Wednesday, June 28, 2017



Following is how you can read query params from your rest service when using Enterprise Integrator.

There are two ways to read your query params.

1. Assigning value to a property within a URI template. (get-property('uri.var.qtest')).

If you look at the following synapse config I'm assigning the required query param to


<api xmlns="http://ws.apache.org/ns/synapse" name="test" context="/qtest">
   <resource methods="GET" uri-template="/search?q={qtest}" outSequence="" faultSequence="">
      <inSequence>
         <log>
            <property name="QUERY PARAM IS =" expression="get-property('uri.var.qtest')"/>
         </log>
      </inSequence>
   </resource>
</api>


2. Reading as a query params. (get-property('query.param.q'))

By default query params are loaded by the EI it self, so you can directly access them without any extra configurations. Following is how you can do this.


<api xmlns="http://ws.apache.org/ns/synapse" name="test" context="/qtest">
   <resource methods="GET" uri-template="/search?q=*" outSequence="" faultSequence="">
      <inSequence>
         <log>
            <property name="QUERY PARAM IS =" expression="get-property('query.param.q')"/>
         </log>
      </inSequence>
   </resource>
</api>


Please drop a comment if you have any further queries.

Sunday, May 21, 2017



If you need to allow insecure connections (non-SSL) to your K8S API Server, following is how you can get this done.

First Open your API Server manifest.

sudo vim /etc/kubernetes/manifests/kube-apiserver.yaml

Now add the following properties.

    - --insecure-bind-address=0.0.0.0
    - --insecure-port=8080

The complete kube-apiserver.yaml will look like following, (This is a fraction of the yaml file)

apiVersion: v1
kind: Pod
metadata:
  name: kube-apiserver
  namespace: kube-system
spec:
  hostNetwork: true
  containers:
  - name: kube-apiserver
    image: quay.io/coreos/hyperkube:v1.6.1_coreos.0
    command:
    - /hyperkube
    - apiserver
    - --bind-address=0.0.0.0
    - --etcd-servers=http://192.168.57.13:2379
    - --allow-privileged=true
    - --service-cluster-ip-range=10.3.0.0/24
    - --secure-port=443
    - --insecure-bind-address=0.0.0.0
    - --insecure-port=8080
    - --advertise-address=192.168.57.12
    - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota
    - --tls-cert-file=/etc/kubernetes/ssl/apiserver.pem
    - --tls-private-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --client-ca-file=/etc/kubernetes/ssl/ca.pem
    - --service-account-key-file=/etc/kubernetes/ssl/apiserver-key.pem
    - --runtime-config=extensions/v1beta1/networkpolicies=true
    - --anonymous-auth=false

Now restart your kubelet service.

Then in the client machine export the Kubernetes Master URL

export KUBERNETES_MASTER=http://192.168.57.12:8080

And thats it now you can call your kubernetes master through a non secured channel.

Please drop a comment if you have queries.

Friday, May 19, 2017



I was trying to wget one of Jenkins Artifacts, but was continuously getting a 404 error.


HTTP request sent, awaiting response... 404 Not Found
2017-05-19 13:12:13 ERROR 404: Not Found.

My request was as follows.


wget https://wso2.org/jenkins/job/ballerinalang/job/tools-distribution/257/org.ballerinalang.tools$ballerina-tools/artifact/org.ballerinalang.tools/ballerina-tools/0.87-SNAPSHOT/ballerina-tools-0.87-SNAPSHOT.zip

So my issue was, My URL had some special charactors. (tools$ballerina-tools) A $ character. So Bash droped this when fetching the artefact, So Jenkins was unable to find the actual resource. To solve this type of issue you can use a scape charater to skip the special character.

\$

Full Request is as Follows.

wget https://wso2.org/jenkins/job/ballerinalang/job/tools-distribution/257/org.ballerinalang.tools\$ballerina-tools/artifact/org.ballerinalang.tools/ballerina-tools/0.87-SNAPSHOT/ballerina-tools-0.87-SNAPSHOT.zip


This is one of million ways to get an 404 error, Just mentioning to help someone to save couple of hours. :)

Friday, April 21, 2017



Server names are defined using the server_name directive and determine which server block is used for a given request. See also “How nginx processes a request”. They may be defined using exact names, wildcard names, or regular expressions:

NginX behaves in a way, such that,

Nginx first decides which server should process the request. Let’s start with a simple configuration where all three virtual servers listen on port *:80:
server {
    listen      80;
    server_name www.yasassri.org;
    ...
}

server {
    listen      80;
    server_nam www.yasassri.net;
    ...
}

server {
    listen      80;
    server_name www.yasassri.com;
    ...
}
In the above configuration Nginx checks only the request’s header field “Host” to determine which server the request should be routed to. If its value does not match any server name, or the request does not contain this header field at all, then Nginx will route the request to the default server for this port.

