Wildfly 24, Java 11.0.11 adding external security provider - wildfly

I'm trying to use external security provider, like nCipherKM on Wildfly24.0.0 and JDK 11.0.11, however with no luck so far.
I've configured standalone.conf with:
JDK_JAVA_OPTIONS="-cp /opt/nfast/java/classes/nCipherKM.jar"
and
JAVA_OPTS="$JAVA_OPTS $JDK_JAVA_OPTIONS"
And I see wildfly started with that classpath, however, when I want to use it with the application, I'm getting the following in the server.log:
java.security.NoSuchProviderException: no such provider: nCipherKM
In the java.security I have added:
security.provider.13=nCipherKM
Any ideas what I'm missing?
Thanks

After looking into the nCipher user guide I noticed that after I ran this:
`java --module-path /opt/nfast/java/classes com.ncipher.provider.InstallationTest
Installed providers:
1: SUN
2: SunRsaSign
3: SunJSSE
4: SunJCE
Unlimited strength jurisdiction files are installed.
The nCipher provider is not correctly installed.`
See, something is not correctly set in the java.security file.
So, instead just putting security.provider.13=nCipherKM I actually put
security.provider.13=com.ncipher.provder.km.nCipherKM
The result is:
java --module-path /opt/nfast/java/classes com.ncipher.provider.InstallationTest
Installed providers:
1: SUN
2: SunRsaSign
3: SunJSSE
4: SunJCE
5: nCipherKM
Unlimited strength jurisdiction files are installed.
The nCipher provider is installed, but is not registered at
the top of the providers list in the java.security file. See
the user guide for more information about the recommended
system configuration.
nCipher JCE services:
Alg.Alias.AlgorithmParameters.DESede
...
Then in the standalone.conf I used the exact --module-path option as I did for the installationTest, like this:
JDK_JAVA_OPTIONS="--module-path /opt/nfast/java/classes" JAVA_OPTS="$JAVA_OPTS $JDK_JAVA_OPTIONS"
And restarted wildfly service.
And, application can now reach the nCipherKM and the key loads with success! :)
Hope this helps someone out there.

Related

JPAM Configuration for Apache Drill

I'm trying to configure PLAIN authentification based on JPAM 1.1 and am going crazy since it doesnt work after x times checking my syntax and settings. When I start drill with cluster-id and zk-connect only, it works, but with both options of PLAIN authentification it fails. Since I started with pam4j and tried JPAM later on, I kept JPAM for this post. In general I don't have any preferences. I just want to get it done. I'm running Drill on CentOS in embedded mode.
I've done anything required due to the official documentation:
I downloaded JPAM 1.1, uncompressed it and put libjpam.so into a specific folder (/opt/pamfile/)
I've edited drill-env.sh with:
export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pamfile/"
I edited drill-override.conf with:
drill.exec: {
cluster-id: "drillbits1",
zk.connect: "local",
impersonation: {
enabled: true,
max_chained_user_hops: 3
},
security: {
auth.mechanisms: ["PLAIN"],
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
}
It throws the subsequent error:
Error: Failure in starting embedded Drillbit: org.apache.drill.exec.exception.DrillbitStartupException: Problem in finding the native library of JPAM (Pluggable Authenticator Module API). Make sure to set Drillbit JVM option 'java.library.path' to point to the directory where the native JPAM exists.:no jpam in java.library.path (state=,code=0)
I've run that *.sh file by hand to make sure that the necessary path is exported since I don't know if Drill is expecting that. The path to libjpam should be know known. I've started Sqlline with sudo et cetera. No chance. Documentation doesn't help. I don't get it why it's so bad and imo incomplete. Sadly there is 0 explanation how to troubleshoot or configure basic user authentification in detail.
Or do I have to do something which is not told but expected? Are there any Prerequsites concerning PLAIN authentification which aren't mentioned by Apache Drill itself?
Try change:
export DRILLBIT_JAVA_OPTS="-Djava.library.path=/opt/pamfile/"
to:
export DRILL_JAVA_OPTS="$DRILL_JAVA_OPTS -Djava.library.path=/opt/pamfile/"
It works for me.

