Example of Use |
---|---|---|
-c | Make the server use a specific profile. If none is specified, "default" is used. | ./run.sh -c production |
-b | Bind the server to a specific IP address. If none is specified, the default (127.0.0.1) is used. | ./run.sh -b 10.34.5.2 |
19.3. Start the JBoss Enterprise SOA Platform in a Production Environment
Procedure 19.1. Start the JBoss Enterprise SOA Platform in a Production Environment
Navigate to the bin Directory
Open a terminal and input this command:cd SOA_ROOT/jboss-as/bin
(orchdir SOA_Root\jboss-as\bin
in Microsoft Windows).Note
It is required that you have set up an administration username and password before proceeding.Launch the JBoss Enterprise SOA Server on Red Hat Enterprise Linux
To start the product, run this command:./run.sh -c production
Launch the JBoss Enterprise SOA Server on Microsoft Windows
To start the product, run this command:run.bat -c production
The server starts. Note that this may up to around two minutes, depending on the speed of your hardware.
Note
less SOA_ROOT/jboss-as/server/PROFILE/log/server.log
. As another check, open a web browser and go to http://localhost:8080. Make sure you can log into the admin console with the username and password you have set.
19.4. Server Installation
19.5. Configure the JBoss Enterprise SOA Platform to Run as a Red Hat Enterprise Linux Daemon
Procedure 19.2. Task
- To make the JBoss Enterprise SOA Platform run as a background daemon (service), you will have to create your own shell script. Red Hat does not supply any scripts to do this.
19.6. Start a Server Installation
Prerequisites
- The JBoss Enterprise SOA Platform must be pre-configured to run as a service.
Note
Procedure 19.3. Task
- To start the JBoss Enterprise SOA Platform as a service, issue this command:
service jboss_soa start
Note
If the JBoss user was created as a system account (using the-R
switch) then a warning message is displayed. You can safely ignore this.
19.7. Stop a Server Installation
Procedure 19.4. Task
- To stop the JBoss Enterprise SOA Platform when it is running as a service, issue this command:
service jboss_soa stop
Part VII. Removal
Chapter 20. Removal
20.1. Remove the JBoss Enterprise SOA Platform from Your System
Procedure 20.1. Remove the JBoss Enterprise SOA Platform from Your System
Remove the JBoss Enterprise SOA Platform from a Red Hat Enterprise Linux System
Having made sure the server is shut down, navigate to the level above the SOA_ROOT directory and issue this command:rm -Rf SOA_ROOT
.Remove the JBoss Enterprise SOA Platform from a Microsoft Windows System
Having made sure the server is shut down, open Windows Explorer, go to the directory in which the SOA_ROOT is located, select the SOA_ROOT and delete it.- Delete the database.
Appendix A. Configuring the JBoss Enterprise SOA Platform for Cloud Computing
A.1. Amazon Elastic Compute Cloud (EC2)
A.2. Configure the JBoss Enterprise SOA Platform to be Used on an EC2 Cloud
Prerequisites
Warning
Because this process requires you to shut down your server's firewall leading to a potential security risk, this configuration task MUST be performed inside a VPC subnet, with a firewall on the external interface. Red Hat will NOT support it otherwise.
Procedure A.1. Task
- Create the nodes on EC2. They should belong to a security group that does not have restrictions.
- Within AWS also create an instance that will be used as a database.
- Create a new S3 bucket on AWS.
- Download the JBoss Enterprise SOA Platform EC2 patch from the Customer Portal.
- Unzip the patch and open it from the location you saved it in.
- Run
ant
.This creates a new configuration called cluster-ec2, based on theproduction
configuration. - Make any desired changes to the new configuration (such as modifying it to use MySQL instead of the default database.)
- Shut down the firewall (iptables) on all nodes.
- Run the newly-created configuration, passing the following parameters: jboss.jgroups.s3_ping.access_key, jboss.jgroups.s3_ping.secret_access_key and jboss.jgroups.s3_ping.bucket. (You can obtain these from the AWS console)
A.3. Troubleshooting an EC2 Configuration
- Ensure that the patch's version number matches that of the JBoss Enterprise SOA Platform distribution.
