Connecting to secured remote AEM repository - aem

In order to create JCR nodes, We are trying to programmatically connect to a remote AEM instance using the JcrUtils.getRepository(...) method to acquire the handle to the repository instance.
This instance is secured and checks for a cookie in the request to let the user in.
Is there a way to pass the cookie to JcrUtils (or other methods of connecting to an AEM repository)?
Right now, when running the code JcrUtils.getRepository("http://host:port/crx/server"); it just throws the following exception:
javax.jcr.RepositoryException: Unable to access a repository with the following settings:
org.apache.jackrabbit.repository.uri: https://<host>:<port>/crx/server
The following RepositoryFactory classes were consulted:
org.apache.jackrabbit.jcr2dav.Jcr2davRepositoryFactory: declined
org.apache.jackrabbit.jcr2spi.Jcr2spiRepositoryFactory: declined
org.apache.jackrabbit.commons.JndiRepositoryFactory: declined
org.apache.jackrabbit.core.RepositoryFactoryImpl: declined
org.apache.jackrabbit.rmi.repository.RmiRepositoryFactory: failed
because of RemoteRuntimeException: java.rmi.RemoteException: Failed to read the resource at URL https://<host>:<port>/crx/server; nested exception is:
java.io.StreamCorruptedException: invalid stream header: 3C21444F
because of RemoteException: Failed to read the resource at URL https://<host>:<port>/crx/server; nested exception is:
java.io.StreamCorruptedException: invalid stream header: 3C21444F
because of StreamCorruptedException: invalid stream header: 3C21444F
Perhaps the repository you are trying to access is not available at the moment.
at org.apache.jackrabbit.commons.JcrUtils.getRepository(JcrUtils.java:223)
at org.apache.jackrabbit.commons.JcrUtils.getRepository(JcrUtils.java:263)
...

There is no way to pass cookie via JcrUtils.getRepository(...) it accepts URI as a string.
In your logs looks like org.apache.jackrabbit.jcr2dav.Jcr2davRepositoryFactory doesn't exist in application classpath.
Make sure you added to dependencies following libs
jackrabbit-jcr-commons
jackrabbit-jcr2dav
in case you are using Maven:
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-jcr-commons</artifactId>
<version>2.10.1</version>
</dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
<artifactId>jackrabbit-jcr2dav</artifactId>
<version>2.10.1</version>
</dependency>

I am getting similar issue as #user3239244 but only in case of https.
I am trying to access repository from standalone java application
repository = JcrUtils.getRepository(url)
Works for http and fails for https
From logs:
javax.jcr.RepositoryException: Unable to access a repository with the
following settings:
org.apache.jackrabbit.repository.uri: https://localhost:5433/crx/server The following RepositoryFactory
classes were consulted:
org.apache.jackrabbit.jcr2dav.Jcr2davRepositoryFactory: declined
org.apache.jackrabbit.jcr2spi.Jcr2spiRepositoryFactory: declined
org.apache.jackrabbit.commons.JndiRepositoryFactory: declined
org.apache.jackrabbit.core.RepositoryFactoryImpl: declined
org.apache.jackrabbit.rmi.repository.RmiRepositoryFactory: failed
because of RepositoryException: Failed to read the resource at URL https://localhost:5433/crx/server
because of SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
because of ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
because of SunCertPathBuilderException: unable to find valid certification path to requested target

