I have confluence 5.10.6 on tomcat 8.
In tomcat I have setup jmx:
CATALINA_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=6969 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false ${CATALINA_OPTS}"
and using jconsole trying to have access to Confluence MBeans.
Unfortunately only several of MBeans available:
CacheStatistics
IndexingStatistics
MailTaskQueue
SchedulingStatistics
SystemInformation
But I need also RequestMetrics (https://confluence.atlassian.com/doc/live-monitoring-using-the-jmx-interface-150274182.html).
What I missed in my configuration?
Your configuration is perfectly fine.
The missing RequestMetrics MBean is actually a known bug in Confluence since 5.9.2: https://jira.atlassian.com/browse/CONF-40442
You can vote for this issue there to raise awareness by Atlassian.
I have the same MBeans, in my evaluation version of the confluence.
I have a "confluense.jar" file with "jmxContext.xml" inside.
jmxContext.xml (it contains a reference to MBeanExporterWithUnregisterImpl implementaion) :
<bean id="exporter" class="com.atlassian.confluence.jmx.MBeanExporterWithUnregisterImpl">
<constructor-arg index="0" ref="eventPublisher"/>
<constructor-arg index="1" ref="tenantAccessor"/>
<property name="server" ref="mbeanServer"/>
<property name="beans">
<map>
<entry key="Confluence:name=MailTaskQueue">
<bean class="com.atlassian.confluence.jmx.TaskQueueWrapper"><constructor-arg
ref="mailTaskQueue"/></bean>
</entry>
<entry key="Confluence:name=IndexingStatistics">
<bean class="com.atlassian.confluence.jmx.JmxIndexManagerWrapper"><constructor-arg
ref="indexManager"/></bean>
</entry>
<entry key="Confluence:name=SchedulingStatistics">
<bean class="com.atlassian.confluence.jmx.JmxScheduledTaskWrapper"><constructor-arg
ref="scheduler"/></bean>
</entry>
<entry key="Confluence:name=SystemInformation">
<bean class="com.atlassian.confluence.jmx.JmxSystemInfoWrapper"><constructor-arg
ref="systemInformationService"/></bean>
</entry>
<entry key="Confluence:name=CacheStatistics">
<bean class="com.atlassian.confluence.jmx.JxmCacheStatisticsWrapper">
<constructor-arg ref="cacheStatisticsManager"/>
</bean>
</entry>
</map>
</property>
<property name="exposeManagedResourceClassLoader" value="true"/>
</bean>
So, at least there is nothing wrong, because our installation does not support RequestMetrics mbean, and as far as we can see the RequestMetrics.class inside of confluence.jar, i believe it is a licensing issue.
Related
I've configured the included sample application and am able successfully perform both IdP and SP initiated SSO, and SP initiated SLO (using POST)
However, when sending an IdP initiated logout using Ping Federate, it fails saying that the logout response must be signed (however it succeeds in OpenAM). Looking through the SAML messages, the logout response isn't signed (it seems that Ping Federate is more strict than OpenAM), from what I understand, the response should always be signed.
4.4.3.4 Session Participant/Authority Issues to Identity
Provider
...
It is RECOMMENDED that the HTTP exchanges in this step be made over either SSL 3.0 [SSL3] or
TLS 1.0 [RFC2246] to maintain confidentiality and message integrity. The
message MUST be signed if the HTTP POST or Redirect binding is used. The HTTP Artifact binding,
if used, also provides for an alternate means of authenticating the response issuer when the artifact is
dereferenced.
The relevant part of my securityContext.xml is here..
