forked from community/product-iots
parent
13e8764f23
commit
6501ba46cf
@ -0,0 +1,37 @@
|
|||||||
|
echo Loading spark environment variables
|
||||||
|
SET CARBON_SPARK_HOME=%CARBON_HOME%
|
||||||
|
SET _SPARK_ASSEMBLY=%CARBON_SPARK_HOME%\repository\components\plugins\spark-core_2.10_*.wso2*.jar
|
||||||
|
SET SPARK_SCALA_VERSION=2.10
|
||||||
|
if not exist %CARBON_SPARK_HOME%\lib_managed\jars mkdir %CARBON_SPARK_HOME%\lib_managed\jars
|
||||||
|
|
||||||
|
|
||||||
|
rem *** creating spark classpath is now handled in the code itself. check DAS-105
|
||||||
|
rem java -cp %CARBON_SPARK_HOME%\repository\components\plugins\* org.wso2.carbon.analytics.spark.utils.ComputeClasspath %CARBON_HOME% > sparkClasspath.tmp
|
||||||
|
|
||||||
|
rem setlocal EnableDelayedExpansion
|
||||||
|
|
||||||
|
rem set SPARK_CLASSPATH=
|
||||||
|
|
||||||
|
rem for /f "delims=" %%x in (sparkClasspath.tmp) do (
|
||||||
|
rem set currentline=%%x
|
||||||
|
rem set SPARK_CLASSPATH=!SPARK_CLASSPATH!!currentline!
|
||||||
|
rem )
|
||||||
|
rem del sparkClasspath.tmp
|
||||||
|
|
||||||
|
rem *** this approach is not working, because the input string exceeds 8191 characters!
|
||||||
|
rem set SPARK_CLASSPATH="
|
||||||
|
rem for /R %%a in (java -cp %CARBON_SPARK_HOME%\repository\components\plugins\* org.wso2.carbon.analytics.spark.utils.ComputeClasspath %CARBON_HOME%) do (
|
||||||
|
rem set SPARK_CLASSPATH=!SPARK_CLASSPATH!;%%a
|
||||||
|
rem )
|
||||||
|
rem set SPARK_CLASSPATH=!SPARK_CLASSPATH!"
|
||||||
|
|
||||||
|
rem IF "%SPARK_CLASSPATH%"=="" echo WARN: SPARK_CLASSPATH is empty^^!
|
||||||
|
|
||||||
|
rem set SPARK_CLASSPATH="
|
||||||
|
rem for /R %CARBON_SPARK_HOME%\repository\components\lib %%a in (*.jar) do (
|
||||||
|
rem set SPARK_CLASSPATH=!SPARK_CLASSPATH!;%%a
|
||||||
|
rem )
|
||||||
|
rem set SPARK_CLASSPATH=!SPARK_CLASSPATH!"
|
||||||
|
|
||||||
|
|
||||||
|
endlocal
|
@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
|
||||||
|
echo 'Loading spark environment variables '
|
||||||
|
export CARBON_SPARK_HOME=$CARBON_HOME
|
||||||
|
export _SPARK_ASSEMBLY=$CARBON_SPARK_HOME/repository/components/plugins/spark-core_2.10_*.wso2*.jar
|
||||||
|
export SPARK_SCALA_VERSION=2.10
|
||||||
|
# *** jars will be added to the spark classpath in the code itself. check DAS-105
|
||||||
|
# export SPARK_CLASSPATH=`java -cp $CARBON_SPARK_HOME/repository/components/plugins/org.wso2.carbon.analytics.spark.utils*.jar org.wso2.carbon.analytics.spark.utils.ComputeClasspath $CARBON_HOME`
|
||||||
|
# export SPARK_CLASSPATH=$SPARK_CLASSPATH:$(echo $CARBON_SPARK_HOME/repository/components/lib/*.jar | tr ' ' ':')
|
||||||
|
mkdir -p $CARBON_SPARK_HOME/lib_managed/jars
|
@ -0,0 +1,213 @@
|
|||||||
|
@echo off
|
||||||
|
|
||||||
|
REM ---------------------------------------------------------------------------
|
||||||
|
REM Copyright 2005-2009 WSO2, Inc. http://www.wso2.org
|
||||||
|
REM
|
||||||
|
REM Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
REM you may not use this file except in compliance with the License.
|
||||||
|
REM You may obtain a copy of the License at
|
||||||
|
REM
|
||||||
|
REM http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
REM
|
||||||
|
REM Unless required by applicable law or agreed to in writing, software
|
||||||
|
REM distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
REM WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
REM See the License for the specific language governing permissions and
|
||||||
|
REM limitations under the License.
|
||||||
|
|
||||||
|
rem ---------------------------------------------------------------------------
|
||||||
|
rem Main Script for WSO2 Carbon
|
||||||
|
rem
|
||||||
|
rem Environment Variable Prequisites
|
||||||
|
rem
|
||||||
|
rem CARBON_HOME Home of CARBON installation. If not set I will try
|
||||||
|
rem to figure it out.
|
||||||
|
rem
|
||||||
|
rem JAVA_HOME Must point at your Java Development Kit installation.
|
||||||
|
rem
|
||||||
|
rem JAVA_OPTS (Optional) Java runtime options used when the commands
|
||||||
|
rem is executed.
|
||||||
|
rem ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
rem --------- NOTE: This is an edited wso2server.sh script to facilitate
|
||||||
|
rem spark environment variables for WSO2DAS!
|
||||||
|
|
||||||
|
rem ----- if JAVA_HOME is not set we're not happy ------------------------------
|
||||||
|
:checkJava
|
||||||
|
|
||||||
|
if "%JAVA_HOME%" == "" goto noJavaHome
|
||||||
|
if not exist "%JAVA_HOME%\bin\java.exe" goto noJavaHome
|
||||||
|
goto checkServer
|
||||||
|
|
||||||
|
:noJavaHome
|
||||||
|
echo "You must set the JAVA_HOME variable before running CARBON."
|
||||||
|
goto end
|
||||||
|
|
||||||
|
rem ----- Only set CARBON_HOME if not already set ----------------------------
|
||||||
|
:checkServer
|
||||||
|
rem %~sdp0 is expanded pathname of the current script under NT with spaces in the path removed
|
||||||
|
if "%CARBON_HOME%"=="" set CARBON_HOME=%~sdp0..
|
||||||
|
SET curDrive=%cd:~0,1%
|
||||||
|
SET wsasDrive=%CARBON_HOME:~0,1%
|
||||||
|
if not "%curDrive%" == "%wsasDrive%" %wsasDrive%:
|
||||||
|
|
||||||
|
rem find CARBON_HOME if it does not exist due to either an invalid value passed
|
||||||
|
rem by the user or the %0 problem on Windows 9x
|
||||||
|
if not exist "%CARBON_HOME%\bin\version.txt" goto noServerHome
|
||||||
|
|
||||||
|
set AXIS2_HOME=%CARBON_HOME%
|
||||||
|
goto updateClasspath
|
||||||
|
|
||||||
|
:noServerHome
|
||||||
|
echo CARBON_HOME is set incorrectly or CARBON could not be located. Please set CARBON_HOME.
|
||||||
|
goto end
|
||||||
|
|
||||||
|
rem ----- update classpath -----------------------------------------------------
|
||||||
|
:updateClasspath
|
||||||
|
|
||||||
|
setlocal EnableDelayedExpansion
|
||||||
|
cd %CARBON_HOME%
|
||||||
|
set CARBON_CLASSPATH=
|
||||||
|
FOR %%C in ("%CARBON_HOME%\bin\*.jar") DO set CARBON_CLASSPATH=!CARBON_CLASSPATH!;".\bin\%%~nC%%~xC"
|
||||||
|
|
||||||
|
set CARBON_CLASSPATH="%JAVA_HOME%\lib\tools.jar";%CARBON_CLASSPATH%;
|
||||||
|
|
||||||
|
FOR %%D in ("%CARBON_HOME%\lib\commons-lang*.jar") DO set CARBON_CLASSPATH=!CARBON_CLASSPATH!;".\lib\%%~nD%%~xD"
|
||||||
|
|
||||||
|
rem ----- Process the input command -------------------------------------------
|
||||||
|
|
||||||
|
rem Slurp the command line arguments. This loop allows for an unlimited number
|
||||||
|
rem of arguments (the length is limited by the maximum length allowed by the command line).
|
||||||
|
|
||||||
|
|
||||||
|
rem -------- determine node type ----------------------------------------------
|
||||||
|
:selectNodeType
|
||||||
|
if ""%1""=="""" goto findJdk
|
||||||
|
if ""%1""==""-receiverNode"" goto receiverNodeConfig
|
||||||
|
if ""%1""==""-indexerNode"" goto indexerNodeConfig
|
||||||
|
if ""%1""==""-analyzerNode"" goto analyzerNodeConfig
|
||||||
|
if ""%1""==""-dashboardNode"" goto dashboardNodeConfig
|
||||||
|
|
||||||
|
shift
|
||||||
|
goto selectNodeType
|
||||||
|
|
||||||
|
:setupArgs
|
||||||
|
if ""%1""=="""" goto doneStart
|
||||||
|
|
||||||
|
if ""%1""==""-run"" goto commandLifecycle
|
||||||
|
if ""%1""==""--run"" goto commandLifecycle
|
||||||
|
if ""%1""==""run"" goto commandLifecycle
|
||||||
|
|
||||||
|
if ""%1""==""-restart"" goto commandLifecycle
|
||||||
|
if ""%1""==""--restart"" goto commandLifecycle
|
||||||
|
if ""%1""==""restart"" goto commandLifecycle
|
||||||
|
|
||||||
|
if ""%1""==""debug"" goto commandDebug
|
||||||
|
if ""%1""==""-debug"" goto commandDebug
|
||||||
|
if ""%1""==""--debug"" goto commandDebug
|
||||||
|
|
||||||
|
if ""%1""==""version"" goto commandVersion
|
||||||
|
if ""%1""==""-version"" goto commandVersion
|
||||||
|
if ""%1""==""--version"" goto commandVersion
|
||||||
|
|
||||||
|
shift
|
||||||
|
goto setupArgs
|
||||||
|
|
||||||
|
rem ----- receiver node configuration ------------------------------------------
|
||||||
|
:receiverNodeConfig
|
||||||
|
set NODE_PARAMS=-DdisableAnalyticsEngine=true -DdisableAnalyticsExecution=true -DdisableIndexing=true -DdisableDataPurging=false -DdisableAnalyticsSparkCtx=true -DdisableAnalyticsStats=true
|
||||||
|
goto setupArgs
|
||||||
|
|
||||||
|
rem ----- Indexer node configuration ------------------------------------------
|
||||||
|
:indexerNodeConfig
|
||||||
|
set NODE_PARAMS=-DdisableAnalyticsExecution=true -DdisableAnalyticsEngine=true -DdisableEventSink=true -DdisableAnalyticsSparkCtx=true -DdisableAnalyticsStats=true -DdisableDataPurging=true
|
||||||
|
goto setupArgs
|
||||||
|
|
||||||
|
rem ----- Analyzer node configuration ------------------------------------------
|
||||||
|
:analyzerNodeConfig
|
||||||
|
set NODE_PARAMS=-DdisableIndexing=true -DdisableEventSink=true -DdisableDataPurging=true -DenableAnalyticsStats=true
|
||||||
|
goto setupArgs
|
||||||
|
|
||||||
|
rem ----- Dashboard node configuration ------------------------------------------
|
||||||
|
:dashboardNodeConfig
|
||||||
|
set NODE_PARAMS=-DdisableIndexing=true -DdisableEventSink=true -DdisableDataPurging=true -DenableAnalyticsStats=true -DdisableAnalyticsExecution=true -DdisableAnalyticsEngine=true -DdisableAnalyticsSparkCtx=true
|
||||||
|
goto setupArgs
|
||||||
|
|
||||||
|
rem ----- commandVersion -------------------------------------------------------
|
||||||
|
:commandVersion
|
||||||
|
shift
|
||||||
|
type "%CARBON_HOME%\bin\version.txt"
|
||||||
|
type "%CARBON_HOME%\bin\wso2carbon-version.txt"
|
||||||
|
goto end
|
||||||
|
|
||||||
|
rem ----- commandDebug ---------------------------------------------------------
|
||||||
|
:commandDebug
|
||||||
|
shift
|
||||||
|
set DEBUG_PORT=%1
|
||||||
|
if "%DEBUG_PORT%"=="" goto noDebugPort
|
||||||
|
if not "%JAVA_OPTS%"=="" echo Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option.
|
||||||
|
set JAVA_OPTS=-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=%DEBUG_PORT%
|
||||||
|
echo Please start the remote debugging client to continue...
|
||||||
|
goto findJdk
|
||||||
|
|
||||||
|
:noDebugPort
|
||||||
|
echo Please specify the debug port after the --debug option
|
||||||
|
goto end
|
||||||
|
|
||||||
|
rem ----- commandLifecycle -----------------------------------------------------
|
||||||
|
:commandLifecycle
|
||||||
|
goto findJdk
|
||||||
|
|
||||||
|
:doneStart
|
||||||
|
if "%OS%"=="Windows_NT" @setlocal
|
||||||
|
if "%OS%"=="WINNT" @setlocal
|
||||||
|
|
||||||
|
rem ---------- Handle the SSL Issue with proper JDK version --------------------
|
||||||
|
rem find the version of the jdk
|
||||||
|
:findJdk
|
||||||
|
|
||||||
|
set CMD=RUN %* %NODE_PARAMS%
|
||||||
|
|
||||||
|
:checkJdk17
|
||||||
|
"%JAVA_HOME%\bin\java" -version 2>&1 | findstr /r "1.[7|8]" >NUL
|
||||||
|
IF ERRORLEVEL 1 goto unknownJdk
|
||||||
|
goto jdk17
|
||||||
|
|
||||||
|
:unknownJdk
|
||||||
|
echo Starting WSO2 Carbon (in unsupported JDK)
|
||||||
|
echo [ERROR] CARBON is supported only on JDK 1.7 and 1.8
|
||||||
|
goto jdk17
|
||||||
|
|
||||||
|
:jdk17
|
||||||
|
goto runServer
|
||||||
|
|
||||||
|
rem ----------------- Execute The Requested Command ----------------------------
|
||||||
|
|
||||||
|
:runServer
|
||||||
|
cd %CARBON_HOME%
|
||||||
|
|
||||||
|
rem ------------------ Remove tmp folder on startup -----------------------------
|
||||||
|
set TMP_DIR=%CARBON_HOME%\tmp
|
||||||
|
rmdir "%TMP_DIR%" /s /q
|
||||||
|
|
||||||
|
rem ---------- Add jars to classpath ----------------
|
||||||
|
|
||||||
|
set CARBON_CLASSPATH=.\lib;%CARBON_CLASSPATH%
|
||||||
|
|
||||||
|
set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
|
||||||
|
|
||||||
|
set CMD_LINE_ARGS=-Xbootclasspath/a:%CARBON_XBOOTCLASSPATH% -Xms256m -Xmx1024m -XX:MaxPermSize=256m -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath="%CARBON_HOME%\repository\logs\heap-dump.hprof" -Dcom.sun.management.jmxremote -classpath %CARBON_CLASSPATH% %JAVA_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED% -Dcarbon.registry.root=/ -Dcarbon.home="%CARBON_HOME%" -Dlogger.server.name="IoT-Analytics" -Dwso2.server.standalone=true -Djava.command="%JAVA_HOME%\bin\java" -Djava.opts="%JAVA_OPTS%" -Djava.io.tmpdir="%CARBON_HOME%\tmp" -Dcatalina.base="%CARBON_HOME%\lib\tomcat" -Dwso2.carbon.xml=%CARBON_HOME%\repository\conf\carbon.xml -Dwso2.registry.xml="%CARBON_HOME%\repository\conf\registry.xml" -Dwso2.user.mgt.xml="%CARBON_HOME%\repository\conf\user-mgt.xml" -Dwso2.transports.xml="%CARBON_HOME%\repository\conf\mgt-transports.xml" -Djava.util.logging.config.file="%CARBON_HOME%\repository\conf\etc\logging-bridge.properties" -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcarbon.config.dir.path="%CARBON_HOME%\repository\conf" -Dcomponents.repo="%CARBON_HOME%\repository\components" -Dconf.location="%CARBON_HOME%\repository\conf" -Dcom.atomikos.icatch.file="%CARBON_HOME%\lib\transactions.properties" -Dcom.atomikos.icatch.hide_init_file_path="true" -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dcom.sun.jndi.ldap.connect.pool.authentication=simple -Dmqtt.broker.host="localhost" -Dmqtt.broker.port="1886" -Diot.keymanager.host="localhost" -Diot.keymanager.https.port="9443" -Diot.gateway.host="localhost" -Diot.gateway.https.port="8243" -Dcom.sun.jndi.ldap.connect.pool.timeout=3000 -Dorg.terracotta.quartz.skipUpdateCheck=true -Dcarbon.classpath=%CARBON_CLASSPATH% -Dfile.encoding=UTF8
|
||||||
|
|
||||||
|
:runJava
|
||||||
|
echo JAVA_HOME environment variable is set to %JAVA_HOME%
|
||||||
|
echo CARBON_HOME environment variable is set to %CARBON_HOME%
|
||||||
|
rem ----------- loading spark specific variables
|
||||||
|
call %CARBON_HOME%\bin\load-spark-env-vars.bat
|
||||||
|
"%JAVA_HOME%\bin\java" %CMD_LINE_ARGS% org.wso2.carbon.bootstrap.Bootstrap %CMD%
|
||||||
|
if "%ERRORLEVEL%"=="121" goto runJava
|
||||||
|
:end
|
||||||
|
goto endlocal
|
||||||
|
|
||||||
|
:endlocal
|
||||||
|
|
||||||
|
:END
|
@ -0,0 +1,334 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# ----------------------------------------------------------------------------
|
||||||
|
# Copyright 2005-2012 WSO2, Inc. http://www.wso2.org
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
# ----------------------------------------------------------------------------
|
||||||
|
# Main Script for the WSO2 Carbon Server
|
||||||
|
#
|
||||||
|
# Environment Variable Prequisites
|
||||||
|
#
|
||||||
|
# CARBON_HOME Home of WSO2 Carbon installation. If not set I will try
|
||||||
|
# to figure it out.
|
||||||
|
#
|
||||||
|
# JAVA_HOME Must point at your Java Development Kit installation.
|
||||||
|
#
|
||||||
|
# JAVA_OPTS (Optional) Java runtime options used when the commands
|
||||||
|
# is executed.
|
||||||
|
#
|
||||||
|
# NOTE: Borrowed generously from Apache Tomcat startup scripts.
|
||||||
|
# -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
# OS specific support. $var _must_ be set to either true or false.
|
||||||
|
#ulimit -n 100000
|
||||||
|
|
||||||
|
# NOTE: This is an edited wso2server.sh script to facilitate spark environment variables for WSO2DAS
|
||||||
|
|
||||||
|
cygwin=false;
|
||||||
|
darwin=false;
|
||||||
|
os400=false;
|
||||||
|
mingw=false;
|
||||||
|
case "`uname`" in
|
||||||
|
CYGWIN*) cygwin=true;;
|
||||||
|
MINGW*) mingw=true;;
|
||||||
|
OS400*) os400=true;;
|
||||||
|
Darwin*) darwin=true
|
||||||
|
if [ -z "$JAVA_VERSION" ] ; then
|
||||||
|
JAVA_VERSION="CurrentJDK"
|
||||||
|
else
|
||||||
|
echo "Using Java version: $JAVA_VERSION"
|
||||||
|
fi
|
||||||
|
if [ -z "$JAVA_HOME" ] ; then
|
||||||
|
JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/${JAVA_VERSION}/Home
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# resolve links - $0 may be a softlink
|
||||||
|
PRG="$0"
|
||||||
|
|
||||||
|
while [ -h "$PRG" ]; do
|
||||||
|
ls=`ls -ld "$PRG"`
|
||||||
|
link=`expr "$ls" : '.*-> \(.*\)$'`
|
||||||
|
if expr "$link" : '.*/.*' > /dev/null; then
|
||||||
|
PRG="$link"
|
||||||
|
else
|
||||||
|
PRG=`dirname "$PRG"`/"$link"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Get standard environment variables
|
||||||
|
PRGDIR=`dirname "$PRG"`
|
||||||
|
|
||||||
|
# Only set CARBON_HOME if not already set
|
||||||
|
[ -z "$CARBON_HOME" ] && CARBON_HOME=`cd "$PRGDIR/.." ; pwd`
|
||||||
|
|
||||||
|
# Set AXIS2_HOME. Needed for One Click JAR Download
|
||||||
|
AXIS2_HOME=$CARBON_HOME
|
||||||
|
|
||||||
|
# For Cygwin, ensure paths are in UNIX format before anything is touched
|
||||||
|
if $cygwin; then
|
||||||
|
[ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
|
||||||
|
[ -n "$CARBON_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"`
|
||||||
|
[ -n "$AXIS2_HOME" ] && CARBON_HOME=`cygpath --unix "$CARBON_HOME"`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# For OS400
|
||||||
|
if $os400; then
|
||||||
|
# Set job priority to standard for interactive (interactive - 6) by using
|
||||||
|
# the interactive priority - 6, the helper threads that respond to requests
|
||||||
|
# will be running at the same priority as interactive jobs.
|
||||||
|
COMMAND='chgjob job('$JOBNAME') runpty(6)'
|
||||||
|
system $COMMAND
|
||||||
|
|
||||||
|
# Enable multi threading
|
||||||
|
QIBM_MULTI_THREADED=Y
|
||||||
|
export QIBM_MULTI_THREADED
|
||||||
|
fi
|
||||||
|
|
||||||
|
# For Migwn, ensure paths are in UNIX format before anything is touched
|
||||||
|
if $mingw ; then
|
||||||
|
[ -n "$CARBON_HOME" ] &&
|
||||||
|
CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`"
|
||||||
|
[ -n "$JAVA_HOME" ] &&
|
||||||
|
JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
|
||||||
|
[ -n "$AXIS2_HOME" ] &&
|
||||||
|
CARBON_HOME="`(cd "$CARBON_HOME"; pwd)`"
|
||||||
|
# TODO classpath?
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$JAVACMD" ] ; then
|
||||||
|
if [ -n "$JAVA_HOME" ] ; then
|
||||||
|
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
||||||
|
# IBM's JDK on AIX uses strange locations for the executables
|
||||||
|
JAVACMD="$JAVA_HOME/jre/sh/java"
|
||||||
|
else
|
||||||
|
JAVACMD="$JAVA_HOME/bin/java"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
JAVACMD=java
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -x "$JAVACMD" ] ; then
|
||||||
|
echo "Error: JAVA_HOME is not defined correctly."
