I have a standalone WildFly server running and would like to setup the embedded instance of ActiveMQ Artemis, but I'm not sure if I've done it correctly. Here are the related parts from my standalone-full.xml:
<server>
...
<profile>
...
<subsystem xmlns="urn:jboss:domain:messaging-activemq:13.1">
<server name="default">
...
<http-connector name="http-connector" socket-binding="activemq" endpoint="http-acceptor"/>
<http-connector name="http-connector-throughput" socket-binding="activemq" endpoint="http-acceptor-throughput">
<param name="batch-delay" value="50"/>
</http-connector>
<http-acceptor name="http-acceptor" http-listener="activemq"/>
<http-acceptor name="http-acceptor-throughput" http-listener="activemq">
<param name="batch-delay" value="50"/>
<param name="direct-deliver" value="false"/>
</http-acceptor>
...
</server>
</subsystem>
...
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<server name="default-server">
...
<http-listener name="activemq" socket-binding="activemq" enable-http2="true"/>
...
</server>
</subsystem>
...
</profile>
...
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
...
<interface name="management">
<inet-address value="${jboss.bind.address.management:127.0.0.1}"/>
</interface>
<socket-binding name="managemnet" interface="activemq-interface" port="${jboss.activemq.port:8081}"/>
...
</socket-binding-group>
</server>
When I try to connect to the server at tcp://localhost:8081 nothing seems to happen. Is there some tool out there that can help me examine the issue or do you guys know what might be wrong?
EDIT: Sorry guys I forgot to add a few things. I have standalone-full.xml That was a typo. However i was receving an error when using the standard configuration
AMQ122005: Invalid "host" value "0.0.0.0" detected for "http-connector" connector.
So I assumed something was badly configured and that this was the cause for not being able to reach the imbedded artemis instance. I'm unsure what the standard port is for Artemis? is it localhost:9990?
Regarding versions
Applicaiton
Version
Artemis
2.19.1
Wildfly
26.1
I'm trying to connect wit the Quarkus JMS example described here
https://quarkus.io/guides/jms
The AMQ122005 message is warning you that you've bound the "activemq" socket-binding which is being used by the "http-connector" http-connector to 0.0.0.0 which is not valid. A remote client looking up any JMS ConnectionFactory which is configured to use that connector will receive a stub pointing to 0.0.0.0 which won't work.
The only thing you need to do here is to instead bind the server to a concrete, remotely-accessible interface rather than 0.0.0.0. Therefore, you don't need the extra http-listener, etc.
If you are using JNDI then you can connect embedded broker using a URL like this as demonstrated here:
http-remoting://host:8080
If you aren't using JNDI then you can connect to the embedded broker using a URL like:
tcp://host:8080?httpUpgradeEnabled=true
This is what you'd configure in Quarkus' application.properties in which case you can just ignore the AMQ122005 message since you're not using JNDI.
Why don't you use standalone-full.xml which has a complete working embedded Artemis broker.
Another solution with WildFly 27 is to use Galleon and provision the embedded-activemq layer.
Related
I'm currently trying to fix in issue in our JBOSS Deployment with different SOAP Endpoints, we trying to close the Webservice Interface over https(port 8443) to only allow it via CA Authentication (port 8444).
We are Using JBOSS 7.4.7 and JDK 11
Here are the JBOSS Standalone Configurations:
<socket-binding-group name="standard-sockets" default-interface="public" port-offset="${jboss.socket.binding.port-offset:0}">
<socket-binding name="https" port="8443"/>
<socket-binding name="httpsca" port="8444"/>
</socket-binding-group>
[...]