<bean class="org.springframework.security.saml.metadata.ExtendedMetadataDelegate">
<constructor-arg>
<bean class="org.opensaml.saml2.metadata.provider.ResourceBackedMetadataProvider">
<constructor-arg>
<bean class="java.util.Timer"/>
</constructor-arg>
<constructor-arg>
<bean class="org.opensaml.util.resource.ClasspathResource">
<constructor-arg value="/metadata/moocow.xml"/>
</bean>
</constructor-arg>
<property name="parserPool" ref="parserPool"/>
</bean>
</constructor-arg>
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="local" value="true"/>
<property name="securityProfile" value="metaiop"/>
<property name="sslSecurityProfile" value="pkix"/>
<property name="sslHostnameVerification" value="default"/>
<property name="signMetadata" value="false"/>
<property name="signingKey" value="apollo"/>
<property name="encryptionKey" value="apollo"/>
<property name="requireArtifactResolveSigned" value="false"/>
<property name="requireLogoutRequestSigned" value="true"/>
<property name="requireLogoutResponseSigned" value="true"/>
<property name="idpDiscoveryEnabled" value="false"/>
</bean>
</constructor-arg>
</bean>
However, I don't believe any of this applies to the signing of the response to the IdP.
Associated metadata file...
<?xml version="1.0" encoding="UTF-8"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="http___localhost_8080_spring-security-saml2-sample" entityID="http://localhost:8080/spring-security-saml2-sample">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>Stripped out for legibility
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/spring-security-saml2-sample/saml/SingleLogout"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/spring-security-saml2-sample/saml/SingleLogout"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/spring-security-saml2-sample/saml/SSO" index="0" isDefault="true"/>
</md:SPSSODescriptor>
</md:EntityDescriptor>
Am I missing something blindingly obvious here? Thanks.
John
I am attempting to go through the Spring Security SAML Quick Start at:
http://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html
I've gone through the four steps listed, done the two simple edits to sample/src/main/webapp/WEB-INF/securityContext.xml, and attempt to start the app as described in step 5.
I receive this error:
Bean property 'signMetadata' is not writable or has an invalid setter method.
Does the parameter type of the setter match the return type of the getter?
I have only changed the few lines of XML as described in the QuickStart.
That section of the relevant file looks like this:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="urn:test:chazlarson:waconia" />
<property name="signMetadata" value="false" />
</bean>
</constructor-arg>
</bean>
compared to the QuickStart's suggestion of:
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="replaceWithUniqueIdentifier"/>
<property name="signMetadata" value="false"/>
</bean>
</constructor-arg>
</bean>
What have I missed? I am sure this is simple, but I've gone through this simple process on two different machines with the same result.
Did you try this example?
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter">
<constructor-arg>
<bean class="org.springframework.security.saml.metadata.MetadataGenerator">
<property name="entityId" value="replaceWithUniqueIdentifier"/>
<property name="extendedMetadata">
<bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<property name="signMetadata" value="false"/>
<property name="idpDiscoveryEnabled" value="true"/>
</bean>
</property>
</bean>
</constructor-arg></bean>
I looked into MetadataGenerator class and there is no property signMetadata.
I would recommend you to follow this doc
I'm using spring-data-neo4j 3.1.1.Release with neo4j 2.1.2. I managed to make a spring configuration which is working well but it use the org.neo4j.kernel.EmbeddedGraphDatabase class which is now deprecated. Here is my current configuration :
<bean id="graphDatabaseService" class="org.neo4j.kernel.EmbeddedGraphDatabase"
destroy-method="shutdown">
<constructor-arg index="0" value="${graphdir}"/>
<!-- optionally pass in neo4j-config parameters to the graph database -->
<constructor-arg index="1">
<map>
<entry key="allow_store_upgrade" value="true"/>
</map>
</constructor-arg>
<constructor-arg index="2" ref="defaultGraphDatabaseDependencies" />
</bean>
<bean id="defaultGraphDatabaseDependencies" class="org.neo4j.kernel.DefaultGraphDatabaseDependencies"/>
<neo4j:config graphDatabaseService="graphDatabaseService" base-package="com.company.domain"/>
How can I write the same kind of spring configuration but using non deprecated classes please ?
You can use the GraphDatabaseFactory class using spring for this. I've blogged about at http://blog.armbruster-it.de/2013/08/configuring-a-neo4j-graphdatabaseservice-via-spring/
Can you please give me some links or solutions to manage my problem?
The problem is the follows. I have an LDAP server. How can I make http basic authorization through this LDAP server?
Thanks in advance.
