Front-End Back-End seperation - WSO2 IS 2.0

This is a simple note on how to separate front-end and back-end of WSO2 IS.

1. First we need to download the WSO2 IS 2.0 binary distribution and extract it to two locations in your file system.

2. Then change the configuration files in WSO2_IS_HOME\conf directory as given below.


3. Lastly before you start the servers;
- In the FE -> Delete the 'server' folder in WSO2_IS_HOMEwebapps\ROOT\WEB-INF\plugins
- In the BE -> Delete the 'console' folder in WSO2_IS_HOMEwebapps\ROOT\WEB-INF\plugins

Setting-up WSO2 IS on WebLogic Server 10gR3

The steps given below shows how to configure WSO2 Identity Server 2.0 on Weblogic Server 10gR3. Let's see how it is done.

Pre-requisite : You need to have WebLogic Server 10gR3 installed in your machine.

• Install and start weblogic server from port 7001.

• Download a WSO2 IS distribution.
  
• Extract the ditrubution to a directory of your preference.


• In the file system create a folder with the name "is-repo" (You may use any name).

• From the IS ditribution copy following folders : conf, database, repository, resources and ROOT folder inside webapps. Paste them inside the "is-repo" that you created in above step. Rename ROOT to "is".

• Now go to IS_repo\conf folder and change the following files.

Axis2.xml - Change the default http\https ports 9763\9443 to 7001\7002.






carbon.xml -Change the context, server url.

identity.xml -Change the OpenIDServerUrl, OpenIDUserPattern




registry.xml - Update the database url.


user-mgt.xml - update the database url

• Go to Weblogic console. (In a browser type http://localhost:7001/console/)

• In WebLogic Server Administration console select your domain, click on 'Environments' > 'Servers'.

• In the 'Servers' table there'll be a link to 'AdminServer'. Click on it.

Now we'll configure the Admin Server.

• Click the General tab and update following information and save.

• Click on KeyStores tab and fill in the information as given below and save.

• Click on SSL tab and fill in the information as given below and save.

Now lets' deploy IS.

• Go to Domain Structure > YOUR_DOMAIN and click on 'Deployments'.

• In the 'Deployments' table you will see "is" appear with a glass jar like icon.

• Click on the check box next to it. Click "install" button.
  
• After installing our web application, Click on the "start" button that appear in the same panel and select "servicing all requests".

Now we'll restart the server. Before that we need to set carbon home to the repo we created above.

• Ctrl+C and shutdown your server.

• Set carbon home on the same command window (e.g. Type set CARBON_HOME=C:\is-repo)

• Now start your weblogic server (e.g. startWebLogic.cmd)

Perfect! we are done now ...

Open Up a browser window.

Type the url - https://localhost:7002/is/carbon and you'll get WSO2 Identity Server Administration Console :)

My little angel was really sick ....

My 10 months old baby daughter got really sick last week. She was suffering with fever for 7 days. Blood reports checked in two instances during that period said there was no sign of dengue fever (which is spreading around the country speedily). But the last report which we took on the 7th day indicated signs of a bacterial attack to her. Her pediatrician asked us to admit her to the hospital immediately. But the hospital was full and we came home with instructions from the doctor to give some other medicine and bring her back in the morning. She replied for the the medicine and we all including her doctor were really pleased to see her change.

She was normal all throughout Saturday and Sunday and even Monday morning....She is still under antibiotic..

The interesting thing with my Sanuthi is no matter how high her fever is she was very active all though out. She'll laugh and crawl and stand up and dance and do whatever possible she can copy from her akkiya.

I'm glad to have her health back in normal state. Now I need to fill her little tummy at all possible chances and bring back her lost weight...!

Setting-up WSO2 Identity Server to connect to WSO2 GReg remotely

WSO Identity Server provides set of components that enable CardSpace authentication and OpenID which enables websites to provide strong authentication using information cards.


WSO2 registry now called as WSO2 GReg after its integration with governance solution handles the governance of web services while also behaving as a configuration management portal for services.


Even though Identity Server has its own H2 database, it can also be integrated with Greg to remotely connect and access GReg. The steps given below shows how the WSO2 Identity Server can be configured to access remote registry (GReg).

• As the first step download WSO2 IS and WSO2 GReg.

Something to note: By default all WSO2 products are set to start on 9443 and 9763 ports on https and http respectively.

So if we are going to use the same machine we need to change the ports of one of the products. I will do the required changes to WSO2 IS.

• Once downloaded unzip the files.