|
||||||
|
echo " CARBON cannot execute $JAVACMD"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# if JAVA_HOME is not set we're not happy
|
||||||
|
if [ -z "$JAVA_HOME" ]; then
|
||||||
|
echo "You must set the JAVA_HOME variable before running CARBON."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then
|
||||||
|
PID=`cat "$CARBON_HOME"/wso2carbon.pid`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ----- Process the input command ----------------------------------------------
|
||||||
|
args=""
|
||||||
|
NODE_PARAMS=""
|
||||||
|
for c in $*
|
||||||
|
do
|
||||||
|
if [ "$c" = "-receiverNode" ]; then
|
||||||
|
NODE_PARAMS="-DdisableAnalyticsEngine=true -DdisableAnalyticsExecution=true -DdisableIndexing=true -DdisableDataPurging=false -DdisableAnalyticsSparkCtx=true -DdisableAnalyticsStats=true"
|
||||||
|
echo "Starting Data Analytics Server node as a Receiver Node"
|
||||||
|
elif [ "$c" = "-indexerNode" ]; then
|
||||||
|
NODE_PARAMS="-DdisableAnalyticsExecution=true -DdisableAnalyticsEngine=true -DdisableEventSink=true -DdisableAnalyticsSparkCtx=true -DdisableAnalyticsStats=true -DdisableDataPurging=true"
|
||||||
|
echo "Starting Data Analytics Server node as an Indexer Node"
|
||||||
|
elif [ "$c" = "-analyzerNode" ]; then
|
||||||
|
NODE_PARAMS="-DdisableIndexing=true -DdisableEventSink=true -DdisableDataPurging=true -DenableAnalyticsStats=true"
|
||||||
|
echo "Starting Data Analytics Server node as an Analyzer Node"
|
||||||
|
elif [ "$c" = "-dashboardNode" ]; then
|
||||||
|
NODE_PARAMS="-DdisableIndexing=true -DdisableEventSink=true -DdisableDataPurging=true -DenableAnalyticsStats=true -DdisableAnalyticsExecution=true -DdisableAnalyticsEngine=true -DdisableAnalyticsSparkCtx=true "
|
||||||
|
echo "Starting Data Analytics Server node as an Analyzer Node"
|
||||||
|
elif [ "$c" = "--debug" ] || [ "$c" = "-debug" ] || [ "$c" = "debug" ]; then
|
||||||
|
CMD="--debug"
|
||||||
|
continue
|
||||||
|
elif [ "$CMD" = "--debug" ]; then
|
||||||
|
if [ -z "$PORT" ]; then
|
||||||
|
PORT=$c
|
||||||
|
fi
|
||||||
|
elif [ "$c" = "--stop" ] || [ "$c" = "-stop" ] || [ "$c" = "stop" ]; then
|
||||||
|
CMD="stop"
|
||||||
|
elif [ "$c" = "--start" ] || [ "$c" = "-start" ] || [ "$c" = "start" ]; then
|
||||||
|
CMD="start"
|
||||||
|
elif [ "$c" = "--version" ] || [ "$c" = "-version" ] || [ "$c" = "version" ]; then
|
||||||
|
CMD="version"
|
||||||
|
elif [ "$c" = "--restart" ] || [ "$c" = "-restart" ] || [ "$c" = "restart" ]; then
|
||||||
|
CMD="restart"
|
||||||
|
elif [ "$c" = "--test" ] || [ "$c" = "-test" ] || [ "$c" = "test" ]; then
|
||||||
|
CMD="test"
|
||||||
|
else
|
||||||
|
args="$args $c"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ "$CMD" = "--debug" ]; then
|
||||||
|
if [ "$PORT" = "" ]; then
|
||||||
|
echo " Please specify the debug port after the --debug option"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ -n "$JAVA_OPTS" ]; then
|
||||||
|
echo "Warning !!!. User specified JAVA_OPTS will be ignored, once you give the --debug option."
|
||||||
|
fi
|
||||||
|
CMD="RUN"
|
||||||
|
JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=$PORT"
|
||||||
|
echo "Please start the remote debugging client to continue..."
|
||||||
|
elif [ "$CMD" = "start" ]; then
|
||||||
|
if [ -e "$CARBON_HOME/wso2carbon.pid" ]; then
|
||||||
|
if ps -p $PID > /dev/null ; then
|
||||||
|
echo "Process is already running"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
export CARBON_HOME=$CARBON_HOME
|
||||||
|
# using nohup sh to avoid erros in solaris OS.TODO
|
||||||
|
nohup sh $CARBON_HOME/bin/wso2server.sh $args $NODE_PARAMS > /dev/null 2>&1 &
|
||||||
|
exit 0
|
||||||
|
elif [ "$CMD" = "stop" ]; then
|
||||||
|
export CARBON_HOME=$CARBON_HOME
|
||||||
|
kill -term `cat $CARBON_HOME/wso2carbon.pid`
|
||||||
|
exit 0
|
||||||
|
elif [ "$CMD" = "restart" ]; then
|
||||||
|
export CARBON_HOME=$CARBON_HOME
|
||||||
|
kill -term `cat $CARBON_HOME/wso2carbon.pid`
|
||||||
|
process_status=0
|
||||||
|
pid=`cat $CARBON_HOME/wso2carbon.pid`
|
||||||
|
while [ "$process_status" -eq "0" ]
|
||||||
|
do
|
||||||
|
sleep 1;
|
||||||
|
ps -p$pid 2>&1 > /dev/null
|
||||||
|
process_status=$?
|
||||||
|
done
|
||||||
|
|
||||||
|
# using nohup sh to avoid erros in solaris OS.TODO
|
||||||
|
nohup sh $CARBON_HOME/bin/wso2server.sh $args $NODE_PARAMS > /dev/null 2>&1 &
|
||||||
|
exit 0
|
||||||
|
elif [ "$CMD" = "test" ]; then
|
||||||
|
JAVACMD="exec "$JAVACMD""
|
||||||
|
elif [ "$CMD" = "version" ]; then
|
||||||
|
cat $CARBON_HOME/bin/version.txt
|
||||||
|
cat $CARBON_HOME/bin/wso2carbon-version.txt
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ---------- Handle the SSL Issue with proper JDK version --------------------
|
||||||
|
jdk_17=`$JAVA_HOME/bin/java -version 2>&1 | grep "1.[7|8]"`
|
||||||
|
if [ "$jdk_17" = "" ]; then
|
||||||
|
echo " Starting WSO2 Carbon (in unsupported JDK)"
|
||||||
|
echo " [ERROR] CARBON is supported only on JDK 1.7 and 1.8"
|
||||||
|
fi
|
||||||
|
|
||||||
|
CARBON_XBOOTCLASSPATH=""
|
||||||
|
for f in "$CARBON_HOME"/lib/xboot/*.jar
|
||||||
|
do
|
||||||
|
if [ "$f" != "$CARBON_HOME/lib/xboot/*.jar" ];then
|
||||||
|
CARBON_XBOOTCLASSPATH="$CARBON_XBOOTCLASSPATH":$f
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
JAVA_ENDORSED_DIRS="$CARBON_HOME/lib/endorsed":"$JAVA_HOME/jre/lib/endorsed":"$JAVA_HOME/lib/endorsed"
|
||||||
|
|
||||||
|
CARBON_CLASSPATH=""
|
||||||
|
if [ -e "$JAVA_HOME/lib/tools.jar" ]; then
|
||||||
|
CARBON_CLASSPATH="$JAVA_HOME/lib/tools.jar"
|
||||||
|
fi
|
||||||
|
for f in "$CARBON_HOME"/bin/*.jar
|
||||||
|
do
|
||||||
|
if [ "$f" != "$CARBON_HOME/bin/*.jar" ];then
|
||||||
|
CARBON_CLASSPATH="$CARBON_CLASSPATH":$f
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
for t in "$CARBON_HOME"/lib/commons-lang*.jar
|
||||||
|
do
|
||||||
|
CARBON_CLASSPATH="$CARBON_CLASSPATH":$t
|
||||||
|
done
|
||||||
|
# For Cygwin, switch paths to Windows format before running java
|
||||||
|
if $cygwin; then
|
||||||
|
JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"`
|
||||||
|
CARBON_HOME=`cygpath --absolute --windows "$CARBON_HOME"`
|
||||||
|
AXIS2_HOME=`cygpath --absolute --windows "$CARBON_HOME"`
|
||||||
|
CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
|
||||||
|
JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"`
|
||||||
|
CARBON_CLASSPATH=`cygpath --path --windows "$CARBON_CLASSPATH"`
|
||||||
|
CARBON_XBOOTCLASSPATH=`cygpath --path --windows "$CARBON_XBOOTCLASSPATH"`
|
||||||
|
fi
|
||||||
|
|
||||||
|
# ----- Execute The Requested Command -----------------------------------------
|
||||||
|
|
||||||
|
echo JAVA_HOME environment variable is set to $JAVA_HOME
|
||||||
|
echo CARBON_HOME environment variable is set to $CARBON_HOME
|
||||||
|
|
||||||
|
cd "$CARBON_HOME"
|
||||||
|
|
||||||
|
TMP_DIR=$CARBON_HOME/tmp
|
||||||
|
if [ -d "$TMP_DIR" ]; then
|
||||||
|
rm -rf "$TMP_DIR"
|
||||||
|
fi
|
||||||
|
|
||||||
|
START_EXIT_STATUS=121
|
||||||
|
status=$START_EXIT_STATUS
|
||||||
|
|
||||||
|
#load spark environment variables
|
||||||
|
. $CARBON_HOME/bin/load-spark-env-vars.sh
|
||||||
|
|
||||||
|
#To monitor a Carbon server in remote JMX mode on linux host machines, set the below system property.
|
||||||
|
# -Djava.rmi.server.hostname="your.IP.goes.here"
|
||||||
|
|
||||||
|
while [ "$status" = "$START_EXIT_STATUS" ]
|
||||||
|
do
|
||||||
|
$JAVACMD \
|
||||||
|
-Xbootclasspath/a:"$CARBON_XBOOTCLASSPATH" \
|
||||||
|
-Xms256m -Xmx1024m -XX:MaxPermSize=256m \
|
||||||
|
-XX:+HeapDumpOnOutOfMemoryError \
|
||||||
|
-XX:HeapDumpPath="$CARBON_HOME/repository/logs/heap-dump.hprof" \
|
||||||
|
$JAVA_OPTS \
|
||||||
|
-Dcom.sun.management.jmxremote \
|
||||||
|
-classpath "$CARBON_CLASSPATH" \
|
||||||
|
-Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
|
||||||
|
-Djava.io.tmpdir="$CARBON_HOME/tmp" \
|
||||||
|
-Dcatalina.base="$CARBON_HOME/lib/tomcat" \
|
||||||
|
-Dwso2.server.standalone=true \
|
||||||
|
-Dcarbon.registry.root=/ \
|
||||||
|
-Djava.command="$JAVACMD" \
|
||||||
|
-Dcarbon.home="$CARBON_HOME" \
|
||||||
|
-Dlogger.server.name="IoT-Analytics" \
|
||||||
|
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
|
||||||
|
-Dcarbon.config.dir.path="$CARBON_HOME/repository/conf" \
|
||||||
|
-Djava.util.logging.config.file="$CARBON_HOME/repository/conf/etc/logging-bridge.properties" \
|
||||||
|
-Dcomponents.repo="$CARBON_HOME/repository/components/plugins" \
|
||||||
|
-Dconf.location="$CARBON_HOME/repository/conf"\
|
||||||
|
-Dcom.atomikos.icatch.file="$CARBON_HOME/lib/transactions.properties" \
|
||||||
|
-Dcom.atomikos.icatch.hide_init_file_path=true \
|
||||||
|
-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false \
|
||||||
|
-Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true \
|
||||||
|
-Dcom.sun.jndi.ldap.connect.pool.authentication=simple \
|
||||||
|
-Dcom.sun.jndi.ldap.connect.pool.timeout=3000 \
|
||||||
|
-Dorg.terracotta.quartz.skipUpdateCheck=true \
|
||||||
|
-Djava.security.egd=file:/dev/./urandom \
|
||||||
|
-Dfile.encoding=UTF8 \
|
||||||
|
-Djava.net.preferIPv4Stack=true \
|
||||||
|
-Dcom.ibm.cacheLocalHost=true \
|
||||||
|
-Dmqtt.broker.host="localhost" \
|
||||||
|
-Dmqtt.broker.port="1886" \
|
||||||
|
-Diot.keymanager.host="localhost" \
|
||||||
|
-Diot.keymanager.https.port="9443" \
|
||||||
|
-Diot.gateway.host="localhost" \
|
||||||
|
-Diot.gateway.https.port="8243" \
|
||||||
|
$NODE_PARAMS \
|
||||||
|
org.wso2.carbon.bootstrap.Bootstrap $*
|
||||||
|
status=$?
|
||||||
|
done
|
@ -0,0 +1,38 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<udf-configuration>
|
||||||
|
<custom-udf-classes>
|
||||||
|
<class-name>org.wso2.carbon.analytics.spark.core.udf.defaults.StringConcatenator</class-name>
|
||||||
|
<class-name>org.wso2.carbon.analytics.spark.core.udf.defaults.TimestampUDF</class-name>
|
||||||
|
<class-name>org.wso2.carbon.analytics.spark.core.udf.defaults.TimeNowUDF</class-name>
|
||||||
|
<class-name>org.wso2.carbon.analytics.spark.core.udf.facets.FacetUDF</class-name>
|
||||||
|
<class-name>org.wso2.carbon.analytics.shared.common.udf.DateTimeUDF</class-name>
|
||||||
|
</custom-udf-classes>
|
||||||
|
<custom-udaf-classes>
|
||||||
|
<custom-udaf>
|
||||||
|
<alias>geometricMean</alias>
|
||||||
|
<class-name>org.wso2.carbon.analytics.spark.core.udaf.defaults.GeometricMeanUDAF</class-name>
|
||||||
|
</custom-udaf>
|
||||||
|
<custom-udaf>
|
||||||
|
<alias>harmonicMean</alias>
|
||||||
|
<class-name>org.wso2.carbon.analytics.spark.core.udaf.defaults.HarmonicMeanUDAF</class-name>
|
||||||
|
</custom-udaf>
|
||||||
|
</custom-udaf-classes>
|
||||||
|
</udf-configuration>
|
@ -0,0 +1,698 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
This is the main server configuration file
|
||||||
|
|
||||||
|
${carbon.home} represents the carbon.home system property.
|
||||||
|
Other system properties can be specified in a similar manner.
|
||||||
|
-->
|
||||||
|
<Server xmlns="http://wso2.org/projects/carbon/carbon.xml">
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Product Name
|
||||||
|
-->
|
||||||
|
<Name>${product.name}</Name>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
machine readable unique key to identify each product
|
||||||
|
-->
|
||||||
|
<ServerKey>${product.key}</ServerKey>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Product Version
|
||||||
|
-->
|
||||||
|
<Version>${product.version}</Version>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Host name or IP address of the machine hosting this server
|
||||||
|
e.g. www.wso2.org, 192.168.1.10
|
||||||
|
This is will become part of the End Point Reference of the
|
||||||
|
services deployed on this server instance.
|
||||||
|
-->
|
||||||
|
<!--HostName>www.wso2.org</HostName-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Host name to be used for the Carbon management console
|
||||||
|
-->
|
||||||
|
<!--MgtHostName>mgt.wso2.org</MgtHostName-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The URL of the back end server. This is where the admin services are hosted and
|
||||||
|
will be used by the clients in the front end server.
|
||||||
|
This is required only for the Front-end server. This is used when seperating BE server from FE server
|
||||||
|
-->
|
||||||
|
<ServerURL>local:/${carbon.context}/services/</ServerURL>
|
||||||
|
<!--
|
||||||
|
<ServerURL>https://${carbon.local.ip}:${carbon.management.port}${carbon.context}/services/</ServerURL>
|
||||||
|
-->
|
||||||
|
<!--
|
||||||
|
The URL of the index page. This is where the user will be redirected after signing in to the
|
||||||
|
carbon server.
|
||||||
|
-->
|
||||||
|
<!-- IndexPageURL>/carbon/admin/index.jsp</IndexPageURL-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
For cApp deployment, we have to identify the roles that can be acted by the current server.
|
||||||
|
The following property is used for that purpose. Any number of roles can be defined here.
|
||||||
|
Regular expressions can be used in the role.
|
||||||
|
Ex : <Role>.*</Role> means this server can act any role
|
||||||
|
-->
|
||||||
|
<ServerRoles>
|
||||||
|
<Role>${cep.server.role}</Role>
|
||||||
|
<Role>${das.server.role}</Role>
|
||||||
|
<Role>${geodashboard.role}</Role>
|
||||||
|
</ServerRoles>
|
||||||
|
|
||||||
|
<!-- uncommnet this line to subscribe to a bam instance automatically -->
|
||||||
|
<!--<BamServerURL>https://bamhost:bamport/services/</BamServerURL>-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The fully qualified name of the server
|
||||||
|
-->
|
||||||
|
<Package>org.wso2.carbon</Package>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Webapp context root of WSO2 Carbon management console.
|
||||||
|
-->
|
||||||
|
<WebContextRoot>/</WebContextRoot>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Proxy context path is a useful parameter to add a proxy path when a Carbon server is fronted by reverse proxy. In addtion
|
||||||
|
to the proxy host and proxy port this parameter allows you add a path component to external URLs. e.g.
|
||||||
|
URL of the Carbon server -> https://10.100.1.1:9443/carbon
|
||||||
|
URL of the reverse proxy -> https://prod.abc.com/appserver/carbon
|
||||||
|
|
||||||
|
appserver - proxy context path. This specially required whenever you are generating URLs to displace in
|
||||||
|
Carbon UI components.
|
||||||
|
-->
|
||||||
|
<!--
|
||||||
|
<MgtProxyContextPath></MgtProxyContextPath>
|
||||||
|
<ProxyContextPath></ProxyContextPath>
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- In-order to get the registry http Port from the back-end when the default http transport is not the same-->
|
||||||
|
<!--RegistryHttpPort>9763</RegistryHttpPort-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Number of items to be displayed on a management console page. This is used at the
|
||||||
|
backend server for pagination of various items.
|
||||||
|
-->
|
||||||
|
<ItemsPerPage>15</ItemsPerPage>
|
||||||
|
|
||||||
|
<!-- The endpoint URL of the cloud instance management Web service -->
|
||||||
|
<!--<InstanceMgtWSEndpoint>https://ec2.amazonaws.com/</InstanceMgtWSEndpoint>-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Ports used by this server
|
||||||
|
-->
|
||||||
|
<Ports>
|
||||||
|
|
||||||
|
<!-- Ports offset. This entry will set the value of the ports defined below to
|
||||||
|
the define value + Offset.
|
||||||
|
e.g. Offset=2 and HTTPS port=9443 will set the effective HTTPS port to 9445
|
||||||
|
-->
|
||||||
|
<Offset>2</Offset>
|
||||||
|
|
||||||
|
<!-- The JMX Ports -->
|
||||||
|
<JMX>
|
||||||
|
<!--The port RMI registry is exposed-->
|
||||||
|
<RMIRegistryPort>9999</RMIRegistryPort>
|
||||||
|
<!--The port RMI server should be exposed-->
|
||||||
|
<RMIServerPort>11111</RMIServerPort>
|
||||||
|
</JMX>
|
||||||
|
|
||||||
|
<!-- Embedded LDAP server specific ports -->
|
||||||
|
<EmbeddedLDAP>
|
||||||
|
<!-- Port which embedded LDAP server runs -->
|
||||||
|
<LDAPServerPort>10389</LDAPServerPort>
|
||||||
|
<!-- Port which KDC (Kerberos Key Distribution Center) server runs -->
|
||||||
|
<KDCServerPort>8000</KDCServerPort>
|
||||||
|
</EmbeddedLDAP>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Override datasources JNDIproviderPort defined in bps.xml and datasources.properties files
|
||||||
|
-->
|
||||||
|
<!--<JNDIProviderPort>2199</JNDIProviderPort>-->
|
||||||
|
<!--Override receive port of thrift based entitlement service.-->
|
||||||
|
<ThriftEntitlementReceivePort>10500</ThriftEntitlementReceivePort>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
This is the proxy port of the worker cluster. These need to be configured in a scenario where
|
||||||
|
manager node is not exposed through the load balancer through which the workers are exposed
|
||||||
|
therefore doesn't have a proxy port.
|
||||||
|
<WorkerHttpProxyPort>80</WorkerHttpProxyPort>
|
||||||
|
<WorkerHttpsProxyPort>443</WorkerHttpsProxyPort>
|
||||||
|
-->
|
||||||
|
|
||||||
|
</Ports>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
JNDI Configuration
|
||||||
|
-->
|
||||||
|
<JNDI>
|
||||||
|
<!--
|
||||||
|
The fully qualified name of the default initial context factory
|
||||||
|
-->
|
||||||
|
<DefaultInitialContextFactory>org.wso2.carbon.tomcat.jndi.CarbonJavaURLContextFactory</DefaultInitialContextFactory>
|
||||||
|
<!--
|
||||||
|
The restrictions that are done to various JNDI Contexts in a Multi-tenant environment
|
||||||
|
-->
|
||||||
|
<Restrictions>
|
||||||
|
<!--
|
||||||
|
Contexts that will be available only to the super-tenant
|
||||||
|
-->
|
||||||
|
<!-- <SuperTenantOnly>
|
||||||
|
<UrlContexts>
|
||||||
|
<UrlContext>
|
||||||
|
<Scheme>foo</Scheme>
|
||||||
|
</UrlContext>
|
||||||
|
<UrlContext>
|
||||||
|
<Scheme>bar</Scheme>
|
||||||
|
</UrlContext>
|
||||||
|
</UrlContexts>
|
||||||
|
</SuperTenantOnly> -->
|
||||||
|
<!--
|
||||||
|
Contexts that are common to all tenants
|
||||||
|
-->
|
||||||
|
<AllTenants>
|
||||||
|
<UrlContexts>
|
||||||
|
<UrlContext>
|
||||||
|
<Scheme>java</Scheme>
|
||||||
|
</UrlContext>
|
||||||
|
<!-- <UrlContext>
|
||||||
|
<Scheme>foo</Scheme>
|
||||||
|
</UrlContext> -->
|
||||||
|
</UrlContexts>
|
||||||
|
</AllTenants>
|
||||||
|
<!--
|
||||||
|
All other contexts not mentioned above will be available on a per-tenant basis
|
||||||
|
(i.e. will not be shared among tenants)
|
||||||
|
-->
|
||||||
|
</Restrictions>
|
||||||
|
</JNDI>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Property to determine if the server is running an a cloud deployment environment.
|
||||||
|
This property should only be used to determine deployment specific details that are
|
||||||
|
applicable only in a cloud deployment, i.e when the server deployed *-as-a-service.
|
||||||
|
-->
|
||||||
|
<IsCloudDeployment>false</IsCloudDeployment>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Property to determine whether usage data should be collected for metering purposes
|
||||||
|
-->
|
||||||
|
<EnableMetering>false</EnableMetering>
|
||||||
|
|
||||||
|
<!-- The Max time a thread should take for execution in seconds -->
|
||||||
|
<MaxThreadExecutionTime>600</MaxThreadExecutionTime>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
A flag to enable or disable Ghost Deployer. By default this is set to false. That is
|
||||||
|
because the Ghost Deployer works only with the HTTP/S transports. If you are using
|
||||||
|
other transports, don't enable Ghost Deployer.
|
||||||
|
-->
|
||||||
|
<GhostDeployment>
|
||||||
|
<Enabled>false</Enabled>
|
||||||
|
</GhostDeployment>
|
||||||
|
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Eager loading or lazy loading is a design pattern commonly used in computer programming which
|
||||||
|
will initialize an object upon creation or load on-demand. In carbon, lazy loading is used to
|
||||||
|
load tenant when a request is received only. Similarly Eager loading is used to enable load
|
||||||
|
existing tenants after carbon server starts up. Using this feature, you will be able to include
|
||||||
|
or exclude tenants which are to be loaded when server startup.
