After you install features from UI ..

When you install the features using the WSO2 management console it will copy the relevant jars to repository/components/plugins directory and will update the bundles.info file which is located in CARBON_HOME/repository/components/configuration/org.eclipse.equinox.simpleconfigurator/. There will not be changes to database with regard to this.

How to read properties file from custom UserStoreManager

Scenario : 

You have developed a XUserStoreManager extending an inbuilt userstoremanager implemetation (i.e. ActiveDirectoryUserStoreManager).

You need to read some configuration files from a property file, which you do not want embed in the XUserStoreManager.jar which is deployed in <IS_HOME>/repository/components/dropins

What is the best approach:

1. You can put your custom properties in <IS_HOME>/repository/conf/user-mgt.xml inside your <CustomUserStoreManager> section as below.

<Property name="customProperty">customValue</Property>

2. Put properties withing your CustomUserStoreManager configuration section. Then you can access your properties as below as in [1]

i.e.

String patterns = realmConfig.getUserStoreProperty(LDAPConstants.USER_DN_PATTERN); 

Applicable : WSO2IS-4.6.0

[1] - https://svn.wso2.org/repos/wso2/carbon/kernel/branches/4.0.0/core/org.wso2.carbon.user.core/4.0.2/src/main/java/org/wso2/carbon/user/core/ldap/ReadOnlyLDAPUserStoreManager.java

How to start CEP server without embedded cassandra

In case you need to start the CEP server without embedded Cassandra which makes is light weight CEP. You can do this, by starting the server with -Ddisable.cassandra.server.startup=true switch.

Eg:

 ./wso2server.sh -Ddisable.cassandra.server.startup=true &

useOriginalwsdl

I learnt a practical example on using 'useOriginalwsdl' parameters in an ESB proxy service which has a wsdl associated to it.  Thanks Charitha - as this was by listening to how Charitha approached and handled an ESB issue.

Firstly, there is a proxy service which is associating a wsdl and we were to access an operation in it via soap-ui. This particular wsdl-operation has a soap header specified. Issue being addressed is that the soap header is not appearing in the soap-request that was generated by soap-ui.

What we were doing to generate this request was generating ?wsdl of the proxy and using it in soap-ui.

When analyzing this auto generated wsdl (?wsdl), we found out that some of the parameters in the original wsdl are not appearing in it. This is because at the auto generation process ESB recreates the wsdl treating it as part of the proxy.

But for us to avoid this and have the wsdl syntax as its original we could use the parameter 'useOriginalwsdl'. After this correction, when the ?wsdl was used in soap-ui project we were able to see the correct request.

So when creating a proxy with a wsdl associated, if we need to make sure original wsdl is available for message invocation, we need to set useOriginalwsdl=true.
 

 Just now I read about enablePublishWSDLSafeMode  parameter in ESb proxies from one of Prabath's blog posts. Will write about it after trying the scenario.

Diagnosing if a bundle is not activated properly

Whe OSGI bundles fail to start, we should check the root cause using the OSGI commands.

• Start the server with OSGi console by using ;

sh wso2server.sh -DosgiConsole

• Once osgiConsole get started execute following command and see whether your bundle is in Active state.

osgi> ss

• Execute the following command to see whether there are any unresolved dependencies for this bundle.

osgi> diag <your_bundle_id>

When analyzing Thread Dumps

Thread States

BLOCKED            Thread state for a thread blocked waiting for a monitor lock.

NEW            Thread state for a thread which has not yet started.

RUNNABLE            Thread state for a runnable thread.

TERMINATED            Thread state for a terminated thread.

TIMED_WAITING            Thread state for a waiting thread with a specified waiting time.

WAITING            Thread state for a waiting thread.

Thread LC
http://bip.weizmann.ac.il/course/prog2/tutorial/essential/threads/lifecycle.html

Tool to analyse thread dumps: TDA

Some good guidelines:
http://nirmalfdo.blogspot.com/2013/05/how-to-find-culprit-when-cpu-starts-to.html

http_access logs

http_access logs files are prefixed with “http_access_”. These files include access information for the server. We can get the access information for webapps also from this. These logs rotates on daily basis.

In Carbon 4.0.* based products, you can disable http access logs by removing the following entry from catalina-server.xml which is located in $CARBON_HOME/repository/conf/tomcat.

