In (CEP) WSO2 Adaptor login and password have to be write like this:
<?xml version="1.0" encoding="UTF-8"?>
<outputEventAdaptor name="WSO2_Adaptor" statistics="disable"
trace="disable" type="wso2event" xmlns="http://wso2.org/carbon/eventadaptormanager">
<property name="username">admin</property>
<property name="receiverURL">tcp://localhost:7611</property>
<property name="password">admin</property>
<property name="authenticatorURL">ssl://localhost:7711</property>
</outputEventAdaptor>
Is it possible to encode login and password and instead of admin/admin write encoded params, for example MD5 or something else?
This is not supported out of the box in CEP 3.1.0. But this is available in the upcoming 4.0.0 release (which will be released soon) where all the password fields are encrypted by default [1].
[1] https://wso2.org/jira/browse/CEP-1018
Related
I have integrated SAML 2.0 in my system and I have several questions about SAML configurations file.
In my Service Provider file I have
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>.
In the customer's IDP file we don't have any NameIDFormat definition.
What is de default NameIDFormat if the client didn't defined it?
In my spring saml configuration file
<bean id="samlEntryPoint" class="org.springframework.security.saml.SAMLEntryPoint">
<property name="contextProvider" ref="${saml.security.context.provider}" />
<property name="defaultProfileOptions">
<bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
<property name="includeScoping" value="false" />
<property name="nameID" value="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" />
<property name="allowCreate" value="true" />
</bean>
</property>
</bean>
But the client told us that the policy 'persitent' is not supported for him.
If I modify the defaultProfileOptions and I delete the nameID property, the default value for the client would be
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified (I remember that in SP file the NameIDFormat is urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified and in IDP file we don't have the NameIDFormat definition)?
From SAML specification point of view NameID format
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
should be used if no NameID format is specified. However you don't need to send anyone, the SAML IdP sould then choose one of your SP's supported NameID formats (provided in the SAML SP meta data).
From SAML spec point of view NameID format
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
is intended to be used for the use case of 'account-linking' (linkage of 2 identities in 2 different identity silos, one on IdP side, on on SP side)
As your use-case seems to be SSO only, the intended NameID format would
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
I've created a proxy to tweet using WSO2 ESB Twitter connector. My Tweet proxy looks like this.
<?xml version="1.0" encoding="UTF-8"?>
<proxy name="Tweet" startOnLoad="true" trace="disable"
transports="http https" xmlns="http://ws.apache.org/ns/synapse">
<target>
<inSequence>
<property expression="json-eval($.message)" name="Tweet"
scope="default" type="STRING"/>
<twitter.init>
<consumerKey>xxxxxxxxxx</consumerKey>
<consumerSecret>xxxxxxxxxxxx</consumerSecret>
<accessToken>xxxxxxxxxxxxx</accessToken>
<accessTokenSecret>xxxxxxxxxx</accessTokenSecret>
</twitter.init>
<twitter.updateStatus>
<status>{$ctx:Tweet}</status>
</twitter.updateStatus>
<respond/>
</inSequence>
<outSequence/>
<faultSequence/>
</target>
</proxy>
The project was deployed without any errors but when ever i make a POST request to Tweet from Postman im getting an error status of 170 with a message Missing required parameter: status.
The Post request consist of a json like this.
{"Content-Type":"application/json","payload":"{\"message\":\"Hellow WSO2 ESB!!!! #WSO2 #Test\"}"}
In the ESB sever console it gives an error like this
ERROR - SynapseJsonPath #stringValueOf. Error evaluating JSON Path <$.message>. Returning empty result. Error>>> invalid path
Any particular reason why im getting this error?. How to overcome this?.
Change the property expression like this.
expression="json-eval($.payload.message)"
I am trying to implement Linkedin social login in a Spring Application; I am using the most recent release spring-social-linkedin-1.0.0.RC4 and spring-social-1.0.3.RELEASE.
I manage to get to the point where authorization link is sent to Linkedin:
https://www.linkedin.com/uas/oauth2/authorization?client_id=....&response_type=code&redirect_uri=....
but the request is sent without the mandatory "state" request parameter, so it always results in an error from Linkedin. I double checked that simply adding the missing parameter to te url by hand results in the correct login page from linkedin, so I know client id is right.
