I'm currently implementing a Glassfish realm backed by a neo4j DB, for which I've defined a Realm and a LoginModule class.
I can install the realm using the create-auth-realm asadmin command. But the realm is recognized by Glassfish only if it is associated to a LoginModule defined in the config/login.conf file.
For instance, in my case, I have to do the following:
Create the authentication realm: create-auth-realm --classname com.mycompany.security.MyRealm --property jaas-context=MyLoginModule myrealm and then
Define MyLoginModule in that config/login.conf file :
MyLoginModule {
fr.mycompany.security.MyLoginModule required;
};
I can edit the login.conf file by hand but would like to use an asadmin command to automate this step. Would you know of such an asadmin command ?
It seems that, at the moment, the Glassfish CLI does not support this.
Quote from here:
glassfish has a pretty good CLI (which is actually one of the reasons,
why I switched over from JBoss). However, there is no CLI cmd for
modifying the login.conf of an instance (i.e. add/remove an entry in a
reliable way).
I'm wondering about why the realm is not added/removed automatically
to/from the login.conf, when one creates/deletes a realm using the
create-auth-realm/delete-auth-realm command ...
I have requested for an update.
Related
Using hazelcast 5.2.1
We are moving from a java-based config in a custom application to stand-alone serve with a yaml config, since we would like to use the public docker image as a base for a hazelcast member. We excpet to just add some jar files in ${HZ_HOME}bin/user-lib and a config file in ${HZ_HOME}/hazelcast.yaml.
Our config gets picked up, and the server starts. But when the clients try to put objects, things go bad. The server logs the error:
com.hazelcast.nio.serialization.HazelcastSerializationException: Cannot write null portable without explicitly registering class definition
How can we add ClassDefinition objects to the config?
We have classes implementing VersionedPortable, and have static ClassDefinition members for them.
Until now we have just added the class definitions programmatically while configuring the member instance in our own applications, but we cannot find a hook to do this when using yaml config?
I've observed the following behavior when I generate a new application using JHipster:
When I just call jhipster, it shows a set of prompts to make my choices.
When I call jhipster jdl <myjslfile.jdl>:
2.1. If the JDL has just entities, not declaring a config application section, I've got an error: Database type is required to validate entities.
2.2. If the JDL has the minimum config application like the following, it assumes some defaults and does not show any prompt.
I'm trying to write my own blueprint and I'd like to know how could I tell to Jhipster some default values should be considered when loading a JDL.
I thought that if I just set the prompt attribute default would be the solution, but I did this and have no effect, the prompts are always shown. When there are more than one application declared in the JDL file it's worst because it's not possible to distinguish what is being answered to each application since this processes happen in parallel.
Regards,
application {
config {
baseName microserviceExample,
applicationType microservice,
prodDatabaseType postgresql
}
entities X
}
entity X {
name String required minlength(3)
}
Personally, I don't like depending on default values that could be changed by a new major version (e.g. default for service registry will change in JHipster 8 from Eureka to Consul).
Why is this a problem to explicit these values in your JDL? For me the JDL should be self contained as much as possible.
Alternatively, you could define a .yo-rc.json file in your project directory or in its parent directory if you want to apply to several apps below.
And finally, you could open a feature request on github for the dev team to comment.
I'm behind a firewall and lazybones can't reach its repository without a proxy.
I've searched the source and can't seem to find any reference to a proxy that seems to be relevant.
Support was officially added in version 0.8.1 of Lazybones, albeit via a general mechanism to add arbitrary system properties to the application in its configuration file, ~/.lazybones/config.groovy.
You can read about the details in the project README, but in essence, simply add the following to your config.groovy file:
systemProp {
http {
proxyHost = "localhost"
proxyPort = 8181
}
https {
proxyHost = "localhost"
proxyPort = 8181
}
}
You can use the systemProp. prefix to add any system properties to Lazybones, similar to the way it works in Gradle.
Is that what You're looking for? Basically You need to add some properties to gradle.properties file.