- If, after starting a large number of nodes, you still see that the cluster has only one member, it is probably a problem related to your firewall.
- Make sure you are not connected to an internal VPN while you are starting the JBoss Enterprise SOA Platform.
Appendix B. Installing jBPM 5
B.1. Install jBPM 5
Prerequisites
- A subscription to BRMS 5.3 or greater
- The BRMS deployable package installed on the SOA Server
Procedure B.1. Task
- Download
soa-p-VERSION-jbpm.zip
from the Customer Portal. - Open the
build.properties
file in a text editor. Make the required configuration changes. - Save the
build.properties
file and exit the text editor. - Run the installation script.This script deploys the
jbpm5.esb
file from thesoa-p-VERSION-jbpm.zip
to the SOA-P server, configures the ESB service repository and copies the jBPM5 console, human task WAR file, and libraries from the BRMS installation to the SOA server.Alternatively, if the script does not work, see https://bugzilla.redhat.com/attachment.cgi?id=590710 for the latest instructions. - Start the JBoss Enterprise SOA Platform Server.
- To test the installation, navigate to the directory where you installed the jBPM 5 quickstart:
cd SOA_ROOT/jboss-as/samples/quickstarts/bpm5processor
. - Deploy the quickstart:
ant deploy
- Run the quickstart:
ant runtest
Appendix C. Some Useful Definitions
C.1. Enterprise Service Bus
C.2. Java Virtual Machine
C.3. soa-users.properties
soa-users.properties
file is where the user accounts and passwords for accessing the SOA Web consoles are stored. Administrators control access to the system by editing this file. Note that the passwords are saved in clear text so for production systems, password encryption should be used instead.
C.4. soa-roles.properties
soa-roles.properties
file is where user access privileges are defined. This file uses the following syntax: username=role1,role2,role3
. You can assign any number of roles. Note that a user must be assigned the JBossAdmin
, HttpInvoker
, user
, and admin
roles in order to be able to log into the server consoles.
C.5. run.sh
run.sh
is the shell script the user runs to launch the JBoss Enterprise SOA Platform. The Microsoft Windows equivalent is run.bat
. The script contains the commands needed to start the server with the profile and port binding which the user has specified in the shell. The script is found in the SOA_ROOT/jboss-as/bin
directory.
C.6. run.conf
SOA_ROOT/bin/run.conf
is the default server configuration file. run.conf.bat
is the Microsoft Windows equivalent.
C.7. Boot-Strapper Mode
C.8. Message Re-delivery Service
C.9. Action Pipeline
C.10. Class-path
C.11. Business Process Definition
C.12. Server Profiles
SOA_ROOT/jboss-as/server/
directory. The user specifies which profile to run when launching the software by using the -c
switch. If none is specified, the "Default" profile is used.
C.13. Datasource Name
C.14. Decision Table
C.15. Service
jboss-esb.xml
configuration file.
C.16. Stateless Service
C.17. Service Binding
C.18. Enterprise Java Bean
C.19. Loose Coupling
C.20. Persistence Mechanism
C.21. Resource Adapter
C.22. Shell Script
C.23. Web Container
C.24. Initial Context Factory
C.25. UsernameToken
C.26. Schema Validation
C.27. Byte Array
C.28. Extended Transactional Client
C.29. Connection Pooling
C.30. Pooled Database Manager
C.32. Concurrency Control
C.33. Uniform Resource Identifier
C.34. Provider Adapter
C.35. Implementation Class
C.36. Interceptor Class
C.37. Transacted Flag
C.38. Java Connector Architecture (JCA) Transport
C.39. JCA Bridge
C.40. JCA Adapter
C.41. End-point Class
Appendix D. Global Configuration File
D.1. jbossesb-properties.xml
jbossesb-properties.xml
file is the JBoss Enterprise SOA Platform's global configuration file. Many tasks will require you to edit this file. The location of this file varies depending on how the system has been installed. If you have installed a server deployment, this file will be located at SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
, while standalone clients can access it directly through the class-path.