Let me elaborate this with an example, If a client sends a request to www.yasassri.org or www.yasassri.net or www.yasassri.com NginX will route the messages to the corresponding server block. (If the Host header contains the Host-name) But what if client sends a message with Host Header www.abcd.com, this message doesn't match with any server names, so it shouldn't be routed anywhere Right? No that's not what really happens, the default behavior of NginX is to route this message to the default server configuration. In the configuration above, the default server is the first one — this is Nginx’s standard default behavior. It can also be set explicitly which server should be default, with the default_server parameter in the listen directive:
server {
    listen      80 default_server;
    server_name example.net www.yasassri.net;
    ...
}

So what if you want to block all the calls that doesn't match with the defined server names? NginX doesn't provide a cofiguration for this, to achieve this you can simply add the following server blocks as a workaround. So the following will be your default server block.


server {
  listen 80 default_server;
  return 404;
}

So when ever your server name doesn't match the request will be routed to the above server block, and a 404 is sent to the client.

So that's it, please drop a comment if you have more queries.

Wednesday, January 18, 2017




SSL can be a pain some times. Recently I was getting the following Exception continuously no-matter what ever certificate I import to the client-truststore. So it took the best out of me to debug and find-out the real issue behind this. In this post I'll explain how one can debug a SSL connection issue.


org.apache.axis2.AxisFault: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
 at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
 at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
 at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
 at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
 at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
 at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
 at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
 at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:622)
 at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
 at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
 at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
 at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
 at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
 at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
 at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
 at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
 at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
 at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:530)
 at SecurityClient.runSecurityClient(SecurityClient.java:99)
 at SecurityClient.main(SecurityClient.java:34)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:483)
 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.close(XMLStreamWriterImpl.java:378)
 at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46)
 at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:188)
 at org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:844)
 at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
 ... 25 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1509)
 at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1521)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
 at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
 at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:138)
 at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.close(XMLStreamWriterImpl.java:376)
 ... 29 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
 at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
 at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
 at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:138)
 at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:397)
 at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
 at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:198)
 at org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:842)
 ... 26 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
 ... 41 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
 ... 47 more
org.apache.axis2.AxisFault: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
 at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
 at org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:84)
 at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
 at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
 at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
 at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
 at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
 at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
 at org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:622)
 at org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
 at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
 at org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:451)
 at org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:278)
 at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:442)
 at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:430)
 at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:225)
 at org.apache.axis2.client.OperationClient.execute(OperationClient.java:149)
 at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:554)
 at org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:530)
 at SecurityClient.runSecurityClient(SecurityClient.java:99)
 at SecurityClient.main(SecurityClient.java:34)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:483)
 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)
Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.close(XMLStreamWriterImpl.java:378)
 at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.close(XMLStreamWriterWrapper.java:46)
 at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:188)
 at org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:844)
 at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
 ... 25 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1509)
 at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1521)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:71)
 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
 at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
 at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:138)
 at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.close(XMLStreamWriterImpl.java:376)
 ... 29 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
 at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1917)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
 at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:295)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1369)
 at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:156)
 at sun.security.ssl.Handshaker.processLoop(Handshaker.java:925)
 at sun.security.ssl.Handshaker.process_record(Handshaker.java:860)
 at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1043)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1343)
 at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:728)
 at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
 at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
 at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
 at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
 at com.sun.xml.internal.stream.writers.UTF8OutputStreamWriter.flush(UTF8OutputStreamWriter.java:138)
 at com.sun.xml.internal.stream.writers.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:397)
 at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
 at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:198)
 at org.apache.axiom.om.impl.dom.NodeImpl.serializeAndConsume(NodeImpl.java:842)
 ... 26 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
 at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
 at sun.security.validator.Validator.validate(Validator.java:260)
 at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
 at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1351)
 ... 41 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
 at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
 at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
 at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
 at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
 ... 47 more
Exception in thread "main" java.lang.NullPointerException
 at SecurityClient.main(SecurityClient.java:38)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:483)
 at com.intellij.rt.execution.application.AppMain.main(AppMain.java:144)


I'm assuming that you have parsed the certificate importing step which is the most common cause for this issue. You simply need to import the servers public certificate to the Java clients trust-store. To import a certificate you can use the following keytool commnad.


keytool -import -v -alias wso2 -file nginx.crt -keystore client-truststore.jks -storepass wso2carbon


Its important to know when the client is making  a SSL Connection what happens.
Following image depicts the SSL handshake process.






If you haven't enabled Mutual SSL the step 4 will be skipped in SSL handshake. When the server receives a client hello the server will reply with the servers public certificate and the client will validate whether this certificate is available in the clients trust-store to make sure the client is talking with the actual server. (To avoid Man in the Middle attack). This is where the above error will be thrown. If the client is not able to find the servers certificate in the trust-store it will break the handshake and will start complaining.


So How can we debug this issue. First let make sure that your trust-store has the actual certificate. To do that you can list all the ertificates in the client-trust store.


#If you do not know the alias

keytool -list -v -keystore keystore.jks

#If you know the alias

keytool -list -v -keystore keystore.jks -alias abc.com


If the certificate is not available we need to import the certificate. Also makesure you don't have multiple certificates with same CN  (Common Name) if you are using wildcard certificates.