|
||||||
|
|
||||||
|
We can enable only one LoadingPolicy at a given time.
|
||||||
|
|
||||||
|
1. Tenant Lazy Loading
|
||||||
|
This is the default behaviour and enabled by default. With this policy, tenants are not loaded at
|
||||||
|
server startup, but loaded based on-demand (i.e when a request is received for a tenant).
|
||||||
|
The default tenant idle time is 30 minutes.
|
||||||
|
|
||||||
|
2. Tenant Eager Loading
|
||||||
|
This is by default not enabled. It can be be enabled by un-commenting the <EagerLoading> section.
|
||||||
|
The eager loading configurations supported are as below. These configurations can be given as the
|
||||||
|
value for <Include> element with eager loading.
|
||||||
|
(i)Load all tenants when server startup - *
|
||||||
|
(ii)Load all tenants except foo.com & bar.com - *,!foo.com,!bar.com
|
||||||
|
(iii)Load only foo.com & bar.com to be included - foo.com,bar.com
|
||||||
|
-->
|
||||||
|
<Tenant>
|
||||||
|
<LoadingPolicy>
|
||||||
|
<LazyLoading>
|
||||||
|
<IdleTime>153722867280912</IdleTime>
|
||||||
|
</LazyLoading>
|
||||||
|
<!-- <EagerLoading>
|
||||||
|
<Include>*,!foo.com,!bar.com</Include>
|
||||||
|
</EagerLoading>-->
|
||||||
|
</LoadingPolicy>
|
||||||
|
</Tenant>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Caching related configurations
|
||||||
|
-->
|
||||||
|
<Cache>
|
||||||
|
<!-- Default cache timeout in minutes -->
|
||||||
|
<DefaultCacheTimeout>15</DefaultCacheTimeout>
|
||||||
|
</Cache>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Axis2 related configurations
|
||||||
|
-->
|
||||||
|
<Axis2Config>
|
||||||
|
<!--
|
||||||
|
Location of the Axis2 Services & Modules repository
|
||||||
|
|
||||||
|
This can be a directory in the local file system, or a URL.
|
||||||
|
|
||||||
|
e.g.
|
||||||
|
1. /home/wso2wsas/repository/ - An absolute path
|
||||||
|
2. repository - In this case, the path is relative to CARBON_HOME
|
||||||
|
3. file:///home/wso2wsas/repository/
|
||||||
|
4. http://wso2wsas/repository/
|
||||||
|
-->
|
||||||
|
<RepositoryLocation>${carbon.home}/repository/deployment/server/</RepositoryLocation>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Deployment update interval in seconds. This is the interval between repository listener
|
||||||
|
executions.
|
||||||
|
-->
|
||||||
|
<DeploymentUpdateInterval>15</DeploymentUpdateInterval>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Location of the main Axis2 configuration descriptor file, a.k.a. axis2.xml file
|
||||||
|
|
||||||
|
This can be a file on the local file system, or a URL
|
||||||
|
|
||||||
|
e.g.
|
||||||
|
1. /home/repository/axis2.xml - An absolute path
|
||||||
|
2. conf/axis2.xml - In this case, the path is relative to CARBON_HOME
|
||||||
|
3. file:///home/carbon/repository/axis2.xml
|
||||||
|
4. http://repository/conf/axis2.xml
|
||||||
|
-->
|
||||||
|
<ConfigurationFile>${carbon.home}/repository/conf/axis2/axis2.xml</ConfigurationFile>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
ServiceGroupContextIdleTime, which will be set in ConfigurationContex
|
||||||
|
for multiple clients which are going to access the same ServiceGroupContext
|
||||||
|
Default Value is 30 Sec.
|
||||||
|
-->
|
||||||
|
<ServiceGroupContextIdleTime>30000</ServiceGroupContextIdleTime>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
This repository location is used to crete the client side configuration
|
||||||
|
context used by the server when calling admin services.
|
||||||
|
-->
|
||||||
|
<ClientRepositoryLocation>${carbon.home}/repository/deployment/client/</ClientRepositoryLocation>
|
||||||
|
<!-- This axis2 xml is used in createing the configuration context by the FE server
|
||||||
|
calling to BE server -->
|
||||||
|
<clientAxis2XmlLocation>${carbon.home}/repository/conf/axis2/axis2_client.xml</clientAxis2XmlLocation>
|
||||||
|
<!-- If this parameter is set, the ?wsdl on an admin service will not give the admin service wsdl. -->
|
||||||
|
<HideAdminServiceWSDLs>true</HideAdminServiceWSDLs>
|
||||||
|
|
||||||
|
<!--WARNING-Use With Care! Uncommenting bellow parameter would expose all AdminServices in HTTP transport.
|
||||||
|
With HTTP transport your credentials and data routed in public channels are vulnerable for sniffing attacks.
|
||||||
|
Use bellow parameter ONLY if your communication channels are confirmed to be secured by other means -->
|
||||||
|
<!--HttpAdminServices>*</HttpAdminServices-->
|
||||||
|
|
||||||
|
</Axis2Config>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The default user roles which will be created when the server
|
||||||
|
is started up for the first time.
|
||||||
|
-->
|
||||||
|
<ServiceUserRoles>
|
||||||
|
<Role>
|
||||||
|
<Name>admin</Name>
|
||||||
|
<Description>Default Administrator Role</Description>
|
||||||
|
</Role>
|
||||||
|
<Role>
|
||||||
|
<Name>user</Name>
|
||||||
|
<Description>Default User Role</Description>
|
||||||
|
</Role>
|
||||||
|
</ServiceUserRoles>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Enable following config to allow Emails as usernames.
|
||||||
|
-->
|
||||||
|
<!--EnableEmailUserName>true</EnableEmailUserName-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Security configurations
|
||||||
|
-->
|
||||||
|
<Security>
|
||||||
|
<!--
|
||||||
|
KeyStore which will be used for encrypting/decrypting passwords
|
||||||
|
and other sensitive information.
|
||||||
|
-->
|
||||||
|
<KeyStore>
|
||||||
|
<!-- Keystore file location-->
|
||||||
|
<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
|
||||||
|
<!-- Keystore type (JKS/PKCS12 etc.)-->
|
||||||
|
<Type>JKS</Type>
|
||||||
|
<!-- Keystore password-->
|
||||||
|
<Password>wso2carbon</Password>
|
||||||
|
<!-- Private Key alias-->
|
||||||
|
<KeyAlias>wso2carbon</KeyAlias>
|
||||||
|
<!-- Private Key password-->
|
||||||
|
<KeyPassword>wso2carbon</KeyPassword>
|
||||||
|
</KeyStore>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
System wide trust-store which is used to maintain the certificates of all
|
||||||
|
the trusted parties.
|
||||||
|
-->
|
||||||
|
<TrustStore>
|
||||||
|
<!-- trust-store file location -->
|
||||||
|
<Location>${carbon.home}/repository/resources/security/client-truststore.jks</Location>
|
||||||
|
<!-- trust-store type (JKS/PKCS12 etc.) -->
|
||||||
|
<Type>JKS</Type>
|
||||||
|
<!-- trust-store password -->
|
||||||
|
<Password>wso2carbon</Password>
|
||||||
|
</TrustStore>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The Authenticator configuration to be used at the JVM level. We extend the
|
||||||
|
java.net.Authenticator to make it possible to authenticate to given servers and
|
||||||
|
proxies.
|
||||||
|
-->
|
||||||
|
<NetworkAuthenticatorConfig>
|
||||||
|
<!--
|
||||||
|
Below is a sample configuration for a single authenticator. Please note that
|
||||||
|
all child elements are mandatory. Not having some child elements would lead to
|
||||||
|
exceptions at runtime.
|
||||||
|
-->
|
||||||
|
<!-- <Credential> -->
|
||||||
|
<!--
|
||||||
|
the pattern that would match a subset of URLs for which this authenticator
|
||||||
|
would be used
|
||||||
|
-->
|
||||||
|
<!-- <Pattern>regularExpression</Pattern> -->
|
||||||
|
<!--
|
||||||
|
the type of this authenticator. Allowed values are:
|
||||||
|
1. server
|
||||||
|
2. proxy
|
||||||
|
-->
|
||||||
|
<!-- <Type>proxy</Type> -->
|
||||||
|
<!-- the username used to log in to server/proxy -->
|
||||||
|
<!-- <Username>username</Username> -->
|
||||||
|
<!-- the password used to log in to server/proxy -->
|
||||||
|
<!-- <Password>password</Password> -->
|
||||||
|
<!-- </Credential> -->
|
||||||
|
</NetworkAuthenticatorConfig>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The Tomcat realm to be used for hosted Web applications. Allowed values are;
|
||||||
|
1. UserManager
|
||||||
|
2. Memory
|
||||||
|
|
||||||
|
If this is set to 'UserManager', the realm will pick users & roles from the system's
|
||||||
|
WSO2 User Manager. If it is set to 'memory', the realm will pick users & roles from
|
||||||
|
CARBON_HOME/repository/conf/tomcat/tomcat-users.xml
|
||||||
|
-->
|
||||||
|
<TomcatRealm>UserManager</TomcatRealm>
|
||||||
|
|
||||||
|
<!--Option to disable storing of tokens issued by STS-->
|
||||||
|
<DisableTokenStore>false</DisableTokenStore>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Security token store class name. If this is not set, default class will be
|
||||||
|
org.wso2.carbon.security.util.SecurityTokenStore
|
||||||
|
-->
|
||||||
|
<!--TokenStoreClassName>org.wso2.carbon.identity.sts.store.DBTokenStore</TokenStoreClassName-->
|
||||||
|
|
||||||
|
<XSSPreventionConfig>
|
||||||
|
<Enabled>true</Enabled>
|
||||||
|
<Rule>allow</Rule>
|
||||||
|
<Patterns>
|
||||||
|
<!--Pattern></Pattern-->
|
||||||
|
</Patterns>
|
||||||
|
</XSSPreventionConfig>
|
||||||
|
|
||||||
|
<!-- Configurations to avoid Cross Site Request Forgery vulnerabilities -->
|
||||||
|
<CSRFPreventionConfig>
|
||||||
|
<!-- CSRFPreventionFilter configurations that adopts Synchronizer Token Pattern -->
|
||||||
|
<CSRFPreventionFilter>
|
||||||
|
<!-- Set below to true to enable the CSRFPreventionFilter -->
|
||||||
|
<Enabled>false</Enabled>
|
||||||
|
<!-- Url Pattern to skip application of CSRF protection-->
|
||||||
|
<SkipUrlPattern>(.*)(/images|/css|/js|/docs)(.*)</SkipUrlPattern>
|
||||||
|
</CSRFPreventionFilter>
|
||||||
|
</CSRFPreventionConfig>
|
||||||
|
|
||||||
|
<!-- Configuration to enable or disable CR and LF sanitization filter-->
|
||||||
|
<CRLFPreventionConfig>
|
||||||
|
<!--Set below to true to enable the CRLFPreventionFilter-->
|
||||||
|
<Enabled>true</Enabled>
|
||||||
|
</CRLFPreventionConfig>
|
||||||
|
</Security>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The temporary work directory
|
||||||
|
-->
|
||||||
|
<WorkDirectory>${carbon.home}/tmp/work</WorkDirectory>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
House-keeping configuration
|
||||||
|
-->
|
||||||
|
<HouseKeeping>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
true - Start House-keeping thread on server startup
|
||||||
|
false - Do not start House-keeping thread on server startup.
|
||||||
|
The user will run it manually as and when he wishes.
|
||||||
|
-->
|
||||||
|
<AutoStart>true</AutoStart>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The interval in *minutes*, between house-keeping runs
|
||||||
|
-->
|
||||||
|
<Interval>10</Interval>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
The maximum time in *minutes*, temp files are allowed to live
|
||||||
|
in the system. Files/directories which were modified more than
|
||||||
|
"MaxTempFileLifetime" minutes ago will be removed by the
|
||||||
|
house-keeping task
|
||||||
|
-->
|
||||||
|
<MaxTempFileLifetime>30</MaxTempFileLifetime>
|
||||||
|
</HouseKeeping>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Configuration for handling different types of file upload & other file uploading related
|
||||||
|
config parameters.
|
||||||
|
To map all actions to a particular FileUploadExecutor, use
|
||||||
|
<Action>*</Action>
|
||||||
|
-->
|
||||||
|
<FileUploadConfig>
|
||||||
|
<!--
|
||||||
|
The total file upload size limit in MB
|
||||||
|
-->
|
||||||
|
<TotalFileSizeLimit>100</TotalFileSizeLimit>
|
||||||
|
|
||||||
|
<Mapping>
|
||||||
|
<Actions>
|
||||||
|
<Action>keystore</Action>
|
||||||
|
<Action>certificate</Action>
|
||||||
|
<Action>*</Action>
|
||||||
|
</Actions>
|
||||||
|
<Class>org.wso2.carbon.ui.transports.fileupload.AnyFileUploadExecutor</Class>
|
||||||
|
</Mapping>
|
||||||
|
|
||||||
|
<Mapping>
|
||||||
|
<Actions>
|
||||||
|
<Action>jarZip</Action>
|
||||||
|
</Actions>
|
||||||
|
<Class>org.wso2.carbon.ui.transports.fileupload.JarZipUploadExecutor</Class>
|
||||||
|
</Mapping>
|
||||||
|
<Mapping>
|
||||||
|
<Actions>
|
||||||
|
<Action>dbs</Action>
|
||||||
|
</Actions>
|
||||||
|
<Class>org.wso2.carbon.ui.transports.fileupload.DBSFileUploadExecutor</Class>
|
||||||
|
</Mapping>
|
||||||
|
<Mapping>
|
||||||
|
<Actions>
|
||||||
|
<Action>tools</Action>
|
||||||
|
</Actions>
|
||||||
|
<Class>org.wso2.carbon.ui.transports.fileupload.ToolsFileUploadExecutor</Class>
|
||||||
|
</Mapping>
|
||||||
|
<Mapping>
|
||||||
|
<Actions>
|
||||||
|
<Action>toolsAny</Action>
|
||||||
|
</Actions>
|
||||||
|
<Class>org.wso2.carbon.ui.transports.fileupload.ToolsAnyFileUploadExecutor</Class>
|
||||||
|
</Mapping>
|
||||||
|
</FileUploadConfig>
|
||||||
|
|
||||||
|
<!-- FileNameRegEx is used to validate the file input/upload/write-out names.
|
||||||
|
e.g.
|
||||||
|
<FileNameRegEx>^(?!(?:CON|PRN|AUX|NUL|COM[1-9]|LPT[1-9])(?:\.[^.])?$)[^<>:"/\\|?*\x00-\x1F][^<>:"/\\|?*\x00-\x1F\ .]$</FileNameRegEx>
|
||||||
|
-->
|
||||||
|
<!--<FileNameRegEx></FileNameRegEx>-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Processors which process special HTTP GET requests such as ?wsdl, ?policy etc.
|
||||||
|
|
||||||
|
In order to plug in a processor to handle a special request, simply add an entry to this
|
||||||
|
section.
|
||||||
|
|
||||||
|
The value of the Item element is the first parameter in the query string(e.g. ?wsdl)
|
||||||
|
which needs special processing
|
||||||
|
|
||||||
|
The value of the Class element is a class which implements
|
||||||
|
org.wso2.carbon.transport.HttpGetRequestProcessor
|
||||||
|
-->
|
||||||
|
<HttpGetRequestProcessors>
|
||||||
|
<Processor>
|
||||||
|
<Item>info</Item>
|
||||||
|
<Class>org.wso2.carbon.core.transports.util.InfoProcessor</Class>
|
||||||
|
</Processor>
|
||||||
|
<Processor>
|
||||||
|
<Item>wsdl</Item>
|
||||||
|
<Class>org.wso2.carbon.core.transports.util.Wsdl11Processor</Class>
|
||||||
|
</Processor>
|
||||||
|
<Processor>
|
||||||
|
<Item>wsdl2</Item>
|
||||||
|
<Class>org.wso2.carbon.core.transports.util.Wsdl20Processor</Class>
|
||||||
|
</Processor>
|
||||||
|
<Processor>
|
||||||
|
<Item>xsd</Item>
|
||||||
|
<Class>org.wso2.carbon.core.transports.util.XsdProcessor</Class>
|
||||||
|
</Processor>
|
||||||
|
</HttpGetRequestProcessors>
|
||||||
|
|
||||||
|
<!-- Deployment Synchronizer Configuration. t Enabled value to true when running with "svn based" dep sync.
|
||||||
|
In master nodes you need to set both AutoCommit and AutoCheckout to true
|
||||||
|
and in worker nodes set only AutoCheckout to true.
|
||||||
|
-->
|
||||||
|
<DeploymentSynchronizer>
|
||||||
|
<Enabled>false</Enabled>
|
||||||
|
<AutoCommit>false</AutoCommit>
|
||||||
|
<AutoCheckout>true</AutoCheckout>
|
||||||
|
<RepositoryType>svn</RepositoryType>
|
||||||
|
<SvnUrl>http://svnrepo.example.com/repos/</SvnUrl>
|
||||||
|
<SvnUser>username</SvnUser>
|
||||||
|
<SvnPassword>password</SvnPassword>
|
||||||
|
<SvnUrlAppendTenantId>true</SvnUrlAppendTenantId>
|
||||||
|
</DeploymentSynchronizer>
|
||||||
|
|
||||||
|
<!-- Deployment Synchronizer Configuration. Uncomment the following section when running with "registry based" dep sync.
|
||||||
|
In master nodes you need to set both AutoCommit and AutoCheckout to true
|
||||||
|
and in worker nodes set only AutoCheckout to true.
|
||||||
|
-->
|
||||||
|
<!--<DeploymentSynchronizer>
|
||||||
|
<Enabled>true</Enabled>
|
||||||
|
<AutoCommit>false</AutoCommit>
|
||||||
|
<AutoCheckout>true</AutoCheckout>
|
||||||
|
</DeploymentSynchronizer>-->
|
||||||
|
|
||||||
|
<!-- Mediation persistence configurations. Only valid if mediation features are available i.e. ESB -->
|
||||||
|
<!--<MediationConfig>
|
||||||
|
<LoadFromRegistry>false</LoadFromRegistry>
|
||||||
|
<SaveToFile>false</SaveToFile>
|
||||||
|
<Persistence>enabled</Persistence>
|
||||||
|
<RegistryPersistence>enabled</RegistryPersistence>
|
||||||
|
</MediationConfig>-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Server intializing code, specified as implementation classes of org.wso2.carbon.core.ServerInitializer.
|
||||||
|
This code will be run when the Carbon server is initialized
|
||||||
|
-->
|
||||||
|
<ServerInitializers>
|
||||||
|
<!--<Initializer></Initializer>-->
|
||||||
|
</ServerInitializers>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Indicates whether the Carbon Servlet is required by the system, and whether it should be
|
||||||
|
registered
|
||||||
|
-->
|
||||||
|
<RequireCarbonServlet>${require.carbon.servlet}</RequireCarbonServlet>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Carbon H2 OSGI Configuration
|
||||||
|
By default non of the servers start.
|
||||||
|
name="web" - Start the web server with the H2 Console
|
||||||
|
name="webPort" - The port (default: 8082)
|
||||||
|
name="webAllowOthers" - Allow other computers to connect
|
||||||
|
name="webSSL" - Use encrypted (HTTPS) connections
|
||||||
|
name="tcp" - Start the TCP server
|
||||||
|
name="tcpPort" - The port (default: 9092)
|
||||||
|
name="tcpAllowOthers" - Allow other computers to connect
|
||||||
|
name="tcpSSL" - Use encrypted (SSL) connections
|
||||||
|
name="pg" - Start the PG server
|
||||||
|
name="pgPort" - The port (default: 5435)
|
||||||
|
name="pgAllowOthers" - Allow other computers to connect
|
||||||
|
name="trace" - Print additional trace information; for all servers
|
||||||
|
name="baseDir" - The base directory for H2 databases; for all servers
|
||||||
|
-->
|
||||||
|
<!--H2DatabaseConfiguration>
|
||||||
|
<property name="web" />
|
||||||
|
<property name="webPort">8082</property>
|
||||||
|
<property name="webAllowOthers" />
|
||||||
|
<property name="webSSL" />
|
||||||
|
<property name="tcp" />
|
||||||
|
<property name="tcpPort">9092</property>
|
||||||
|
<property name="tcpAllowOthers" />
|
||||||
|
<property name="tcpSSL" />
|
||||||
|
<property name="pg" />
|
||||||
|
<property name="pgPort">5435</property>
|
||||||
|
<property name="pgAllowOthers" />
|
||||||
|
<property name="trace" />
|
||||||
|
<property name="baseDir">${carbon.home}</property>
|
||||||
|
</H2DatabaseConfiguration-->
|
||||||
|
<!--Disabling statistics reporter by default-->
|
||||||
|
<StatisticsReporterDisabled>true</StatisticsReporterDisabled>
|
||||||
|
|
||||||
|
<!-- Enable accessing Admin Console via HTTP -->
|
||||||
|
<!-- EnableHTTPAdminConsole>true</EnableHTTPAdminConsole -->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Default Feature Repository of WSO2 Carbon.
