I am attempting to set the location of the system property java.io.tmpdir to something other than the default "/tmp" in my standalone.xml file.
I have added the following element after the <extensions> element:
<system-properties>
<property name="java.io.tmpdir" value="/tmp/wildfly"/>
</system-properties>
However, when I start up wildfly, I see this in the log file:
java.io.tmpdir = /tmp
I don't see anywhere in any of the bin*.conf files or the bin*.sh files that's setting this... what am I missing?
Thanks.
Related
I need to set the flags to enable the default redirect_uri behavior for keycloak 19.0.3-legacy.
However, nothing I've tried so far has worked.
We're using the standalone-ha.xml configuration file. (not sure if this is the could be the right place to configure this.)
I need to set the following flags:
spi-login-protocol-openid-connect-suppress-logout-confirmation-screen=true
spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
https://www.keycloak.org/docs/19.0.3/upgrading/#openid-connect-logout-prompt
https://www.keycloak.org/docs/latest/upgrading/#openid-connect-logout
However, I run a standalone instance and don't run using kc.sh.
I've tried setting environment variables without success:
KC_SPI_LOGIN_PROTOCOL_OPENID_CONNECT_LEGACY_LOGOUT_REDIRECT_URI=true
KC_SPI_LOGIN_PROTOCOL_OPENID_CONNECT_SUPPRESS_LOGOUT_CONFIRMATION_SCREEN=true
and
KEYCLOAK_SPI_LOGIN_PROTOCOL_OPENID_CONNECT_LEGACY_LOGOUT_REDIRECT_URI=true
KEYCLOAK_SPI_LOGIN_PROTOCOL_OPENID_CONNECT_SUPPRESS_LOGOUT_CONFIRMATION_SCREEN=true
and
SPI_LOGIN_PROTOCOL_OPENID_CONNECT_LEGACY_LOGOUT_REDIRECT_URI=true
SPI_LOGIN_PROTOCOL_OPENID_CONNECT_SUPPRESS_LOGOUT_CONFIRMATION_SCREEN=true
and
LEGACY_LOGOUT_REDIRECT_URI=true
SUPPRESS_LOGOUT_CONFIRMATION_SCREEN=true
I've also tried to adding to a config file, but it doesn't seem to have been picked up from where it was put in the Dockerfile.
Dockerfile:
COPY conf.d/keycloak.conf /opt/jboss/keycloak/conf/keycloak.conf
and
COPY conf.d/keycloak.conf /opt/keycloak/conf/keycloak.conf
keycloak.conf
spi-login-protocol-openid-connect-suppress-logout-confirmation-screen=true
spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
and
suppress-logout-confirmation-screen=true
legacy-logout-redirect-uri=true
I also tried adding it to thedocker-entrypoint.sh parameters:
exec /opt/jboss/tools/docker-entrypoint.sh $# -Dspi-login-protocol-openid-connect-suppress-logout-confirmation-screen=true -Dspi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
and
--This one won't even start up. It fails stating that the parameters are invalid.
exec /opt/jboss/tools/docker-entrypoint.sh $# --spi-login-protocol-openid-connect-suppress-logout-confirmation-screen=true --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true
Update 1/24/23
Tried updating standalone-ha.xml, but it seems to have been ignored:
<subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
<web-context>auth</web-context>
<providers>
<provider>
classpath:${jboss.home.dir}/providers/*
</provider>
<provider>
module:org.keycloak.storage.ldap.LDAPSyncOnly
</provider>
</providers>
<master-realm-name>master</master-realm-name>
<scheduled-task-interval>900</scheduled-task-interval>
<theme>
<staticMaxAge>2592000</staticMaxAge>
<cacheThemes>false</cacheThemes>
<cacheTemplates>false</cacheTemplates>
<welcomeTheme>${env.KEYCLOAK_WELCOME_THEME:keycloak}</welcomeTheme>
<default>${env.KEYCLOAK_DEFAULT_THEME:keycloak}</default>
<dir>${jboss.home.dir}/themes</dir>
</theme>
... Bunch of other spi tags. ...