You need to set up two different fetures of Spring Security:
LDAP Authentication. Actual config described here.
HTTP Basic Authentication. This feature is described here.
Thanks. I made such a config:
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/index.jsp" access="isAuthenticated()"/>
<security:http-basic/>
</security:http>
Then, BasicAuthenticationFilter
<bean id="basicAuthenticationFilter"
class="org.springframework.security.web.authentication.www.BasicAuthenticationFilter">
<property name="authenticationEntryPoint" ref="BauthenticationEntryPoint"/>
<property name="authenticationManager" ref="BauthenticationManager"/>
</bean>
Entry point and manager were descrbed like that:
<bean id="BauthenticationEntryPoint" class="org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint">
<property name="realmName" value="Name Of Your Realm"/>
</bean>
<bean id="BauthenticationManager" class="org.springframework.security.authentication.ProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthProvider"/>
</list>
</property>
</bean>
And finally
<bean id="ldapAuthProvider"
class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="contextSource"/>
<property name="userDnPatterns">
<list>
<value>sAMAccountName={0}</value>
</list>
</property>
</bean>
</constructor-arg>
<constructor-arg>
<bean
class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="contextSource"/>
<constructor-arg value=""/>
</bean>
</constructor-arg>
</bean>
When I try to access /index.jsp I shown an stadart http auth window that requesting me my username and password. When I type it into form and press Enter nothing goes on - an auth window just reloads and nothing more.
Where I made a mistake?
Thanks.
I am currently using JBoss 4.3 for a web application. I would like to move to the JBoss AS 7. I have been able to fix must of the differences of the application in both versions but one. The application has some JMX beans that are created thru the spring framework. Unfortunately the AS 7 release removed the class: org.jboss.mx.util.MBeanServerLocator which was used in spring to locate the JBoss JMX server and create some beans. I am not to familiar with JMX but so far the only thing I have found so far is:
"http://lists.jboss.org/pipermail/jboss-as7-dev/2011-February/000569.html". I was wondering if somebody knows how to replace the class above from JBOSS with the new JMX 1.6 classes. Here is my spring configuration snipet for the piece I need to fix:
<bean class="org.springframework.jmx.export.MBeanExporter">
<property name="server">
<bean class="org.jboss.mx.util.MBeanServerLocator" factory-method="locateJBoss"/>
</property>
<property name="beans">
<map>
<entry key="MywebMbeans:name=profileListenerContainer" value-ref="profileListenerContainer"/>
<entry key="MywebMbeans:name=jmsSenderService" value-ref="jmsSenderService"/>
<entry key="MywebMbeans:name=mailSender" value-ref="mailSender"/>
</map>
</property>
<property name="assembler" ref="mbeanAssembler"/>
</bean>
Thanks,
The MBeanServer used by JBoss 7 (by default) is the platform MBeanServer. The class name is com.sun.jmx.mbeanserver.JmxMBeanServer and the default domain is DefaultDomain. Accordingly, you can simply use:
java.lang.management.ManagementFactory.getPlatformMBeanServer()
Alternatively:
for(MBeanServer server: javax.management.MBeanServerFactory.findMBeanServer(null)) {
if("DefaultDomain".equals(server.getDefaultDomain())) return server;
}
throw new Exception("Failed to locate MBeanServer");
Actually I just look in the JMX page for spring
http://static.springsource.org/spring/docs/1.2.x/reference/jmx.html
The following will work in both JBoss instaces 4 and 7.
<bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean">
<property name="locateExistingServerIfPossible" value="true" />
</bean>
<bean class="org.springframework.jmx.export.MBeanExporter">
<property name="server" ref="mbeanServer"/>
</property>
<property name="beans">
<map>
<entry key="MywebMbeans:name=profileListenerContainer" value-ref="profileListenerContainer"/>
<entry key="MywebMbeans:name=jmsSenderService" value-ref="jmsSenderService"/>
<entry key="MywebMbeans:name=mailSender" value-ref="mailSender"/>
</map>
</property>
<property name="assembler" ref="mbeanAssembler"/>
</bean>