Failed to start Neo4j service

I am using neo4j enterprise 3.0.3 version for windows. Following the operations manual 3.0, I have installed the neo4j service with bin\neo4j install-service. But I can't start it with bin\neo4j start. It said
Invoke-Neo4j : Failed to start service 'Neo4j Graph Database - neo4j (neo4j)'.
And I can't start the neo4j service in windows serice either. Maybe anyone have encountered this case before?
I had the same problem: I am using neo4j community 3.1.2 for windows and installed the service with the neo4j.bat file without any problems.Then i wanted to start the service with neo4j.bat and got the same error as you
I found a solution that worked for me. My neo4j files were in a folder, where the path to the folder contained spaces (C:\Program Files\Neo4j) Then i moved the folder one level up (C:\Neo4j).
After that i could start the service without problems.
Maybe this solution helps.
I am running neo4j on windows and in my case the crux of the issue was that there was an incompatibility between the installed versions of Java (32-bit) v/s OS version. The biggest clue that led me to this is the following set of lines in neo4j-service.2018-08-03 log file
[2018-08-03 14:55:42] [info] [ 1432] Starting service...
[2018-08-03 14:55:42] [error] [ 1432] %1 is not a valid Win32 application.
[2018-08-03 14:55:42] [error] [ 1432] Failed creating java C:\JavaNew\bin\server\jvm.dll
[2018-08-03 14:55:42] [error] [ 1432] %1 is not a valid Win32 application.
[2018-08-03 14:55:42] [error] [ 1432] ServiceStart returned 1
There are a fair number of potential issues, and I have made an attempt to compile all the issues with this,
Windows services cannot deal with service names in folders that have spaces; especially if there is another folder with the same name as the one with spaces.
For example - C:\Program Files... will have issues if C:\Program\Something...
To work around this, I put Neo4j in root folder c:\Neo4j
Get-Java.ps1 (under ..\bin\Neo4j-Management folder)looks in the path variable for 'JAVA_HOME' (usually found in *nix environments). If it does not find it here, it keeps looking in registry, and finally throws up its hand!
To deal with this, I simply put in a path variable. For a good measure, I uninstalled Java and re-installed Java in the root folder under C:\JavaNew
In retrospect, this step is probably not on part of the problem, and hence can be ignored. But I am leaving it here for completeness sake.
Invoke-Neo4j.ps1 (also under ..\bin\Neo4j-Management folder) has code that determines if the OS is 32-bit (or 64-bit). Based on this it determines if it should run prunsrv-i386.exe (32-bit) or prunsrv-amd64.exe (64-bit).
This has to match the Java version installed.
Upon running java -XshowSettings:all, and inspecting the sun.arch.data.model value (32, in my case), I realized that my OS is 64 bit and the Java version is 32-bit.
To deal with this, I put in code (very klugey!). I am sure there are much better ways to get to the same outcome, but this is what I used.
switch ( (Get-WMIObject -Class Win32_Processor | Select-Object -First 1).Addresswidth ) {
32 { $PrunSrvName = 'prunsrv-i386.exe' } # 4 Bytes = 32bit
#64 { $PrunSrvName = 'prunsrv-amd64.exe' } # 8 Bytes = 64bit COMMENTED as a workaround!!!
64 { $PrunSrvName = 'prunsrv-i386.exe' } # 8 Bytes = 64bit
Now, uninstall the neo4j service, install it, and start the service.
Hope this works for you.
neo4j console
Posting for latest versions > 4.x
I had the same issue using neo4j start, Neo4j console is the right command I was looking for. It is a web-based graph that acts as an interactive tutorial.
i had the same problem , after the neo4j worked for few weeks it stoop working (without any change that i made)
i have set java_home uninstall and install and now it works
neo4j-enterprise-3.3.4
I was also having weired issue as there was no error but neo4J service did not start.
[xx#ss1 bin]$ ./neo4j console
[xx#ss1 bin]$ .
The problem was with the permission on Java directory and I tried
chmod -R 777 jdk_directory
and problem got solved.
#neo4j #neo4jnotstarting

