We just upgraded from AEM6.1 to 6.3. I am trying to execute a workflow but getting the below error-
07.08.2017 15:20:21.233 *ERROR* [sling-threadpool-cc7c6ae7-7243-4db2-9490-b0810d422592-(apache-sling-job-thread-pool)-282-Granite Workflow Queue(com/adobe/granite/workflow/job/etc/workflow/models/content-request-for-deletion/jcr_content/model)] com.adobe.granite.repository.impl.SlingRepositoryImpl Bundle com.adobe.granite.workflow.core is NOT whitelisted to use SlingRepository.loginAdministrative
07.08.2017 15:20:21.233 *ERROR* [sling-threadpool-cc7c6ae7-7243-4db2-9490-b0810d422592-(apache-sling-job-thread-pool)-282-Granite Workflow Queue(com/adobe/granite/workflow/job/etc/workflow/models/content-request-for-deletion/jcr_content/model)] com.adobe.granite.workflow.core.job.JobHandler Error executing workflow step
java.lang.RuntimeException: Error logging in as service user
at com.adobe.granite.workflow.core.util.ServiceLoginUtil.getWorkflowPayloadSession(ServiceLoginUtil.java:82)
at com.adobe.granite.workflow.core.util.ServiceLoginUtil.getWorkflowPayloadWorkflowSession(ServiceLoginUtil.java:127)
at com.adobe.granite.workflow.core.job.JobHandler.process(JobHandler.java:203)
at org.apache.sling.event.impl.jobs.JobConsumerManager$JobConsumerWrapper.process(JobConsumerManager.java:500)
at org.apache.sling.event.impl.jobs.queues.JobQueueImpl.startJob(JobQueueImpl.java:291)
at org.apache.sling.event.impl.jobs.queues.JobQueueImpl.access$100(JobQueueImpl.java:58)
at org.apache.sling.event.impl.jobs.queues.JobQueueImpl$1.run(JobQueueImpl.java:227)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.jcr.LoginException: Bundle com.adobe.granite.workflow.core is NOT whitelisted
at org.apache.sling.jcr.base.AbstractSlingRepository2.loginAdministrative(AbstractSlingRepository2.java:378)
at com.adobe.granite.workflow.core.util.ServiceLoginUtil.getWorkflowPayloadSession(ServiceLoginUtil.java:76)
... 9 common frames omitted
Do I need to create a service user? How can I do so?
You will find useful this link https://issues.apache.org/jira/browse/SLING-5135
loginAdministrative is a deprecated method which you can still use, although in 6.3 an extra security level was added so in order to be able to use it you would need to create an OSGi config
org.apache.sling.jcr.base.internal.LoginAdminWhitelist.fragment More info here
This problem occur when we try to access resource resolver by administrative services in aem 6.3 or abouve version ...you can remove this error by following way
Apache Sling Service User Mapper Service
enter image description here
There are two options in this configurations:
Service mappings: The service mappings configuration can be used here.
You can configure it like this:
Bundle-Symbolic-Name: Sub-Service[Optional] = System-User-Name
Default User: If there is no service mapping corresponding to a bundle, then the bundle will pick default User and use it as it’s service authentication user.So if you don't want to provide any service mappings, you can use the option of default user.But it is not specific to the bundle.
Apache Sling Service User Mapper Amendment
enter image description here
his configuration is used when you want to have an individual configuration for a particular project.
If there are more than one configurations correspond to a particular bundle, based on the ranking, service can be picked.(The highest the number will be having highest ranking).
New loginService methods
Now the new methods are introduced to replace loginAdministrative methods:
ResourceResolver getServiceResourceResolver(Map authenticationInfo) throws LoginException;
Session loginService(String serviceInfo, String workspace) throws LoginException, RepositoryException;
Note: Each bundle using the ResourceResolverFactory or SlingRepository service actually gets an instance bound to the using bundle. That bundle is used to identify the service.
Related
I'm trying to enable a Spring Cloud Gateway app to automatically refresh its routing config yml on the fly. I have been able to set up a Cloud Config server to host the route YAML and enabled the Spring Cloud Gateway to automatically refresh its config via a #Scheduled contextRefresher.refresh() usage. However, this requires two running apps, and we want to try to minimize the number of additional servers needed to support this requirement.