Related

Enable REST service for CAS Apereo version cas-overlay-template-6.0

I want to enable REST service for CAS Apereo version cas-overlay-template-6.0 (on Ubuntu 16.04)
I have done following this step:
Step 1: Add compile for REST API to build.gradle file
root#ubuntu16:~/cas-overlay-template-6.0# nano build.gradle
And add two line below under dependencies clock
compile "org.apereo.cas:cas-server-support-rest:6.0.0"
compile "org.apereo.cas:cas-server-support-rest-services:6.0.0"
Step 2: clean build
root#ubuntu16:~/cas-overlay-template-6.0# ./build.sh clean
Step 3: Build source code again
root#ubuntu16:~/cas-overlay-template-6.0# ./build.sh run
But in step 3, I got error like this.
CAS is configured to accept a static list of credentials for authentication. While this is generally useful for demo purposes, it is STRONGLY recommended that you DISABLE this authentication method (by setting 'cas.authn.accept.users' to a blank value) and switch to a mode that is more suitable for production.>
2019-12-30 01:17:55,465 WARN [org.apereo.cas.config.support.authentication.AcceptUsersAuthenticationEventExecutionPlanConfiguration] - <>
2019-12-30 01:17:55,806 INFO [org.apereo.cas.config.CasPersonDirectoryConfiguration] - <Found and added static attributes [[email]] to the list of candidate attribute repositories>
2019-12-30 01:17:59,004 WARN [org.apereo.cas.web.CasWebApplicationContext] - <Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'registeredServiceResourceRestController' defined in class path resource [org/apereo/cas/support/rest/config/RestServicesConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apereo.cas.support.rest.RegisteredServiceResource]: Factory method 'registeredServiceResourceRestController' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: No attribute name is defined to enforce authorization when adding services via CAS REST APIs. This is likely due to misconfiguration in CAS settings where the attribute name definition is absent>
Where have I gone wrong?
Remove this:
compile "org.apereo.cas:cas-server-support-rest-services:6.0.0"
This module does this:
Invoke CAS to register applications into its own service registry. The REST call must be authenticated using basic authentication where credentials are authenticated and accepted by the existing CAS authentication strategy, and furthermore the authenticated principal must be authorized with a pre-configured role/attribute name and value that is designated in the CAS configuration via the CAS properties. The body of the request must be the service definition that shall be registered in JSON format and of course, CAS must be configured to accept the particular service type defined in the body. The accepted media type for this request is application/json.
So you can remove it, if you don't need the functionality.
If you do need it, you will need to define attribute names/values that can enforce authorization as the error message is telling you.
No attribute name is defined to enforce authorization when adding services via CAS REST APIs. This is likely due to misconfiguration in CAS settings where the attribute name definition is absent.
So, define:
# cas.rest.attributeName=
# cas.rest.attributeValue=
PS Don't add things you do not need.

Failed to read challenge file [Caused by java.io.FileNotFoundException: /jboss/standalone/tmp/auth/local4123__.challenge (No such file or directory)

I am trying to connect two machines both running JBoss EAP 7.1.0 using a JMS bridge. Machine 1 is to act as a web server and has a WAR file deployed which is accessible, and Machine 2 is to act as the app server and has all the necessary components deployed just fine.
This is the error I am receiving:
WARN [org.apache.activemq.artemis.jms.bridge] (ServerService Thread Pool -- 72) AMQ342010: Failed to connect JMS Bridge N/A: javax.naming.CommunicationException: WFNAM00018: Failed to connect to remote host [Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed:
JBOSS-LOCAL-USER: javax.security.sasl.SaslException: ELY05128: [JBOSS-LOCAL-USER] Failed to read challenge file [Caused by java.io.FileNotFoundException: /.../.../jboss/standalone/tmp/auth/local3093626581916142639.challenge (No such file or directory)]]
at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:110)
at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNaming(RemoteNamingProvider.java:53)
at org.wildfly.naming.client.NamingProvider.getPeerIdentityForNamingUsingRetry(NamingProvider.java:105)
at org.wildfly.naming.client.remote.RemoteNamingProvider.getPeerIdentityForNamingUsingRetry(RemoteNamingProvider.java:91)
at org.wildfly.naming.client.remote.RemoteContext.lambda$lookupNative$0(RemoteContext.java:189)
at org.wildfly.naming.client.NamingProvider.performExceptionAction(NamingProvider.java:222)
at org.wildfly.naming.client.remote.RemoteContext.performWithRetry(RemoteContext.java:100)
at org.wildfly.naming.client.remote.RemoteContext.lookupNative(RemoteContext.java:188)
at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:74)
at org.wildfly.naming.client.AbstractFederatingContext.lookup(AbstractFederatingContext.java:60)
at org.wildfly.naming.client.WildFlyRootContext.lookup(WildFlyRootContext.java:144)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at javax.naming.InitialContext.lookup(InitialContext.java:417)
at org.apache.activemq.artemis.jms.bridge.impl.JNDIFactorySupport.createObject(JNDIFactorySupport.java:46)
at org.apache.activemq.artemis.jms.bridge.impl.JNDIDestinationFactory.createDestination(JNDIDestinationFactory.java:32)
at org.apache.activemq.artemis.jms.bridge.impl.JMSBridgeImpl.setupJMSObjects(JMSBridgeImpl.java:1072)
at org.apache.activemq.artemis.jms.bridge.impl.JMSBridgeImpl.start(JMSBridgeImpl.java:398)
at org.wildfly.extension.messaging.activemq.jms.bridge.JMSBridgeService.startBridge(JMSBridgeService.java:114)
at org.wildfly.extension.messaging.activemq.jms.bridge.JMSBridgeService$1.run(JMSBridgeService.java:84)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
at org.jboss.threads.JBossThread.run(JBossThread.java:320)
The connection to the target machine (application server) is being made as the path to JBoss is that of the path on the machine, which I verified by testing with a Windows application server environment and the path was the correct Windows path to the directory where the challenge file should be, so clearly the connection is being made as the directories are being accessed. However, the .challenge file isn't present each time which understandably causes the error message.
I have scoured SO and JBoss forums for days now and nothing is resolving my issue.
I saw this post: JBOSS-LOCAL-USER: javax.security.sasl.SaslException: Failed to read server challenge
This is the same issue that I am facing, but the answer which was marked as correct doesn't help me very much. The solution, in this case, was to replace the default ApplicationRealm with a JAAS realm, but I do not know if this is what I need, and I certainly do not currently have one. I did research it, but it seemed to not be applicable to my setup, but I could be wrong.
I also tried this solution: https://access.redhat.com/solutions/3209281 (Subscription only access)
This solution was to remove default-user="$local" from here:
<security-realm name="ApplicationRealm">
<authentication>
<local default-user="$local" allowed-users="*" skip-group-loading="true"/>
I did this to both standalone-full.xml files on both machines, and it appeared to make no difference at all.
I have created application users on both machines and given them superuser privileges through the JBoss console as I figured it was probably an issue with permissions when trying to write the file but this too was to no avail. I have also verified that both user credentials are correct.
The workaround was to switch to using a core bridge instead of a JMS bridge, as per the recommendation from Justin in the comments.