<valve classname="org.apache.catalina.valves.AccessLogValve" directory="${carbon.home}/repository/logs" prefix="http_access_" suffix=".log" pattern="combined"/>

For the products which uses nhttp transport (Ex. WSO2 ESB) you also have to define the below entry in log4j.properties file.

log4j.logger.org.apache.synapse.transport.nhttp.Access=WARN

log4j.properties file is located in $CARBON_HOME/repository/conf/

Pointing the correct jars to your classpath

Add relevant $CARBON_HOME/repository/lib jars to your classpath after running "ant" command in $CARBON_HOME/bin

Connecting to Active Directory in READ-ONLY mode

When connecting to AD in readOnly mode we need to use the configuration used for "External LDAP as the user store in READ ONLY mode", which is commented in usermgmt.xml by default.

We also need to set values for admin role to connect to Active Directory Server

 <AdminRole>admin</AdminRole>
                <AdminUser>
                     <UserName>support</UserName>
                     <Password>XXXXXX</Password>
                </AdminUser>

In here we need to specify a user who exists in our active directory server. He need not be the administrator user of the AD server. This user will be the admin user of the carbon server. We need not to specify the password here. It can be left as 'XXXX'.

This admin user must be in the user search base ("UserSearchBase") that is configured in user store manager configuration.

In the UserStore configuration also we need to update the properties to match the connecting active directory server.

        <UserStoreManager class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager">
            <Property name="ReadOnly">true</Property>
            <Property name="MaxUserNameListLength">100</Property>
            <Property name="ConnectionURL">ldap://10.100.3.131:389</Property>
            <Property name="ConnectionName">CN=Administrator,CN=Users,DC=wso2,DC=test</Property>
            <Property name="ConnectionPassword">pass#word1</Property>
            <Property name="passwordHashMethod">PLAIN_TEXT</Property>
            <Property name="UserSearchBase">CN=Users,DC=wso2,DC=test</Property>
            <Property name="UserNameListFilter">(objectClass=person)</Property>
            <Property name="UserNameAttribute">cn</Property>
            <Property name="ReadLDAPGroups">true</Property>
            <Property name="GroupSearchBase">CN=Users,DC=wso2,DC=test</Property>
            <Property name="GroupNameListFilter">(objectClass=groupOfNames)</Property>
            <Property name="GroupNameAttribute">cn</Property>
            <Property name="MembershipAttribute">member</Property>
            <Property name="UserRolesCacheEnabled">true</Property>
            <Property name="ReplaceEscapeCharactersAtUserLogin">true</Property>
           <Property name="maxFailedLoginAttempt">0</Property>   
           <Property name="Referral">throw</Property>
           <Property name="DomainName">wso2</Property>
        </UserStoreManager>UserRolesCacheEnabled

i) ConnectionURL
This should have the format of ldap://<AD host-ip>:<AD_listen_port>

In failing to connect to AD server you might get this error [E1]

If you need to validate the listen port you can use portqry utility which is a command-line tool troubleshoot TCP/IP connectivity issues.  Use following command to validate if the port is open and listening:

portqry -n <hostIP> -p udp -e 389

If it resolves the port to the LDAP service, it sends an unformatted user datagram to UDP port 389 on the target system. More Infor [1]


ii) ConnectionName 
This should specify an account that can browse and search your active directory user and group bases. Also this need to be given using relative distinguished names. For an example my ConnectionName is 'CN=Administrator,CN=Users,DC=wso2,DC=test'. How this was worked out is: DC is to demote DNS Name (prefixed as Domain Component). So my DNS name is wso2.test. This makes up DC=wso2,DC=test.

Then in my domain Component, Users directory resides in the root and I have 'Administrator' user in there. So the user account and the folder highrachy to reach it can be made up as: CN=Administrator,CN=Users

So this makes us: ConnectionName=CN=Administrator,CN=Users,DC=wso2,DC=test

You are most likely to get this error [E2] when there is a misconfiguration in this.

iii) ConnectionPassword 
Is the password of above user (Administrator's password in my case)

iv) UserSearchBase
This also should be specified using distinguished name. It should be the folder which should be searched for the users.

v) UserNameAttribute
The attribute used to name users

vi) GroupSearchBase
Distinguished name of the object that holds the groups. In my case it is 'Users'.

v) ReadLDAPGroups

- This property is related to <AdminRole> configurations.
1. If "ReadLDAPGroups" is set to true, This role can be a role from AD, If this role is in the group search based ("GroupSearchBase"). Then <AdminUser> must be assigned to this role from the AD level.