I am using Cygwin on Windows and I have modified the last line of
~/.gvm/lazybones/current/bin/lazybones
to say
exec "$JAVACMD" "${JVM_OPTS[#]}" -classpath "$CLASSPATH" "-Dhttp.proxyHost=127.0.0.1" "-Dhttp.proxyPort=8888" "-Dhttp.nonProxyHosts=localhost|127.0.0.1" uk.co.cacoethes.lazybones.LazybonesMain "$#"
Please note the quotes around the options. It works very well with my local Fiddler installation.
I have found no better way to enable proxy support due to the way the script is using eval. Maybe a more experienced shell script programmer can come up with a more elegant solution.
I was able to get out through the proxy setting the environment settings of
Picked up JAVA_TOOL_OPTIONS: -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=8080
-Dhttp.nonProxyHosts="lmig.com" -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=8080
unfortunately my environment requires authentication so I couldn't provide the complete proxy this way. I first ran "OWASP Zed Attach Proxy (ZAP)" which allowed me to run a proxy on my own machine (at port 8080) which then provided the complete authentication required.
This was able to then run the complete "lazybones list" command which retrieved the contents of the respositories.
Unfortunately I was not able to create an application from those templates becuase bintray required a login (though an anonymous login would do) and couldn't seem to get an additional level of authentication (I received "Unauthorized" from bintray)
The default port is http://localhost:9001.
How do I run the hybris platform using another port?
Edit your {HYBRIS_ROOT_DIR}/config/local.properties file and use the following properties to configure the various ports:
tomcat.http.port=9001
tomcat.ssl.port=9002
tomcat.ajp.port=8009
tomcat.jmx.port=9003
tomcat.jmx.server.port=9004
You can find the complete configuration reference on the Hybris wiki here: https://wiki.hybris.com/display/release5/Configuration+Properties+Reference
In order for the changes to be applied you must run ant and restart Hybris.
You can run ant all, but if you have only changed the configuration you can deploy these changes without having to re-compile by using ant deploy which is much faster.
Create a /config/local.properties file with this content:
tomcat.http.port=9101
tomcat.ssl.port=9102
tomcat.ajp.port=8109
tomcat.jmx.port=9103
tomcat.jmx.server.port=9104
Then you'll get Hybris server to run on http://localhost:9101.
If you change the port, make sure you update the spring security port-mappings (should be already using the configuration service and these properties via Spring EL to do this if you're on a recent version of hybris), and, for local development, the site URL resolution (website.<x>.http(s), media.<x>.http(s)) properties and the CMS Site URL mapping regular expressions (ImpEx or hMC). There's also a property for jvdbc I think.
You can change these in the config/local.properties, platform/project.properties or a custom extension's project.properties. The local.properties file has the highest priority (if the property is defined in multiple places), then the custom extension's project.properties, and finally in the platform's project.properties.
In addition to the above configuration provided by Zathrus Writer. You might have to add the solr port configuration to have say two instances of hybris running in the same server.
solrserver.instances.default.port=8986
Full configuration:
tomcat.http.port=9201
tomcat.ssl.port=9202
tomcat.ajp.port=8209
tomcat.jmx.port=9203
tomcat.jmx.server.port=9204
solrserver.instances.default.port=8986
You can use this as well
hybris.instance.id=60
tomcat.http.port=9${hybris.instance.id}1
tomcat.ssl.port=9${hybris.instance.id}2
tomcat.jmx.port=9${hybris.instance.id}3
tomcat.debug.port=9${hybris.instance.id}0
tomcat.jmx.server.port=9${hybris.instance.id}4
tomcat.ajp.port=9${hybris.instance.id}5
Override port configurations in {HYBRIS_ROOT_DIR}/config/local.properties file.
tomcat.http.port=9011
tomcat.ssl.port=9012
tomcat.ajp.port=8019
tomcat.jmx.port=9013
tomcat.jmx.server.port=9014
In addition to the port we can also override xmx values of JVM in tomcat.generaloptions configurations in config/local.properties as listed below.
tomcat.generaloptions=-Xmx6G -XX:MaxPermSize=300M -ea -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dorg.tanukisoftware.wrapper.WrapperManager.mbean=true -Djava.endorsed.dirs="%CATALINA_HOME%/lib/endorsed" -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Dfile.encoding=UTF-8 -Dlog4j.configuration=log4j_init_tomcat.properties -Djava.util.logging.config.file=jdk_logging.properties -Djava.io.tmpdir="${HYBRIS_TEMP_DIR}"
In addition, you may face with another port issue cause debug port.