The Spring Cloud Config Server documentation suggests any boot app can be embedded with a config server via the #EnableConfigServer annotation: https://cloud.spring.io/spring-cloud-static/spring-cloud.html#_spring_cloud_config_server
However, when attempting to introduce the spring-cloud-config-server module in my Gateway's build.gradle, I run into the following error on startup:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type 'org.springframework.http.codec.ServerCodecConfigurer' available: expected at least 1 bean which qualifies as autowire candidate. Dependency annotations: {}
From the discussion here (https://github.com/spring-cloud/spring-cloud-gateway/issues/319) it seems that the issue above arises because spring-boot-starter-web is incompatible w/ Gateway; Gateway is a Netty app and spring-boot-starter-web uses tomcat/servlets. When trying to exclude spring-boot-starter-web from the cloud-config-server module, the app fails again w/:
onfigReactiveWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanDefinitionStoreException: Failed to process import candidates for configuration class [org.springframework.cloud.config.server.config.ConfigServerAutoConfiguration]; nested exception is java.io.FileNotFoundException: class path resource [org/springframework/web/servlet/config/annotation/WebMvcConfigurerAdapter.class] cannot be opened because it does not exist
Is it the case that a Spring Cloud Gateway app cannot be enabled as a CloudConfig server? Or am I missing something.
FWIW my sprincCloudVersion is Finchley.SR1
They can not. Config server is based on spring MVC (servlets), gateway is based on spring webflux and Netty. They are not compatible and cannot be run together.
I am getting the following error when trying to connect my application to jboss:
WARN | ISPN004022: Unable to invalidate transport for server:
/127.0.0.1:12222 ERROR | ISPN004017: Could not fetch transport
org.infinispan.client.hotrod.exceptions.TransportException:: Could not
connect to server: /127.0.0.1:12222
Tried searching a lot for a solution. It would be great is someone could help me out with this. Thanks
You must recall the following actions:
Make sure that your webapp is using the same port as defined in the socket-binding definitions for hotrod in the standalone.xml for JDG configuration folder;
Make sure that your webapp is using the proper inject annotations for your RemoteCacheManager class (remember to use the #ApplicationScopped annotation at the class definition and for additional methods used to get the cache instance);
If you are using JBoss and JDG on the same host, you must check declarations of the JBOSS_HOME environment variable. This variable must be assigned to the JDG installation home directory and not the JBoss EAP home (check also port-offset settings at startup if you're using a custom shell script);
If you are not using both products on the same host, check firewall and network settings;
Remember to re-deploy the application always after every modification and check both EAP and JDG console output for warnings and/or errors.
The following errors are related (for example):
14:38:42,610 WARN [org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory] (http-127.0.0.1:8080-1) ISPN004022:
Unable to invalidate transport for server: /127.0.0.1:11322
14:38:42,610 ERROR [org.infinispan.client.hotrod.impl.transport.tcp.TcpTransportFactory] (http-127.0.0.1:8080-1) ISPN004017:
Could not fetch transport: java.lang.IllegalStateException: Pool not open
This is regarding WSO2 API Manager Worker cluster configuration with external Postgres db. I have used 2 databases i.e wso2_carbon for registry and user management and the wso2_am, for storing APIs. Respective xmls have been configured. The postgres scripts have been run to create the database tables. My log console when wso2server.sh is run, shows enabled clustering and the members of the domain. However on the https://: when I try to create to create APIs, it throws and error in the design phase itself.
ERROR - add:jag org.wso2.carbon.apimgt.api.APIManagementException: Error while checking whether context exists
[2016-12-13 04:32:37,737] ERROR - ApiMgtDAO Error while locating API: admin-hello-v.1.2.3 from the database
java.sql.SQLException: org.postgres.Driver cannot be found by jdbc-pool_7.0.34.wso2v2
As per the error message, the driver class name you have given is org.postgres.Driver which is not correct. It should be org.postgresql.Driver. Double check master-datasource.xml config.
what is the use of sling run modes property in sling.properties file?
I have a osgi felix bundle that installed onto aem admin bundle console through aem cq5 package manager.
**
configuration properties of one of the bundle service is not available
unless I put the following line in cq5/config/sling.properties file.
sling.run.modes=author,sandbox why is this so ? what is the importance
of sling.run.modes ?
**
Thank you,
Sri
Run modes allow you to tune your AEM instance for a specific purpose; for example author or publish, test, development, intranet or others.
Exampe: For dev: sling.run.modes=author,dev
use of run mode is, example - i have a config.author.prod and config.author.dev in crxd/e. Based on the run mode instance, the OSGI Bundle will pick the corresponding config.author.dev or prod configuration settings defined in nt:unstructured and start working.
Ref: https://docs.adobe.com/docs/en/cq/5-6-1/deploying/configure_runmodes.html
Ref: https://helpx.adobe.com/experience-manager/kb/RunModeDependentConfigAndInstall.html
Define a respository-based configuration for a single instance
There are two ways to configure CQ5.
Configure the Apache Felix Web Management Console
The configuration on the Apache Felix Web Management Console (http://:/system/console/configMgr) is always specific for the current instance.
You can find a description in the documentation: http://dev.day.com/content/docs/v5_2/html-resources/cq5_guide_system_administrator/ch05s03.html
Repository-based configuration
It is also possible to store configuration in the CRX repository as nodes of nodetype sling:OsgiConfig.