ATG Commerce v11 CRS install Error:

I have installed Oracle ATG v11 with the commerce reference store, when I startup the production server and go to the url domain/crs/storeus I see the blank white page, and have the following error in the console:
Oct 13, 2014 1:56:37 PM com.endeca.infront.site.SiteManager getSite
SEVERE: Unable to retrieve site definition for site id: /storeSiteUS
com.endeca.store.exceptions.PathNotFoundException: No node found at
path: [pages].
at com.endeca.store.configuration.InternalNode.getNode(InternalNode.java:153)
at com.endeca.store.configuration.InternalNode.getNodeInfo(InternalNode.java:221)
at com.endeca.store.configuration.InternalNode.getNode(InternalNode.java:150)
at com.endeca.store.configuration.InternalNode.getNode(InternalNode.java:61)
........................................
**** Error Mon Oct 13 13:00:47 +00:00 2014 1413205247448 /atg/endeca/assembler/droplet/InvokeAssembler A problem occurred
assembling the content for content item /content/Web/Home Pages. The
response received was {#type=ContentSlot,
atg:currentSiteProductionURL=/crs/storeus,
canonicalLink=com.endeca.infront.cartridge.model.NavigationAction#2b35e9c6,
ruleLimit=1, #error=com.endeca.infront.content.ContentException:
com.endeca.navigation.ENEConnectionException: Error establishing
connection to retrieve Navigation Engine request
http://localhost:15000/graph?node=0&profiles=sitegroup.siteGroupUS|NoPriceRange|site.storeSiteUS&offset=0&nbins=0&irversion=640'.
Tried all: '2' addresses, but could not connect over HTTP to server:
'localhost', port: '15000' Check MDEX Logs and specified query
parameters. , contentCollection=/content/Web/Home Pages}. Servicing
the error open parameter.
I am assuming this error is related to endeca? I have downloaded CAS, Tools And Frameworks with experience manager and MDX, and Platform Services. Do I need to start these or have I missed a part of the endeca install?
The value of the configurationPath attribute in the DefaultFileStoreFactory.properties located at \localconfig\atg\endeca\assembler\cartridge\manager may be incorrect.
In OOTB CRS, we normally provide the following value for configurationPath attribute :
/ToolsAndFrameworks/11.1.0/server/workspace/state/repository/CRS
Could you please verify the .zip is present at path provided in DefaultFileStoreFactory.properties.
Just check if you are able to connect the below url:
host:15000/admin?op=stats
If you are able to connect this URL, then MDEX is running. Also, you can login to the experience manager and check if the dgraphs and dgidx are running.
If you are not able to connect then check all the services are(tools and http) running and accessible. You can check the endeca logs to debug further.
Your DGraph is not (yet) started.
(Hit this URL in your browser and verify: http://localhost:15000/graph?node=0&profiles=sitegroup.siteGroupUS|NoPriceRange|site.storeSiteUS&offset=0&nbins=0&irversion=640&format=xml)
Possible reasons are:
You did not run baseline update from ATG (from
ProductCatalogSimpleIndexingAdmin dyn/admin component).
You did not run promote content (from your Endeca App's control folder).
Your Services are not working properly (or not started at all). Check that Platform Services and Tools And Frameworks are started.
The solution is to properly define the value for the property configurationPath=E:/Endeca/Apps/CRS/data/workbench/application_export_archive/CRS in "DefaultFileStoreFactory.properties"
If you are using the OS as Windows then define this path as Unix style as shown above.