You should also change it.
Please use;
tomcat.debugjavaoptions=-Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,address=8001,suspend=n
As SAP Hybris runs on tomcat server, we can run as many servers as needed simultaneously based on our memory.
We need to configure in config/local.properties
To run tomcat in different port
tomcat.http.port=6001
tomcat.ssl.port=6002
tomcat.ajp.port=6009
tomcat.jmx.port=6003
tomcat.jmx.server.port=6004
os.rmiregistry.port=3198
website.electronics.http=http://electronics.local:6001/yacceleratorstorefront
website.electronics.https=https://electronics.local:6002/yacceleratorstorefront
website.apparel-de.http=http://apparel-de.local:6001/yacceleratorstorefront
website.apparel-de.https=https://apparel-de.local:6002/yacceleratorstorefront
website.apparel-uk.http=http://apparel-uk.local:6001/yacceleratorstorefront
website.apparel-uk.https=https://apparel-uk.local:6002/yacceleratorstorefront
website.powertools.http=http://powertools.local:6001/yb2bacceleratorstorefront
website.powertools.https=https://powertools.local:6002/yb2bacceleratorstorefront
To Run Solr in separate port
solrserver.instances.default.port=6983
To have debug in separate port
tomcat.debugjavaoptions=-Djava.locale.providers=COMPAT,CLDR -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,address=6000,suspend=n
I have a need to write a .NET application which will query Active Directory while running in Windows PE on a computer which is not yet a member of the domain.
We are running this during a Microsoft Deployment Toolkit task sequence (note that MDT 2012 has been configured to load support for .NET into the WinPE environment - the .NET application is starting without any problems).
I am using the code below to bind to the domain:
DirectoryEntry entry = new DirectoryEntry(
path,
username,
password,
AuthenticationTypes.ServerBind | AuthenticationTypes.Secure);
I have tried a path both of the form:
LDAP://domainServer/dc=domain,dc=name
And also without a domain controller name as
LDAP://dc=domain,dc=name
I have also tried using a username both of the form domain\username and also just username.
The DirectoryEntry object seems to be constructed okay, but when I try to execute Console.Writeline(entry.Name) to confirm a valid connection has been made, I get the following exception:
System.Runtime.InteropServices.COMException (0x80005000): Unknown
error (0x80005000) at
System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind() at
System.DirectoryServices.DirectoryEntry.get_Name()
I have tried other variations on this code, trying to execute LDAP queries with various filters, trying to rewrite it in VBScript, etc... but the code posted above is the simplest example I could come up with which reproduces the problem.
From what I have read, in a scenario like this you would always need to use AuthenticationTypes.ServerBind and that is why I am trying to specify the code within the ADSI LDAP path. But what is wrong with the code above? To me, it looks like it is passing all needed information in the parameters to the DirectoryEntry constructor.
There is a way to get it work, but it's not supported by Microsoft. This post helped me a lot. It works, tested and approved for a deployment of new computers :)
Get the ADSIxXX.inf from the zip file to C:\ADSI
Copy the following files from a Windows/System32 to C:\ADSI. Carefull of Architecture
x86 x64 -
adsldp.dll
adsmsext.dll
adsnt.dll
mscoree.dll
mscorier.dll
mscories.dll
Mount the bootimage.wim
No need to load Package (Your WinPE is already configured to load .NET API), juste add ADSI driver:
Dism /Image:C:\Mount /Add-Driver /Driver:C:\ADSI\ADSIxXX.inf /forceunsigned
No need to load his script
Unmount the bootimage.wim
Then it's done, if your .NET application is well implement ;)
I'm not sur the PIPE | is supported as an argument too, just set to AuthenticationTypes.Secure -
DirectoryEntry entry = new DirectoryEntry(
path,
username,
password,
AuthenticationTypes.ServerBind | AuthenticationTypes.Secure);
Link: http://www.deploymentresearch.com/Research/tabid/62/EntryId/74/ADSI-plugin-for-WinPE-4-0.aspx#AddComment