So what if you have the certificate but you are still getting this issue. So lets make sure that the Server or Load Balancer is sending the correct certificate. In my case I have a NginX server running and my client is connecting through NginX.

To check the servers certificate you can use the openssl client. Simply execute the following in your terminlal.


openssl s_client -connect wso2.com:443

If everything is working correctly your certificates CN should match the servers Host name.


[yasassri@yasassri-device wso2esb-analytics-5.0.0]$ openssl s_client -connect wso2.com:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA
verify return:1
depth=0 C = US, ST = California, L = Palo Alto, O = "WSO2, Inc.", CN = *.wso2.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=California/L=Palo Alto/O=WSO2, Inc./CN=*.wso2.com
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFSTCCBDGgAwIBAgIQB1fk8mjmJAD836dv4rBT7zANBgkqhkiG9w0BAQsFADBw
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS8wLQYDVQQDEyZEaWdpQ2VydCBTSEEyIEhpZ2ggQXNz
dXJhbmNlIFNlcnZlciBDQTAeFw0xNTEwMjYwMDAwMDBaFw0xODEwMjkxMjAwMDBa
MGAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlQ
YWxvIEFsdG8xEzARBgNVBAoTCldTTzIsIEluYy4xEzARBgNVBAMMCioud3NvMi5j
b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmRnXn8ez+xcD0f+x1
BF76v0SlKLb1KxjXTWZ9IPwUa9H6XxNbbIymxgFPrPitzL+JH6o90JW+BNqm1+Wk
MEhvDakuShA462vrrKKlj0S+wSecT/rbCJ/hZ9a5T8hRhLv75H8+7Kq3BYmPOryC
lalisdsvCM9yMzXxFmyCC2DHIvm4yhYl6jsuNirkw5WF6ep12ywPbRcKjU3YMBrG
khNtbIJLbHaR+JiziR3WlXR2R8nEmdeHs98p8YTVJH52ohCNrIEjHuDdOCE0nLg/
ZZqmO5PUKF3RE5s3Nqmoe7FFps3uDghdwhtqHQ4xsPAAZDflcpyov6dnjPDifa7P
K8S9AgMBAAGjggHtMIIB6TAfBgNVHSMEGDAWgBRRaP+QrwIHdTzM2WVkYqISuFly
OzAdBgNVHQ4EFgQUCobs4BBRc7f2I1GLS6XIOthCR+AwHwYDVR0RBBgwFoIKKi53
c28yLmNvbYIId3NvMi5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjB1BgNVHR8EbjBsMDSgMqAwhi5odHRwOi8vY3JsMy5k
aWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzQuY3JsMDSgMqAwhi5odHRwOi8v
Y3JsNC5kaWdpY2VydC5jb20vc2hhMi1oYS1zZXJ2ZXItZzQuY3JsMEwGA1UdIARF
MEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2lj
ZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMIGDBggrBgEFBQcBAQR3MHUwJAYIKwYBBQUH
MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBNBggrBgEFBQcwAoZBaHR0cDov
L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkhpZ2hBc3N1cmFuY2VT
ZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAgx6w
WDDP3AMZ4Ez5TB/Tu57hVmaDZlMB+chV89u4ns426iQKIf82CBJ880R/R9adxfNn
kBuNF0mwF7BCzgp7R62L0PqLWB0cO7ExhixIPdXceH3T1x2Jsjnv+BiyO+HFdNbP
fhdbTmaEKehjWUwIA36QGi8AdG3FXEr1ijlilj3dYfgfm7qLAQIUEcf9ww12eeR3
far103txuZn3P5Lsc6aV8SZdMrlsdceCn+2EsK+Vf7PJBWfUkeXH3KGdXAlTHxSY
IodGC5B2ACFW2C2H69t4Ec+9FrFLPV8rWXxmBO+44t+opCHvqpZ3yBgFPhncE2Fy
ju9e8Gag5kRWanNQMw==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Palo Alto/O=WSO2, Inc./CN=*.wso2.com
issuer=/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 High Assurance Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3240 bytes and written 327 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 43BD18F9F2D84C05ECFF44189DBFA7E94D3FB569EDBABB79864BCE5E715698E3
    Session-ID-ctx: 
    Master-Key: 23934BED53F879565B01055F9C9FA98CF8DFA8E8E4F1C5FD07C5630D4A68C60CC7B3D15D2AC5E3DEFED7DC0A442BBEEC
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 71 59 c8 ea 79 a8 4e 76-65 1f ed ca 8d 71 3f d3   qY..y.Nve....q?.
    0010 - f7 cd 68 b8 03 75 6d b2-73 66 e1 90 2c 22 92 fd   ..h..um.sf..,"..
    0020 - 19 7d 98 c5 0a bb 82 b1-b0 84 3b 37 c0 72 57 c3   .}........;7.rW.
    0030 - c0 e1 9d d2 bf 7d 7d 8f-ce 3e af 5d 13 4d b9 c2   .....}}..>.].M..
    0040 - bd e0 8f c9 1a 58 d3 48-8e 04 96 5c c0 50 3a a6   .....X.H...\.P:.
    0050 - bc 74 18 89 95 49 e6 d9-7d 5d 7d 1a 0b 77 56 7b   .t...I..}]}..wV{
    0060 - f5 2b 87 6c af 4a 3d 16-61 a8 f9 b5 46 e6 c2 9f   .+.l.J=.a...F...
    0070 - cb 4f 11 52 d9 30 ea 62-d3 31 49 0e 8f 32 6b 58   .O.R.0.b.1I..2kX
    0080 - 9f 45 ab db 71 7b 29 7e-24 1d 0f d8 fa 67 59 39   .E..q{)~$....gY9
    0090 - 6f f3 23 1b 43 64 c9 45-c8 7f b7 33 2e 01 e8 0a   o.#.Cd.E...3....
    00a0 - f5 85 79 64 69 b9 3c af-33 63 26 2f 36 a2 5b 63   ..ydi.<.3c&/6.[c