• Go to $WSO2_IS_HOME/conf and open axis2.xml. Change the http and https ports of the 'In Transports'.

• Now open transport.xml from the same location. Change http\https ports in it too.
  

• Open the identity.xml which is also in the same location. Change the ports to OpenID urls.

• Finally open the carbon.xml which also resides in the same location. Change the carbon.xml as below to access the remote registry.
  

- URL should be the url for registry.
- User name, password of the user credentials of the user who'll be allowed to manage remote registry for the Identity Server.
- Chroot can be any text which will be used to create a folder containing the resources related to IS.

• Now start WSO2 Greg first from the default ports 9443 and 9763.

• Start WSO2 IS after that from changed ports 9445 and 9765.

You're all set to work with WSO2 IS remotely accessing WSO2 Greg....! Now access https://localhost:9445/carbon to tryout the functionality.

Creating a JDBC External User Store using WSO2 User Management component

The WSO2 User Manager is a library that lets developers handle user authentication and authorization in applications. It authenticates users from different types of user stores and currently has the capability to easily plug-in to JDBC, LDAP and AD.

Given below are the steps to tryout JDBC user store. I'll be using a MySql database for this.

1. Create a MySQL database

• In my database I have following structure;

To create this easily rather than entering MySql statements interactively we can put the SQL statements in a file and then tell mysql to run it in batch mode. Simply copy and paste the SQL statements below in a note pad and save it with .txt extension.

/*Create a new usermgmt database */
create database usermgmt;

/*Create the users table */
create table usermgmt.users (username varchar(10) primary key,password varchar(10)) engine=innodb;

/*Create the roles table */
create table usermgmt.roles (rolename varchar(10) primary key,description varchar(15)) engine=innodb;

/*Create the userroles table */
create table usermgmt.userroles (
username varchar(10),
rolename varchar(10),
constraint un foreign key (username) references usermgmt.users(username),
constraint rn foreign key (rolename) references usermgmt.roles(rolename)
) engine=innodb;

/*Create the userprofiles table */
create table usermgmt.userprofiles (
username varchar(10),
profilename varchar(10),
email varchar(25),
postalCode varchar(5),
country varchar(10),
firstname varchar(10),
lastname varchar(10),
homephone varchar(10),
constraint un1 foreign key (username) references usermgmt.users(username)
) engine=innodb;

/*Describe the tables that were created above */
describe usermgmt.users;
describe usermgmt.roles;
describe usermgmt.userroles;

/*Insert data into the users table */
insert into usermgmt.users (username, password) values ("tamara", "tamara");
insert into usermgmt.users (username, password) values ("saman", "saman");
insert into usermgmt.users (username, password) values ("yumani", "yumani");

/*Insert data into the roles table */
insert into usermgmt.roles (rolename, description) values ("admin", "Administrator");
insert into usermgmt.roles (rolename, description) values ("guest", "Guest User");
insert into usermgmt.roles (rolename, description) values ("tester", "Tester");

/* Insert data into the userroles table */
insert into usermgmt.userroles (username, rolename) values ("tamara", "admin");
insert into usermgmt.userroles (username, rolename) values ("saman", "guest");
insert into usermgmt.userroles (username, rolename) values ("yumani", "tester");

/*Insert data into the userprofile table */
insert into usermgmt.userprofiles (username, profilename, email, postalCode, country, firstname, lastname, homephone) values ("tamara", "default", "tamara@yahoo.com", "123", "Sri Lanka", "Tamara", "Cuttilan", "1111111111");
insert into usermgmt.userprofiles (username, profilename, email, postalCode, country, firstname, lastname, homephone) values ("saman", "home", "saman@yahoo.com", "234", "SriLanka", "Saman", "Peries", "2222222222");
insert into usermgmt.userprofiles (username, profilename, email, postalCode, country, firstname, lastname, homephone) values ("yumani", "default", "yumani@yahoo.com", "345", "USA", "Yumani", "Ranaweera", "3333333333");
insert into usermgmt.userprofiles (username, profilename, email, postalCode, country, firstname, lastname, homephone) values ("yumani", "home", "yumani@gmail.com", "333", "USA", "Yumani", "Ranaweera", "4444444444");
insert into usermgmt.userprofiles (username, profilename, email, postalCode, country, firstname, lastname, homephone) values ("tamara", "home", "tamara@gmail.com", "444", "Sri Lanka", "Tamara", "Cuttilan","5555555555");

/*Retrieve table data */
select * from usermgmt.users;
select * from usermgmt.roles;
select * from usermgmt.userroles;
select * from usermgmt.userprofiles;

• Next, open a command prompt, navigate to the location where you saved the above file.
• Type at the prompt;
  
  mysql -h localhost -u root -p -t -vv< {filename}.txt

(e.g. mysql -h localhost -u root -p -t -vv <>
NOTE: -vv was put to echo the commands to the output. You can remove that if its not required.