<spi name="login-protocol">
<provider name="openid-connect" enabled="true">
<properties>
<property name="suppress-logout-confirmation-screen" value="true"/>
<property name="legacy-logout-redirect-uri" value="true"/>
</properties>
</provider>
</spi>
</subsystem>
Useful links:
https://github.com/keycloak/keycloak/blob/10b7475b0431ed380d45b840578bc666ecb3263a/services/src/main/java/org/keycloak/protocol/oidc/OIDCLoginProtocolFactory.java#L106-L121
Shows the warning message that will print to the logs if this is set correctly.
https://www.keycloak.org/server/configuration#_example_configuring_the_db_url_host_parameter
Shows alternate ways to configure keycloak.
https://github.com/keycloak/keycloak-containers/tree/19.0.3
https://quay.io/repository/keycloak/keycloak?tab=tags
We figured it out.
By adding the following CLI commands we can properly update the high availability config file to enable the legacy flag.
embed-server --server-config=standalone-ha.xml --std-out=echo
/subsystem=keycloak-server/spi=login-protocol:add
/subsystem=keycloak-server/spi=login-protocol/provider=openid-connect:add(enabled=true)
/subsystem=keycloak-server/spi=login-protocol/provider=openid-connect:write-attribute(name=properties.legacy-logout-redirect-uri,value=true)
/subsystem=keycloak-server/spi=login-protocol/provider=openid-connect:write-attribute(name=properties.suppress-logout-confirmation-screen,value=true)
stop-embedded-server
I don't know why this worked but manually editing the standalone-ha.xml config didn't.
Goal: Have Log4j2:
Create the root "logs" directory if it doesn't exist.
Create an "archive" directory if it doesn't exist so RollingFile appender can save the rolled logs.
Expected Result:
..\logs\MyLog.log
..\logs\archive\MyLog_2022-03-03_1.log
..\logs\archive\MyLog_2022-03-03_2.log
..\logs\archive\MyLog_2022-03-03_3.log
.
.
..\logs\archive\MyLog_2022-03-03_20.log
I'm expecting the creation of "logs" & "archive" directories in case they aren't there on start-up/1st roll.
Actual Results:
Regarding the "logs" directory:
if the "logs" directory doesn't exist prior to start-up then system continues running without logging anything or creating the directory.
if the "logs" directory exists prior to start-up then it saves the main log file to it.
Regarding the "archive" directory for rolling logs:
if the "archive" directory doesn't exist prior to start-up then it is created, the system crashes and an exception is thrown.
if the "logs" directory exists prior to start-up then the system crashes and an exception is thrown.
What I have tried:
Replacing the properties with their actual hard-coded values.
Replacing the path with "./" at the beginning.
Replacing the path with "../" at the beginning.
Replacing the beginning of the path with various possible Lookups from Log4j2's documentation.
Hard-coding the full-path, which worked but is not an option to use as it will change according to the customer's installation location.
Configuration:
<Properties>
<Property name="log.dir">logs</Property>
<Property name="log.file">MyLog</Property>
<Property name="pattern">%d %-5p [%t] %c{2}:%L - %m%n</Property>
</Properties>
<RollingFile name="MainLog" fileName="${log.dir}/${log.file}.log" filePattern="${log.dir}/archive/${log.file}_%d{MM-dd-yyyy}_%i.log.gz">
<PatternLayout pattern="${pattern}" />
<Policies>
<SizeBasedTriggeringPolicy size="20 MB" />
</Policies>
<DefaultRolloverStrategy max="20" />
</RollingFile>
Research:
I've tried various Google searches and looked into many Stackoverflow questions, I will not be listing them here as they do not include any actual relevant data. Weirdly enough, I wasn't able to find any similar question.
What am I missing?
I have an application with the name cat_tiger.war that gets deployed as localhost:8080/cat_tiger but I want to change the context path to localhost:8080/cat/lion/ instead. I've added the META-INF/context.xml file as
<?xml version="1.0" encoding="UTF-8"?>
<Context copyXML="true" docBase="cat_tiger" path="/cat/lion"/>
and the server.xml file to be
<Host name="localhost" appBase="webapps"
copyXML="true" deployXML="true"
unpackWARs="true" autoDeploy="true">
but it still deploys as localhost:8080/cat_tiger/
Any ideas as to what else needs to be changed?
EDIT:
[1] Tomcat 8.5.3
[2]
04-Sep-2018 13:50:41.830 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor [/opt/tomcat/conf/Catalina/localhost/cat_tiger.xml] has finished in [2,750] ms
...
...