Here's the code I use to connect to Linkedin:
User principal = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
ConnectionRepository repository = usersConnectionRepository.createConnectionRepository(principal.getUsername());
Connection<LinkedIn> connection = repository.findPrimaryConnection(LinkedIn.class);
return connection.getApi();
And the configuration for connectionFactoryLocator, where placeholders are resolved correctly:
<bean id="connectionFactoryLocator"
class="org.springframework.social.connect.support.ConnectionFactoryRegistry">
<property name="connectionFactories">
<list>
<bean
class="org.springframework.social.linkedin.connect.LinkedInConnectionFactory">
<constructor-arg value="${linkedin.api.key}" />
<constructor-arg value="${linkedin.api.secret}" />
</bean>
</list>
</property>
</bean>
Everything else is configured by the book and it's pretty standard spring social + jdbc setup.
I think "state" and "scope" parameters should be configured in the same way as "api.key" and "api.secret" (which are correctly set in the request), but I can't find how.
Did someone manage to get this right?
I found out: the simplest way to do it is to use an Interceptor and add it to the ConnectController. You will be able to add any parameter you like there.
Or upgrade to spring social 1.1.0 which has automatic state parameter handling (it's currently at RC1 stage).
Currently, I'm trying to integrate in Liferay one Orbeon form which retrieves the user name.
(I described the problem here: http://discuss.orbeon.com/Unable-to-retrieve-liferay-roles-in-Orbeon-proxy-portlet-td4656273.html - Post 2 )
To do this, I created a simple form with one input field and I want to get the Liferay user name in this field. I tested with all configurations in lower case (Unable to retrieve Header information on Orbeon 4.0.1 but works on 3.9) and nothing is returned.
First: I completed properties-local.xml using http://wiki.orbeon.com/forms/doc/developer-guide/admin/deployment-portlet and I put all properties in lower case.
properties-local.xml :
<!-- this is the property for orbeon forms 4.0 -->
<property as="xs:anyuri" name="oxf.fr.persistence.exist.exist-uri"
value="http://orbeonserver:8080/orbeon/exist/rest/db/orbeon/fr"/>
<!-- configure authentication properties through headers -->
<property as="xs:string" name="oxf.fr.authentication.method"
value="header"/>
<!-- if you want the liferay user email used for form runner authentication -->
<property as="xs:string" name="oxf.fr.authentication.header.username"
value="orbeon-liferay-user-email"/>
<!-- if you want liferay roles used -->
<property as="xs:string" name="oxf.fr.authentication.header.roles"
value="orbeon-liferay-user-roles"/>
<!-- to propagate username/roles to the persistence layer, if using authentication -->
<property as="xs:string" name="oxf.xforms.forward-submission-headers"
value="orbeon-username orbeon-roles"/>
After in my form, I used xxf:get-request-header() to get the Liferay user name :
<xf:bind id="userName-bind" name="userName" ref="userName"
xxf:default="xxf:get-request-header('orbeon-liferay-user-email')"/>
Finally to insert the form in Liferay, I used the orbeon proxy-portlet.war (no configuration in this side).
I see the form but field is still empty. Nothing is returned. I missed a step ?
FYI, I used: liferay-portal-6.1.1-ce-ga2 and orbeon-4.0.1.201303152357-PE (free trial license). Orbeon and Liferay are on 2 different server.
You might want to try a very recent version of Orbeon proxy portlet (4.1-ce from github), since the following issue got closed only a month ago:
https://github.com/orbeon/orbeon-forms/issues/886 "Proxy portlet: ability to configure forwarding of headers and parameters". Accordingly, the 4.01 version of Orbeon proxy portlet lacks this ability.
How to protect database username and password in shared hosting enviornment using spring
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<property name="driverClassName"><value>com.mysql.jdbc.Driver</value></property>
<property name="url"><value>jdbc:mysql:///BUSINESS</value></property>
<property name="username"><value>root</value></property>
<property name="password"><value>password</value></property>
</bean>
I am not aware of any Spring specific solution for this.
In a shared hosting environment one should make sure that file's aren't public readable so other users can't view the content of you’re files. In case of a shared application server, the app server should be in the same group, so only the application server gets access to you’re files.
An application should never use a MySql root password. You should create an MySql account with limited rights on a specific schema (for example an user that can only do DML statements and not DDL statements).
To keep the username/password out of a plain text file you could hardcode the configuration in a Java class (This is basicaly security through obscurity). Replacement configuration:
<bean id="dataSource"
class="my.app.CustomDriverManagerDataSource" >
<property name="driverClassName">
<value>com.mysql.jdbc.Driver</value>
</property>
</bean>
And add this class to you're class path
import org.springframework.jdbc.datasource.DriverManagerDataSource;
public class CustomDriverManagerDataSource extends DriverManagerDataSource {
public DriverManagerDataSource() {
super("jdbc:mysql:///BUSINESS","root","password");
}
}