2. Install WSO2 ESB\WSAS\IS which has User Manager component in them

• Download a binary distribution and unzip it to your local file system.
• I will demonstrate with WSO2 Identity Server (IS).
  

3. Copy the Connector/J JDBC Driver

• This is to be able to connect to MySQL from our application.
• Download the MySQL JDBC Driver
• Copy and paste it to WSO2_IS_HOME\repository\components\extensions folder.
  

4. Start the server

• Go to WSO2_IS_HOME\bin and execute wso2server.bat file.
  
  Now that we have the prerequisite ready, let's setup the external user store and tryit out.
  

5. Setup the external user store from WSO2 Identity Server

• Once the server is started open a browser and access, https://localhost:9443/carbon/. You get WSO2 IS admin console.
• Sign-in using the default admin username\password (admin\admin).
• In the console click on 'User Management' menu option and in 'User Management' page click on 'Add External User Store' link.

• In the 'Add External User Store' page, select to create a 'JDBC' type external user store.
• Use following information for the rest of the fields.

(Note: Replace database name, user name, password with you information).

 

• Now we are done with creating the external user store. The user store connections can be validated via 'Test connection' option in the External user store menu as shown below.

Let's tryout the User Management functionality in another blog post....!

How to deploy a Java Web Service on WSAS & secure it with Username Token Policy

A screencast by Charitha, on 'how to deploy a Java Web Service on WSAS and secure it with Username Token Policy' is now available on WSO2 Oxygen Tank and YouTube.



In this Charitha takes you through a complex scenario in a very simple manner describing each step in detail. Its really helpful for those looking for all simple details behind a complex scenario.

What unfolds after WSO2 Mashup server 1.5.2 release ....

The WSO2 Mashup Server had its 1.5.2 release in lat month (Feb-09). This had mostly the defect fixes and usability enhancements.

The fixes\enhancements as was stated in the release note are:
* Fix for the memory leak inherited via Axis2
* Fix on E-mail host object
* Fix on auto generated stubs of data services
* Minor usability enhancements

What's after 1.5.2 ....
After the 1.5.2 release the next move is for a Mashup Server release based on the WSO2 Carbon platform. At the moment the main components that will be carbonized are Javascript deployer and Host Objects.

In a Carbonized platform the Mashup server will inherit the features such as Admin UI, Security, User Management, Stubs, Transports etc from 'Core Carbon' framework.

Currently the dev team is working on this conversion .. let's wait and see what will be produced.

Enabling JMS transport in WSO2 Mashup Server

Here are the steps to enable JMS support in WSO2 Mashup Server.

1. Download apache-activeMQ and unzip it in to a folder of your selection.

2.Open axis2.xml in $MASHUP_HOME/conf directory and search for 'jms configurations' in it and uncomment those sections.

Transport Receiver syntax:
<transportReceiver name="jms" class="org.apache.axis2.transport.jms.JMSListener">
<parameter name="myTopicConnectionFactory">
<parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
<parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
<parameter name="transport.jms.ConnectionFactoryJNDIName">TopicConnectionFactory</parameter>
</parameter>

<parameter name="myQueueConnectionFactory">
<parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
<parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>
<parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
</parameter>

<parameter name="default">
<parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
<parameter name="java.naming.provider.url">tcp://localhost:61616<</parameter>
<parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>
</parameter>
</transportReceiver>


Transport Sender syntax:

<transportsender name="jms" class="org.apache.axis2.transport.jms.JMSSender"/>


3. Do the same to axis2-client.xml which also resides in the same location.

4. Copy over the following jars to the MASHUP_HOME\lib directory from activeMQ_HOME\lib
activeio-core-3.0.1.jar
activemq-core-4.1.2.jar
geronimo-j2ee-management_1.0_spec-1.0.jar

5. Start activeMQ first.

6. Start the Mashup Server.

The article submitted by Keith, to WSO2 Oxygen Tank explains invocation and exposing of JMS transport in Mashup Server with lots of background details.

Enabling Self Registration in WSO2 Mashup Server

The 'Sign-up' option in WSO2 Mashup Server blocks new user registration until admin user enables it. Steps to enable the new user sign-up are as below;

1. Login to the MS management console as the admin user.

2. Select 'Allow Internet Users' option.
Once this is enabled a window that contain the instructions required for the next steps appear.