|
||||||
|
-->
|
||||||
|
<FeatureRepository>
|
||||||
|
<RepositoryName>default repository</RepositoryName>
|
||||||
|
<RepositoryURL>http://product-dist.wso2.com/p2/carbon/releases/wilkes/</RepositoryURL>
|
||||||
|
</FeatureRepository>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Configure API Management
|
||||||
|
-->
|
||||||
|
<APIManagement>
|
||||||
|
|
||||||
|
<!--Uses the embedded API Manager by default. If you want to use an external
|
||||||
|
API Manager instance to manage APIs, configure below externalAPIManager-->
|
||||||
|
|
||||||
|
<Enabled>true</Enabled>
|
||||||
|
|
||||||
|
<!--Uncomment and configure API Gateway and
|
||||||
|
Publisher URLs to use external API Manager instance-->
|
||||||
|
|
||||||
|
<!--ExternalAPIManager>
|
||||||
|
|
||||||
|
<APIGatewayURL>http://localhost:8281</APIGatewayURL>
|
||||||
|
<APIPublisherURL>http://localhost:8281/publisher</APIPublisherURL>
|
||||||
|
|
||||||
|
</ExternalAPIManager-->
|
||||||
|
|
||||||
|
<LoadAPIContextsInServerStartup>true</LoadAPIContextsInServerStartup>
|
||||||
|
</APIManagement>
|
||||||
|
</Server>
|
@ -0,0 +1,12 @@
|
|||||||
|
<processor>
|
||||||
|
<!-- Remove current datsources config -->
|
||||||
|
<remove>
|
||||||
|
<name>//datasources-configuration/datasources</name>
|
||||||
|
</remove>
|
||||||
|
|
||||||
|
<!-- Add modified Carbon db and UM db config -->
|
||||||
|
<add>
|
||||||
|
<inside>//datasources-configuration</inside>
|
||||||
|
<file>src/analytics/conf/ds_config.xml</file>
|
||||||
|
</add>
|
||||||
|
</processor>
|
@ -0,0 +1,25 @@
|
|||||||
|
<config>
|
||||||
|
<datasources>
|
||||||
|
<datasource>
|
||||||
|
<name>WSO2_CARBON_DB</name>
|
||||||
|
<description>The datasource used for registry and user manager</description>
|
||||||
|
<jndiConfig>
|
||||||
|
<name>jdbc/WSO2CarbonDB</name>
|
||||||
|
</jndiConfig>
|
||||||
|
<definition type="RDBMS">
|
||||||
|
<configuration>
|
||||||
|
<url>jdbc:h2:../core/repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;AUTO_SERVER=TRUE;AUTO_SERVER_PORT=9095</url>
|
||||||
|
<username>wso2carbon</username>
|
||||||
|
<password>wso2carbon</password>
|
||||||
|
<driverClassName>org.h2.Driver</driverClassName>
|
||||||
|
<maxActive>50</maxActive>
|
||||||
|
<maxWait>60000</maxWait>
|
||||||
|
<testOnBorrow>true</testOnBorrow>
|
||||||
|
<validationQuery>SELECT 1</validationQuery>
|
||||||
|
<validationInterval>30000</validationInterval>
|
||||||
|
<defaultAutoCommit>false</defaultAutoCommit>
|
||||||
|
</configuration>
|
||||||
|
</definition>
|
||||||
|
</datasource>
|
||||||
|
</datasources>
|
||||||
|
</config>
|
@ -0,0 +1,33 @@
|
|||||||
|
<processor>
|
||||||
|
<!-- Add input event adapter config element -->
|
||||||
|
<add>
|
||||||
|
<after>inputEventAdaptersConfig/adapterConfig[@type="jms"]</after>
|
||||||
|
<value><![CDATA[<adapterConfig type="oauth-http">
|
||||||
|
<property key="minThread">8</property>
|
||||||
|
<property key="maxThread">100</property>
|
||||||
|
<property key="keepAliveTimeInMillis">20000</property>
|
||||||
|
<property key="jobQueueSize">10000</property>
|
||||||
|
<property key="maximumHttpConnectionPerHost">2</property>
|
||||||
|
<property key="maximumTotalHttpConnection">100</property>
|
||||||
|
<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
|
||||||
|
<property key="username">admin</property>
|
||||||
|
<property key="password">admin</property>
|
||||||
|
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
|
||||||
|
<property key="deviceMgtServerUrl">https://${iot.gateway.host}:${iot.gateway.https.port}</property>
|
||||||
|
<property key="tokenRefreshTimeOffset">100</property>
|
||||||
|
</adapterConfig>
|
||||||
|
|
||||||
|
<adapterConfig type="oauth-mqtt">
|
||||||
|
<!-- Thread Pool Related Properties -->
|
||||||
|
<property key="minThread">8</property>
|
||||||
|
<property key="maxThread">100</property>
|
||||||
|
<property key="keepAliveTimeInMillis">20000</property>
|
||||||
|
<property key="jobQueueSize">10000</property>
|
||||||
|
<property key="connectionKeepAliveInterval">60</property>
|
||||||
|
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
|
||||||
|
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
|
||||||
|
<property key="username">admin</property>
|
||||||
|
<property key="password">admin</property>
|
||||||
|
</adapterConfig>]]></value>
|
||||||
|
</add>
|
||||||
|
</processor>
|
@ -0,0 +1,29 @@
|
|||||||
|
#
|
||||||
|
# Copyright (c) 2015, WSO2 Inc. (http://wso2.com) All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
# register some connection factories
|
||||||
|
# connectionfactory.[jndiname] = [ConnectionURL]
|
||||||
|
connectionfactory.TopicConnectionFactory = amqp://admin:admin@clientID/test?brokerlist='tcp://localhost:5672'
|
||||||
|
|
||||||
|
connectionfactory.QueueConnectionFactory = amqp://admin:admin@clientID/test?brokerlist='tcp://localhost:5672'
|
||||||
|
|
||||||
|
# register some queues in JNDI using the form
|
||||||
|
# queue.[jndiName] = [physicalName]
|
||||||
|
queue.MyQueue = example.MyQueue
|
||||||
|
|
||||||
|
# register some topics in JNDI using the form
|
||||||
|
# topic.[jndiName] = [physicalName]
|
||||||
|
topic.MyTopic = example.MyTopic
|
@ -0,0 +1,180 @@
|
|||||||
|
#
|
||||||
|
# Copyright 2009 WSO2, Inc. (http://wso2.com)
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
|
#
|
||||||
|
# This is the log4j configuration file used by WSO2 Carbon
|
||||||
|
#
|
||||||
|
# IMPORTANT : Please do not remove or change the names of any
|
||||||
|
# of the Appenders defined here. The layout pattern & log file
|
||||||
|
# can be changed using the WSO2 Carbon Management Console, and those
|
||||||
|
# settings will override the settings in this file.
|
||||||
|
#
|
||||||
|
|
||||||
|
log4j.rootLogger=INFO, CARBON_CONSOLE, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
|
||||||
|
log4j.logger.AUDIT_LOG=INFO, AUDIT_LOGFILE
|
||||||
|
log4j.logger.org.apache.axis2.wsdl.codegen.writer.PrettyPrinter=ERROR, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.axis2.clustering=INFO, CARBON_CONSOLE, CARBON_LOGFILE
|
||||||
|
log4j.logger.org.apache=INFO, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.catalina=WARN
|
||||||
|
log4j.logger.org.apache.tomcat=WARN
|
||||||
|
log4j.logger.org.wso2.carbon.apacheds=WARN
|
||||||
|
log4j.logger.org.apache.directory.server.ldap=WARN
|
||||||
|
log4j.logger.org.apache.directory.server.core.event=WARN
|
||||||
|
log4j.logger.com.atomikos=INFO,ATOMIKOS
|
||||||
|
log4j.logger.org.quartz=WARN
|
||||||
|
log4j.logger.org.apache.jackrabbit.webdav=WARN
|
||||||
|
log4j.logger.org.apache.juddi=ERROR
|
||||||
|
log4j.logger.org.apache.commons.digester.Digester=WARN
|
||||||
|
log4j.logger.org.apache.jasper.compiler.TldLocationsCache=WARN
|
||||||
|
log4j.logger.org.apache.qpid=WARN
|
||||||
|
log4j.logger.org.apache.qpid.server.Main=INFO
|
||||||
|
log4j.logger.qpid.message=WARN
|
||||||
|
log4j.logger.qpid.message.broker.listening=INFO
|
||||||
|
log4j.logger.org.apache.tiles=WARN
|
||||||
|
log4j.logger.org.apache.commons.httpclient=ERROR
|
||||||
|
log4j.logger.org.apache.coyote=WARN
|
||||||
|
log4j.logger.org.apache.solr=ERROR
|
||||||
|
log4j.logger.org.infinispan=WARN
|
||||||
|
log4j.logger.org.jgroups=ERROR
|
||||||
|
log4j.logger.me.prettyprint.cassandra.hector.TimingLogger=ERROR
|
||||||
|
log4j.logger.org.wso2=INFO
|
||||||
|
log4j.logger.org.apache.axis2.enterprise=FATAL, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.opensaml.xml=WARN, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.directory.shared.ldap=WARN, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.directory.server.ldap.handlers=WARN, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
#Following are to remove false error messages from startup (IS)
|
||||||
|
log4j.logger.org.apache.directory.shared.ldap.entry.DefaultServerAttribute=FATAL, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.directory.server.core.DefaultDirectoryService=ERROR, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.directory.shared.ldap.ldif.LdifReader=ERROR, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.directory.server.ldap.LdapProtocolHandler=ERROR, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
log4j.logger.org.apache.directory.server.core=ERROR, CARBON_LOGFILE, CARBON_MEMORY
|
||||||
|
#Hive Related Log configurations
|
||||||
|
log4j.logger.DataNucleus=ERROR
|
||||||
|
log4j.logger.Datastore=ERROR
|
||||||
|
log4j.logger.Datastore.Schema=ERROR
|
||||||
|
log4j.logger.JPOX.Datastore=ERROR
|
||||||
|
log4j.logger.JPOX.Plugin=ERROR
|
||||||
|
log4j.logger.JPOX.MetaData=ERROR
|
||||||
|
log4j.logger.JPOX.Query=ERROR
|
||||||
|
log4j.logger.JPOX.General=ERROR
|
||||||
|
log4j.logger.JPOX.Enhancer=ERROR
|
||||||
|
log4j.logger.org.apache.hadoop.hive=WARN
|
||||||
|
log4j.logger.hive=WARN
|
||||||
|
log4j.logger.ExecMapper=WARN
|
||||||
|
log4j.logger.ExecReducer=WARN
|
||||||
|
log4j.logger.net.sf.ehcache.config.ConfigurationFactory=ERROR
|
||||||
|
|
||||||
|
log4j.logger.trace.messages=TRACE,CARBON_TRACE_LOGFILE
|
||||||
|
|
||||||
|
#spark log components
|
||||||
|
log4j.logger.org.apache.spark=WARN
|
||||||
|
log4j.logger.org.spark-project=WARN
|
||||||
|
log4j.logger.akka=WARN
|
||||||
|
log4j.logger.org.apache.spark.util.ClosureCleaner=ERROR
|
||||||
|
|
||||||
|
log4j.additivity.org.apache.axis2.clustering=false
|
||||||
|
log4j.additivity.com.atomikos=false
|
||||||
|
log4j.additivity.org.apache=false
|
||||||
|
|
||||||
|
# CARBON_CONSOLE is set to be a ConsoleAppender using a PatternLayout.
|
||||||
|
log4j.appender.CARBON_CONSOLE=org.wso2.carbon.utils.logging.appenders.CarbonConsoleAppender
|
||||||
|
log4j.appender.CARBON_CONSOLE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
|
||||||
|
# ConversionPattern will be overridden by the configuration setting in the DB
|
||||||
|
log4j.appender.CARBON_CONSOLE.layout.ConversionPattern=[%d] [${logger.server.name}] %P%5p {%c} - %x %m%n
|
||||||
|
log4j.appender.CARBON_CONSOLE.layout.TenantPattern=%U%@%D[%T]
|
||||||
|
log4j.appender.CARBON_CONSOLE.threshold=DEBUG
|
||||||
|
|
||||||
|
# The memory appender for logging
|
||||||
|
log4j.appender.CARBON_MEMORY=org.wso2.carbon.logging.service.appender.CarbonMemoryAppender
|
||||||
|
log4j.appender.CARBON_MEMORY.bufferSize=2000
|
||||||
|
log4j.appender.CARBON_MEMORY.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
|
||||||
|
# ConversionPattern will be overridden by the configuration setting in the DB
|
||||||
|
log4j.appender.CARBON_MEMORY.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
|
||||||
|
log4j.appender.CARBON_MEMORY.layout.TenantPattern=%U%@%D [%T] [%S]
|
||||||
|
log4j.appender.CARBON_MEMORY.columnList=%T,%S,%A,%d,%c,%p,%m,%H,%I,%Stacktrace
|
||||||
|
log4j.appender.CARBON_MEMORY.threshold=DEBUG
|
||||||
|
|
||||||
|
# CARBON_LOGFILE is set to be a DailyRollingFileAppender using a PatternLayout.
|
||||||
|
log4j.appender.CARBON_LOGFILE=org.wso2.carbon.utils.logging.appenders.CarbonDailyRollingFileAppender
|
||||||
|
# Log file will be overridden by the configuration setting in the DB
|
||||||
|
# This path should be relative to WSO2 Carbon Home
|
||||||
|
log4j.appender.CARBON_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon${instance.log}.log
|
||||||
|
log4j.appender.CARBON_LOGFILE.Append=true
|
||||||
|
log4j.appender.CARBON_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
|
||||||
|
# ConversionPattern will be overridden by the configuration setting in the DB
|
||||||
|
log4j.appender.CARBON_LOGFILE.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
|
||||||
|
log4j.appender.CARBON_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
|
||||||
|
log4j.appender.CARBON_LOGFILE.threshold=DEBUG
|
||||||
|
|
||||||
|
log4j.appender.CARBON_SYS_LOG = org.apache.log4j.net.SyslogAppender
|
||||||
|
log4j.appender.CARBON_SYS_LOG.layout=org.apache.log4j.PatternLayout
|
||||||
|
log4j.appender.CARBON_SYS_LOG.layout.ConversionPattern=[%d] %5p {%c} - %x %m {%c}%n
|
||||||
|
log4j.appender.CARBON_SYS_LOG.SyslogHost=localhost
|
||||||
|
log4j.appender.CARBON_SYS_LOG.Facility=USER
|
||||||
|
log4j.appender.CARBON_SYS_LOG.threshold=DEBUG
|
||||||
|
|
||||||
|
# Appender config to CARBON_TRACE_LOGFILE
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE=org.apache.log4j.DailyRollingFileAppender
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE.File=${carbon.home}/repository/logs/${instance.log}/wso2carbon-trace-messages${instance.log}.log
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE.Append=true
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c} - %x %m {%c}%n
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
|
||||||
|
log4j.appender.CARBON_TRACE_LOGFILE.threshold=TRACE
|
||||||
|
log4j.additivity.trace.messages=false
|
||||||
|
|
||||||
|
# Appender config to AUDIT_LOGFILE
|
||||||
|
log4j.appender.AUDIT_LOGFILE=org.apache.log4j.DailyRollingFileAppender
|
||||||
|
log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
|
||||||
|
log4j.appender.AUDIT_LOGFILE.Append=true
|
||||||
|
log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
|
||||||
|
log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p - %x %m %n
|
||||||
|
log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
|
||||||
|
log4j.appender.AUDIT_LOGFILE.threshold=INFO
|
||||||
|
log4j.additivity.AUDIT_LOG=false
|
||||||
|
|
||||||
|
# Appender config to send Atomikos transaction logs to new log file tm.out.
|
||||||
|
log4j.appender.ATOMIKOS = org.apache.log4j.RollingFileAppender
|
||||||
|
log4j.appender.ATOMIKOS.File = repository/logs/tm.out
|
||||||
|
log4j.appender.ATOMIKOS.Append = true
|
||||||
|
log4j.appender.ATOMIKOS.layout = org.apache.log4j.PatternLayout
|
||||||
|
log4j.appender.ATOMIKOS.layout.ConversionPattern=%p %t %c - %m%n
|
||||||
|
|
||||||
|
# This file is used to override the default logger settings, and is used to remove unwanted logs from Shindig appearing on the console.
|
||||||
|
|
||||||
|
# Specification of Handler used by Console Logger
|
||||||
|
handlers=java.util.logging.ConsoleHandler
|
||||||
|
|
||||||
|
# Replacing default INFO level with SEVERE
|
||||||
|
java.util.logging.ConsoleHandler.level=SEVERE
|
||||||
|
|
||||||
|
# The event trace logger dumps enough information @INFO level, but maybe pushed upto TRACE.
|
||||||
|
# Writes only run-time/event processing time tracing/debug messages for event passing through trace
|
||||||
|
# enabled transport adapters event formatters, builders and processors. Enabling event tracing on these has a performance impact
|
||||||
|
log4j.category.EVENT_TRACE_LOGGER=INFO, EVENT_TRACE_APPENDER, EVENT_TRACE_MEMORYAPPENDER
|
||||||
|
log4j.additivity.EVENT_TRACE_LOGGER=false
|
||||||
|
log4j.appender.EVENT_TRACE_APPENDER=org.apache.log4j.DailyRollingFileAppender
|
||||||
|
log4j.appender.EVENT_TRACE_APPENDER.File=${carbon.home}/repository/logs/${instance.log}/wso2-das-trace${instance.log}.log
|
||||||
|
log4j.appender.EVENT_TRACE_APPENDER.Append=true
|
||||||
|
log4j.appender.EVENT_TRACE_APPENDER.layout=org.apache.log4j.PatternLayout
|
||||||
|
log4j.appender.EVENT_TRACE_APPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %c{1} %m%n
|
||||||
|
|
||||||
|
# The memory appender for trace logger
|
||||||
|
log4j.appender.EVENT_TRACE_MEMORYAPPENDER=org.wso2.carbon.utils.logging.appenders.MemoryAppender
|
||||||
|
log4j.appender.EVENT_TRACE_MEMORYAPPENDER.bufferSize=2000
|
||||||
|
log4j.appender.EVENT_TRACE_MEMORYAPPENDER.layout=org.apache.log4j.PatternLayout
|
||||||
|
log4j.appender.EVENT_TRACE_MEMORYAPPENDER.layout.ConversionPattern=%d{HH:mm:ss,SSS} [%X{ip}-%X{host}] [%t] %5p %m%n
|
@ -0,0 +1,41 @@
|
|||||||
|
<processor>
|
||||||
|
<!-- Add outpu event adapter config element -->
|
||||||
|
<add>
|
||||||
|
<after>/outputEventAdaptersConfig/adapterConfig[@type="websocket"]</after>
|
||||||
|
<value><![CDATA[<adapterConfig type="oauth-mqtt">
|
||||||
|
<!-- Thread Pool Related Properties -->
|
||||||
|
<property key="minThread">8</property>
|
||||||
|
<property key="maxThread">100</property>
|
||||||
|
<property key="keepAliveTimeInMillis">20000</property>
|
||||||
|
<property key="jobQueueSize">10000</property>
|
||||||
|
<property key="connectionKeepAliveInterval">60</property>
|
||||||
|
<property key="dcrUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}/client-registration/v0.11/register</property>
|
||||||
|
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
|
||||||
|
<property key="url">tcp://${mqtt.broker.host}:${mqtt.broker.port}</property>
|
||||||
|
<property key="username">admin</property>
|
||||||
|
<property key="password">admin</property>
|
||||||
|
</adapterConfig>
|
||||||
|
|
||||||
|
<adapterConfig type="secured-websocket">
|
||||||
|
<!-- Thread Pool Related Properties -->
|
||||||
|
<property key="minThread">8</property>
|
||||||
|
<property key="maxThread">100</property>
|
||||||
|
<property key="keepAliveTimeInMillis">20000</property>
|
||||||
|
<property key="jobQueueSize">10000</property>
|
||||||
|
<!--Authorizer holds the information of the authorizer that is used authorize a connection.-->
|
||||||
|
<property key="authenticator">org.wso2.carbon.device.mgt.output.adapter.websocket.authentication.OAuthAuthenticator</property>
|
||||||
|
<property key="tokenValidationUrl">https://${iot.keymanager.host}:${iot.keymanager.https.port}</property>
|
||||||
|
<property key="maximumHttpConnectionPerHost">2</property>
|
||||||
|
<property key="maximumTotalHttpConnection">100</property>
|
||||||
|
<property key="authorizer">org.wso2.carbon.device.mgt.output.adapter.websocket.authorization.DeviceAuthorizer</property>
|
||||||
|
<property key="tokenUrl">https://${iot.gateway.host}:${iot.gateway.https.port}/token</property>
|
||||||
|
<property key="deviceMgtServerUrl">https://${iot.gateway.host}:${iot.gateway.https.port}</property>
|
||||||
|
<property key="username">admin</property>
|
||||||
|
<property key="password">admin</property>
|
||||||
|
<!--websocket connection permissions which are validated for grouping (can have multiple permission.)-->
|
||||||
|
<property key="statsPermission">/permission/admin/device-mgt/realtime_analytics</property>
|
||||||
|
<!--offset time from expiry time to trigger refresh call (in seconds)-->
|
||||||
|
<property key="tokenRefreshTimeOffset">100</property>
|
||||||
|
</adapterConfig>]]></value>
|
||||||
|
</add>
|
||||||
|
</processor>
|
@ -0,0 +1,130 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
<!--
|
||||||
|
~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
~
|
||||||
|
~ WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
~ Version 2.0 (the "License"); you may not use this file except
|
||||||
|
~ in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing,
|
||||||
|
~ software distributed under the License is distributed on an
|
||||||
|
~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
~ KIND, either express or implied. See the License for the
|
||||||
|
~ specific language governing permissions and limitations
|
||||||
|
~ under the License.