    Start Time: 1484740335
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed


What if your certificate is different????? Why and How? In my case I had a similar issue, my NginX server was sending me the wrong certificate. After debuging a lot it turn out, that my client is using SSLv2. So let me explain this further.

In my NginX configurations I have configured multiple certificates for multiple servers. So I figured-out that the NginX sending me the certificate of a different server. So Why?  It turns out in older days it was not possible to add multiple certificates to same IP+PORT. In the SSL handshake level there is no way for the server to know whether you are calling foo.com or bar.com. But in later iterrations in SSL, in TLS 1.2+ there is a concept called SNI(Server Name Identifier) with SNI the client can send the servers hostname at the SSL handshake level. So since my client was using SSLv2, NginX didn't have a clue to send the correct certificate so it randomly sends the certificate which matches first. In my case it was done in alphabetical order.

So the correct fix for this is to use later SSL protocols like TLS. Or you can simply move different servers to different ports in NginX so nginX will always have a single certificate to deal with. Aother workaround is to import all the certificates to client-truststore.

In my case I moves some servers to different ports in NginX since I didn't have any control over the clients. So how can I use SNI when connecting with openssl client. You can simply use the following command for this.


openssl s_client -servername wso2.com -connect wso2.com:443


So hope this will help someone. Drop a comment if you have any queries.

Thursday, December 22, 2016


Settingup MYSQL

Generating the Keys and Signing them

Execute following commands to generate necessary keys and to sign them.

openssl genrsa 2048 > ca-key.pem
openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca.pem
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem
openssl rsa -in server-key.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem
openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem
openssl rsa -in client-key.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 3600 -CA ca.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem


Now open my.cnf and add the following configurations. Its located at /etc/mysql/my.cnf in Ubuntu.


[mysqld]
ssl-ca=/etc/mysql/ca.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem

An sample my.cnf would look like following.



Now restart mysql server.  You can use the following command to do this.


sudo service mysql restart


Now to check whether SSL certificates are properly set. Login to MySQL and execute the following query.

SHOW VARIABLES LIKE '%ssl%';

Above will give the below output.

+---------------+----------------------------+
| Variable_name | Value                      |
+---------------+----------------------------+
| have_openssl     | YES                                 |
| have_ssl             | YES                                  |
| ssl_ca                 | /etc/mysql/ca.pem         |
| ssl_capath         |                            |
| ssl_cert             | /etc/mysql/server-cert.pem |
| ssl_cipher         |                            |
| ssl_crl               |                                |
| ssl_crlpath        |                            |
| ssl_key              | /etc/mysql/server-key.pem  |
+---------------+----------------------------+

Now MYSQL configurations are done. Now lets configure WSO2 products to connect to MYSQL via SSL.


Connecting WSO2 Products to secured MySQL Server


1. First, we need to import client and server certificates to the client-truststore of WSO2 server. You can do this with following commands. (The certificates we created when configuring MySQL)


keytool -import -alias wso2qamysqlclient -file  /etc/mysql-ssl/server-cert.pem -keystore repository/resources/security/client-truststore.jks


keytool -import -alias wso2qamysqlserver -file  /etc/mysql-ssl/client-cert.pem -keystore repository/resources/security/client-truststore.jks


2. Now specify the SSL parameters in the connection URL. Make sure you specify both options useSSL and requireSSL.


jdbc:mysql://192.168.48.98:3306/ds21_carbon?autoReconnect=true&amp;useSSL=true&amp;requireSSL=true


The Full datasource will look like following.


<configuration>
    <url>jdbc:mysql://192.168.48.98:3306/ds21_carbon?autoReconnect=true&amp;useSSL=true&amp;requireSSL=true</url>
    <username>root</username>
    <defaultAutoCommit>false</defaultAutoCommit>
    <password>root</password>
    <driverClassName>com.mysql.jdbc.Driver</driverClassName>
    <maxActive>80</maxActive>
    <maxWait>60000</maxWait>
    <minIdle>5</minIdle>
    <testOnBorrow>true</testOnBorrow>
    <validationQuery>SELECT 1</validationQuery>
    <validationInterval>30000</validationInterval>
</configuration>


3. Now you can start the server. If everything is set properly, the server should start without errors.


Thursday, December 8, 2016



When I was trying to use eclipse on Fedora 26 I faced many errors related to GTK 3. Following are some of the errors I saw. These were observed in Mars2, Oxygen and also in Neon.

