Setting proxy for JBoss (ESB) debugging with Fiddler - jboss

Running a JBoss 5.1.0GA with a JBoss ESB 4.10 installed on a Win 7 Professional.
I would like to route (SOAP)requests from ESB (org.jboss.soa.esb.actions.soap.SOAPClient) through a proxy (Fiddler).
I have tried the following settings, but I dont see any requests in Fiddler:
In run.conf.bat:
set "JAVA_OPTS=%JAVA_OPTS% -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8888
-Dhtttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8888 -DproxySet=true
In properties-service.xml:
<mbean code="org.jboss.varia.property.SystemPropertiesService"
name="jboss:type=Service,name=SystemProperties">
<attribute name="Properties">
http.proxyHost=127.0.0.1
http.proxyPort=8888
htttps.proxyHost=127.0.0.1
https.proxyPort=8888
proxySet=true
</attribute>
</mbean>

You can use -Dhttp.proxyHost=localhost -Dhtttps.proxyHost=localhost instead.

Related

Thread-pool configuration in Jboss

I want to have more information on how configuring the Thread-pool in JBoss. My aim is to have a server that can treat as many queries as possible at the same time.
Considering that in JBoss EAP 7+ you don't have the server.xml anymore, so then you just need to edit your standalone.xml or domain.xml to include the max number of threads:
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector protocol="HTTP/1.1" port="8080" address="${jboss.bind.address}" connectionTimeout="20000" redirectPort="8443" maxThreads="300" />
I'm talking here about Undertow threads, which are shared with EJB.
There is also the IO threads that are using to connect with DB for example.

Jboss ServiceBindingManager and server.xml: ports and certificate

Using the ServiceBindingManager referencing the "sample-bindings.xml" configuration in the /conf/jboss-service.xml:
<mbean code="org.jboss.services.binding.ServiceBindingManager"
name="jboss.system:service=ServiceBindingManager">
<attribute name="ServerName">myserver</attribute>
<attribute name="StoreURL">${jboss.home.url}/docs/examples/binding-manager/sample-bindings.xml</attribute>
<attribute name="StoreFactoryClassName">
org.jboss.services.binding.XMLServicesStoreFactory
</attribute>
</mbean>
1) Having enabled the ServiceBindingManager does it mean the "server.xml" ports are overwritten by the sample-bindings.xml defined ports?
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="8080" address="${jboss.bind.address}"
maxThreads="250" maxHttpHeaderSize="8192"
emptySessionPath="true" protocol="HTTP/1.1"
compression="on"
compressionMinSize="2048"
noCompressionUserAgents="gozilla, traviata"
compressableMimeType="text/html,text/xml,text/javascript,application/x-javascript,text/css,text/plain"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" server="server1" />
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
maxHttpHeaderSize="8192"
emptySessionPath="true"
address="${jboss.bind.address}"
keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
keystorePass="xx"
truststoreFile="${jboss.server.home.dir}/conf/server.keystore"
truststorePass="xx"
clientAuth="false" sslProtocol="TLS" server="server1" />
2) If the server.xml ports are not relevant any more, how can the TLS server certificate still be used?
After some googling, it does look like sample-bindings.xml ports will override server.xml ports related settings and is mainly used for running multiple instances of JBoss on the same server/machine. On the SSL scertificate, if the keystores appear to be no longer found - you can add them as program arguments either in the JAVA_OPTS section of run.conf (I'm assuming you're using an older version of JBoss) or you can add them to the command line or script you use to start JBoss, for example:
/home/jboss/jboss-eap-5.1/jboss-as/bin/./run.sh -Djavax.net.ssl.keyStore=server.keystore -Djavax.net.ssl.trustStore=server.keystore -Djavax.net.ssl.trustStorePassword=xx -Djavax.net.ssl.keyStorePassword=xx > /dev/null 2>&1 &
Note, you'd need the correct paths to the files.
We use the same keystore/truststore program arguments at work on many Jboss instances.

MacOS - Port 443 required by Tomcat v7.0 Server at localhost is already in use

I try to run a local tomcat7 server from my Eclipse on port 443.
But when I try to start it I get the following error:
Port 443 required by Tomcat v7.0 Server at localhost is already in
use. The server may already be running in another process, or a system
process may be using the port. To start this server you will need to
stop the other process or change the port number(s).
I looked around and saw a few answers to similar questions but can't get it to work.
I tried running Eclise as ROOT
$ sudo open /Applications/Eclipse.app
I also made sure that nothing is running on port 443
$ lsof -i :443
This returns nothing
When I go to 127.0.0.1:443 (http and https), I get the following result:
This site can’t be reached
127.0.0.1 refused to connect.
my local tomcat (defined in Eclipse) server.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--><!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
--><Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener"/>
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 443
This connector uses the BIO implementation that requires the JSSE
style configuration. When using the APR/native implementation, the
OpenSSL style configuration is required as described in the APR/native
documentation -->
<Connector port="443"
protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="dev-tomcat-cert-es"
keystoreFile="<the correct path to the keystore file>"
keystorePass="<the correct password>"
/>
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="443"/>
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine defaultHost="localhost" name="Catalina">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/>
<Context docBase="ct-server" path="/app" reloadable="true" source="org.eclipse.jst.jee.server:ct-server"/></Host>
</Engine>
</Service>
</Server>
I am wondering if MacOs is running something on this port that I can't see.
Or if there is some kind of loop in my configuration which tries to connect twice to the port.
I am using MacOs-Sierra
Any help would be appreciated.
Thanks.
Follow one single step:
1) Delete the server you have created.
a)then create new server ofcourse (i hv attached screenshots for steps)
[Delete your current server][1]
For Creating new server:
1)create new server and delete previously added Configure Environment Variable
Create new server (1)
[click on configure environment variables][3]
[remove the previously added variable and create new][4]
while adding new click next and look for your installed jre
This error shows up if you installed tomcat on MacOs-Sierra using brew.
#Michael-O is right - you need to be root.
One good way to get round that is to bind to 8443 instead of 443. Changing ports unleashes another error about the server not starting within the set timeout.
Either that or the "document does not exist error" will hit first.
The hurdles aren't few. The easiest option - install tomcat using a zip file.
Go to https://tomcat.apache.org/download-70.cgi, download a zip, unzip it and in Eclipse, create a new server and specify "tomcat installation directory" as the unzipped file.