|
||||||
|
-->
|
||||||
|
<wso2registry>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
For details on configuring different config & governance registries see;
|
||||||
|
http://wso2.org/library/tutorials/2010/04/sharing-registry-space-across-multiple-product-instances
|
||||||
|
-->
|
||||||
|
|
||||||
|
<currentDBConfig>wso2registry</currentDBConfig>
|
||||||
|
<readOnly>false</readOnly>
|
||||||
|
<enableCache>true</enableCache>
|
||||||
|
<registryRoot>/</registryRoot>
|
||||||
|
|
||||||
|
<dbConfig name="wso2registry">
|
||||||
|
<dataSource>jdbc/WSO2CarbonDB</dataSource>
|
||||||
|
</dbConfig>
|
||||||
|
|
||||||
|
<!--<handler class="org.wso2.carbon.registry.extensions.handlers.SynapseRepositoryHandler">
|
||||||
|
<filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
|
||||||
|
<property name="mediaType">application/vnd.apache.synapse</property>
|
||||||
|
</filter>
|
||||||
|
</handler>
|
||||||
|
|
||||||
|
<handler class="org.wso2.carbon.registry.extensions.handlers.SynapseRepositoryHandler">
|
||||||
|
<filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
|
||||||
|
<property name="mediaType">application/vnd.apache.iots</property>
|
||||||
|
</filter>
|
||||||
|
</handler>
|
||||||
|
|
||||||
|
<handler class="org.wso2.carbon.registry.extensions.handlers.Axis2RepositoryHandler">
|
||||||
|
<filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
|
||||||
|
<property name="mediaType">application/vnd.apache.axis2</property>
|
||||||
|
</filter>
|
||||||
|
</handler>
|
||||||
|
|
||||||
|
<handler class="org.wso2.carbon.registry.extensions.handlers.Axis2RepositoryHandler">
|
||||||
|
<filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
|
||||||
|
<property name="mediaType">application/vnd.apache.wsas</property>
|
||||||
|
</filter>
|
||||||
|
</handler>
|
||||||
|
|
||||||
|
<handler class="org.wso2.carbon.registry.extensions.handlers.WSDLMediaTypeHandler">
|
||||||
|
<filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
|
||||||
|
<property name="mediaType">application/wsdl+xml</property>
|
||||||
|
</filter>
|
||||||
|
</handler>
|
||||||
|
|
||||||
|
<handler class="org.wso2.carbon.registry.extensions.handlers.XSDMediaTypeHandler">
|
||||||
|
<filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher">
|
||||||
|
<property name="mediaType">application/x-xsd+xml</property>
|
||||||
|
</filter>
|
||||||
|
</handler> -->
|
||||||
|
|
||||||
|
<!--remoteInstance url="https://localhost:9443/registry">
|
||||||
|
<id>instanceid</id>
|
||||||
|
<username>username</username>
|
||||||
|
<password>password</password>
|
||||||
|
</remoteInstance-->
|
||||||
|
|
||||||
|
<!--remoteInstance url="https://localhost:9443/registry">
|
||||||
|
<id>instanceid</id>
|
||||||
|
<dbConfig>wso2registry</dbConfig>
|
||||||
|
<readOnly>false</readOnly>
|
||||||
|
<enableCache>true</enableCache>
|
||||||
|
<registryRoot>/</registryRoot>
|
||||||
|
</remoteInstance-->
|
||||||
|
|
||||||
|
<!--mount path="/_system/config" overwrite="true|false|virtual">
|
||||||
|
<instanceId>instanceid</instanceId>
|
||||||
|
<targetPath>/_system/nodes</targetPath>
|
||||||
|
</mount-->
|
||||||
|
|
||||||
|
<indexingConfiguration>
|
||||||
|
<startingDelayInSeconds>35</startingDelayInSeconds>
|
||||||
|
<indexingFrequencyInSeconds>3</indexingFrequencyInSeconds>
|
||||||
|
<!--number of resources submit for given indexing thread -->
|
||||||
|
<batchSize>50</batchSize>
|
||||||
|
<!--number of worker threads for indexing -->
|
||||||
|
<indexerPoolSize>50</indexerPoolSize>
|
||||||
|
<!-- location storing the time the indexing took place-->
|
||||||
|
<lastAccessTimeLocation>/_system/local/repository/components/org.wso2.carbon.registry/indexing/lastaccesstime</lastAccessTimeLocation>
|
||||||
|
<!-- the indexers that implement the indexer interface for a relevant media type/(s) -->
|
||||||
|
<indexers>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.MSExcelIndexer" mediaTypeRegEx="application/vnd.ms-excel"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.MSPowerpointIndexer" mediaTypeRegEx="application/vnd.ms-powerpoint"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.MSWordIndexer" mediaTypeRegEx="application/msword"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.PDFIndexer" mediaTypeRegEx="application/pdf"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer" mediaTypeRegEx="application/xml"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.XMLIndexer" mediaTypeRegEx="application/(.)+\+xml"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="application/swagger\+json"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="application/(.)+\+json"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="text/(.)+"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="application/x-javascript"/>
|
||||||
|
<indexer class="org.wso2.carbon.registry.indexing.indexer.PlainTextIndexer" mediaTypeRegEx="*"/>
|
||||||
|
</indexers>
|
||||||
|
<exclusions>
|
||||||
|
<exclusion pathRegEx="/_system/config/repository/dashboards/gadgets/swfobject1-5/.*[.]html"/>
|
||||||
|
<exclusion pathRegEx="/_system/local/repository/components/org[.]wso2[.]carbon[.]registry/mount/.*"/>
|
||||||
|
</exclusions>
|
||||||
|
</indexingConfiguration>
|
||||||
|
|
||||||
|
|
||||||
|
<versionResourcesOnChange>false</versionResourcesOnChange>
|
||||||
|
|
||||||
|
<!-- NOTE: You can edit the options under "StaticConfiguration" only before the
|
||||||
|
startup. -->
|
||||||
|
<staticConfiguration>
|
||||||
|
<versioningProperties>true</versioningProperties>
|
||||||
|
<versioningComments>true</versioningComments>
|
||||||
|
<versioningTags>true</versioningTags>
|
||||||
|
<versioningRatings>true</versioningRatings>
|
||||||
|
</staticConfiguration>
|
||||||
|
</wso2registry>
|
@ -0,0 +1,460 @@
|
|||||||
|
# The OWASP CSRFGuard Project, BSD License
|
||||||
|
# Eric Sheridan (eric@infraredsecurity.com), Copyright (c) 2011
|
||||||
|
# All rights reserved.
|
||||||
|
#
|
||||||
|
# Redistribution and use in source and binary forms, with or without
|
||||||
|
# modification, are permitted provided that the following conditions are met:
|
||||||
|
#
|
||||||
|
# 1. Redistributions of source code must retain the above copyright notice,
|
||||||
|
# this list of conditions and the following disclaimer.
|
||||||
|
# 2. Redistributions in binary form must reproduce the above copyright
|
||||||
|
# notice, this list of conditions and the following disclaimer in the
|
||||||
|
# documentation and/or other materials provided with the distribution.
|
||||||
|
# 3. Neither the name of OWASP nor the names of its contributors may be used
|
||||||
|
# to endorse or promote products derived from this software without specific
|
||||||
|
# prior written permission.
|
||||||
|
#
|
||||||
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||||
|
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||||
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||||
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
||||||
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||||
|
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
||||||
|
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
||||||
|
# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||||
|
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
|
||||||
|
# From: https://github.com/esheri3/OWASP-CSRFGuard/blob/master/csrfguard-test/src/main/webapp/WEB-INF/csrfguard.properties
|
||||||
|
|
||||||
|
# Common substitutions
|
||||||
|
# %servletContext% is the servlet context (e.g. the configured app prefix or war file name, or blank.
|
||||||
|
# e.g. if you deploy a default warfile as someApp.war, then %servletContext% will be /someApp
|
||||||
|
# if there isnt a context it will be the empty string. So to use this in the configuration, use e.g. %servletContext%/something.html
|
||||||
|
# which will translate to e.g. /someApp/something.html
|
||||||
|
|
||||||
|
# Logger
|
||||||
|
#
|
||||||
|
# The logger property (org.owasp.csrfguard.Logger) defines the qualified class name of
|
||||||
|
# the object responsible for processing all log messages produced by CSRFGuard. The default
|
||||||
|
# CSRFGuard logger is org.owasp.csrfguard.log.ConsoleLogger. This class logs all messages
|
||||||
|
# to System.out which JavaEE application servers redirect to a vendor specific log file.
|
||||||
|
# Developers can customize the logging behavior of CSRFGuard by implementing the
|
||||||
|
# org.owasp.csrfguard.log.ILogger interface and setting the logger property to the new
|
||||||
|
# logger's qualified class name. The following configuration snippet instructs OWASP CSRFGuard
|
||||||
|
# to capture all log messages to the console:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.ConsoleLogger
|
||||||
|
org.owasp.csrfguard.Logger=org.owasp.csrfguard.log.JavaLogger
|
||||||
|
|
||||||
|
# Which configuration provider factory you want to use. The default is org.owasp.csrfguard.config.PropertiesConfigurationProviderFactory
|
||||||
|
# Another configuration provider has more features including config overlays: org.owasp.csrfguard.config.overlay.ConfigurationOverlayProviderFactory
|
||||||
|
# The default configuration provider is: org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
|
||||||
|
# which will look for an overlay file, it is there, and the factory inside that file is set it will use it, otherwise will be PropertiesConfigurationProviderFactory
|
||||||
|
# it needs to implement org.owasp.csrfguard.config.ConfigurationProviderFactory
|
||||||
|
org.owasp.csrfguard.configuration.provider.factory = org.owasp.csrfguard.config.overlay.ConfigurationAutodetectProviderFactory
|
||||||
|
|
||||||
|
|
||||||
|
# If csrfguard filter is enabled
|
||||||
|
org.owasp.csrfguard.Enabled = true
|
||||||
|
|
||||||
|
# If csrf guard filter should check even if there is no session for the user
|
||||||
|
# Note: this changed around 2014/04, the default behavior used to be to
|
||||||
|
# not check if there is no session. If you want the legacy behavior (if your app
|
||||||
|
# is not susceptible to CSRF if the user has no session), set this to false
|
||||||
|
org.owasp.csrfguard.ValidateWhenNoSessionExists = true
|
||||||
|
|
||||||
|
# New Token Landing Page
|
||||||
|
#
|
||||||
|
# The new token landing page property (org.owasp.csrfguard.NewTokenLandingPage) defines where
|
||||||
|
# to send a user if the token is being generated for the first time, and the use new token landing
|
||||||
|
# page boolean property (org.owasp.csrfguard.UseNewTokenLandingPage) determines if any redirect happens.
|
||||||
|
# UseNewTokenLandingPage defaults to false if NewTokenLandingPage is not specified, and to true
|
||||||
|
# if it is specified.. If UseNewTokenLandingPage is set true then this request is generated
|
||||||
|
# using auto-posting forms and will only contain the CSRF prevention token parameter, if
|
||||||
|
# applicable. All query-string or form parameters sent with the original request will be
|
||||||
|
# discarded. If this property is not defined, CSRFGuard will instead auto-post the user to the
|
||||||
|
# original context and servlet path. The following configuration snippet instructs OWASP CSRFGuard to
|
||||||
|
# redirect the user to %servletContext%/index.html when the user visits a protected resource
|
||||||
|
# without having a corresponding CSRF token present in the HttpSession object:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.NewTokenLandingPage=%servletContext%/index.html
|
||||||
|
|
||||||
|
|
||||||
|
# Protected Methods
|
||||||
|
#
|
||||||
|
# The protected methods property (org.owasp.csrfguard.ProtectedMethods) defines a comma
|
||||||
|
# separated list of HTTP request methods that should be protected by CSRFGuard. The default
|
||||||
|
# list is an empty list which will cause all HTTP methods to be protected, thus preserving
|
||||||
|
# legacy behavior. This setting allows the user to inform CSRFGuard that only requests of the
|
||||||
|
# given types should be considered for protection. All HTTP methods not in the list will be
|
||||||
|
# considered safe (i.e. view only / unable to modify data). This should be used only when the
|
||||||
|
# user has concrete knowledge that all requests made via methods not in the list
|
||||||
|
# are safe (i.e. do not apply an action to any data) since it can actually introduce new
|
||||||
|
# security vulnerabilities. For example: the user thinks that all actionable requests are
|
||||||
|
# only available by POST requests when in fact some are available via GET requests. If the
|
||||||
|
# user has excluded GET requests from the list then they have introduced a vulnerability.
|
||||||
|
# The following configuration snippet instructs OWASP CSRFGuard to protect only the POST,
|
||||||
|
# PUT, and DELETE HTTP methods.
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.ProtectedMethods=POST,PUT,DELETE
|
||||||
|
|
||||||
|
# or you can configure all to be protected, and specify which is unprotected. This is the preferred approach
|
||||||
|
|
||||||
|
# WSO2 : Since state-changing operations are not performed via HTTP GET,
|
||||||
|
# disabling CSRF validation for GET method.
|
||||||
|
org.owasp.csrfguard.UnprotectedMethods=GET
|
||||||
|
|
||||||
|
# Unique Per-Page Tokens
|
||||||
|
#
|
||||||
|
# The unique token per-page property (org.owasp.csrfguard.TokenPerPage) is a boolean value that
|
||||||
|
# determines if CSRFGuard should make use of unique per-page (i.e. URI) prevention tokens as
|
||||||
|
# opposed to unique per-session prevention tokens. When a user requests a protected resource,
|
||||||
|
# CSRFGuard will determine if a page specific token has been previously generated. If a page
|
||||||
|
# specific token has not yet been previously generated, CSRFGuard will verify the request was
|
||||||
|
# submitted with the per-session token intact. After verifying the presence of the per-session token,
|
||||||
|
# CSRFGuard will create a page specific token that is required for all subsequent requests to the
|
||||||
|
# associated resource. The per-session CSRF token can only be used when requesting a resource for
|
||||||
|
# the first time. All subsequent requests must have the per-page token intact or the request will
|
||||||
|
# be treated as a CSRF attack. This behavior can be changed with the org.owasp.csrfguard.TokenPerPagePrecreate
|
||||||
|
# property. Enabling this property will make CSRFGuard calculate the per page token prior to a first
|
||||||
|
# visit. This option only works with JSTL token injection and is useful for preserving the validity of
|
||||||
|
# links if the user pushes the back button. There may be a performance impact when enabling this option
|
||||||
|
# if the .jsp has a large number of proctected links that need tokens to be calculated.
|
||||||
|
# Use of the unique token per page property is currently experimental
|
||||||
|
# but provides a significant amount of improved security. Consider the exposure of a CSRF token using
|
||||||
|
# the legacy unique per-session model. Exposure of this token facilitates the attacker's ability to
|
||||||
|
# carry out a CSRF attack against the victim's active session for any resource exposed by the web
|
||||||
|
# application. Now consider the exposure of a CSRF token using the experimental unique token per-page
|
||||||
|
# model. Exposure of this token would only allow the attacker to carry out a CSRF attack against the
|
||||||
|
# victim's active session for a small subset of resources exposed by the web application. Use of the
|
||||||
|
# unique token per-page property is a strong defense in depth strategy significantly reducing the
|
||||||
|
# impact of exposed CSRF prevention tokens. The following configuration snippet instructs OWASP
|
||||||
|
# CSRFGuard to utilize the unique token per-page model:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.TokenPerPage=true
|
||||||
|
# org.owasp.csrfguard.TokenPerPagePrecreate=false
|
||||||
|
|
||||||
|
# WSO2 : Considering overhead, necessity, as well as current unintended behaviour
|
||||||
|
# of library after blocking a CSRF attack, disabling per-page tokens.
|
||||||
|
org.owasp.csrfguard.TokenPerPage=false
|
||||||
|
org.owasp.csrfguard.TokenPerPagePrecreate=false
|
||||||
|
|
||||||
|
# Token Rotation
|
||||||
|
#
|
||||||
|
# The rotate token property (org.owasp.csrfguard.Rotate) is a boolean value that determines if
|
||||||
|
# CSRFGuard should generate and utilize a new token after verifying the previous token. Rotation
|
||||||
|
# helps minimize the window of opportunity an attacker has to leverage the victim's stolen token
|
||||||
|
# in a targeted CSRF attack. However, this functionality generally causes navigation problems in
|
||||||
|
# most applications. Specifically, the 'Back' button in the browser will often cease to function
|
||||||
|
# properly. When a user hits the 'Back' button and interacts with the HTML, the browser may submit
|
||||||
|
# an old token causing CSRFGuard to incorrectly believe this request is a CSRF attack in progress
|
||||||
|
# (i.e. a 'false positive'). Users can prevent this scenario by preventing the caching of HTML pages
|
||||||
|
# containing FORM submissions using the cache-control header. However, this may also introduce
|
||||||
|
# performance problems as the browser will have to request HTML on a more frequent basis. The following
|
||||||
|
# configuration snippet enables token rotation:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.Rotate=true
|
||||||
|
|
||||||
|
# Ajax and XMLHttpRequest Support
|
||||||
|
#
|
||||||
|
# The Ajax property (org.owasp.csrfguard.Ajax) is a boolean value that indicates whether or not OWASP
|
||||||
|
# CSRFGuard should support the injection and verification of unique per-session prevention tokens for
|
||||||
|
# XMLHttpRequests. To leverage Ajax support, the user must not only set this property to true but must
|
||||||
|
# also reference the JavaScript DOM Manipulation code using a script element. This dynamic script will
|
||||||
|
# override the send method of the XMLHttpRequest object to ensure the submission of an X-Requested-With
|
||||||
|
# header name value pair coupled with the submission of a custom header name value pair for each request.
|
||||||
|
# The name of the custom header is the value of the token name property and the value of the header is
|
||||||
|
# always the unique per-session token value. This custom header is analogous to the HTTP parameter name
|
||||||
|
# value pairs submitted via traditional GET and POST requests. If the X-Requested-With header was sent
|
||||||
|
# in the HTTP request, then CSRFGuard will look for the presence and ensure the validity of the unique
|
||||||
|
# per-session token in the custom header name value pair. Note that verification of these headers takes
|
||||||
|
# precedence over verification of the CSRF token supplied as an HTTP parameter. More specifically,
|
||||||
|
# CSRFGuard does not verify the presence of the CSRF token if the Ajax support property is enabled and
|
||||||
|
# the corresponding X-Requested-With and custom headers are embedded within the request. The following
|
||||||
|
# configuration snippet instructs OWASP CSRFGuard to support Ajax requests by verifying the presence and
|
||||||
|
# correctness of the X-Requested-With and custom headers:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.Ajax=true
|
||||||
|
org.owasp.csrfguard.Ajax=true
|
||||||
|
|
||||||
|
# The default behavior of CSRFGuard is to protect all pages. Pages marked as unprotected will not be protected.
|
||||||
|
# If the Protect property is enabled, this behavior is reversed. Pages must be marked as protected to be protected.
|
||||||
|
# All other pages will not be protected. This is useful when the CsrfGuardFilter is aggressively mapped (ex: /*),
|
||||||
|
# but you only want to protect a few pages.
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.Protect=true
|
||||||
|
|
||||||
|
# Unprotected Pages:
|
||||||
|
#
|
||||||
|
# The unprotected pages property (org.owasp.csrfguard.unprotected.*) defines a series of pages that
|
||||||
|
# should not be protected by CSRFGuard. Such configurations are useful when the CsrfGuardFilter is
|
||||||
|
# aggressively mapped (ex: /*). The syntax of the property name is org.owasp.csrfguard.unprotected.[PageName],
|
||||||
|
# where PageName is some arbitrary identifier that can be used to reference a resource. The syntax of
|
||||||
|
# defining the uri of unprotected pages is the same as the syntax used by the JavaEE container for uri mapping.
|
||||||
|
# Specifically, CSRFGuard will identify the first match (if any) between the requested uri and an unprotected
|
||||||
|
# page in order of declaration. Match criteria is as follows:
|
||||||
|
#
|
||||||
|
# Case 1: exact match between request uri and unprotected page
|
||||||
|
# Case 2: longest path prefix match, beginning / and ending /*
|
||||||
|
# Case 3: extension match, beginning *.
|
||||||
|
# Case 4: if the value starts with ^ and ends with $, it will be evaulated as a regex. Note that before the
|
||||||
|
# regex is compiled, any common variables will be substituted (e.g. %servletContext%)
|
||||||
|
# Default: requested resource must be validated by CSRFGuard
|
||||||
|
#
|
||||||
|
# The following code snippet illustrates the four use cases over four examples. The first two examples
|
||||||
|
# (Tag and JavaScriptServlet) look for direct URI matches. The third example (Html) looks for all resources
|
||||||
|
# ending in a .html extension. The next example (Public) looks for all resources prefixed with the URI path /MySite/Public/*.
|
||||||
|
# The last example looks for resources that end in Public.do
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
|
||||||
|
# org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
|
||||||
|
# org.owasp.csrfguard.unprotected.Html=*.html
|
||||||
|
# org.owasp.csrfguard.unprotected.Public=%servletContext%/Public/*
|
||||||
|
# regex example starts with ^ and ends with $, and the %servletContext% is evaluated before the regex
|
||||||
|
# org.owasp.csrfguard.unprotected.PublicServlet=^%servletContext%/.*Public\.do$
|
||||||
|
|
||||||
|
#org.owasp.csrfguard.unprotected.Default=%servletContext%/
|
||||||
|
#org.owasp.csrfguard.unprotected.Upload=%servletContext%/upload.html
|
||||||
|
#org.owasp.csrfguard.unprotected.JavaScriptServlet=%servletContext%/JavaScriptServlet
|
||||||
|
#org.owasp.csrfguard.unprotected.Ajax=%servletContext%/ajax.html
|
||||||
|
#org.owasp.csrfguard.unprotected.Error=%servletContext%/error.html
|
||||||
|
#org.owasp.csrfguard.unprotected.Index=%servletContext%/index.html
|
||||||
|
#org.owasp.csrfguard.unprotected.JavaScript=%servletContext%/javascript.html
|
||||||
|
#org.owasp.csrfguard.unprotected.Tag=%servletContext%/tag.jsp
|
||||||
|
#org.owasp.csrfguard.unprotected.Redirect=%servletContext%/redirect.jsp
|
||||||
|
#org.owasp.csrfguard.unprotected.Forward=%servletContext%/forward.jsp
|
||||||
|
#org.owasp.csrfguard.unprotected.Session=%servletContext%/session.jsp
|
||||||
|
|
||||||
|
# Actions: Responding to Attacks
|
||||||
|
#
|
||||||
|
# The actions directive (org.owasp.csrfguard.action.*) gives the user the ability to specify one or more
|
||||||
|
# actions that should be invoked when a CSRF attack is detected. Every action must implement the
|
||||||
|
# org.owasp.csrfguard.action.IAction interface either directly or indirectly through the
|
||||||
|
# org.owasp.csrfguard.action.AbstractAction helper class. Many actions accept parameters that can be specified
|
||||||
|
# along with the action class declaration. These parameters are consumed at runtime and impact the behavior of
|
||||||
|
# the associated action.
|
||||||
|
#
|
||||||
|
# The syntax for defining and configuring CSRFGuard actions is relatively straight forward. Let us assume we wish
|
||||||
|
# to redirect the user to a default page when a CSRF attack is detected. A redirect action already exists within
|
||||||
|
# the CSRFGuard bundle and is available via the class name org.owasp.csrfguard.actions.Redirect. In order to enable
|
||||||
|
# this action, we capture the following declaration in the Owasp.CsrfGuard.properties file:
|
||||||
|
#
|
||||||
|
# syntax: org.owasp.csrfguard.action.[actionName]=[className]
|
||||||
|
# example: org.owasp.csrfguard.action.class.Redirect=org.owasp.csrfguard.actions.Redirect
|
||||||
|
#
|
||||||
|
# The aforementioned directive declares an action called "Redirect" (i.e. [actionName]) referencing the Java class
|
||||||
|
# "org.owasp.csrfguard.actions.Redirect" (i.e. [className]). Anytime a CSRF attack is detected, the Redirect action
|
||||||
|
# will be executed. You may be asking yourself, "but how do I specify where the user is redirected?"; this is where
|
||||||
|
# action parameters come into play. In order to specify the redirect location, we capture the following declaration
|
||||||
|
# in the Owasp.CsrfGuard.properties file:
|
||||||
|
#
|
||||||
|
# syntax: org.owasp.csrfguard.action.[actionName].[parameterName]=[parameterValue]
|
||||||
|
# example: org.owasp.csrfguard.action.Redirect.ErrorPage=%servletContext%/error.html
|
||||||
|
#
|
||||||
|
# The aforementioned directive declares an action parameter called "ErrorPage" (i.e. [parameterName]) with the value
|
||||||
|
# of "%servletContext%/error.html" (i.e. [parameterValue]) for the action "Redirect" (i.e. [actionName]). The
|
||||||
|
# Redirect action expects the "ErrorPage" parameter to be defined and will redirect the user to this location when
|
||||||
|
# an attack is detected.
|
||||||
|
#
|
||||||
|
#org.owasp.csrfguard.action.Empty=org.owasp.csrfguard.action.Empty
|
||||||
|
org.owasp.csrfguard.action.Log=org.owasp.csrfguard.action.Log
|
||||||
|
org.owasp.csrfguard.action.Log.Message=potential cross-site request forgery (CSRF) attack thwarted (user:%user%, ip:%remote_ip%, method:%request_method%, uri:%request_uri%, error:%exception_message%)
|
||||||
|
#org.owasp.csrfguard.action.Invalidate=org.owasp.csrfguard.action.Invalidate
|
||||||
|
|
||||||
|
# WSO2 : Disable redirecting user to an error page after blocking a CSRF attack
|
||||||
|
#org.owasp.csrfguard.action.Redirect=org.owasp.csrfguard.action.Redirect
|
||||||
|
#org.owasp.csrfguard.action.Redirect.Page=%servletContext%/error.html
|
||||||
|
|
||||||
|
#org.owasp.csrfguard.action.RequestAttribute=org.owasp.csrfguard.action.RequestAttribute
|
||||||
|
#org.owasp.csrfguard.action.RequestAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
|
||||||
|
|
||||||
|
# WSO2 : Disabling token rotation after blocking a CSRF attack, since this behaviour
|
||||||
|
# will break back navigation after blocking an attack.
|
||||||
|
#org.owasp.csrfguard.action.Rotate=org.owasp.csrfguard.action.Rotate
|
||||||
|
|
||||||
|
#org.owasp.csrfguard.action.SessionAttribute=org.owasp.csrfguard.action.SessionAttribute
|
||||||
|
#org.owasp.csrfguard.action.SessionAttribute.AttributeName=Owasp_CsrfGuard_Exception_Key
|
||||||
|
|
||||||
|
# WSO2 : Enable sending a 403 error after blocking a CSRF attack. Product teams
|
||||||
|
# can add error page that handles 403 or ???org.owasp.csrfguard.action.Error??? to
|
||||||
|
# display custom error pages.
|
||||||
|
org.owasp.csrfguard.action.Error=org.owasp.csrfguard.action.Error
|
||||||
|
org.owasp.csrfguard.action.Error.Code=403
|
||||||
|
org.owasp.csrfguard.action.Error.Message=Security violation.