<subsystem xmlns="urn:jboss:domain:undertow:12.0" default-server="default-server" default-virtual-host="default-host" default-servlet-container="default" default-security-domain="other" statistics-enabled="${wildfly.undertow.statistics-enabled:${wildfly.statistics-enabled:false}}">
<buffer-cache name="default"/>
<server name="default-server">
<https-listener name="https" socket-binding="https" max-post-size="0" secure="true" ssl-context="ssl"/>
<https-listener name="httpsca" socket-binding="httpsca" max-post-size="0" secure="true" ssl-context="sslca"/>
</server>
[...]
<subsystem xmlns="urn:jboss:domain:webservices:2.0" statistics-enabled="${wildfly.webservices.statistics-enabled:${wildfly.statistics-enabled:false}}">
<modify-wsdl-address>true</modify-wsdl-address>
<wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
<wsdl-port>8444</wsdl-port>
<wsdl-secure-port>8444</wsdl-secure-port>
<endpoint-config name="Standard-Endpoint-Config"/>
<endpoint-config name="Recording-Endpoint-Config"/>
<client-config name="Standard-Client-Config"/>
</subsystem>
<tls>
<key-stores>
<key-store name="test">
<credential-reference clear-text="****"/>
<implementation type="JKS"/>
<file path="ssl_keystore.jks" relative-to="jboss.server.config.dir"/>
</key-store>
<key-store name="test-trusted">
<credential-reference clear-text="****"/>
<implementation type="JKS"/>
<file path="ssl_truststore.jks" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="serverssl" key-store="test">
<credential-reference clear-text="****"/>
</key-manager>
</key-managers>
<trust-managers>
<trust-manager name="serverssl-ca" key-store="test-trusted"/>
</trust-managers>
<server-ssl-contexts>
<server-ssl-context name="test-ssl" cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2 TLSv1.3" key-manager="serverssl"/>
<server-ssl-context name="test-sslca" cipher-suite-filter="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384" cipher-suite-names="TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256" protocols="TLSv1.2 TLSv1.3" need-client-auth="true" key-manager="serverssl" trust-manager="serverssl-ca"/>
</server-ssl-contexts>
</tls>
We are having trouble setting only one Port for the WSDL Endpoint.
1. If I don't set <wsdl-secure-port>, then the JBOSS throws an error because it trys to create a http endpoint which is not active at all.It also occurs if I only set the <wsdl-secure-port> and not the <wsdl-port>.
Are we doing something wrong or is that a bug from JBOSS ?
Thanks for any help and tips in advice.
I am new to working with JBoss and I'm working on setting up a cluster to test with. I followed the directions from middleware to setup a JBoss Domain cluster on a single Linux VM using JBoss EAP 7.1.6. I am now trying to deploy a web application to my cluster using the admin console to test that the cluster is working.
I have created a simple hello world web app using liweinan's cluster demo source code that should display the current time. I tested the app and it displays correctly on a standalone cluster, but when I test my domain cluster I am seeing the page telling me that I need to disable the welcome content. What am I doing wrong? Is there something that also needs to be configured on the slaves?
Here is my jboss-web.xml in my application war:
<jboss-web>
<context-root>/</context-root>
</jboss-web>
In the host-master.xml the domain controller is:
<domain-controller>
<local/>
</domain-controller>
In the domain.xml file I have updated the interfaces to match the address of my machine. I also commented out the welcome content in the undertow.
<subsystem xmlns="urn:jboss:domain:undertow:4.0">
<buffer-cache name="default"/>
<server name="default-server">
<ajp-listener name="ajp" socket-binding="ajp"/>
<http-listener name="default" socket-binding="http" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
<host name="default-host" alias="localhost">
<!--<location name="/" handler="welcome-content"/>-->
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<http-invoker security-realm="ApplicationRealm"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<!--<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>-->
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="JBoss-EAP/7"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
In both of the host-slave.xml files I have updated the socket interface management port, the interface inet-address, and added an offset for the servers.
Any help or suggestions would be greatly appreciated. I've been researching this for days without success.
It turns out the issue wasn't with my configuration. When you deploy the application you can't change the name. I was changing it from ClusterDemo.war to ClusterDemo. When I left the .war on the name, the app ran with no issues.