D.2. Global Configuration File Reference
SOA_ROOT/jboss-as/server/PROFILE/deployers/esb.deployer/jbossesb-properties.xml
) is split into sections, each concerned with a specific area of configuration. A named property section contains one or more properties which are used to configure the behavior of the ESB, and one property section can "depend" on another section - the dependency specifies which sections are loaded by the PropertyManager first.
core
- org.jboss.soa.esb.jndi.server.context.factory : The JNDI Server initial context factory.
- org.jboss.soa.esb.jndi.server.url : The JNDI Server URL.
- org.jboss.soa.esb.loadbalancer.policy : The ESB load balancer policy.
- org.jboss.soa.esb.mime.text.types : A semicolon-separated list of MIME types that are used to decide whether the payload can be decoded or whether it will remain as a byte array.
- jboss.esb.invm.scope.default : The default InVM scope for an ESB deployment.
- org.jboss.soa.esb.deployment.schema.validation : A true/false flag to enable JBoss ESB schema validation upon deployment.
Important
security
- org.jboss.soa.esb.services.security.implementationClass : The concrete SecurityService implementation to be used.
- org.jboss.soa.esb.services.security.callbackHandler : The default callback handler implementation.
- org.jboss.soa.esb.services.security.sealAlgorithm : The algorithm to be used when sealing the SecurityContext.
- org.jboss.soa.esb.services.security.sealKeySize : The size of the key to be used to encrypt/decrypt the SecurityContext.
- org.jboss.soa.esb.services.security.contextTimeout : The amount of time for which SecurityContext is valid.
- org.jboss.soa.esb.services.security.contextPropagatorImplementationClass : Used to configure a global SecurityContextPropagator.
- org.jboss.soa.esb.services.security.publicKeystore : Keystore to encrypt and decrypt data external to the ESB.
- org.jboss.soa.esb.services.security.publicKeystorePassword : The keystore password.
- org.jboss.soa.esb.services.security.publicKeyAlias : The public key alias to use.
- org.jboss.soa.esb.services.security.publicKeyPassword : The public key password to use.
- org.jboss.soa.esb.services.security.publicKeyTransformation : The cipher transformation to use.
registry
- org.jboss.soa.esb.registry.queryManagerURI : The registry query manager URI, which is used to obtain information on services and bindings.
- org.jboss.soa.esb.registry.lifeCycleManagerURI : The registry lifecycle manager URI, which is used to publish information on services and bindings.
- org.jboss.soa.esb.registry.securityManagerURI : The registry security manager URI, which is used to authenticate queries to the registry.
- org.jboss.soa.esb.registry.implementationClass : The JBoss ESB registry implementation class. The JAXR registry implementation is used here.
- org.jboss.soa.esb.registry.factoryClass : The registry factory class, which specifies which JAXR implementation should be used.
- org.jboss.soa.esb.registry.user : The registry user.
- org.jboss.soa.esb.registry.password : The registry password.
- org.jboss.soa.esb.scout.proxy.transportClass The Scout transport class which defines which transport should be used to communicate with the UDDI registry.
- org.jboss.soa.esb.scout.proxy.uddiVersion : The Scout UDDI Version. This is an Apache Scout-specific setting.
- org.jboss.soa.esb.scout.proxy.uddiNameSpace : The Scout UDDI namespace. This is an Apache Scout-specific setting.
- org.jboss.soa.esb.registry.interceptors : The registry interceptor class names.
- org.jboss.soa.esb.registry.cache.maxSize : The maximum cache size for the caching registry.
- org.jboss.soa.esb.registry.cache.validityPeriod : The validity period for the caching registry.
- org.jboss.soa.esb.registry.orgCategory : The UDDI organization value to use - note that this is a UDDI-specific value.
transports
- org.jboss.soa.esb.mail.smtp.host : The host name of the SMTP server.