|
||||||
|
|
||||||
|
# Token Name
|
||||||
|
#
|
||||||
|
# The token name property (org.owasp.csrfguard.TokenName) defines the name of the HTTP parameter
|
||||||
|
# to contain the value of the OWASP CSRFGuard token for each request. The following configuration
|
||||||
|
# snippet sets the CSRFGuard token parameter name to the value OWASP_CSRFTOKEN:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.TokenName=OWASP_CSRFTOKEN
|
||||||
|
|
||||||
|
# WSO2 : Since, CSRFGuard will send relevant token name as HTTP header
|
||||||
|
# ???X-??? prefix was added to express that this is a non-standard header.
|
||||||
|
org.owasp.csrfguard.TokenName=X-CSRF-Token
|
||||||
|
|
||||||
|
# Session Key
|
||||||
|
#
|
||||||
|
# The session key property (org.owasp.csrfguard.SessionKey) defines the string literal used to save
|
||||||
|
# and lookup the CSRFGuard token from the session. This value is used by the filter and the tag
|
||||||
|
# libraries to retrieve and set the token value in the session. Developers can use this key to
|
||||||
|
# programmatically lookup the token within their own code. The following configuration snippet sets
|
||||||
|
# the session key to the value OWASP_CSRFTOKEN:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
|
||||||
|
org.owasp.csrfguard.SessionKey=OWASP_CSRFTOKEN
|
||||||
|
|
||||||
|
# Token Length
|
||||||
|
#
|
||||||
|
# The token length property (org.owasp.csrfguard.TokenLength) defines the number of characters that
|
||||||
|
# should be found within the CSRFGuard token. Note that characters are delimited by dashes (-) in groups
|
||||||
|
# of four. For cosmetic reasons, users are encourage to ensure the token length is divisible by four.
|
||||||
|
# The following configuration snippet sets the token length property to 32 characters:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.TokenLength=32
|
||||||
|
org.owasp.csrfguard.TokenLength=32
|
||||||
|
|
||||||
|
# Pseudo-random Number Generator
|
||||||
|
#
|
||||||
|
# The pseudo-random number generator property (org.owasp.csrfguard.PRNG) defines what PRNG should be used
|
||||||
|
# to generate the OWASP CSRFGuard token. Always ensure this value references a cryptographically strong
|
||||||
|
# pseudo-random number generator algorithm. The following configuration snippet sets the pseudo-random number
|
||||||
|
# generator to SHA1PRNG:
|
||||||
|
#
|
||||||
|
# org.owasp.csrfguard.PRNG=SHA1PRNG
|
||||||
|
org.owasp.csrfguard.PRNG=SHA1PRNG
|
||||||
|
|
||||||
|
# Pseudo-random Number Generator Provider
|
||||||
|
|
||||||
|
# The pseudo-random number generator provider property (org.owasp.csrfguard.PRNG.Provider) defines which
|
||||||
|
# provider's implementation of org.owasp.csrfguard.PRNG we should utilize. The following configuration
|
||||||
|
# snippet instructs the JVM to leverage SUN's implementation of the algorithm denoted by the
|
||||||
|
# org.owasp.csrfguard.PRNG property:
|
||||||
|
|
||||||
|
# org.owasp.csrfguard.PRNG.Provider=SUN
|
||||||
|
# WSO2 - Pseudo-random number generator provider should be configured based on
|
||||||
|
# environment (SUN/IBMJCE)
|
||||||
|
org.owasp.csrfguard.PRNG.Provider=SUN
|
||||||
|
|
||||||
|
# If not specifying the print config option in the web.xml, you can specify it here, to print the config
|
||||||
|
# on startup
|
||||||
|
|
||||||
|
# WSO2 : Disable printing configuration during start-up
|
||||||
|
org.owasp.csrfguard.Config.Print = false
|
||||||
|
|
||||||
|
###########################
|
||||||
|
## Javascript servlet settings if not set in web.xml
|
||||||
|
## https://www.owasp.org/index.php/CSRFGuard_3_Token_Injection
|
||||||
|
###########################
|
||||||
|
|
||||||
|
# leave this blank and blank in web.xml and it will read from META-INF/csrfguard.js from the jarfile
|
||||||
|
# Denotes the location of the JavaScript template file that should be consumed and dynamically
|
||||||
|
# augmented by the JavaScriptServlet class. The default value is WEB-INF/Owasp.CsrfGuard.js.
|
||||||
|
# Use of this property and the existence of the specified template file is required.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.sourceFile =
|
||||||
|
|
||||||
|
# Boolean value that determines whether or not the dynamic JavaScript code should be strict
|
||||||
|
# with regards to what links it should inject the CSRF prevention token. With a value of true,
|
||||||
|
# the JavaScript code will only place the token in links that point to the same exact domain
|
||||||
|
# from which the HTML originated. With a value of false, the JavaScript code will place the
|
||||||
|
# token in links that not only point to the same exact domain from which the HTML originated,
|
||||||
|
# but sub-domains as well.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.domainStrict = true
|
||||||
|
|
||||||
|
# Allows the developer to specify the value of the Cache-Control header in the HTTP response
|
||||||
|
# when serving the dynamic JavaScript file. The default value is private, maxage=28800.
|
||||||
|
# Caching of the dynamic JavaScript file is intended to minimize traffic and improve performance.
|
||||||
|
# Note that the Cache-Control header is always set to "no-store" when either the "Rotate"
|
||||||
|
# "TokenPerPage" options is set to true in Owasp.CsrfGuard.properties.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.cacheControl = private, maxage=28800
|
||||||
|
|
||||||
|
# Allows the developer to specify a regular expression describing the required value of the
|
||||||
|
# Referer header. Any attempts to access the servlet with a Referer header that does not
|
||||||
|
# match the captured expression is discarded. Inclusion of referer header checking is to
|
||||||
|
# help minimize the risk of JavaScript Hijacking attacks that attempt to steal tokens from
|
||||||
|
# the dynamically generated JavaScript. While the primary defenses against JavaScript
|
||||||
|
# Hijacking attacks are implemented within the dynamic JavaScript itself, referer header
|
||||||
|
# checking is implemented to achieve defense in depth.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.refererPattern = .*
|
||||||
|
|
||||||
|
# Similar to javascript servlet referer pattern, but this will make sure the referer of the
|
||||||
|
# javascript servlet matches the domain of the request. If there is no referer (proxy strips it?)
|
||||||
|
# then it will not fail. Generally this is a good idea to be true.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.refererMatchDomain = true
|
||||||
|
|
||||||
|
# Boolean value that determines whether or not the dynamic JavaScript code should
|
||||||
|
# inject the CSRF prevention token as a hidden field into HTML forms. The default
|
||||||
|
# value is true. Developers are strongly discouraged from disabling this property
|
||||||
|
# as most server-side state changing actions are triggered via a POST request.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.injectIntoForms = true
|
||||||
|
|
||||||
|
# if the token should be injected in GET forms (which will be on the URL)
|
||||||
|
# if the HTTP method GET is unprotected, then this should likely be false
|
||||||
|
|
||||||
|
# WSO2 : Disable JavaScript from injecting token value to HTTP GET based forms.
|
||||||
|
# This prevents token leakage that could occur when sending token in URL.
|
||||||
|
# State-changing actions should not be performed over HTTP GET
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.injectGetForms = false
|
||||||
|
|
||||||
|
# if the token should be injected in the action in forms
|
||||||
|
# note, if injectIntoForms is true, then this might not need to be true
|
||||||
|
|
||||||
|
# WSO2 : Disable JavaScript from injecting token value to form action.
|
||||||
|
# This prevents token leakage that could occur when sending token in URL.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.injectFormAttributes = false
|
||||||
|
|
||||||
|
|
||||||
|
# Boolean value that determines whether or not the dynamic JavaScript code should
|
||||||
|
# inject the CSRF prevention token in the query string of src and href attributes.
|
||||||
|
# Injecting the CSRF prevention token in a URL resource increases its general risk
|
||||||
|
# of exposure to unauthorized parties. However, most JavaEE web applications respond
|
||||||
|
# in the exact same manner to HTTP requests and their associated parameters regardless
|
||||||
|
# of the HTTP method. The risk associated with not protecting GET requests in this
|
||||||
|
# situation is perceived greater than the risk of exposing the token in protected GET
|
||||||
|
# requests. As a result, the default value of this attribute is set to true. Developers
|
||||||
|
# that are confident their server-side state changing controllers will only respond to
|
||||||
|
# POST requests (i.e. discarding GET requests) are strongly encouraged to disable this property.
|
||||||
|
|
||||||
|
# WSO2 : Disable JavaScript from injecting token value to ???src??? and ???href???.
|
||||||
|
# This prevents token leakage that could occur when sending token in URL.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.injectIntoAttributes = false
|
||||||
|
|
||||||
|
|
||||||
|
# WSO2 : Changing X-Request-With header text to avoid unnecessary information disclosure.
|
||||||
|
org.owasp.csrfguard.JavascriptServlet.xRequestedWith = WSO2 CSRF Protection
|
||||||
|
|
||||||
|
###########################
|
||||||
|
## Config overlay settings if you have the provider above set to ConfigurationOverlayProvider
|
||||||
|
## This CSRF config provider uses Internet2 Configuration Overlays (documented on Internet2 wiki)
|
||||||
|
## By default the configuration is read from the Owasp.CsrfGuard.properties
|
||||||
|
## (which should not be edited), and the Owasp.CsrfGuard.overlay.properties overlays
|
||||||
|
## the base settings. See the Owasp.CsrfGuard.properties for the possible
|
||||||
|
## settings that can be applied to the Owasp.CsrfGuard.overlay.properties
|
||||||
|
###########################
|
||||||
|
|
||||||
|
# comma separated config files that override each other (files on the right override the left)
|
||||||
|
# each should start with file: or classpath:
|
||||||
|
# e.g. classpath:Owasp.CsrfGuard.properties, file:c:/temp/myFile.properties
|
||||||
|
org.owasp.csrfguard.configOverlay.hierarchy = classpath:Owasp.CsrfGuard.properties, classpath:Owasp.CsrfGuard.overlay.properties
|
||||||
|
|
||||||
|
# seconds between checking to see if the config files are updated
|
||||||
|
org.owasp.csrfguard.configOverlay.secondsBetweenUpdateChecks = 60
|
||||||
|
|
||||||
|
|
||||||
|
###########################
|
||||||
|
|
||||||
|
|
||||||
|
# please remove the below entry to enable protection for services.
|
||||||
|
org.owasp.csrfguard.unprotected.Services=%servletContext%/services/*
|
||||||
|
org.owasp.csrfguard.unprotected.Endpoints=%servletContext%/endpoints/*
|
||||||
|
org.owasp.csrfguard.unprotected.RestApi=%servletContext%/analytics/*
|
||||||
|
org.owasp.csrfguard.unprotected.JsApi=%servletContext%/portal/apis/analytics/*
|
||||||
|
org.owasp.csrfguard.unprotected.Servlet=%servletContext%/analytics-api/*
|
||||||
|
org.owasp.csrfguard.unprotected.ml=%servletContext%/api/login*
|
||||||
|
org.owasp.csrfguard.unprotected.passivests=%servletContext%/acs/*
|
||||||
|
org.owasp.csrfguard.unprotected.deviceMgtSSOAcs=%servletContext%/devicemgt/uuf/sso/acs
|
||||||
|
org.owasp.csrfguard.unprotected.deviceMgtAcs=%servletContext%/uuf/sso/acs
|
||||||
|
org.owasp.csrfguard.unprotected.deviceMgtApi=%servletContext%/devicemgt/api/*
|
||||||
|
org.owasp.csrfguard.unprotected.portalApis=%/portal/apis/*
|
@ -0,0 +1,78 @@
|
|||||||
|
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||||
|
|
||||||
|
<!--
|
||||||
|
~ Copyright 2005-2011 WSO2, Inc. (http://wso2.com)
|
||||||
|
~
|
||||||
|
~ Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
~ you may not use this file except in compliance with the License.
|
||||||
|
~ You may obtain a copy of the License at
|
||||||
|
~
|
||||||
|
~ http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
~
|
||||||
|
~ Unless required by applicable law or agreed to in writing, software
|
||||||
|
~ distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
~ See the License for the specific language governing permissions and
|
||||||
|
~ limitations under the License.
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!--
|
||||||
|
This is the configuration file for Carbon authenticators. All the authenticator related configurations
|
||||||
|
should go here.
|
||||||
|
-->
|
||||||
|
<Authenticators xmlns="http://wso2.org/projects/carbon/authenticators.xml">
|
||||||
|
|
||||||
|
<!-- Authenticator Configurations for TokenUIAuthenticator -->
|
||||||
|
<Authenticator name="TokenUIAuthenticator" disabled="true">
|
||||||
|
<Priority>5</Priority>
|
||||||
|
</Authenticator>
|
||||||
|
|
||||||
|
<!-- Authenticator Configurations for SAML2SSOAuthenticator -->
|
||||||
|
<Authenticator name="SAML2SSOAuthenticator" disabled="true">
|
||||||
|
<Priority>10</Priority>
|
||||||
|
<Config>
|
||||||
|
<Parameter name="LoginPage">/carbon/admin/login.jsp</Parameter>
|
||||||
|
<Parameter name="ServiceProviderID">carbonServer</Parameter>
|
||||||
|
<Parameter name="IdentityProviderSSOServiceURL">https://localhost:9443/samlsso</Parameter>
|
||||||
|
<Parameter name="NameIDPolicyFormat">urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</Parameter>
|
||||||
|
<Parameter name="AssertionConsumerServiceURL">https://localhost:9443/acs</Parameter>
|
||||||
|
|
||||||
|
<!-- <Parameter name="IdPCertAlias">wso2carbon</Parameter> -->
|
||||||
|
<!-- <Parameter name="ResponseSignatureValidationEnabled">false</Parameter> -->
|
||||||
|
<!-- <Parameter name="AssertionSignatureValidationEnabled">false</Parameter> -->
|
||||||
|
<!-- <Parameter name="LoginAttributeName"></Parameter> -->
|
||||||
|
<!-- <Parameter name="RoleClaimAttribute"></Parameter> -->
|
||||||
|
<!-- <Parameter name="AttributeValueSeparator">,</Parameter> -->
|
||||||
|
|
||||||
|
<!-- <Parameter name="JITUserProvisioning">true</Parameter> -->
|
||||||
|
<!-- <Parameter name="ProvisioningDefaultUserstore">PRIMARY</Parameter> -->
|
||||||
|
<!-- <Parameter name="ProvisioningDefaultRole">admin</Parameter> -->
|
||||||
|
<!-- <Parameter name="IsSuperAdminRoleRequired">true</Parameter> -->
|
||||||
|
</Config>
|
||||||
|
|
||||||
|
<!-- If this authenticator should skip any URI from authentication, specify it under "SkipAuthentication"
|
||||||
|
<SkipAuthentication>
|
||||||
|
<UrlContains></UrlContains>
|
||||||
|
</SkipAuthentication> -->
|
||||||
|
|
||||||
|
<!-- If this authenticator should skip any URI from session validation, specify it under "SkipAuthentication
|
||||||
|
<SkipSessionValidation>
|
||||||
|
<UrlContains></UrlContains>
|
||||||
|
</SkipSessionValidation> -->
|
||||||
|
</Authenticator>
|
||||||
|
|
||||||
|
<Authenticator name="SignedJWTAuthenticator" disabled="false">
|
||||||
|
<Priority>5</Priority>
|
||||||
|
</Authenticator>
|
||||||
|
|
||||||
|
<!-- Authenticator Configurations for MutualSSLAuthenticator -->
|
||||||
|
<!--Authenticator name="MutualSSLAuthenticator" disabled="false">
|
||||||
|
<Priority>5</Priority>
|
||||||
|
<Config>
|
||||||
|
<Parameter name="UsernameHeader">UserName</Parameter>
|
||||||
|
<Parameter name="WhiteListEnabled">false</Parameter>
|
||||||
|
<Parameter name="WhiteList"/>
|
||||||
|
</Config>
|
||||||
|
</Authenticator-->
|
||||||
|
|
||||||
|
</Authenticators>
|
@ -0,0 +1,28 @@
|
|||||||
|
# This is the default file based secret repository, used by Secret Manager of synapse secure vault
|
||||||
|
# By default, This file contains the secret alias names Vs the plain text passwords enclosed with '[]' brackets
|
||||||
|
# In Production environments, It is recommend to replace those plain text password by the encrypted values. CipherTool can be used for it.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Carbon.Security.KeyStore.Password=[wso2carbon]
|
||||||
|
Carbon.Security.KeyStore.KeyPassword=[wso2carbon]
|
||||||
|
Carbon.Security.TrustStore.Password=[wso2carbon]
|
||||||
|
UserManager.AdminUser.Password=[admin]
|
||||||
|
Datasources.WSO2_CARBON_DB.Configuration.Password=[wso2carbon]
|
||||||
|
Server.Service.Connector.keystorePass=[wso2carbon]
|
||||||
|
Analytics.Data.Config.Password=[admin]
|
||||||
|
#Analytics.Data.Config.TrustStorePassword=[wso2carbon]
|
||||||
|
#Carbon.DeploymentSynchronizer.SvnPassword=[password]
|
||||||
|
#UserStoreManager.Property.ConnectionPassword=[admin]
|
||||||
|
#UserStoreManager.Property.password=[admin]
|
||||||
|
#Security.UserTrustedRPStore.Password=[wso2carbon]
|
||||||
|
#Security.UserTrustedRPStore.KeyPassword=[wso2carbon]
|
||||||
|
#MultifactorAuthentication.XMPPSettings.XMPPConfig.XMPPPassword=[wso2carbon]
|
||||||
|
#Identity.System.StorePass=[wso2carbon]
|
||||||
|
#Axis2.Https.Listener.TrustStore.Password=[wso2carbon]
|
||||||
|
#Axis2.Https.Listener.KeyStore.Password=[wso2carbon]
|
||||||
|
#Axis2.Https.Listener.KeyStore.KeyPassword=[wso2carbon]
|
||||||
|
#Axis2.Https.Sender.TrustStore.Password=[wso2carbon]
|
||||||
|
#Axis2.Https.Sender.KeyStore.Password=[wso2carbon]
|
||||||
|
#Axis2.Https.Sender.KeyStore.KeyPassword=[wso2carbon]
|
||||||
|
#Axis2.Mailto.Parameter.Password=[wso2carbon]
|
@ -0,0 +1,28 @@
|
|||||||
|
# Important: This properties file contains all the aliases to be used in carbon components. If any property need to be secured, you need to add alias name, file name and the xpath as follows:.