Remote Invocation of EJB in WildFly 10 using JNDI lookup

Im trying to invoke an EJB from a remote server using JNDI lookup, Im using EJB3 with Spring-MVC in WildFly 10 and the configuration guided in this documentation has been done in my client and remote server
https://docs.jboss.org/author/display/WFLY10/EJB+invocations+from+a+remote+client+using+JNDI
But still I'm not able to get the connection of remote server.
1) Created a user under ApplicationRealm and gave the permissions for master slave setup for remote EJB Invocation.
2) This is my jboss-ejb-client.properties file, Here I have given the wildfly User_Name and Password of Host server.
endpoint.name=client-endpoint
remote.connections=one, two
remote.connection.one.host=172.16.25.26
remote.connection.one.port=8080
remote.connection.one.username=ABCD
remote.connection.one.password=ABCD#123
remote.connection.two.host=localhost
remote.connection.two.port=8080
remote.connection.two.username=guest
remote.connection.two.username=guest
# org.jboss.as.logging.per-deployment=true
My exception is
javax.naming.AuthenticationException: Failed to connect to any server. Servers tried:
[http-remoting://172.16.25.26:8080 (Authentication failed: all available authentication mechanisms failed:
JBOSS-LOCAL-USER: javax.security.sasl.SaslException: Failed to read server challenge [Caused by
java.io.FileNotFoundException: D:\wildfly-10.0.0.Final\standalone\tmp\auth\local3540175271681581878.challenge
(The system cannot find the file specified)]
DIGEST-MD5: javax.security.sasl.SaslException: DIGEST-MD5: Cannot perform callback to acquire realm,
authentication ID or password [Caused by javax.security.auth.callback.UnsupportedCallbackException])]
[Root exception is javax.security.sasl.SaslException: Authentication failed: all available authentication
mechanisms failed:
Please tell me what am I missing here thats causing this exception and what is the significance of secret-key generated while creating the user in wildfly and where to configure that key

glassfish web service tester not working in eclipse

I am learning about SOAP web services and have written a simple dynamic web app with a plain old java class annotated with #WebService (i am using eclipse-jee-neon-1-RC3)
I have not created any client for it and just Testing it from admin console.
(WebService Endpoint)
The wsdl link is working fine but Tester link shows
HTTP Status 500: Internal Server Error
Exception : java.lang.AssertionError: org.xml.sax.SAXParseException; systemId: bundle://164.0:1/com/sun/tools/xjc/reader/xmlschema/bindinfo/binding.xsd; lineNumber: 52; columnNumber: 88; schema_reference: Failed to read schema document 'xjc.xsd', because 'bundle' access is not allowed due to restriction set by the accessExternalSchema property.
Please help with this