I was upgrading ATG application from 10.x to 11.x. I also upgraded jboss-eap from 5.1 to 7.2 I have faced various JBoss issues and many of them were fixed.
As of now we are getting the following error while starting the ATG fulfillment server and it seems to be JBoss JMS issue.
07:56:43,346 ERROR [nucleusNamespace.atg.dynamo.messaging.MessagingManager] (ServerService Thread Pool -- 81) PatchBay failed to startup properly : a Scheduler job will be registered to continue trying to bring PatchBay up : note this may result in further errors: atg.nucleus.ServiceException: An error occurred trying to resolve JNDI name "java:/XAConnectionFactory" for the "xa-topic-connection-factory-name" in provider "Hornet" in definition file "/atg/dynamo/messaging/dynamoMessagingSystem.xml": javax.naming.NameNotFoundException: XAConnectionFactory -- service jboss.naming.context.java.XAConnectionFactory
at atg.dms.patchbay.Provider.initializeTopicConnection(Provider.java:364)
at atg.dms.patchbay.PatchBayManager.createInputDestination(PatchBayManager.java:1811)
at atg.dms.patchbay.PatchBayManager.createInputPorts(PatchBayManager.java:1446)
at atg.dms.patchbay.PatchBayManager.createElementManager(PatchBayManager.java:1477)
at atg.dms.patchbay.PatchBayManager.createMessageFilters(PatchBayManager.java:1338)
In Jboss 5, there were following configuration files:
ls jboss-eap-5.1/seam/bootstrap/deploy/messaging/
connection-factories-service.xml hsqldb-persistence-service.xml legacy-service.xml remoting-service.xml
destinations-service.xml jms-ds.xml messaging-service.xml
In Jboss 7.2 we have the following message config in standalone.xml file:
<subsystem xmlns="urn:jboss:domain:messaging-activemq:4.0">
<server name="default">
<journal pool-files="10"/>
<security-setting name="#">
<role name="guest" send="true" consume="true" create-non-durable-queue="true" delete-non-durable-queue="true"/>
</security-setting>
<address-setting name="#" dead-letter-address="jms.queue.DLQ" expiry-address="jms.queue.ExpiryQueue" max-size-bytes="10485760" page-size-bytes="2097152" message-counter-history-day-limit="10"/>
<http-connector name="http-connector" socket-binding="http" endpoint="http-acceptor"/>
<http-connector name="http-connector-throughput" socket-binding="http" endpoint="http-acceptor-throughput">
<param name="batch-delay" value="50"/>
</http-connector>
<in-vm-connector name="in-vm" server-id="0">
<param name="buffer-pooling" value="false"/>
</in-vm-connector>
<http-acceptor name="http-acceptor" http-listener="default"/>
<http-acceptor name="http-acceptor-throughput" http-listener="default">
<param name="batch-delay" value="50"/>
<param name="direct-deliver" value="false"/>
</http-acceptor>
<in-vm-acceptor name="in-vm" server-id="0">
<param name="buffer-pooling" value="false"/>
</in-vm-acceptor>
<jms-queue name="ExpiryQueue" entries="java:/jms/queue/ExpiryQueue"/>
<jms-queue name="DLQ" entries="java:/jms/queue/DLQ"/>
<connection-factory name="InVmConnectionFactory" entries="java:/ConnectionFactory" connectors="in-vm"/>
<connection-factory name="RemoteConnectionFactory" entries="java:jboss/exported/jms/RemoteConnectionFactory" connectors="http-connector"/>
<pooled-connection-factory name="activemq-ra" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory" connectors="in-vm" transaction="xa"/>
</server>
</subsystem>
Following are the contents of atg/dynamo/messaging/dynamoMessagingSystem.xml in the code
<?xml version="1.0" encoding="UTF-8"?>
<dynamo-message-system>
<patchbay>
<!-- JBoss Hornet provider -->
<provider>
<provider-name>Hornet</provider-name>
<xa-topic-connection-factory-name>
java:/XAConnectionFactory
</xa-topic-connection-factory-name>
<xa-queue-connection-factory-name>
java:/XAConnectionFactory