04-Sep-2018 13:50:39.070 WARNING [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDescriptor A docBase [/opt/tomcat/webapps/cat_tiger] inside the host appBase has been specified, and will be ignored
[3] I'm deploying through Netbeans but will have to be deployed in a Docker container eventually.
I don't understand why you are having problems, but I've created the web project using NetBeans 8.2 (File > New Project... > Java Web > Web Application), and successfully changed the context, so perhaps if I give details of my project you can identify where there's a crucial difference.
1 cat_tiger\web\META-INF\context.xml
My file looks identical to yours:
<?xml version="1.0" encoding="UTF-8"?>
<Context copyXML="true" docBase="cat_tiger" path="/cat/lion"/>
[2] Run output
Select the project node, right click and select Run from the popup menu to run on Tomcat 8.5:
ant -f D:\\NB82\\cat_tiger -Dnb.internal.action.name=run -Ddirectory.deployment.supported=true -DforceRedeploy=false -Dnb.wait.for.caches=true -Dbrowser.context=D:\\NB82\\cat_tiger -Duser.properties.file=C:\\Users\\johndoe\\AppData\\Roaming\\NetBeans\\8.2\\build.properties run
init:
deps-module-jar:
deps-ear-jar:
deps-jar:
library-inclusion-in-archive:
library-inclusion-in-manifest:
compile:
compile-jsps:
In-place deployment at D:\NB82\cat_tiger\build\web
Deployment is in progress...
deploy?config=file%3A%2FC%3A%2FUsers%2Fjohndoe%2FAppData%2FLocal%2FTemp%2Fcontext7953615149857268018.xml&path=/cat/lion
OK - Deployed application at context path [/cat/lion]
Start is in progress...
start?path=/cat/lion
OK - Started application at context path [/cat/lion]
run-deploy:
Browsing: http://localhost:8080/cat/lion
run-display-browser:
run:
BUILD SUCCESSFUL (total time: 0 seconds)
Actually, you probably don't need to run the application to see the problem; just select Deploy instead of Run from the popup menu. This is the output I get from Deploy:
ant -f D:\\NB82\\cat_tiger -Dnb.internal.action.name=redeploy -Ddirectory.deployment.supported=true -DforceRedeploy=true -Dnb.wait.for.caches=true -Dbrowser.context=D:\\NB82\\cat_tiger -Duser.properties.file=C:\\Users\\johndoe\\AppData\\Roaming\\NetBeans\\8.2\\build.properties run-deploy
init:
deps-module-jar:
deps-ear-jar:
deps-jar:
library-inclusion-in-archive:
library-inclusion-in-manifest:
compile:
compile-jsps:
Undeploying ...
undeploy?path=/cat_tiger
OK - Undeployed application at context path [/cat_tiger]
In-place deployment at D:\NB82\cat_tiger\build\web
Deployment is in progress...
deploy?config=file%3A%2FC%3A%2FUsers%2Fjohndoe%2FAppData%2FLocal%2FTemp%2Fcontext5063723197082921373.xml&path=/cat/lion
OK - Deployed application at context path [/cat/lion]
Start is in progress...
start?path=/cat/lion
OK - Started application at context path [/cat/lion]
run-deploy:
BUILD SUCCESSFUL (total time: 0 seconds)
[3] Tomcat log
Here are the deployment details in the Tomcat log, where you can see that my deployment shows the context correctly, whereas yours does not:
05-Sep-2018 23:09:09.321 INFO [http-nio-8080-exec-6] org.apache.catalina.startup.HostConfig.deployDescriptor Deploying configuration descriptor [C:\apache-tomcat-8.5.20\conf\Catalina\localhost\cat#lion.xml]
05-Sep-2018 23:09:09.334 INFO [http-nio-8080-exec-6] org.apache.catalina.startup.HostConfig.deployDescriptor Deployment of configuration descriptor [C:\apache-tomcat-8.5.20\conf\Catalina\localhost\cat#lion.xml] has finished in [13] ms
05-Sep-2018 23:09:09.338 INFO [http-nio-8080-exec-5] org.apache.catalina.util.LifecycleBase.start The start() method was called on component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/cat/lion]] after start() had already been called. The second call will be ignored.
[4] C:\apache-tomcat-8.5.20\conf\Catalina\localhost\cat#lion.xml
This is the file Tomcat created when deploying the application:
<?xml version="1.0" encoding="UTF-8"?>
<Context copyXML="true" docBase="D:\NB82\cat_tiger\build\web" path="/cat/lion"/>
Note that docBase contains an absolute path.