|
||||||
|
# The value goes as, the <file_name>//<xpath>,<true/false>
|
||||||
|
# where <file_name> - is the file (along with the file path) to be secured,
|
||||||
|
# <xpath> - is the xpath to the property value to be secured
|
||||||
|
# <true / false> - This is true if the last parameter in the xpath is parameter (starts with [ and ends with ]) and you want its value to be replaced with "password"
|
||||||
|
|
||||||
|
Carbon.Security.KeyStore.Password=repository/conf/carbon.xml//Server/Security/KeyStore/Password,false
|
||||||
|
Carbon.Security.KeyStore.KeyPassword=repository/conf/carbon.xml//Server/Security/KeyStore/KeyPassword,false
|
||||||
|
Carbon.Security.TrustStore.Password=repository/conf/carbon.xml//Server/Security/TrustStore/Password,false
|
||||||
|
UserManager.AdminUser.Password=repository/conf/user-mgt.xml//UserManager/Realm/Configuration/AdminUser/Password,false
|
||||||
|
Datasources.WSO2_CARBON_DB.Configuration.Password=repository/conf/datasources/master-datasources.xml//datasources-configuration/datasources/datasource[name='WSO2_CARBON_DB']/definition[@type='RDBMS']/configuration/password,false
|
||||||
|
Server.Service.Connector.keystorePass=repository/conf/tomcat/catalina-server.xml//Server/Service/Connector[@keystorePass],true
|
||||||
|
Analytics.Data.Config.Password=repository/conf/analytics/analytics-data-config.xml//AnalyticsDataConfiguration/Password,false
|
||||||
|
#Analytics.Data.Config.TrustStorePassword=repository/conf/analytics/analytics-data-config.xml//AnalyticsDataConfiguration/TrustStorePassword,false
|
||||||
|
#Carbon.DeploymentSynchronizer.SvnPassword=repository/conf/carbon.xml//Sever/DeploymentSynchronizer/SvnPassword,false
|
||||||
|
#UserStoreManager.Property.ConnectionPassword=repository/conf/user-mgt.xml//UserManager/Realm/UserStoreManager/Property[@name='ConnectionPassword'],false
|
||||||
|
#UserStoreManager.Property.password=repository/conf/user-mgt.xml//UserManager/Realm/UserStoreManager/Property[@name='password'],false
|
||||||
|
#Security.UserTrustedRPStore.Password=repository/conf/identity.xml//Server/Security/UserTrustedRPStore/Password,false
|
||||||
|
#Security.UserTrustedRPStore.KeyPassword=repository/conf/identity.xml//Server/Security/UserTrustedRPStore/KeyPassword,false
|
||||||
|
#MultifactorAuthentication.XMPPSettings.XMPPConfig.XMPPPassword=repository/conf/identity.xml//MultifactorAuthentication/XMPPSettings/XMPPConfig/XMPPPassword,false
|
||||||
|
#Identity.System.StorePass=repository/conf/identity.xml//Server/Identity/System/StorePass,false
|
||||||
|
#Axis2.Https.Listener.TrustStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='truststore']/TrustStore/Password,false
|
||||||
|
#Axis2.Https.Listener.KeyStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/Password,false
|
||||||
|
#Axis2.Https.Listener.KeyStore.KeyPassword=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/KeyPassword,false
|
||||||
|
#Axis2.Https.Sender.TrustStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='truststore']/TrustStore/Password,false
|
||||||
|
#Axis2.Https.Sender.KeyStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='keystore']/KeyStore/Password,false
|
||||||
|
#Axis2.Https.Sender.KeyStore.KeyPassword=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='https']/parameter[@name='keystore']/KeyStore/KeyPassword,false
|
||||||
|
#Axis2.Mailto.Parameter.Password=repository/conf/axis2/axis2.xml//axisconfig/transportSender[@name='mailto']/parameter[@name='mail.smtp.password'],false
|
@ -0,0 +1,95 @@
|
|||||||
|
{
|
||||||
|
"store": {
|
||||||
|
"types": ["fs"]
|
||||||
|
},
|
||||||
|
"gadgetGeneration" :{
|
||||||
|
"isCreateGadgetEnable": false,
|
||||||
|
"ignoreProviders": ["rt"]
|
||||||
|
},
|
||||||
|
"authentication": {
|
||||||
|
"activeMethod": "sso",
|
||||||
|
"methods": {
|
||||||
|
"sso": {
|
||||||
|
"attributes": {
|
||||||
|
"issuer": "analyticsportal",
|
||||||
|
"identityProviderURL": "https://localhost:9443/samlsso",
|
||||||
|
"responseSigningEnabled": true,
|
||||||
|
"validateAssertionValidityPeriod": true,
|
||||||
|
"validateAudienceRestriction": true,
|
||||||
|
"assertionSigningEnabled": true,
|
||||||
|
"acs": "https://localhost:9445/portal/acs",
|
||||||
|
"identityAlias": "wso2carbon",
|
||||||
|
"defaultNameIDPolicy": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified",
|
||||||
|
"useTenantKey": false,
|
||||||
|
"isPassive": false
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"basic": {
|
||||||
|
"attributes": {}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"authorization": {
|
||||||
|
"activeMethod": "oauth",
|
||||||
|
"methods": {
|
||||||
|
"oauth": {
|
||||||
|
"attributes": {
|
||||||
|
"apimgt-gateway": true,
|
||||||
|
"oauthProvider": {
|
||||||
|
"appRegistration": {
|
||||||
|
"appType": "webapp",
|
||||||
|
"clientName": "analyticsportal",
|
||||||
|
"owner": "admin",
|
||||||
|
"password":"admin",
|
||||||
|
"dynamicClientAppRegistrationServiceURL": "https://localhost:9443/dynamic-client-web/register",
|
||||||
|
"apiManagerClientAppRegistrationServiceURL": "https://localhost:9443/api-application-registration/register/tenants",
|
||||||
|
"grantType": "urn:ietf:urn:ietf:params:oauth:grant-type:saml2-bearer",
|
||||||
|
"tokenScope": "admin",
|
||||||
|
"callbackUrl": "https://localhost:9445/portal",
|
||||||
|
"saasApp":true
|
||||||
|
|
||||||
|
},
|
||||||
|
"tokenServiceURL": "https://localhost:9443/oauth2/token"
|
||||||
|
},
|
||||||
|
"adminUser":"admin@carbon.super",
|
||||||
|
"adminUserTenantId":"-1234",
|
||||||
|
"adminRole":"admin",
|
||||||
|
"scopes" : [
|
||||||
|
"device:view"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"designers": [
|
||||||
|
"Internal/everyone"
|
||||||
|
],
|
||||||
|
"tenantPrefix": "/t",
|
||||||
|
"shareStore": false,
|
||||||
|
"theme": "basic",
|
||||||
|
"cacheTimeoutSeconds": "5",
|
||||||
|
"cacheSizeBytes": "1073741824",
|
||||||
|
"defaultDashboardRedirect": false,
|
||||||
|
"isCreateGadgetEnable": true,
|
||||||
|
"isSecureVaultEnabled" : false,
|
||||||
|
"assets": {
|
||||||
|
"gadget": {
|
||||||
|
"fileSizeLimit": 5
|
||||||
|
},
|
||||||
|
"layout": {
|
||||||
|
"fileSizeLimit": 1
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"oauth": {
|
||||||
|
"username": "admin",
|
||||||
|
"password": "admin"
|
||||||
|
},
|
||||||
|
"host": {
|
||||||
|
"hostname": "localhost",
|
||||||
|
"port": "",
|
||||||
|
"protocol": ""
|
||||||
|
},
|
||||||
|
"queryParameters" : {
|
||||||
|
"passBetweenPages" : ["shared", "owner", "deviceId"]
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,187 @@
|
|||||||
|
{
|
||||||
|
"initScripts": [
|
||||||
|
"js/dashboard-deployer.js"
|
||||||
|
],
|
||||||
|
"welcomeFiles": [
|
||||||
|
"routers/tenant.jag"
|
||||||
|
],
|
||||||
|
"errorPages": {
|
||||||
|
"500": "/controllers/error-pages/error500.html",
|
||||||
|
"404": "/controllers/error-pages/error404.html",
|
||||||
|
"401": "/controllers/error-pages/error401.html",
|
||||||
|
"405": "/controllers/error-pages/error405.html",
|
||||||
|
"403": "/controllers/error-pages/error403.html",
|
||||||
|
"400": "/controllers/error-pages/error400.html"
|
||||||
|
},
|
||||||
|
"urlMappings": [
|
||||||
|
{
|
||||||
|
"url": "/login-controller",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/login",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/logout",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/t/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/apis/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/dashboards/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/gadget/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/layout/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/assets/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/create-dashboard",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/dashboard-settings/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/select-layout",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/create-gadget",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/upload-gadget",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/upload-layout",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/geojson/world/*",
|
||||||
|
"path": "/templates/geojson/world.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/geojson/europe/*",
|
||||||
|
"path": "/templates/geojson/europe.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/geojson/usa/*",
|
||||||
|
"path": "/templates/geojson/usa.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/geojson/countryInfo/*",
|
||||||
|
"path": "/templates/geojson/countryInfo.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/geojson/usaInfo/*",
|
||||||
|
"path": "/templates/geojson/usaInfo.json"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/acs",
|
||||||
|
"path": "/controllers/acs.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/banners/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/gadgets/*",
|
||||||
|
"path": "/routers/tenant.jag"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"url": "/configs/designer.json",
|
||||||
|
"path": "/controllers/error-pages/error404.html"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"listeners": [
|
||||||
|
{
|
||||||
|
"class": "org.owasp.csrfguard.CsrfGuardServletContextListener"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"class": "org.owasp.csrfguard.CsrfGuardHttpSessionListener"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"servlets": [
|
||||||
|
{
|
||||||
|
"name": "JavaScriptServlet",
|
||||||
|
"class": "org.owasp.csrfguard.servlet.JavaScriptServlet"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"servletMappings": [
|
||||||
|
{
|
||||||
|
"name": "JavaScriptServlet",
|
||||||
|
"url": "/csrf.js"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"contextParams": [
|
||||||
|
{
|
||||||
|
"name": "Owasp.CsrfGuard.Config",
|
||||||
|
"value": "repository/conf/security/Owasp.CsrfGuard.dashboard.properties"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"name": "ContentTypeBasedCachePreventionFilter",
|
||||||
|
"class": "org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter",
|
||||||
|
"params" : [
|
||||||
|
{"name" : "patterns", "value" : "text/html\" ,application/json\" ,text/plain"},
|
||||||
|
{"name" : "filterAction", "value" : "enforce"},
|
||||||
|
{"name" : "httpHeaders", "value" : "Cache-Control: no-store, no-cache, must-revalidate, private"}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "HttpHeaderSecurityFilter",
|
||||||
|
"class": "org.apache.catalina.filters.HttpHeaderSecurityFilter",
|
||||||
|
"params": [
|
||||||
|
{
|
||||||
|
"name": "hstsEnabled",
|
||||||
|
"value": "false"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "antiClickJackingOption",
|
||||||
|
"value": "SAMEORIGIN"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "TenantStoresFilter",
|
||||||
|
"class": "org.wso2.carbon.dashboard.store.filter.TenantStoreFilter"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"filterMappings": [
|
||||||
|
{
|
||||||
|
"name": "HttpHeaderSecurityFilter",
|
||||||
|
"url": "*"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "TenantStoresFilter",
|
||||||
|
"url": "/store/*"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "TenantStoresFilter",
|
||||||
|
"url": "/temp/*"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name":"ContentTypeBasedCachePreventionFilter",
|
||||||
|
"url":"*"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var getDateString, getDuration;
|
||||||
|
|
||||||
|
(function() {
|
||||||
|
|
||||||
|
getDateString = function (timestamp) {
|
||||||
|
var date = new Date();
|
||||||
|
date.setTime(timestamp);
|
||||||
|
return date.toString();
|
||||||
|
};
|
||||||
|
|
||||||
|
getDuration = function (durationInMS) {
|
||||||
|
var time = '';
|
||||||
|
var date = new Date();
|
||||||
|
date.setTime(durationInMS);
|
||||||
|
|
||||||
|
var day = Math.floor(durationInMS/86400000);
|
||||||
|
if (day > 0){
|
||||||
|
//More than 1 day
|
||||||
|
time = day +' day : ';
|
||||||
|
durationInMS = durationInMS - (day * 86400000);
|
||||||
|
}
|
||||||
|
var hour = Math.floor(durationInMS/3600000);
|
||||||
|
if (hour > 0){
|
||||||
|
//More than 1 hour
|
||||||
|
time = time + hour + ' hour : ';
|
||||||
|
durationInMS = durationInMS - (hour * 3600000);
|
||||||
|
}
|
||||||
|
|
||||||
|
var minutes = Math.floor(durationInMS/60000);
|
||||||
|
if (minutes > 0){
|
||||||
|
//More than 1 minute
|
||||||
|
time = time + minutes + ' minutes : ';
|
||||||
|
durationInMS = durationInMS - (minutes * 60000);
|
||||||
|
}
|
||||||
|
|
||||||
|
var seconds = Math.ceil(durationInMS/1000);
|
||||||
|
if (seconds > 0){
|
||||||
|
//More than 1 minute
|
||||||
|
time = time + seconds + ' seconds : ';
|
||||||
|
}
|
||||||
|
time = time.slice(0, -2);
|
||||||
|
return time;
|
||||||
|
};
|
||||||
|
}());
|
@ -0,0 +1,598 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var utils = function () {
|
||||||
|
var log = new Log("/modules/oauth/token-handler-utils.js");
|
||||||
|
|
||||||
|
var configs = require('/configs/portal.js').config();
|
||||||
|
var constants = require("/modules/constants.js");
|
||||||
|
var carbon = require("carbon");
|
||||||
|
|
||||||
|
//noinspection JSUnresolvedVariable
|
||||||
|
var Base64 = Packages.org.apache.commons.codec.binary.Base64;
|
||||||
|
//noinspection JSUnresolvedVariable
|
||||||
|
var String = Packages.java.lang.String;
|
||||||
|
|
||||||
|
var publicMethods = {};
|
||||||
|
var privateMethods = {};
|
||||||
|
|
||||||
|
publicMethods["encode"] = function (payload) {
|
||||||
|
return String(Base64.encodeBase64(String(payload).getBytes()));
|
||||||
|
};
|
||||||
|
|
||||||
|
publicMethods["decode"] = function (payload) {
|
||||||
|
return String(Base64.decodeBase64(String(payload).getBytes()));
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether this application is oauth enable or not
|
||||||
|
* @returns boolean if oauth enable
|
||||||
|
*/
|
||||||
|
publicMethods["checkOAuthEnabled"] = function () {
|
||||||
|
if (constants.AUTHORIZATION_TYPE_OAUTH === configs["authorization"]["activeMethod"]) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set access token into xml http request header
|
||||||
|
* @param xhr xml http request
|
||||||
|
* @returns {*} xhr which has access token it's header
|
||||||
|
*/
|
||||||
|
publicMethods["setAccessToken"] = function (xhr, callback) {
|
||||||
|
var accessToken;
|
||||||
|
if (publicMethods.checkOAuthEnabled()) {
|
||||||
|
try {
|
||||||
|
accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
|
||||||
|
xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BEARER_PREFIX + accessToken);
|
||||||
|
} catch (exception) {
|
||||||
|
log.error("Access token hasn't been set yet, " + exception);
|
||||||
|
} finally {
|
||||||
|
callback(xhr);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
callback(xhr);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get access token of current logged user
|
||||||
|
* @param callBack response with access token
|
||||||
|
*/
|
||||||
|
publicMethods["getAccessToken"] = function (callBack) {
|
||||||
|
var accessToken = null;
|
||||||
|
if (publicMethods.checkOAuthEnabled()) {
|
||||||
|
try {
|
||||||
|
accessToken = parse(session.get(constants.ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL))["accessToken"];
|
||||||
|
} catch (exception) {
|
||||||
|
log.error("Access token hasn't been set yet, " + exception);
|
||||||
|
} finally {
|
||||||
|
callBack(accessToken);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
callBack(accessToken);
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create error message which adhere to xml http response object
|
||||||
|
* @param statusCode response status code
|
||||||
|
* @param status response status
|
||||||
|
* @param responseText response message
|
||||||
|
* @returns {{statusCode: *, status: *, responseText: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["createXHRObject"] = function (statusCode, status, responseText) {
|
||||||
|
return {"statusCode": statusCode, "status": status, "responseText": responseText};
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* check whether user already logged to system before invoking any apis
|
||||||
|
* @param callBack
|
||||||
|
*/
|
||||||
|
publicMethods["isUserAuthorized"] = function (callBack) {
|
||||||
|
if (session.get("Loged") !== constants.LOGIN_MESSAGE) {
|
||||||
|
callBack(false);
|
||||||
|
} else {
|
||||||
|
callBack(true);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get identity provider uir
|
||||||
|
* @returns {*}
|
||||||
|
*/
|
||||||
|
publicMethods["getIdPServerURL"] = function () {
|
||||||
|
return configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["tokenServiceURL"];
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get an Access token pair based on client secret
|
||||||
|
* @param encodedClientKeys {{clientId:"", clientSecret:""}}
|
||||||
|
* @param scope eg: PRODUCTION
|
||||||
|
* @param idPServer identity provider url
|
||||||
|
* @returns {{accessToken: *, refreshToken: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["getTokenWithClientSecretType"] = function (encodedClientKeys, scope, idPServer) {
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
var tokenEndpoint = idPServer;
|
||||||
|
xhr.open(constants.HTTP_POST, tokenEndpoint, false);
|
||||||
|
xhr.setRequestHeader(constants.CONTENT_TYPE_IDENTIFIER, constants.APPLICATION_X_WWW_FOR_URLENCODED);
|
||||||
|
xhr.setRequestHeader(constants.AUTHORIZATION_HEADER, constants.BASIC_PREFIX + encodedClientKeys);
|
||||||
|
xhr.send("grant_type=client_credentials&scope=" + scope);
|
||||||
|
var tokenPair = {};
|
||||||
|
if (xhr.status == constants.HTTP_ACCEPTED) {
|
||||||
|
var data = parse(xhr.responseText);
|
||||||
|
tokenPair.refreshToken = data.refresh_token;
|
||||||
|
tokenPair.accessToken = data.access_token;
|
||||||
|
} else if (xhr.status == constants.HTTP_USER_NOT_AUTHENTICATED) {
|
||||||
|
log.error("Error in obtaining token with client secret grant type, You are not authenticated yet");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
log.error("Error in obtaining token with client secret grant type, This might be a problem with client meta " +
|
||||||
|
"data which required for client secret grant type");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return tokenPair;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This will create client id and client secret for a given application
|
||||||
|
* @param properties "callbackUrl": "",
|
||||||
|
* "clientName": "",
|
||||||
|
* "owner": "",
|
||||||
|
* "applicationType": "",
|
||||||
|
* "grantType": "",
|
||||||
|
* "saasApp" :"",
|
||||||
|
* "dynamicClientRegistrationEndPoint" : ""
|
||||||
|
*
|
||||||
|
* @returns {{clientId:*, clientSecret:*}}
|
||||||
|
*/
|
||||||
|
publicMethods["getDynamicClientAppCredentials"] = function (username) {
|
||||||
|
// setting up dynamic client application properties
|
||||||
|
var dcAppProperties = {
|
||||||
|
"applicationType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["appType"],
|
||||||
|
"clientName": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["clientName"],
|
||||||
|
"owner": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
|
||||||
|
"tokenScope": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["tokenScope"],
|
||||||
|
"grantType": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["grantType"],
|
||||||
|
"callbackUrl": configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["callbackUrl"],
|
||||||
|
"saasApp" : configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["saasApp"]
|
||||||
|
};
|
||||||
|
|
||||||
|
var tenantDomain = carbon.server.tenantDomain({username: username});
|
||||||
|
if (!tenantDomain) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
||||||
|
"based client application credentials. Unable to obtain a valid tenant domain for provided username "+
|
||||||
|
username +"- getDynamicClientAppCredentials(x)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var cachedTenantBasedClientAppCredentials = privateMethods.
|
||||||
|
getCachedTenantBasedClientAppCredentials(tenantDomain);
|
||||||
|
if (cachedTenantBasedClientAppCredentials) {
|
||||||
|
return cachedTenantBasedClientAppCredentials;
|
||||||
|
} else {
|
||||||
|
// calling dynamic client app registration service endpoint
|
||||||
|
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]
|
||||||
|
["dynamicClientAppRegistrationServiceURL"];
|
||||||
|
var requestPayload = dcAppProperties;
|
||||||
|
var token = publicMethods.encode(configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
|
||||||
|
["appRegistration"]["owner"] + ":" + configs["authorization"]["methods"]["oauth"]["attributes"]
|
||||||
|
["oauthProvider"]["appRegistration"]["password"]);
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("POST", requestURL, false);
|
||||||
|
xhr.setRequestHeader("Content-Type", "application/json");
|
||||||
|
xhr.setRequestHeader("Authorization", "Basic "+ token);
|
||||||
|
xhr.send(stringify(requestPayload));
|
||||||
|
var dynamicClientAppCredentials = {};
|
||||||
|
if (xhr["status"] == 201 || xhr["status"] == 200 && xhr["responseText"]) {
|
||||||
|
var responsePayload = parse(xhr["responseText"]);
|
||||||
|
var clientId = responsePayload["client_id"];
|
||||||
|
var clientSecret = responsePayload["client_secret"];
|
||||||
|
if(typeof clientId == "undefined"){
|
||||||
|
clientId = responsePayload["clientId"];
|
||||||
|
}
|
||||||
|
if(typeof clientSecret == "undefined"){
|
||||||
|
clientSecret = responsePayload["clientSecret"];
|
||||||
|
}
|
||||||
|
dynamicClientAppCredentials["clientId"] = clientId;
|
||||||
|
dynamicClientAppCredentials["clientSecret"] = clientSecret;
|
||||||
|
privateMethods.
|
||||||
|
setCachedTenantBasedClientAppCredentials(tenantDomain, dynamicClientAppCredentials);
|
||||||
|
} else if (xhr["status"] == 400) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
|
||||||
|
"Bad request. Invalid data provided as dynamic client application properties.");
|
||||||
|
dynamicClientAppCredentials = null;
|
||||||
|
} else {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js - getDynamicClientAppCredentials()} " +
|
||||||
|
"Error in retrieving dynamic client credentials.");
|
||||||
|
dynamicClientAppCredentials = null;
|
||||||
|
}
|
||||||
|
// returning dynamic client credentials
|
||||||
|
return dynamicClientAppCredentials;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create oauth application
|
||||||
|
* @param username username of current logged user
|
||||||
|
* @returns {{clientId:*, clientSecret:*}}
|
||||||
|
*/
|
||||||
|
publicMethods["getTenantBasedClientAppCredentials"] = function (username) {
|
||||||
|
if (!username) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
||||||
|
"based client app credentials. No username " +
|
||||||
|
"as input - getTenantBasedClientAppCredentials(x)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
|
||||||
|
var tenantDomain = carbon.server.tenantDomain({username: username});
|
||||||
|
|
||||||
|
if (!tenantDomain) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
||||||
|
"based client application credentials. Unable to obtain a valid tenant domain for provided " +
|
||||||
|
"username - getTenantBasedClientAppCredentials(x, y)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var cachedTenantBasedClientAppCredentials = privateMethods.
|
||||||
|
getCachedTenantBasedClientAppCredentials(tenantDomain);
|
||||||
|
if (cachedTenantBasedClientAppCredentials) {
|
||||||
|
return cachedTenantBasedClientAppCredentials;
|
||||||
|
} else {
|
||||||
|
var adminUsername = configs["authorization"]["methods"]["oauth"]["attributes"]["adminUser"];
|
||||||
|
var adminUserTenantId = configs["authorization"]["methods"]["oauth"]["attributes"]
|
||||||
|
["adminUserTenantId"];
|
||||||
|
//claims required for jwtAuthenticator.
|
||||||
|
var claims = {"http://wso2.org/claims/enduserTenantId": adminUserTenantId,
|
||||||
|
"http://wso2.org/claims/enduser": adminUsername};
|
||||||
|
var jwtToken = publicMethods.getJwtToken(adminUsername, claims);
|
||||||
|
// register a tenant based client app at API Manager
|
||||||
|
var applicationName = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
|
||||||
|
["appRegistration"]["clientName"] + "_" + tenantDomain;
|
||||||
|
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
|
||||||
|
["appRegistration"]["apiManagerClientAppRegistrationServiceURL"] +
|
||||||
|
"?tenantDomain=" + tenantDomain + "&applicationName=" + applicationName;
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("POST", requestURL, false);
|
||||||
|
xhr.setRequestHeader("Content-Type", "application/json");
|
||||||
|
xhr.setRequestHeader("X-JWT-Assertion", "" + jwtToken);
|
||||||
|
xhr.send();
|
||||||
|
if ((xhr["status"] == 201 || xhr["status"] == 200) && xhr["responseText"]) {
|
||||||
|
var responsePayload = parse(xhr["responseText"]);
|
||||||
|
var tenantBasedClientAppCredentials = {};
|
||||||
|
var clientId = responsePayload["client_id"];
|
||||||
|
var clientSecret = responsePayload["client_secret"];
|
||||||
|
if(typeof clientId == "undefined"){
|
||||||
|
clientId = responsePayload["clientId"];
|
||||||
|
}
|
||||||
|
if(typeof clientSecret == "undefined"){
|
||||||
|
clientSecret = responsePayload["clientSecret"];
|
||||||
|
}
|
||||||
|
tenantBasedClientAppCredentials["clientId"] = clientId;
|
||||||
|
tenantBasedClientAppCredentials["clientSecret"] = clientSecret;
|
||||||
|
privateMethods.