</xa-queue-connection-factory-name>
<supports-transactions>
true
</supports-transactions>
<supports-xa-transactions>
true
</supports-xa-transactions>
<username>***</username>
<password>***</password>
<initial-context-factory>
/abcd/common/services/HornetQ
</initial-context-factory>
</provider>
<!-- Reporting order message source -->
<message-source>
<nucleus-name>/abcd/commerce/fulfillment/processor/SendReportingSubmitOrderMessage</nucleus-name>
<output-port>
<port-name>ReportingOrderSubmit</port-name>
<output-destination>
<provider-name>local</provider-name>
<destination-name>localdms:/local/Fulfillment/LocalSubmitOrder</destination-name>
<destination-type>Topic</destination-type>
</output-destination>
</output-port>
</message-source>
<!-- Split order message source -->
<message-source>
<nucleus-name>/abcd/commerce/fulfillment/processor/SendSplitMessages/</nucleus-name>
<output-port>
<port-name>DEFAULT</port-name>
</output-port>
<output-port>
<port-name>FulfillmentOrderSubmitPort</port-name>
<output-destination>
<destination-name>patchbay:/Fulfillment/SubmitOrder</destination-name>
<destination-type>Topic</destination-type>
</output-destination>
</output-port>
</message-source>
<!-- Custom source/sink will take fulfillment failures and forward them, perhaps to multiple queues or none -->
<message-source>
<nucleus-name>
/abcd/commerce/fulfillment/FailureMessageSink
</nucleus-name>
<output-port>
<port-name>
FulfillmentFailureNotifications
</port-name>
<output-destination>
<destination-name>
patchbay:/Fulfillment/FulfillmentFailureNotifications
</destination-name>
<destination-type>
Topic
</destination-type>
</output-destination>
</output-port>
</message-source>
<!-- Custom source/sink will take fulfillment failures and forward them, perhaps to multiple queues or none -->
<message-sink>
<nucleus-name>
/abcd/commerce/fulfillment/FailureMessageSink
</nucleus-name>
<input-port>
<port-name>FulfillmentError</port-name>
<input-destination>
<destination-name>patchbay:/Fulfillment/ErrorNotification</destination-name>
<destination-type>Queue</destination-type>
</input-destination>
</input-port>
</message-sink>
I'm new to both jboss and ATG, Could anyone help me to resolve the issue ?
java:/XAConnectionFactory is not defined in WildFly. You need to configure WildFly to properly create and expose those connection factories like this:
<pooled-connection-factory name="activemq-ra" entries="java:/JmsXA java:jboss/DefaultJMSConnectionFactory java:/XAConnectionFactory" connectors="in-vm" transaction="xa"/>
Please note also that you are now on Apache ActiveMQ Artemis and no longer on HornetQ
I want to implement SSO between two apps that are deployed on same instance of Wildfly 9. I have searched about it but never got enough information regarding it.
First thing is we have to start from standalone.xml:
<subsystem xmlns="urn:jboss:domain:undertow:2.0">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on domain="localhost"/>
</host>
</server>
<servlet-container name="default">
<jsp-config/>
<websockets/>
</servlet-container>
<handlers>
<file name="welcome-content" path="${jboss.home.dir}/welcome-content"/>
</handlers>
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/9"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
</filters>
</subsystem>
Then in jboss-web.xml put following entry of security-domain and valve:
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
<valve>
<class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>
</valve>
</jboss-web>
I am not sure about changes in web.xml.
I think we have to provide information about security-constraint and login-config.
Please help me to implement this concept in both clustered and non-clustered environment.