[5] server.xml
Here's the entire content. I'm using Tomcat 8.5. Note that the <host> element is slightly different to yours, but when I added copyXML="true" deployXML="true" to the <host> element (so it looked like yours) everything continued to work fine:
<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<Service name="Catalina">
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" relaxedQueryChars="[]|{}^+\`"<>"/>
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<Engine defaultHost="localhost" name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log" suffix=".txt"/>
<Context docBase="C:\apache-tomcat-8.5.20\wtpwebapps\PlusServlet" path="/PlusServlet" reloadable="true" source="org.eclipse.jst.jee.server:PlusServlet"/>
</Host>
</Engine>
</Service>
</Server>
Updated 9/6/2018:
Ignore the answer given above! Even though it happened to work for my configuration, the approach is explicitly disallowed in the Tomcat documentation.
Specifically, path should not be specified within the <Context> of a context.xml file placed within the application's META-INF directory. From the path description in the Common Attributes section of the Tomcat 8.5 documentation for the Context Container:
This attribute must only be used when statically defining a Context in
server.xml. In all other circumstances, the path will be inferred from
the filenames used for either the .xml context file or the docBase.
Even when statically defining a Context in server.xml, this attribute
must not be set unless either the docBase is not located under the
Host's appBase or both deployOnStartup and autoDeploy are false. If
this rule is not followed, double deployment is likely to result.
I have created Web Application by using JSF 2.0, Log 4j 1.2.14 and JBoss 7. When I run testcase, the log file is created. And the log file can't create when I run web application.
I there is anything I need to configur, please tell me.
Take a look at this maybe can help you.
The following filejboss-deployment-structure.xmlneeds to contain the following:
<jboss-deployment-structure>
<deployment>
<!-- Exclusions allow you to prevent the server from automatically adding some dependencies -->
<exclusions>
<module name="org.apache.log4j" />
</exclusions>
</deployment>
</jboss-deployment-structure>
Make sure the configuration file (log4j.xml or log4j.properties) is in the classpath of the web application (in this case, in the binaries).
WEB-INF/classes/log4j.properties
If you have both files (log4.properties, log4j.xml) only is considered log4j.xml. The first time you init or use some instance of org.apache.log4j.Logger, log4j search the configuration file in the classpath, then the configuration is loaded.
If you want to see this process of searching and loading more closely, add the following argument to the virtual machine:
-Dlog4j.debug
I have one requirement: copy local files to remote system.
I have done the following:
downloaded jsch-0.1.44.jar and copied to lib folder of Ant
set the path and every thing
My buildfile is:
<project name="ImportedBuild" default="all">
<target name="copyFileToRemote">
<echo>2222222222 copyFileToRemote Examples:::::::::::::</echo>
<scp file="sample.txt" todir="${username}:${password}#${hostname}:/shared"/>
</target>
</project>
When I run Ant, I get this error:
BUILD FAILED com.jcraft.jsch.JSchException: reject HostKey: 10.184.74.168
at com.jcraft.jsch.Session.checkHost(Session.java:712)
at com.jcraft.jsch.Session.connect(Session.java:313)
at com.jcraft.jsch.Session.connect(Session.java:154)
at org.apache.tools.ant.taskdefs.optional.ssh.SSHBase.openSession(SSHBase.java:212)
at org.apache.tools.ant.taskdefs.optional.ssh.Scp.upload(Scp.java:291)
at org.apache.tools.ant.taskdefs.optional.ssh.Scp.execute(Scp.java:203)
at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288)
... etc ...
Any ideas how to resolve this?
According to the Ant scp task docs, trust attribute:
This trusts all unknown hosts if set
to yes/true. Note If you set this to
false (the default), the host you
connect to must be listed in your
knownhosts file, this also implies
that the file exists.
The trust attribute is not used in your task call, so it appears that the host (10.184.74.168) is not in your knownhosts file. Suggest you add trust="true", or add the host to the knownhosts file.
Be sure your ~/.ssh/known_hosts file is using un-hashed hostnames; if the lines start |1|base64data..., JSch appears unable to parse them. Create lines of the format hostname[,hostname|ip]* ssh-keytype base64data....
See man 8 sshd on the precise format of known_hosts, and tips on where to find the host's public key.