|
||||||
|
setCachedTenantBasedClientAppCredentials(tenantDomain, tenantBasedClientAppCredentials);
|
||||||
|
return tenantBasedClientAppCredentials;
|
||||||
|
} else {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving tenant " +
|
||||||
|
"based client application credentials from API " +
|
||||||
|
"Manager - getTenantBasedClientAppCredentials(x, y)");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Caching oauth application credentials
|
||||||
|
* @param tenantDomain tenant domain where application is been created
|
||||||
|
* @param clientAppCredentials {{clientId:*, clientSecret:*}}
|
||||||
|
*/
|
||||||
|
privateMethods["setCachedTenantBasedClientAppCredentials"] = function (tenantDomain, clientAppCredentials) {
|
||||||
|
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
|
||||||
|
if (!cachedTenantBasedClientAppCredentialsMap) {
|
||||||
|
cachedTenantBasedClientAppCredentialsMap = {};
|
||||||
|
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
|
||||||
|
application.put(constants["CACHED_CREDENTIALS_PORTAL_APP"], cachedTenantBasedClientAppCredentialsMap);
|
||||||
|
} else if (!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
|
||||||
|
cachedTenantBasedClientAppCredentialsMap[tenantDomain] = clientAppCredentials;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get oauth application credentials from cache
|
||||||
|
* @param tenantDomain tenant domain where application is been created
|
||||||
|
* @returns {{clientId:*, clientSecret:*}}
|
||||||
|
*/
|
||||||
|
privateMethods["getCachedTenantBasedClientAppCredentials"] = function (tenantDomain) {
|
||||||
|
var cachedTenantBasedClientAppCredentialsMap = application.get(constants["CACHED_CREDENTIALS_PORTAL_APP"]);
|
||||||
|
if (!cachedTenantBasedClientAppCredentialsMap ||
|
||||||
|
!cachedTenantBasedClientAppCredentialsMap[tenantDomain]) {
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
return cachedTenantBasedClientAppCredentialsMap[tenantDomain];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get access token and refresh token using password grant type
|
||||||
|
* @param username username of the logged user
|
||||||
|
* @param password password of the logged user
|
||||||
|
* @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
|
||||||
|
* @param scopes scopes list
|
||||||
|
* @returns {{accessToken: *, refreshToken: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["getTokenPairAndScopesByPasswordGrantType"] = function (username, password
|
||||||
|
, encodedClientAppCredentials, scopes) {
|
||||||
|
if (!username || !password || !encodedClientAppCredentials || !scopes) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by password " +
|
||||||
|
"grant type. No username, password, encoded client app credentials or scopes are " +
|
||||||
|
"found - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
// calling oauth provider token service endpoint
|
||||||
|
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
|
||||||
|
["tokenServiceURL"];
|
||||||
|
var requestPayload = "grant_type=password&username=" +
|
||||||
|
username + "&password=" + password + "&scope=" + scopes;
|
||||||
|
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("POST", requestURL, false);
|
||||||
|
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||||
|
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
|
||||||
|
xhr.send(requestPayload);
|
||||||
|
|
||||||
|
if (xhr["status"] == 200 && xhr["responseText"]) {
|
||||||
|
var responsePayload = parse(xhr["responseText"]);
|
||||||
|
var tokenData = {};
|
||||||
|
tokenData["accessToken"] = responsePayload["access_token"];
|
||||||
|
tokenData["refreshToken"] = responsePayload["refresh_token"];
|
||||||
|
tokenData["scopes"] = responsePayload["scope"];
|
||||||
|
return tokenData;
|
||||||
|
} else {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
|
||||||
|
"by password grant type - getTokenPairAndScopesByPasswordGrantType(a, b, c, d)");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get access token and refresh token using SAML grant type
|
||||||
|
* @param assertion
|
||||||
|
* @param encodedClientAppCredentials
|
||||||
|
* @param scopes
|
||||||
|
* @returns {{accessToken: *, refreshToken: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["getTokenPairAndScopesByJWTGrantType"] = function (username, encodedClientAppCredentials, scopes) {
|
||||||
|
if (!username || !encodedClientAppCredentials || !scopes) {
|
||||||
|
log.error("{/app/modules/oauth/token-handler-utils.js} Error in retrieving access token by jwt " +
|
||||||
|
"grant type. No assertion, encoded client app credentials or scopes are " +
|
||||||
|
"found - getTokenPairAndScopesByJWTGrantType(x, y, z)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var JWTClientManagerServicePackagePath =
|
||||||
|
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
|
||||||
|
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
|
||||||
|
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
|
||||||
|
//noinspection JSUnresolvedFunction
|
||||||
|
var jwtClient = JWTClientManagerService.getJWTClient();
|
||||||
|
// returning access token by JWT grant type
|
||||||
|
var tokenInfo = jwtClient.getAccessToken(encodedClientAppCredentials,
|
||||||
|
username, scopes);
|
||||||
|
var tokenData = {};
|
||||||
|
tokenData["accessToken"] = tokenInfo.getAccessToken();
|
||||||
|
tokenData["refreshToken"] = tokenInfo.getRefreshToken();
|
||||||
|
tokenData["scopes"] = tokenInfo.getScopes();
|
||||||
|
return tokenData;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get access token and refresh token using SAML grant type
|
||||||
|
* @param assertion
|
||||||
|
* @param encodedClientAppCredentials
|
||||||
|
* @param scopes
|
||||||
|
* @returns {{accessToken: *, refreshToken: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["getTokenPairAndScopesBySAMLGrantType"] = function (assertion, encodedClientAppCredentials, scopes) {
|
||||||
|
if (!assertion || !encodedClientAppCredentials || !scopes) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml " +
|
||||||
|
"grant type. No assertion, encoded client app credentials or scopes are " +
|
||||||
|
"found - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
|
||||||
|
var assertionXML = publicMethods.decode(assertion);
|
||||||
|
/*
|
||||||
|
TODO: make assertion extraction with proper parsing.
|
||||||
|
Since Jaggery XML parser seem to add formatting which causes signature verification to fail.
|
||||||
|
*/
|
||||||
|
var assertionStartMarker = "<saml2:Assertion";
|
||||||
|
var assertionEndMarker = "<\/saml2:Assertion>";
|
||||||
|
var assertionStartIndex = assertionXML.indexOf(assertionStartMarker);
|
||||||
|
var assertionEndIndex = assertionXML.indexOf(assertionEndMarker);
|
||||||
|
|
||||||
|
var extractedAssertion;
|
||||||
|
if (assertionStartIndex == -1 || assertionEndIndex == -1) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token by saml grant " +
|
||||||
|
"type. Issue in assertion format - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
extractedAssertion = assertionXML.
|
||||||
|
substring(assertionStartIndex, assertionEndIndex) + assertionEndMarker;
|
||||||
|
var encodedAssertion = publicMethods.encode(extractedAssertion);
|
||||||
|
// calling oauth provider token service endpoint
|
||||||
|
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
|
||||||
|
["tokenServiceURL"];
|
||||||
|
var requestPayload = "grant_type=urn:ietf:params:oauth:grant-type:saml2-bearer&" +
|
||||||
|
"assertion=" + encodeURIComponent(encodedAssertion) + "&scope=" + scopes;
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("POST", requestURL, false);
|
||||||
|
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||||
|
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
|
||||||
|
xhr.send(requestPayload);
|
||||||
|
|
||||||
|
if (xhr["status"] == 200 && xhr["responseText"]) {
|
||||||
|
var responsePayload = parse(xhr["responseText"]);
|
||||||
|
var tokenData = {};
|
||||||
|
tokenData["accessToken"] = responsePayload["access_token"];
|
||||||
|
tokenData["refreshToken"] = responsePayload["refresh_token"];
|
||||||
|
tokenData["scopes"] = responsePayload["scope"];
|
||||||
|
return tokenData;
|
||||||
|
} else {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving access token " +
|
||||||
|
"by password grant type - getTokenPairAndScopesBySAMLGrantType(x, y, z)");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If access token is expired, try to refresh it using existing refresh token
|
||||||
|
* @param callback
|
||||||
|
*/
|
||||||
|
publicMethods["refreshAccessToken"] = function (callback) {
|
||||||
|
try {
|
||||||
|
if (publicMethods.checkOAuthEnabled()) {
|
||||||
|
var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
|
||||||
|
// currentTokenPair includes current access token as well as current refresh token
|
||||||
|
var encodedClientAppCredentials
|
||||||
|
= session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
|
||||||
|
if (!currentTokenPair || !encodedClientAppCredentials) {
|
||||||
|
callback(false);
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
|
||||||
|
"token pair, encoded client app credentials or both input are not found under " +
|
||||||
|
"session context - refreshTokenPair()");
|
||||||
|
} else {
|
||||||
|
var newTokenPair = publicMethods.
|
||||||
|
getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
|
||||||
|
if (!newTokenPair) {
|
||||||
|
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
|
||||||
|
"Unable to update session context with new access token pair - refreshTokenPair()");
|
||||||
|
callback(false);
|
||||||
|
} else {
|
||||||
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
|
||||||
|
callback(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
log.error("You have not enable dynamic client yet");
|
||||||
|
callback(false);
|
||||||
|
}
|
||||||
|
} catch (exception) {
|
||||||
|
callback(false);
|
||||||
|
throw "Error while refreshing existing access token, " + exception;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get access token and refresh token using refresh token grant type
|
||||||
|
* @param refreshToken refresh token
|
||||||
|
* @param encodedClientAppCredentials {{clientId:*, clientSecret:*}}
|
||||||
|
* @param scopes
|
||||||
|
* @returns {{accessToken: *, refreshToken: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["getNewTokenPairByRefreshToken"] = function (refreshToken, encodedClientAppCredentials, scopes) {
|
||||||
|
if (!refreshToken || !encodedClientAppCredentials) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
|
||||||
|
"by current refresh token. No refresh token or encoded client app credentials are " +
|
||||||
|
"found - getNewTokenPairByRefreshToken(x, y, z)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var requestURL = configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]
|
||||||
|
["tokenServiceURL"];
|
||||||
|
var requestPayload = "grant_type=refresh_token&refresh_token=" + refreshToken;
|
||||||
|
if (scopes) {
|
||||||
|
requestPayload = requestPayload + "&scope=" + scopes;
|
||||||
|
}
|
||||||
|
|
||||||
|
var xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("POST", requestURL, false);
|
||||||
|
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
|
||||||
|
xhr.setRequestHeader("Authorization", "Basic " + encodedClientAppCredentials);
|
||||||
|
xhr.send(requestPayload);
|
||||||
|
|
||||||
|
if (xhr["status"] == 200 && xhr["responseText"]) {
|
||||||
|
var responsePayload = parse(xhr["responseText"]);
|
||||||
|
var tokenPair = {};
|
||||||
|
tokenPair["accessToken"] = responsePayload["access_token"];
|
||||||
|
tokenPair["refreshToken"] = responsePayload["refresh_token"];
|
||||||
|
return tokenPair;
|
||||||
|
} else {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token by " +
|
||||||
|
"current refresh token - getNewTokenPairByRefreshToken(x, y, z)");
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get access token using JWT grant type
|
||||||
|
* @param clientAppCredentials {{clientId:*, clientSecret:*}}
|
||||||
|
* @returns {{accessToken: *, refreshToken: *}}
|
||||||
|
*/
|
||||||
|
publicMethods["getAccessTokenByJWTGrantType"] = function (clientAppCredentials) {
|
||||||
|
if (!clientAppCredentials) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new access token " +
|
||||||
|
"by current refresh token. No client app credentials are found " +
|
||||||
|
"as input - getAccessTokenByJWTGrantType(x)");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var JWTClientManagerServicePackagePath =
|
||||||
|
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
|
||||||
|
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
|
||||||
|
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
|
||||||
|
//noinspection JSUnresolvedFunction
|
||||||
|
var jwtClient = JWTClientManagerService.getJWTClient();
|
||||||
|
// returning access token by JWT grant type
|
||||||
|
return jwtClient.getAccessToken(clientAppCredentials["clientId"], clientAppCredentials["clientSecret"],
|
||||||
|
configs["authorization"]["methods"]["oauth"]["attributes"]["oauthProvider"]["appRegistration"]["owner"],
|
||||||
|
null)["accessToken"];
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get jwt token
|
||||||
|
* @param username username of logged user
|
||||||
|
* @param claims claims which are required
|
||||||
|
* @returns {"jwtToken"}
|
||||||
|
*/
|
||||||
|
publicMethods["getJwtToken"] = function (username, claims) {
|
||||||
|
if (!username) {
|
||||||
|
log.error("{/modules/oauth/token-handler-utils.js} Error in retrieving new jwt token");
|
||||||
|
return null;
|
||||||
|
} else {
|
||||||
|
var JWTClientManagerServicePackagePath =
|
||||||
|
"org.wso2.carbon.identity.jwt.client.extension.service.JWTClientManagerService";
|
||||||
|
//noinspection JSUnresolvedFunction, JSUnresolvedVariable
|
||||||
|
var JWTClientManagerService = carbon.server.osgiService(JWTClientManagerServicePackagePath);
|
||||||
|
//noinspection JSUnresolvedFunction
|
||||||
|
var jwtClient = JWTClientManagerService.getJWTClient();
|
||||||
|
// returning access token by JWT grant type
|
||||||
|
if (claims) {
|
||||||
|
return jwtClient.getJwtToken(username, claims);
|
||||||
|
} else {
|
||||||
|
return jwtClient.getJwtToken(username);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
return publicMethods;
|
||||||
|
}();
|
@ -0,0 +1,192 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||||
|
* Version 2.0 (the "License"); you may not use this file except
|
||||||
|
* in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
|
||||||
|
* either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* -----------------------------------------------------
|
||||||
|
* Following module includes handlers
|
||||||
|
* at Jaggery Layer for handling OAuth tokens.
|
||||||
|
* -----------------------------------------------------
|
||||||
|
*/
|
||||||
|
var handlers = function () {
|
||||||
|
var log = new Log("/modules/oauth/token-handlers.js");
|
||||||
|
|
||||||
|
var tokenUtil = require("/modules/oauth/token-handler-utils.js")["utils"];
|
||||||
|
var constants = require("/modules/constants.js");
|
||||||
|
var configs = require('/configs/portal.js').config();
|
||||||
|
|
||||||
|
var publicMethods = {};
|
||||||
|
var privateMethods = {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get an AccessToken pair based on username and password
|
||||||
|
* @param username username of the logged user
|
||||||
|
* @param password password of the logged user
|
||||||
|
*/
|
||||||
|
publicMethods["setupTokenPairByPasswordGrantType"] = function (username, password) {
|
||||||
|
if (!username || !password) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
|
||||||
|
"password grant type. Either username of logged in user, password or both are missing " +
|
||||||
|
"as input - setupTokenPairByPasswordGrantType(x, y)");
|
||||||
|
} else {
|
||||||
|
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
|
||||||
|
var encodedClientAppCredentials =
|
||||||
|
session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
|
||||||
|
if (!encodedClientAppCredentials) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
|
||||||
|
"password grant type. Encoded client credentials are " +
|
||||||
|
"missing - setupTokenPairByPasswordGrantType(x, y)");
|
||||||
|
} else {
|
||||||
|
var tokenData;
|
||||||
|
// tokenPair will include current access token as well as current refresh token
|
||||||
|
var arrayOfScopes = configs["authorization"]["methods"]["oauth"]["attributes"]["scopes"];
|
||||||
|
var stringOfScopes = "";
|
||||||
|
arrayOfScopes.forEach(function (entry) {
|
||||||
|
stringOfScopes += entry + " ";
|
||||||
|
});
|
||||||
|
tokenData = tokenUtil.
|
||||||
|
getTokenPairAndScopesByPasswordGrantType(username,
|
||||||
|
encodeURIComponent(password), encodedClientAppCredentials, stringOfScopes);
|
||||||
|
if (!tokenData) {
|
||||||
|
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up " +
|
||||||
|
"token pair by password grant type. Error in token " +
|
||||||
|
"retrieval - setupTokenPairByPasswordGrantType(x, y)");
|
||||||
|
} else {
|
||||||
|
var tokenPair = {};
|
||||||
|
tokenPair["accessToken"] = tokenData["accessToken"];
|
||||||
|
tokenPair["refreshToken"] = tokenData["refreshToken"];
|
||||||
|
// setting up token pair into session context as a string
|
||||||
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
|
||||||
|
var scopes = tokenData.scopes.split(" ");
|
||||||
|
// adding allowed scopes to the session
|
||||||
|
session.put(constants["ALLOWED_SCOPES"], scopes);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get an AccessToken pair based on SAML assertion
|
||||||
|
* @param samlToken SAML assertion
|
||||||
|
* @param username {{clientId:"", clientSecret:""}}
|
||||||
|
*/
|
||||||
|
publicMethods["setupTokenPairBySamlGrantType"] = function (username, samlToken) {
|
||||||
|
if (!username || !samlToken) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up access token pair by " +
|
||||||
|
"saml grant type. Either username of logged in user, samlToken or both are missing " +
|
||||||
|
"as input - setupTokenPairBySamlGrantType(x, y)");
|
||||||
|
} else {
|
||||||
|
privateMethods.setUpEncodedTenantBasedClientAppCredentials(username);
|
||||||
|
var encodedClientAppCredentials =
|
||||||
|
session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
|
||||||
|
if (!encodedClientAppCredentials) {
|
||||||
|
throw new Error("{/app/modules/oauth/token-handlers.js} Could not set up access token pair " +
|
||||||
|
"by saml grant type. Encoded client credentials are " +
|
||||||
|
"missing - setupTokenPairBySamlGrantType(x, y)");
|
||||||
|
} else {
|
||||||
|
var tokenData;
|
||||||
|
// accessTokenPair will include current access token as well as current refresh token
|
||||||
|
tokenData = tokenUtil.
|
||||||
|
getTokenPairAndScopesByJWTGrantType(username, encodedClientAppCredentials, "PRODUCTION");
|
||||||
|
if (!tokenData) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up token " +
|
||||||
|
"pair by saml grant type. Error in token " +
|
||||||
|
"retrieval - setupTokenPairBySamlGrantType(x, y)");
|
||||||
|
} else {
|
||||||
|
var tokenPair = {};
|
||||||
|
tokenPair["accessToken"] = tokenData["accessToken"];
|
||||||
|
tokenPair["refreshToken"] = tokenData["refreshToken"];
|
||||||
|
// setting up access token pair into session context as a string
|
||||||
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(tokenPair));
|
||||||
|
|
||||||
|
var scopes = tokenData.scopes.split(" ");
|
||||||
|
// adding allowed scopes to the session
|
||||||
|
session.put(constants["ALLOWED_SCOPES"], scopes);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set access token and refresh token using refresh token grant type
|
||||||
|
*/
|
||||||
|
publicMethods["refreshTokenPair"] = function () {
|
||||||
|
var currentTokenPair = parse(session.get(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"]));
|
||||||
|
// currentTokenPair includes current access token as well as current refresh token
|
||||||
|
var encodedClientAppCredentials
|
||||||
|
= session.get(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"]);
|
||||||
|
if (!currentTokenPair || !encodedClientAppCredentials) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Error in refreshing tokens. Either the " +
|
||||||
|
"token pair, encoded client app credentials or both input are not found under " +
|
||||||
|
"session context - refreshTokenPair()");
|
||||||
|
} else {
|
||||||
|
var newTokenPair = tokenUtil.
|
||||||
|
getNewTokenPairByRefreshToken(currentTokenPair["refreshToken"], encodedClientAppCredentials);
|
||||||
|
if (!newTokenPair) {
|
||||||
|
log.error("{/app/modules/oauth/token-handlers.js} Error in refreshing token pair. " +
|
||||||
|
"Unable to update session context with new access token pair - refreshTokenPair()");
|
||||||
|
} else {
|
||||||
|
session.put(constants["ACCESS_TOKEN_PAIR_IDENTIFIER_FOR_PORTAL"], stringify(newTokenPair));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If gateway is enable, apiManagerClientAppRegistrationServiceURL is used to create an oauth application or
|
||||||
|
* else DCR endpoint is used to create an oauth application
|
||||||
|
* @param username username of current logged user
|
||||||
|
*/
|
||||||
|
privateMethods["setUpEncodedTenantBasedClientAppCredentials"] = function (username) {
|
||||||
|
if (!username) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
|
||||||
|
"client credentials to session context. No username of logged in user is found as " +
|
||||||
|
"input - setUpEncodedTenantBasedClientAppCredentials(x)");
|
||||||
|
} else {
|
||||||
|
if (configs["authorization"]["methods"]["oauth"]["attributes"]["apimgt-gateway"]) {
|
||||||
|
var tenantBasedClientAppCredentials = tokenUtil.getTenantBasedClientAppCredentials(username);
|
||||||
|
if (!tenantBasedClientAppCredentials) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant " +
|
||||||
|
"based client credentials to session context as the server is unable " +
|
||||||
|
"to obtain such credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
|
||||||
|
} else {
|
||||||
|
var encodedTenantBasedClientAppCredentials =
|
||||||
|
tokenUtil.encode(tenantBasedClientAppCredentials["clientId"] + ":" +
|
||||||
|
tenantBasedClientAppCredentials["clientSecret"]);
|
||||||
|
// setting up encoded tenant based client credentials to session context.
|
||||||
|
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
|
||||||
|
encodedTenantBasedClientAppCredentials);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
var dynamicClientAppCredentials = tokenUtil.getDynamicClientAppCredentials(username);
|
||||||
|
if (!dynamicClientAppCredentials) {
|
||||||
|
throw new Error("{/modules/oauth/token-handlers.js} Could not set up encoded tenant based " +
|
||||||
|
"client credentials to session context as the server is unable to obtain " +
|
||||||
|
"dynamic client credentials - setUpEncodedTenantBasedClientAppCredentials(x)");
|
||||||
|
}
|
||||||
|
var encodedTenantBasedClientAppCredentials =
|
||||||
|
tokenUtil.encode(dynamicClientAppCredentials["clientId"] + ":" +
|
||||||
|
dynamicClientAppCredentials["clientSecret"]);
|
||||||
|
// setting up encoded tenant based client credentials to session context.
|
||||||
|
session.put(constants["ENCODED_TENANT_BASED_CLIENT_APP_CREDENTIALS_PORTAL_APP"],
|
||||||
|
encodedTenantBasedClientAppCredentials);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return publicMethods;
|
||||||
|
}();
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,7 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<streamConfiguration type="csv">
|
||||||
|
<file>events.csv</file>
|
||||||
|
<streamID>rawInputStream:1.0.0</streamID>
|
||||||
|
<separateChar>,</separateChar>
|
||||||
|
<delayBetweenEventsInMilies>10</delayBetweenEventsInMilies>
|
||||||
|
</streamConfiguration>
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,60 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
var getDateString, getDuration;
|
||||||
|
|
||||||
|
(function() {
|
||||||
|
|
||||||
|
getDateString = function (timestamp) {
|
||||||
|
var date = new Date();
|
||||||
|
date.setTime(timestamp);
|
||||||
|
return date.toString();
|
||||||
|
};
|
||||||
|
|
||||||
|
getDuration = function (durationInMS) {
|
||||||
|
var time = '';
|
||||||
|
var date = new Date();
|
||||||
|
date.setTime(durationInMS);
|
||||||
|
|
||||||
|
var day = Math.floor(durationInMS/86400000);
|
||||||
|
if (day > 0){
|
||||||
|
//More than 1 day
|
||||||
|
time = day +' day : ';
|
||||||
|
durationInMS = durationInMS - (day * 86400000);
|
||||||
|
}
|
||||||
|
var hour = Math.floor(durationInMS/3600000);
|
||||||
|
if (hour > 0){
|
||||||
|
//More than 1 hour
|
||||||
|
time = time + hour + ' hour : ';
|
||||||
|
durationInMS = durationInMS - (hour * 3600000);
|
||||||
|
}
|
||||||
|
|
||||||
|
var minutes = Math.floor(durationInMS/60000);
|
||||||
|
if (minutes > 0){
|
||||||
|
//More than 1 minute
|
||||||
|
time = time + minutes + ' minutes : ';
|
||||||
|
durationInMS = durationInMS - (minutes * 60000);
|
||||||
|
}
|
||||||
|
|
||||||
|
var seconds = Math.ceil(durationInMS/1000);
|
||||||
|
if (seconds > 0){
|
||||||
|
//More than 1 minute
|
||||||
|
time = time + seconds + ' seconds : ';
|
||||||
|
}
|
||||||
|
time = time.slice(0, -2);
|
||||||
|
return time;
|
||||||
|
};
|
||||||
|
}());
|
Loading…
Reference in new issue