2. If "ReadLDAPGroups" is set to false. Then this role can be an internal role of Carbon.Then while starting server, role is created as internal role and assigned <AdminUser> to it. This mapping kept internally in the user mgt database

[1] - http://support.microsoft.com/kb/816103

[E1] -

[2013-06-18 13:54:18,002] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} -  Error obtaining connection for the second time10.100.3.131:10389
javax.naming.CommunicationException: 10.100.3.131:10389 [Root exception is java.net.ConnectException: Connection timed out]
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:223)
    at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
    at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:64)
    .
    .
    .
    .
    .
Caused by: java.net.ConnectException: Connection timed out
    at java.net.PlainSocketImpl.socketConnect(Native Method)
    at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:337)
    at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:198)
    at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:180)
    at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:391)
    at java.net.Socket.connect(Socket.java:579)
    at java.net.Socket.connect(Socket.java:528)
    at java.net.Socket.<init>(Socket.java:425)
    at java.net.Socket.<init>(Socket.java:208)
    at com.sun.jndi.ldap.Connection.createSocket(Connection.java:365)
    at com.sun.jndi.ldap.Connection.<init>(Connection.java:200)
    ... 47 more

[2] -

2013-06-18 15:29:11,484] ERROR {org.wso2.carbon.user.core.ldap.LDAPConnectionContext} -  Error obtaining connection. [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771]
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment: AcceptSecurityContext error, data 525, v1771]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3087)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
    .
    .

How to enable wire level loggers/debug loggers.

Enable/set the following properties in ESB_HOME/repository/conf/log4j.properties to enable wire level loggers/debug loggers.

log4j.logger.org.apache.synapse.transport.nhttp.headers=DEBUG
log4j.logger.org.apache.synapse.transport.nhttp.wire=DEBUG
log4j.logger.org.apache.synapse.transport.passthru.headers=DEBUG
log4j.logger.org.apache.synapse.transport.passthru.wire=DEBUG
log4j.logger.org.apache.axis2.transport.mail=DEBUG

DevS administration within eclipse

This post is to tell bits about how to remove older versions of DevS from eclipse and get new once installed. Also how to patch an existing version.

Recently I wanted to use wso2-developer-studio-2.1.0 and in my eclipse IDE I had a previous version of the DevStudio already installed.

This is how I removed old plugins and added new ones.

1. In eclipse IDE, go to Help > Install New Software ...
2. you will get 'install' window and at the bottom of it, you will get a link to get already installed software.

3. When you click on this link, it will give you all the listed software. Simply select all WSO2 plugins from this and say uninstall.

4. Restart eclipse, get back to 'Install New software' option from 'Help' menu and add the new version. If not downloaded, you could take it from here.

5. This post explains how to add wso2 plugins to eclipse.


6. If you are to patch the existing version with a bug fix; Firstly you need to download the patch and read the instruction given in its README. You will need to copy patched jars to relevant location.

7. Then for the changes to get applied you need to start eclipse with -clean option.

./eclipse -clean

Thats it!

Use remap when you don't want to replace existing schema

You might be taking periodic backups of your database and might need to restore backups as well. In such situations, if you do not need to overwrite existing data remap command can be used with impdp.There are options only to restore a specific set of tables. In here I will show how to restore the whole schema without replacing the existing.

1. First it is required a directory to be created so that all the exports stored in that directory and all the import dumps also will be read from the same. 
Follow this to create the directories and grant access.

2. Then lets create a backup of an existing schema. I've explained the backing-up procedure here. Else you can use following.
EXPDP X/X SCHEMAS=SCHEMA(S)_TO_IMPORT DUMPFILE=DUMPFILE_TO_IMPORT_FROM

e.g

expdp spfix/spfix schemas=spfix dumpfile=spfix_030812.dmp 

3. Now, our plan is to restore the dump on a new schema. So lets create a new user and grant access.

SQL> Create user yumani identified by yumani account unlock;

User created.

SQL> grant create session, dba to yumani;

Grant succeeded.

SQL> grant connect to yumani;

Grant succeeded.

  3. Let's restore the backup

Use this command to restore the backup using the schema you created above,
IMPDP REMAP_SCHEMA=OLD_OWNER:NEW_OWNER  DUMPFILE=DUMFILE.DMP NOLOGFILE=Y 

e.g

impdp yumani/yumani@daniddb schemas=yumani remap_schema=yumani:yumani1 dumpfile=yumani_120812.dmp NOLOGFILE=Y