- org.jboss.soa.esb.mail.smtp.user : The username to use for the SMTP server.
- org.jboss.soa.esb.mail.smtp.password : The password for the user specified on the SMTP server.
- org.jboss.soa.esb.mail.smtp.port : The port number of the SMTP server.
- org.jboss.soa.esb.mail.smtp.auth : Flag which specifies whether to authenticate the user against the SMTP server using the AUTH command.
- org.jboss.soa.esb.ftp.localdir : FTP local directory.
- org.jboss.soa.esb.ftp.remotedir : FTP remote directory.
- org.jboss.soa.esb.ftp.timeout : FTP timeout in milliseconds for opening a socket.
- org.jboss.soa.esb.ftp.timeout.data : FTP timeout in milliseconds for the data connection.
- org.jboss.soa.esb.ftp.timeout.so : FTP timeout in milliseconds used for currently open sockets.
- org.jboss.soa.esb.ftp.timeout.default : FTP timeout in milliseconds which sets the default timeout.
- org.jboss.soa.esb.jms.connectionPool : Size of the ESB JMS connection pool.
- org.jboss.soa.esb.jms.sessionSleep : If a JMS session cannot be obtained, the ESB will keep trying to obtain one. The sessionSleep property decides how long the ESB will try for.
- org.jboss.soa.esb.invm.expiryTime : The expiry time for messages in the InVM temporary transport.
- org.jboss.soa.esb.invm.retry.limit : Maximum number of times to retry redelivery. The default is 5.
- org.jboss.soa.esb.ws.returnStackTrace : True/false flag that determines whether to return stack traces upon fault of SOAP messages.
- org.jboss.soa.esb.ws.timeout : Service invoker timeout for delivering SOAP messages within RequestResponseBaseWebService.
- org.jboss.soa.esb.aggregator.setOnProperties : Aggregate on properties of the message rather than on Context.
jca
- org.jboss.soa.esb.jca.activation.mapper.jms-ra.rar : Specifies the ActivationMapper globally.
- org.jboss.soa.esb.jca.activation.mapper.wmq.jmsra.rar : Specifies the ActivationMapper globally.
dbstore
- org.jboss.soa.esb.persistence.db.conn.manager : Connection Manager implementation class name.
- org.jboss.soa.esb.persistence.db.datasource.name : Datasource name, only used if using the J2EE connection manager.
- org.jboss.soa.esb.persistence.db.connection.url : The JDBC connection URL.
- org.jboss.soa.esb.persistence.db.jdbc.driver : The JDBC driver class.
- org.jboss.soa.esb.persistence.db.user : The database user.
- org.jboss.soa.esb.persistence.db.pwd : The database password.
- org.jboss.soa.esb.persistence.db.pool.initial.size : The initial number of database connections.
- org.jboss.soa.esb.persistence.db.min.size : The minimum number of database connections.
- org.jboss.soa.esb.persistence.db.max.size : The maximum number of database connections.
- org.jboss.soa.esb.persistence.db.pool.test.table : A table name to query for validity of the database connection.
- org.jboss.soa.esb.persistence.db.pool.timeout.millis : Timeout in milliseconds of the database connections.
filters
- org.jboss.soa.esb.filter.1, org.jboss.soa.esb.filter.2, org.jboss.soa.esb.filter.3, etc.
rules
- org.jboss.soa.esb.services.rules.resource.scanner.interval : Defines the polling interval for DRL changes globally across all KnowledgeAgents.
- org.jboss.soa.esb.services.rules.continueState : Setting this property will enable legacy behaviour and not dispose of working memories during stateful rule execution.
Important
Appendix E. Revision History
Revision History | |||
---|---|---|---|
Revision 5.3.1-103.400 | 2013-10-31 | Rüdiger Landmann | |
| |||
Revision 5.3.1-103 | Tue Feb 05 2013 | David Le Sage | |
|