Error running hadoop application in Eclipse on Windows

I'm trying to set up an Eclipse environment for developing and debugging hadoop. I'm following Tom White's Definitive Hadoop 3rd ed. What I would like to do is get the MaxTemperature app working locally on my Windows within Eclipse before moving it to my Hortonworks sandbox VM. The comment on page 158 about using the local job runner seems to be what I want. I don't want to set up a full hadoop implementation on Windows. I'm hoping with the right config params I can convince it to run as a java application inside Eclipse.
Windows: 7
Eclipse: Luna
Hadoop: 2.4.0
JDK: 7
When I set the Run configuration for MaxTemperatureDriver (Source code on page 157) to
inputfile outputdir foo (deliberate bogus 3rd parameter)
I get the usage message so I know I'm running my program with those params.
If I remove the bogus third param I get
Exception in thread "main" java.io.IOException: Cannot initialize Cluster. Please check your configuration for mapreduce.framework.name and the correspond server addresses.
at org.apache.hadoop.mapreduce.Cluster.initialize(Cluster.java:120)
at org.apache.hadoop.mapreduce.Cluster.<init>(Cluster.java:82)
at org.apache.hadoop.mapreduce.Cluster.<init>(Cluster.java:75)
at org.apache.hadoop.mapreduce.Job$9.run(Job.java:1255)
at org.apache.hadoop.mapreduce.Job$9.run(Job.java:1251)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1548)
at org.apache.hadoop.mapreduce.Job.connect(Job.java:1250)
at org.apache.hadoop.mapreduce.Job.submit(Job.java:1279)
at org.apache.hadoop.mapreduce.Job.waitForCompletion(Job.java:1303)
at mark.MaxTemperatureDriver.run(MaxTemperatureDriver.java:52)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
at mark.MaxTemperatureDriver.main(MaxTemperatureDriver.java:56)
I've tried inserting -conf but it seems to be ignored. There is no error message if I specify a nonexistent path.
I've tried inserting -fs file:/// -jt local, but it makes no difference
I've tried inserting -D mapreduce.framework.name=local
I've tried specifying the input and output with the file: format
Note. I'm not asking about how to configure eclipse to connect to a remote Hadoop installation. I want the application to run within eclipse.
Is this possible? Any ideas?
Additional info:
I turned on debugging. I saw:
582 [main] DEBUG org.apache.hadoop.mapreduce.Cluster - Trying ClientProtocolProvider : org.apache.hadoop.mapred.YarnClientProtocolProvider
583 [main] DEBUG org.apache.hadoop.mapreduce.Cluster - Cannot pick org.apache.hadoop.mapred.YarnClientProtocolProvider as the ClientProtocolProvider - returned null protocol
I'm wondering not why YarnClientProtocolProvider failed, but why it didn't try LocalClientProtocolProvider.
New info:
It seems that this is an issue with Hadoop 2.4.0. I recreated my environment with Hadoop 1.2.1, followed the instructions in
http://gerrymcnicol.com/index.php/2014/01/02/hadoop-and-cassandra-part-4-writing-your-first-mapreduce-job/
added the Windows hack from
http://bigdatanerd.wordpress.com/2013/11/14/mapreduce-running-mapreduce-in-windows-file-system-debug-mapreduce-in-eclipse
and it all started working.
Following blog will be useful.
Running mapreduce in Windows filesystem

Enhancing OpenJPA entity in runtime in jboss

I am not able to run my spring mvc+openjpa applicaton on jboss AS 7.1.x in my windows laptop.
After deployment when i execute it, it says -
org.apache.openjpa.persistence.ArgumentException: Attempt to cast instance "com.caobusiness.selfcare.entity.DummyTable#1698b9" to PersistenceCapable failed. Ensure that it has been enhanced.
After searching, i found that open jpa entities needs to be enhanced either during built time or run time. I am trying to enhance entity during runtime using javaagent, but it fails.
my jboss standalone.conf looks like
#
# Specify options to pass to the Java VM.
#
if [ "x$JAVA_OPTS" = "x" ]; then
JAVA_OPTS="-Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000"
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS -Djava.awt.headless=true"
JAVA_OPTS="$JAVA_OPTS -Djboss.server.default.config=standalone.xml"
JAVA_OPTS="$JAVA_OPTS -javaagent:D:\openjpa-2.2.0.jar"
else
echo "JAVA_OPTS already set in environment; overriding default settings with values: $JAVA_OPTS"
fi
I do not want to go for built time enhancement as of now. I have gone through posts stackoverflow post and why enhancement is needed
Will appreciate some leads.