3. As instructed from the UI go to /lib\tomcat\webapps\ROOT\WEB-INF and edit the web.xml as below;



4. Restart the server.

5. Now if you click 'Sign-up' it will present you with the 'Self Registration' page.

Enabling SMTP transport in WSO2 Mashup Server

Here is how you configure the SMTP transport in Mashup Server;


1. Add the configuration below to the axis2.xml which resides in MASHUP_HOME\conf directory.
You may need to replace the email address and password with valid details.

<transportReceiver name="mailto" class="org.apache.axis2.transport.mail.SimpleMailListener">
<parameter name="mail.pop3.host">smtp.gmail.com</parameter>
<parameter name="mail.pop3.user">username@gmail.com</parameter>
<parameter name="mail.pop3.socketFactory.class">javax.net.ssl.SSLSocketFactory</parameter>
<parameter name="mail.pop3.socketFactory.fallback">false</parameter>
<parameter name="mail.pop3.port">995</parameter>
<parameter name="mail.pop3.socketFactory.port">995</parameter>
<parameter name="mail.store.protocol">pop3</parameter>
<parameter name="transport.mail.pop3.password">password</parameter>
<parameter name="transport.listener.interval">3000</parameter>
<parameter name="transport.mail.replyToAddress">mashupserver@gmail.com</parameter>
</transportReceiver>

<transportSender name="mailto" class="org.apache.axis2.transport.mail.MailTransportSender">
<parameter name="mail.smtp.host">smtp.gmail.com</parameter>
<parameter name="mail.smtp.user">username@gmail.com</parameter>
<parameter name="transport.mail.smtp.password">password</parameter>
<parameter name="mail.smtp.starttls.enable">true</parameter>
<parameter name="mail.smtp.auth">true</parameter>
</transportSender>


2. Then add the same to the axis2-client.xml, which also resides in same place. In this case you may use a different email address and its password.

3. Since we are using a gmail address here you need to enable pop on it. Do this login to your gmail account, go to settings> Forwarding and POP/IMAP >POP Download and select 'Enable POP for mail that arrives from now on'. Save your settings.

4. Restart the WSO2 Mashup Server.

WS-Security

A really good presentation on WS-Security for a beginner.

http://www.cs.virginia.edu/~acw/security/doc/Tutorials/WS-Security.ppt

WSO2 Mashup Server released its newest version - v1.5 !!!

WSO2 Mashup Server version 1.5 was released yesterday 21, Jul 2008.


The new features for the release are ;

• Request object

• Ability to secure hosted mashups using a set of commonly used security scenarios.

• Ability to call secured services using the WSRequest host object

• Integrated Data Services Support (expose data locked up in Databases, Excel spreadsheets and CSV files with ease)

• OpenID login support

• Apache Shindig powered, Google compatible, per-user Dashboard and browser based editor support for developing gadgets for hosted mashups (http://wso2.org/library/3813).

Together with the features that were already there;

• Hosting of mashup services written using JavaScript with E4X XML extension.
• Simple file based deployment model.
• Java Script annotations to configure the deployed services
• Auto generation of meta data and runtime resources for the deployed mashups
• JavaScript stubs that simplify client access to the mashup service
• TryIt functionality to invoke the mashup service through a web browser
• WSDL 1.1/WSDL 2.0/XSD documents to describe the mashup service
• API documentation
• Ability to bundle a custom user interface for the mashups
• Many useful Javascript Host objects that can be used when writing mashups

1. WSRequest: invoke Web services from mashup services
2. File: File storage/manipulation functionality
3. System: Set of system specific utility functions
4. Session: Ability to share objects across different service invocations
5. Scraper: Extract data from HTML pages and present in XML format
6. APPClient: Atom Publishing Protocol client to retrieve/publish Atom
7. Feed: A generic set of host objects to transparently read and create Atom and RSS feeds.
8. Request: Ability get information regarding a request received
9. IM: Ability to send out instant messages from mashups.
10. Email:Ability to send out emails from mashups.

• Support for recurring and longer-running tasks
• Support for service life cycles.
• Ability to secure hosted mashups using a set of commonly used security scenarios.
• Management console to easily manage the mashups
• Simple sharing of deployed mashups with other WSO2 Mashup Servers
• Mashup sharing community portal (http://mooshup.com) to share and host your mashups
  

The complete release note details out more. I am sure everybody will enjoy mashing up their web based information more with this latest revision of WSO2 Mashup Server !!!