(Eclipse:11437): Gtk-WARNING **: Allocating size to SwtFixed 0x7fef3992f2d0 without calling gtk_widget_get_preferred_width/height(). How does the code know the size to allocate?

(Eclipse:13633): Gtk-WARNING **: Negative content width -1 (allocation 1, extents 1x1) while allocating gadget (node trough, owner GtkProgressBar)

(Eclipse:13795): Gtk-WARNING **: Negative content width -1 (allocation 1, extents 1x1) while allocating gadget (node trough, owner GtkProgressBar)


(Eclipse:13795): Gtk-CRITICAL **: gtk_distribute_natural_allocation: assertion 'extra_space >= 0' failed


All above issues are caused by GTK 3. So as a solution for this issues what we can do is force eclipse to use GTK2. Following is how you can do this.

To force GTK2, simply export the following environment variable.


1
2
3
4
#Export Following
export SWT_GTK3=0
#Start Eclipse using the same terminal session
./eclipse


Note : Make sure you start eclipse in the same terminal session where the Exported sys variable is visible to eclipse.

If you want to force eclipse to use GTK3 you can simply change the variable as follows SWT_GTK3=1

Thanks for reading and please drop a comment if you have any queries. 

Sunday, August 28, 2016

When using Jmeter I have come across two easy ways to record Jmeter scripts. I will explain these methods and the some tips to make your reording more usefull.

1. Using  blazemeter plugin.

This is a browser plugin that can be used to record Jmeter Scripts. Note that you should have a account created in blazemeter website for this and account creation is free. You can get the plugin for chrome from here.

After Installing the plugin, setup the plugin as shown below and start recording perform the action you want to record in the browser and stop the recording.  After stooping the recording you can download a .jmx file and open it with Jmeter.








2. Using Recording Controller

This is Jmeter inbuild option that is available for recording. To record with Recording  Controller follow the below instructions.

1. Create a Proxy server in the browser. To do this open Browser options and do the following configurations. Note that I'm adding localhost as my proxy host so I should access my website which needs to be recorded through the same domain "localhost".



2. Now right click on the WorkBench and add a "HTTP(S) Test Script Recorder" which can be found under non test elements and set the following configs. Make sure that the proxy port matches the proxy port that was set in step 01.



3. [OPTIONAL] Now add URL exclude patterns as shown below. This is to avoid Jmeter from recording unnecessary HTTP calls. (e.g: Loading javascripts/ Server Pings etc.)


4. [OPTIONAL] Now add a User Defined Variables Element and add any variable you might want to parameterize. What ever variable added here, if the value defined for the variable matches with any content of the recording, Jmeter will automatically parameterize this. This is quite handy when dealing with complex recordings. Make sure this resides in the same Thread group where the Recording Controller is located.



5. Now add a Recording Controller with the project. You can observe this in the above screenshot.

6. Now Start the proxy server and acess the browser and navigate to the website you want to record. Now expand the recording controller and observer the magic happening.

So that's it hope this might help someone, and please drop a comment if you have any other queries.

Monday, August 22, 2016




By default the management console of WSO2 products are not accessible through HTTP, this is restricted due to security concerns. But if anyone desires to access the management console via the HTTP port Following is how you can do this.

1. Open <WSO2 HOME>/repository/conf/carbon.xml.
2. Search for the following configuration and uncommnet it if its commented or enable it.

    <EnableHTTPAdminConsole>true</EnableHTTPAdminConsole>

3. Restart the server.

And Now you should be able to access the management console with the HTTP URL as shown below.

http://localhost:9763/carbon/admin/login.jsp

Wednesday, August 3, 2016



Recently I updated my laptop to Fedora 24 from Fedora 23. And suddenly my tocuhpad stopped working properly. Even touchpad settings were missing under Gnome environment. Although everything worked with wayland I had some issues when working with wayland.

Following is how I got this resolved. Please do the changes with caution and with proper backups.

The primary method of configuration for the touchpad is through an Xorg server configuration file. So lets get started.

1. First locate the synaptics.conf file which is the default configuration and copy it as shown below. After copying you can do the necessary configurations.


sudo cp /usr/share/X11/xorg.conf.d/50-synaptics.conf /etc/X11/xorg.conf.d/

Note that the name of your fila may differ slightly.

2. Now open the copied file and add the following configuration to it. If you already have a config blog edit that section.

Section "InputClass"
        Identifier "touchpad catchall"
        Driver "synaptics"
        MatchIsTouchpad "on"
        MatchDevicePath "/dev/input/event*"
        Option "TapButton1" "1"
        Option "TapButton2" "3"
        Option "TapButton3" "2"
        Option "VertEdgeScroll" "on"
        Option "VertTwoFingerScroll" "on"
        Option "HorizEdgeScroll" "on"
        Option "HorizTwoFingerScroll" "on"
        Option "CircularScrolling" "on"
        Option "CircScrollTrigger" "2"
        Option "EmulateTwoFingerMinZ" "40"
        Option "EmulateTwoFingerMinW" "8"
        Option "CoastingSpeed" "0"
        Option "FingerLow" "30"
        Option "FingerHigh" "50"
        Option "MaxTapTime" "125"
EndSection

Now restart your OS and hopefully everything will work now.