MFP Server: Specifying a particular interface on a multi-homed host

MFP 7.0.0 with IF201506081356
on WebSphere Liberty 8.5.5.5 on Linux
My idea was to modify server.xml
<httpEndpoint id="defaultHttpEndpoint"
httpPort="9080"
httpsPort="9443"
host="*" > <=== change this to a specific ipaddress
And change this JNDI entry
<jndiEntry jndiName="ibm.worklight.admin.jmx.host" value="localhost"/>
to specify the same ipaddress.
After making those changes server does not initialise correctly, it attempts to access JMX on the localhost, even though nowhere in my serverl.xml is the word "localhost"
[6/11/15 13:19:24:232 CEST] 00000040 com.worklight.common.util.jmx.LibertyRuntimeMBeanHandler I Establishing REST connection to service:
jmx:rest://localhost:9443/IBMJMXConnectorREST SSL handler=null
That attempt just repeats ad nauseum ...
Is there some cached value somewhere? Something else I need to set?
During the startup of the runtimes "localhost" is always used for the JMX connection. It is a defect, an APAR will be created.

server.xml equivalent in JBoss AS 7

I am trying to run my application in jboss 7 from jboss 4. In jboss 4 we changed server.xml to configure keystoreFile and keystorePass etc. Can any one help me where to make these changes in jboss7.
The server.xml equivalent in Jboss 7 is a standalone/configuration/standalone.xml for a standalone installation and domain.xml for a domain aware one.
I'm not sure where those options are or how you're supposed to configure it in Jboss 7, but start with standalone.xml file first.
Edit the file standalone/configuration/standalone.xml:
<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
<connector name="http" scheme="http" protocol="HTTP/1.1" socket-binding="http"/>
<virtual-server name="default-host" enable-welcome-root="true">
<alias name="localhost" />
<alias name="example.com" />
</virtual-server>
</subsystem>
Replace thew connector tag with following one:
<connector name="https" scheme="https" protocol="HTTP/1.1" secure =”true” socket- binding="https" ssl=”your certificate name”/>
You should avoid touching the config XMLs yourself.
Rather let it up to domain controller and host controller,
and configure your server through the means mentioned here:
JBoss AS 7 JMX Console
Update:
For manual configuration, try the Web UI - http://localhost:9990/.
For automated configuration, try CLI scripts.
To develop and debug CLI commands, try jboss-cli.sh --gui.
But if you really must, it's in standalone/configuration/standalone.xml:
<subsystem xmlns="urn:jboss:domain:web:1.0" ...>
The schema is here: http://www.jboss.org/schema/jbossas/jboss-as-web_1_2.xsd
(or later versions).
Recommended way to change the AS 7 model is anyway by means of the Command Line Interface.
For example, you can set the socket binding port of the HTTP port to 8090 with :
/socket-binding-group=standard-sockets/socket-binding=http:write-attribute(name="port", value="8090")
JBoss EAP 7 uses the Undertow web server and configures it via the undertow subsystem (which replaces the web subsystem used in previous versions). SSL/TLS setup using the CLI is described in Setting up an SSL/TLS for Applications. If you would like to directly modify the standalone.xml file, the instructions can be translated to:
Add and configure an HTTPS security realm. - under /server/management/security-realms add an HTTPS security-realm element, for example
<security-realm name="HTTPSRealm">
<server-identities>
<ssl>
<keystore path="/path/to/your/keystore/myKeystore.jks"
keystore-password="myKeystorePassword"
alias="mySSLKeyPairAlias"
key-password="mySSLKeyPairPassword" />
</ssl>
</server-identities>
</security-realm>
Update the undertow subsystem to use the HTTPS security realm. - under /server/profile find the Undertow subsystem element (e.g. <subsystem xmlns="urn:jboss:domain:undertow:3.1">). It has a server child element to which you add an https-listener element referencing your HTTPSRealm created in step 1 above, for example
<https-listener name="default-ssl" socket-binding="https" security-realm="HTTPSRealm" />
More details can be found at these related links:
Security Realms
Security Realm Detailed Configuration
https-listener Attributes