For more information, see http://dev.day.com/content/docs/v5_2/html-resources/cq5_guide_system_administrator/ch05s02.html
With this method, it is possible to share configuration among several instances.
The name of these nodes must be equal to the Persistent Identity (PID) of the configuration (for example, the name of the service). If you look at http://:/system/console/config, you see these names listed as service.pid properties. These configuration nodes have to be child-nodes of nodetype nt:folder with a name starting with config followed with a dot. All the run-modes that the config applies to are also separated with a dot.
Examples: config.author, config.publish, config.author.dev, config.author.foo.dev, and so on.
UPDATE: Some context on the problem below. My goal is to handle requests for users where they supply a Kafka topic with each request. I use Message Hub deployed on Bluemix as Kafka provider. The requests will pass the broker URL, topic name, username, password and API key. Message Hub on Bluemix requires JAAS authentication and provides a login module with different LoginModule implementations. Some are based on CallbackHandlers, others on CredentialProviders.
I picked the one implemented in com.ibm.messagehub.login.MultiUserLoginModule. With that module I should only have to supply a custom credential provider like:
KafkaClient {
com.ibm.messagehub.login.MultiUserLoginModule required
credentialProvider="myApp.CustomCredentialProvider";
};
The challenges are in the class loader and how the CustomCredentialProvider can get the username/password from the request passed to the MultiUserLoginModule at runtime. What configuration do I have to use to get that working?
DETAILS: I have a web application running in WebSphere Liberty 8.5.5 and want to authenticate with a third-party service. That third-party service implements a JAAS LoginModule with a CredentialProvider. My web app extends the CredentialProvider with a CustomCredentialProvider to pass credentials.
What I don't understand is how the class loading is supposed to work. My server.xml defines:
The web application
<webApplication id="streaming-service" location="streaming-service.war" name="streaming-service"/>
The third-party login module
<jaasLoginModule className="com.ibm.messagehub.login.MultiUserLoginModule" controlFlag="REQUIRED" id="KafkaClient" libraryRef="messageHubLoginLib">
<options credentialProvider="myApp.CustomCredentialProvider" serviceName="kafka"/>
</jaasLoginModule>
The library that implements the third-party login module
<library id="messageHubLoginLib">
<fileset dir="${server.output.dir}" includes="messagehub.login-1.0.0.jar"/>
</library>
The login context
<jaasLoginContextEntry id="KafkaClient" loginModuleRef="KafkaClient" name="KafkaClient"/>
The result of the above configuration is a ClassNotFoundException for my CustomCredentialProvider:
Caused by: java.lang.RuntimeException: java.lang.ClassNotFoundException: myApp.CustomCredentialProvider
at com.ibm.messagehub.login.MultiUserLoginModule$MultiUserCallbackHandler.<clinit>(MultiUserLoginModule.java:80)
How do I have to change my configuration for the third-party JAAS login module to find myApp.CustomCredentialProvider implemented in my streaming-service web app?
Note: I already tried to generate a streaming-service.jar and add it directly to the messageHubLoginLib. That resolves the ClassNotFoundException but the CustomCredentialProvider class is loaded completely outside the context of my running web application and still gives me no access my credentials.
You were nearly there with the separate streaming-service.jar. Here are all the steps that are needed.
Identify the classes (from your app) that need to be visible to the login module.
Put all those classes into your messageHubLoginLib (e.g. in a separate streaming-service.jar)
DELETE those classes from your app.
Configure the app with a class loader child element that references the login module library using a commonLibraryRef attribute:
<webApplication id="streaming-service" location="streaming-service.war" name="streaming-service">
<classloader commonLibraryRef="messageHubLoginLib" />
</webApplication>
Generate a streaming-service.jar and add it directly to the messageHubLoginLib should be the right way to do. In this case, you have a jar file that is share-able between your JAAS login module and Web App.
However, you said "CustomCredentialProvider class is loaded completely outside the context of my running web application and still gives me no access my credentials". It sounds like you trying to store the credential in the CustomCredentialProvider class for uses between the login module and web app.
The CustomCredentialProvider class should be independent between the login module and web app. When request come in and try to access the web app, the server trigger the login module for authentication. If it passed, the access to the web app will be successfully.
I don't see you posted. May be you are missing the following configuration?
<jaasLoginContextEntry id="system.WEB_INBOUND" name="system.WEB_INBOUND" loginModuleRef="KafkaClient,hashtable,certificate,token" />
Can you place the MultiUserLoginModule and CustomCredentialProvider jar file in the ${server.config.dir}/lib/global directory and change the libraryRef point to global directory in your server.xml file as following:
<jaasLoginModule className="com.ibm.messagehub.login.MultiUserLoginModule" controlFlag="REQUIRED" id="KafkaClient" libraryRef="global">
<options credentialProvider="myApp.CustomCredentialProvider" serviceName="kafka"/>
</jaasLoginModule>