In this Post I will explain How we can receive Emails through WSO2 ESB Mailto transport and perform some operations on it.

1. First lets Enable the transport. Open "repository/conf/axis2/axis2.xml" and uncomment the following section.


<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.MailTransportListener">
        <!-- configure any optional POP3/IMAP properties
        check com.sun.mail.pop3 and com.sun.mail.imap package documentation for more details-->
    </transportReceiver>


2. Now lets create a proxy service to consumes the Emails. You can Copy and paste the following proxy service to source view to create the proxy. Make sure you change access parameters accordingly.



<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="JasperEmailPOP3"
       transports="mailto"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <property name="senderAddress"
                   expression="get-property('transport', 'From')"
                   scope="default"
                   type="STRING"/>
         <log level="custom">
            <property name="Date" expression="$trp:Date"/>
            <property name="Subject" expression="$trp:Subject"/>
            <property name="Content-Type" expression="$trp:Content-Type"/>
            <property name="From" expression="$trp:From"/>
         </log>
         <drop/>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </target>
   <parameter name="mail.pop3.socketFactory.class">javax.net.ssl.SSLSocketFactory</parameter>
   <parameter name="transport.PollInterval">5</parameter>
   <parameter name="mail.pop3.host">pop.gmail.com</parameter>
   <parameter name="mail.pop3.user">ycwso2test</parameter>
   <parameter name="transport.mail.Protocol">pop3</parameter>
   <parameter name="mail.pop3.socketFactory.port">995</parameter>
   <parameter name="transport.mail.Address">ycwso2test@gmail.com</parameter>
   <parameter name="mail.pop3.password">wso2qa123</parameter>
   <parameter name="mail.pop3.port">995</parameter>
   <parameter name="mail.pop3.socketFactory.fallback">false</parameter>
   <description/>
</proxy>


3. Now Send a Email to your Email account and you will see the following log in backlogs.


[2016-08-03 12:10:05,232]  INFO - LogMediator Date = Wed, 3 Aug 2016 12:09:25 +0530, Subject = This is a Test, Content-Type = multipart/alternative; boundary=001a11402208fef0bb0539251978, From = Yasassri Ratnayake <ycrnet@gmail.com>


So thats it. If you cannot get this to work you can enable Debug logs and check whats wrong. To do this add the following line to repository/conf/log4j.properties and restart the ESB server.

log4j.logger.org.apache.axis2.transport.mail.MailTransportListener=DEBUG



Wednesday, June 8, 2016



One of my friends wanted to access the cookie data that was generated from the cookie manager in Jmeter. So I googled a lot and couldn't find much information to achieve this. So in this post I will explain how I got this soloved.

Note : I tried to do this with a Regular Expression Extractor without any lick. It oesn't provide a option to access cookie data.

So the Simplest way I could do this is by using a JSR223 PreProcessor. Same thing can be achieved with a BeanShell preProcessor as well.

So Fist we need to access the current sampler context. This can be done by ctx.getCurrentSampler() and then lets get the cookie Manager. ctx.getCurrentSampler().getCookieManager().get(0) Note that you have to parse the index to the get method to get the cookie and I have passed 0 here. So the full syntax will look like following.


String cookie = ctx.getCurrentSampler().getCookieManager().get(0).toString();

Now lets assign this value to a Jmeter variable. This can be done in the following manner.


vars.put("jsessionid2",cookie);


The full Sampler will look like following.



So that's it, After getting the Cookie data you can perform any operation of the extracted string. Please drop a comment if you have any other queries.


Monday, April 18, 2016



In some cases if you are using gpg plugin to sign your artifacts you might get the following error and the build will fail.

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-gpg-plugin:1.5:sign (sign-artifacts) on project testng-parser: Exit code: 2

If you get the above error there are few ways to skip artifact signing and carryout your build.


Method 1 : Editing your POM

You can disable the gbp plugin from the POM or skip the signing of artifacts. Refer the following.

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>maven-gpg-plugin</artifactId>
    <configuration>
        <skip>true</skip>
    </configuration>
</plugin>


Method 2 : Disabling at runtime

You can also disable gpg signing at runtime by running the mvn build with following parameter.

mvn clean install -Dgpg.skip

Or as

mvn clean install -Dgpg.skip=true

So that's it, please drop a comment if you have any questions.

Thursday, April 7, 2016

In this post I'm going to create a proxy service using WSO2 ESB to Pull a message from ActiveMQ and to push that Message to IBM MQ (WebSphere MQ). If you need to configure IBM MQ you can follow this Post. And to configure ESB with ActiveMQ you can follow this post.

After configuring ActiveMQ and IBM MQ you need to add the following transports. (If you have already added this do not add).