Try to add the following line at default-host host under the default-server server:
<single-sign-on path="/"/>
At the end, it will be like:
<server name="default-server">
<http-listener name="default" socket-binding="http" redirect-socket="https"/>
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
<single-sign-on path="/"/>
</host>
</server>
I'm using Wildfly 9.0.2 Final.
org.apache.catalina.authenticator.SingleSignOn can't work on WildFly AS, because Tomcat is substituted by Undertow as a web container.
Normally, you don't need any change to jboss-web.xml.
For an IdP based on PicketLink, you can set jboss-web.xml as following to enable the PicketLink Authenticator:
<filter>
<filter-name>IDPFilter</filter-name>
<filter-class>org.picketlink.identity.federation.web.filters.IDPFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>IDPFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I complete the "tiago mussi" answer, valve are note supported anymore on widlfy because it uses the new webserver undertow, you can put the valve line in jboss-web it will do nothing at all...
<single-sign-on domain="localhost"/>
this is bad syntax because there is a bug in domain sso
<single-sign-on path="/"/>
this is the right syntax then in your web application you will see JSESSIONSSOID or like this name in plus than SESSIONID
picketLink is too much just for use SSO, because it handle API REST SSO, social secure, and it is a specific module with a new mechanism authentication, and furthermore if you will manage several URL you can't because you have to put in configuration the url, it is not dynamic...
In JBoss7 we've restricted number of web connections by using this
<connector name="https" scheme="https" protocol="HTTP/1.1" socket-binding="https" secure="true" max-connections="3000">
for urn:jboss:domain:web:1.0 subsystem which is replaced by urn:jboss:domain:undertow:1.2 in the wildfly. How to setup max-connections in wildfly?
I went through the documentation and didn't find matching attribute.
Thanks
Try add under filters definition
<filters>
<connection-limit name="limit-connections" max-concurrent-requests="3000" queue-size="100"/>
</filters>
and then under host or location add (depends on your need)
<filter-ref name="limit-connections"/>
See a configuration example and Model Reference
Also take a look in Configuring the Web server Pool: http://www.javacodegeeks.com/2014/01/entering-undertow-web-server.html
The above comment from Federico Sierra is correct. But in Wildfly 10.x the filter name 'connection-limit' doesn't exist anymore. Instead it is now called 'request-limit'.
So for Wildfly 10.x add filter reference in the untertow subsystem inside 'server' and 'host' context and the request-limit filter inside the 'filters' context:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
[...]
<server name="default-server">
[...]
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content"/>
[...]
<filter-ref name="limit-connections"/>
</host>
</server>
[...]
<filters>
<response-header name="server-header" header-name="Server" header-value="WildFly/10"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>
<request-limit name="limit-connections" max-concurrent-requests="3000" queue-size="100"/>
</filters>
</subsystem>
Reference: https://github.com/wildfly/wildfly/blob/master/undertow/src/test/resources/org/wildfly/extension/undertow/undertow-3.1.xml
If you want to limit the maximum number of concurrent connections for an HTTP/HTTPS/AJP Connector you have to set the attribute max-connections.
Example:
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-connections,value=300)
Source: How to set the maximum number of Web connections in WildFly
I would use the max-conncections attribute as defined in the documentation. Either for http and/or https connections. It is defined as
"The maximum number of concurrent connections. Only values greater
than 0 are allowed. For unlimited connections simply undefine this
attribute value."
I don't see the benefit of defining an extra filter. But maybe the others can shed some light on this... So similar to the other solutions it would look like this:
<subsystem xmlns="urn:jboss:domain:undertow:10.0">
[...]
<server name="default-server">
<http-listener name="default" socket-binding="http" max-connections="3000" redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-connections="3000" security-realm="ApplicationRealm" enable-http2="true" />
[...]
</server>
[...]
</subsystem>
Update: I just realized that this is the standalone.xml solution to what Francesco is proposing...