Can't log into workbench

I deployed kie-drools-wb-distribution-wars-6.1.0.Final-jboss-as7.0.war into a JBoss 6.3 AS, and added an admin user in the application realm using the add-user.sh command. The login page of KIE Workbench can display, but when I click the login button, the following error occurs:
BWEB000065: HTTP Status 400 - JBWEB000006: Invalid direct reference to
form login page
JBWEB000309: type JBWEB000067: Status report
JBWEB000068: message JBWEB000006: Invalid direct reference to form
login page
JBWEB000069: description JBWEB000120: The request sent by the client
was syntactically incorrect.
JBoss Web/7.4.8.Final-redhat-4
I also deployed the Tomcat version, the login page failed to authenticate the user login with the following errors:
HTTP Status 500 - Filter execution threw an exception type
Exception report message
Filter execution threw an exception description
The server encountered an internal error that prevented it from fulfilling this request.
exception javax.servlet.ServletException: Filter execution threw an exception
root cause java.lang.NoClassDefFoundError: javax/security/jacc/PolicyContext
org.uberfire.security.server.auth.source.JACCAuthenticationSource.getSubjectFrom‌​Container(JACCAuthenticationSource.java:155)
org.uberfire.security.server.auth.source.JACCAuthenticationSource.loadRoles(JACC‌​AuthenticationSource.java:88)
org.uberfire.security.server.auth.HttpAuthenticationManager.authenticate(HttpAut‌​henticationManager.java:178)
org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityMa‌​nagerImpl.java:216)
org.uberfire.security.server.UberFireSecurityFilter.authenticate(UberFireSecurit‌​yFilter.java:337) org.uberfire.security.server.UberFireSecurityFilter.doFilter(UberFireSecurityFil‌​ter.java:278)
root cause java.lang.ClassNotFoundException: javax.security.jacc.PolicyContext org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:17‌​20)
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:15‌​71)
org.uberfire.security.server.auth.source.JACCAuthenticationSource.getSubjectFrom‌​Container(JACCAuthenticationSource.java:155)
org.uberfire.security.server.auth.source.JACCAuthenticationSource.loadRoles(JACC‌​AuthenticationSource.java:88)
org.uberfire.security.server.auth.HttpAuthenticationManager.authenticate(HttpAut‌​henticationManager.java:178)
org.uberfire.security.server.HttpSecurityManagerImpl.authenticate(HttpSecurityMa‌​nagerImpl.java:216)
org.uberfire.security.server.UberFireSecurityFilter.authenticate(UberFireSecurit‌​yFilter.java:337)
org.uberfire.security.server.UberFireSecurityFilter.doFilter(UberFireSecurityFil‌​ter.java:278)
That is because you have not download the KIE Execution Server, please download this: https://download.jboss.org/drools/release/6.5.0.Final/kie-server-distribution-6.5.0.Final.zip. Put it in the tomcat webapps folder, and config the setenv.sh like this:
CATALINA_OPTS="-Xmx512M -XX:MaxPermSize=512m -Dbtm.root=$CATALINA_HOME
-Dorg.jbpm.cdi.bm=java:comp/env/BeanManager -Dbitronix.tm.configuration=$CATALINA_HOME/conf/btm-config.properties -Djbpm.tsr.jndi.lookup=java:comp/env/TransactionSynchronizationRegistry
-Djava.security.auth.login.config=$CATALINA_HOME/webapps/kie-drools-web/WEB-INF/classes/login.config
-Dorg.kie.server.persistence.ds=java:comp/env/jdbc/jbpm -Dorg.kie.server.persistence.tm=org.hibernate.service.jta.platform.internal.BitronixJtaPlatform
-Dorg.kie.server.id=tomcat-kieserver -Dorg.kie.server.location=http://localhost:8080/kie-server-6.5.0.Final-webc/services/rest/server
-Dorg.kie.server.controller=http://localhost:8080/kie-drools-web/rest/controller
-Dorg.kie.server.user=tomcat -Dorg.kie.server.pwd=tomcat -Dorg.kie.server.controller.user=tomcat -Dorg.kie.server.controller.pwd=tomcat"