The issue here is, for both ActiveMQ and IBMMQ you need two different transport configurations. So you can achieve this by referring the following axis2 configurations.

Transport Receivers


<!-- This is for IBM MQ -->
<transportReceiver name="jmsin" class="org.apache.axis2.transport.jms.JMSListener">
  <parameter name="default" locked="false">
    <parameter name="java.naming.factory.initial" locked="false">com.sun.jndi.fscontext.RefFSContextFactory</parameter>
    <parameter name="java.naming.provider.url" locked="false">file:/C:/jndi-dir</parameter>
    <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">MyQueueConnectionFactory</parameter>
    <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
    <parameter name="transport.jms.UserName" locked="false">admin</parameter>
    <parameter name="transport.jms.Password" locked="false">admin</parameter>
  </parameter>

  <parameter name="myQueueConnectionFactory1" locked="false">
    <parameter name="java.naming.factory.initial" locked="false">com.sun.jndi.fscontext.RefFSContextFactory</parameter>
    <parameter name="java.naming.provider.url" locked="false">file:/C:/jndi-dir</parameter>
    <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">MyQueueConnectionFactory</parameter>
    <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
    <parameter name="transport.jms.UserName" locked="false">admin</parameter>
    <parameter name="transport.jms.Password" locked="false">admin</parameter>
  </parameter>
</transportReceiver>

<!-- This is for ActiveMQ -->

<transportReceiver name="jmsamq" class="org.apache.axis2.transport.jms.JMSListener">
       <parameter name="myTopicConnectionFactory" locked="false">
           <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
           <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
           <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
            <parameter name="transport.jms.ConnectionFactoryType" locked="false">topic</parameter>
       </parameter>
  
       <parameter name="myQueueConnectionFactory" locked="false">
           <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
           <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
           <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
       </parameter>
  
       <parameter name="default" locked="false">
           <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
           <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
           <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
            <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
       </parameter>
   </transportReceiver>



Transport Senders


<!-- For IBM MQ -->
<transportSender name="jms" class="org.apache.axis2.transport.jms.JMSSender">
  <parameter name="default" locked="false">
    <parameter name="java.naming.factory.initial" locked="false">com.sun.jndi.fscontext.RefFSContextFactory</parameter>
    <parameter name="java.naming.provider.url" locked="false">file:/C:/jndi-dir</parameter>
    <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">MyQueueConnectionFactory</parameter>
    <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
    <parameter name="transport.jms.UserName" locked="false">admin</parameter>
    <parameter name="transport.jms.Password" locked="false">admin</parameter>
  </parameter>

  <parameter name="myQueueConnectionFactory1" locked="false">
    <parameter name="java.naming.factory.initial" locked="false">com.sun.jndi.fscontext.RefFSContextFactory</parameter>
    <parameter name="java.naming.provider.url" locked="false">file:/C:/jndi-dir</parameter>
    <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">MyQueueConnectionFactory</parameter>
    <parameter name="transport.jms.ConnectionFactoryType" locked="false">queue</parameter>
    <parameter name="transport.jms.UserName" locked="false">admin</parameter>
    <parameter name="transport.jms.Password" locked="false">admin</parameter>
  </parameter>
</transportSender>


Now when you are creating a proxy the transports you defined will be listed under the transport section.

Now create the following proxy service

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="LocalQueue1"
       transports="jmsamq"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <property name="FORCE_SC_ACCEPTED" value="true" scope="axis2"/>
         <property name="OUT_ONLY" value="true" scope="default" type="STRING"/>
         <property name="JMS_COORELATION_ID"
                   value="12345"
                   scope="axis2"
                   type="STRING"/>
         <property name="JMS_DESTINATION" scope="transport" action="remove"/>
         <property name="JMS_REDELIVERED" scope="transport" action="remove"/>
         <property name="JMS_TYPE" scope="transport" action="remove"/>
         <property name="Accept-Encoding" scope="transport" action="remove"/>
         <property name="Content-Length" scope="transport" action="remove"/>
         <property name="Content-Type" scope="transport" action="remove"/>
         <property name="User-Agent" scope="transport" action="remove"/>
         <property name="Transfer-Encoding" scope="transport" action="remove"/>
         <property name="X-Forwarded-For" scope="transport" action="remove"/>
         <property name="X-Forwarded-Host" scope="transport" action="remove"/>
         <property name="X-Forwarded-Server" scope="transport" action="remove"/>
         <log level="full"/>
      </inSequence>
      <endpoint>
         <address uri="jms:/LocalQueue1?transport.jms.ConnectionFactoryJNDIName=MyQueueConnectionFactory&amp;java.naming.factory.initial=com.sun.jndi.fscontext.RefFSContextFactory&amp;java.naming.provider.url=file:/C:/jndi-dir/&amp;transport.jms.DestinationType=queue&amp;"/>
      </endpoint>
   </target>
   <description/>
</proxy>

                             
In the above proxy I have enabled jmsamq transport so it will Poll the queue specified for ActiveMQ and push the message to endpoint which is a queue in IBM MQ.

Also note all the header properties I have set and removed, In IBMMQ some header properties that are sent with the message may not be supported. You can refer this to get a better understanding of supported properties. So we need to specifically remove any unsupported headers if any. Or else you will come across the following error.


[2015-12-28 14:41:58,817] INFO - ProxyServiceDeployer ProxyService named 'EsbMQMtmOutbound' has been update from file :
C:\apps\wso2\wso2esb-4.8.1\repository\deployment\server\synapse-configs\default\proxy-services\EsbMQMtmOutbound.xml
[2015-12-28 14:42:26,233] ERROR - JMSSender Error creating a JMS message from the message context
com.ibm.msg.client.jms.DetailedMessageFormatException: JMSCC0049: The property name 'Content-Type' is not a valid Java(t
m) identifier.
The supplied property name does not conform to the allowed format described in the JMS specification.
Check the characters used in the property name and modify as necessary.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at com.ibm.msg.client.commonservices.j2se.NLSServices.createException(NLSServices.java:319)
at com.ibm.msg.client.commonservices.nls.NLSServices.createException(NLSServices.java:233)
at com.ibm.msg.client.jms.internal.JmsErrorUtils.createException(JmsErrorUtils.java:109)
at com.ibm.msg.client.jms.internal.JmsMessageImpl.checkPropName(JmsMessageImpl.java:2033)
at com.ibm.msg.client.jms.internal.JmsMessageImpl.setStringProperty(JmsMessageImpl.java:1559)
at com.ibm.jms.JMSMessage.setStringProperty(JMSMessage.java:1496)
at org.apache.axis2.transport.jms.JMSUtils.setTransportHeaders(JMSUtils.java:316)
at org.apache.axis2.transport.jms.JMSSender.createJMSMessage(JMSSender.java:449)
at org.apache.axis2.transport.jms.JMSSender.sendOverJMS(JMSSender.java:175)
at org.apache.axis2.transport.jms.JMSSender.sendMessage(JMSSender.java:157)
at org.apache.axis2.transport.base.AbstractTransportSender.invoke(AbstractTransportSender.java:112)
at org.apache.axis2.engine.AxisEngine$TransportNonBlockingInvocationWorker.run(AxisEngine.java:626)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
[2015-12-28 14:42:26,324] INFO - AxisEngine [MessageContext: logID=3283eebc6424ae00536a3adb43db8bf0cf6e3c456624e6fc] Er
ror creating a JMS message from the message context
[2015-12-28 14:42:26,326] ERROR - AsyncCallback Error creating a JMS message from the message context
org.apache.axis2.AxisFault: Error creating a JMS message from the message context
at org.apache.axis2.transport.base.AbstractTransportSender.handleException(AbstractTransportSender.java:226)
at org.apache.axis2.transport.jms.JMSSender.sendOverJMS(JMSSender.java:177)
at org.apache.axis2.transport.jms.JMSSender.sendMessage(JMSSender.java:157)
at org.apache.axis2.transport.base.AbstractTransportSender.invoke(AbstractTransportSender.java:112)
at org.apache.axis2.engine.AxisEngine$TransportNonBlockingInvocationWorker.run(AxisEngine.java:626)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Caused by: com.ibm.msg.client.jms.DetailedMessageFormatException: JMSCC0049: The property name 'Content-Type' is not a v
alid Java(tm) identifier.
The supplied property name does not conform to the allowed format described in the JMS specification.
Check the characters used in the property name and modify as necessary.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at com.ibm.msg.client.commonservices.j2se.NLSServices.createException(NLSServices.java:319)
at com.ibm.msg.client.commonservices.nls.NLSServices.createException(NLSServices.java:233)
at com.ibm.msg.client.jms.internal.JmsErrorUtils.createException(JmsErrorUtils.java:109)
at com.ibm.msg.client.jms.internal.JmsMessageImpl.checkPropName(JmsMessageImpl.java:2033)
at com.ibm.msg.client.jms.internal.JmsMessageImpl.setStringProperty(JmsMessageImpl.java:1559)
at com.ibm.jms.JMSMessage.setStringProperty(JMSMessage.java:1496)
at org.apache.axis2.transport.jms.JMSUtils.setTransportHeaders(JMSUtils.java:316)
at org.apache.axis2.transport.jms.JMSSender.createJMSMessage(JMSSender.java:449)
at org.apache.axis2.transport.jms.JMSSender.sendOverJMS(JMSSender.java:175)
... 6 more
[2015-12-28 14:42:26,336] WARN - AsyncCallback Executing fault handler due to exception encountered
[2015-12-28 14:42:26,339] WARN - EndpointContext Endpoint : AnonymousEndpoint will be marked SUSPENDED as it failed
[2015-12-28 14:42:26,340] WARN - EndpointContext Suspending endpoint : AnonymousEndpoint - current suspend duration is
: 30000ms - Next retry after : Mon Dec 28 14:42:56 PST 2015


Hope this will help someone interested and please drop a comment if you have any queries.


Subscribe to RSS Feed Follow me on Twitter!