I want to expose an implementation of a contract over a WebHttpBinding with SecurityMode: transport (SSL).
However, when I try to access the site via Firefox, I only get
The connection to localhost was interrupted while the page was loading.
The config file is as follows:
<configuration>
<system.serviceModel>
<services>
<service name="MyService">
<endpoint address="https://localhost"
binding="webHttpBinding"
contract="MyService"
bindingConfiguration="secureWebHttp">
</endpoint>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="secureWebHttp">
<security mode="Transport"/>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
If host within IIS, you need to configure the hosting website security to use an ssl certificate on port 443 in this case.
You also need to configure the service behavior to set the certificate name and store. Particularly when hosting the wcf service as windows services, the certificate needs to be set for the port that you want to use. for example httpcfg.exe or netsh in vista.
Check out MSDN Configuring HTTP and HTTPS
Related
I'm trying to change the carbon H2 database (for this test) for a MariaDB system. Once my master-datasources.xml and my databases created and configured thanks to the provided scripts, I start the API Manager but it fails with the following error :
ERROR - Activator Cannot start User Manager Core bundle
June 1st 2018, 14:51:07.000 org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm.
Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
June 1st 2018, 14:51:07.000 Caused by: org.wso2.carbon.user.core.UserStoreException: nullType class java.lang.reflect.InvocationTargetException
Caused by: org.wso2.carbon.user.core.UserStoreException: Error occurred while checking is existing domain : PRIMARY for tenant : -123
I tried to use MariaDB only for the carbon database, using the following datasource config:
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://wso2_mysql:3306/wso2_am_carbon;DB_CLOSE_ON_EXIT=FALSE</url>
<username>wso2carbon</username>
<password>wso2carbon</password>
<!--<driverClassName>org.h2.Driver</driverClassName>-->
<maxActive>50</maxActive>
<maxWait>60000</maxWait>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
user-mgt.xml is using the correct datasource name :
<Property name="dataSource">jdbc/WSO2CarbonDB</Property>
and my database has been initialized with the dbscripts/mysql5.7.sql script. User permissions have been set correctly.
Since after the failed start the database stays empty I guess there is a problem writing to it. So I tried to start the app with the -Dsetup parameter but no luck.
Thank you.
In the very first startup of the WSO2 server without the datasource changes, It will add an admin user to the default userstore. Therefore, if you have already created admin user within configured AD and that user has defined as admin user in IS configurations, IS use that user as the admin user.
Therefore, When you change the datasource of the primary userstore of WSO2 Server, you need to change the addAdmin property as true in user-mgt.xml file which can be found under /repository/conf directory.
<Configuration>
<AddAdmin>true</AddAdmin>
<AdminRole>admin</AdminRole>
<AdminUser>
<UserName>admin</UserName>
<Password>admin</Password>
</AdminUser>
-
-
</Configuration>
Please check after changing the above property.
I have an application that's deployed on wildfly on a centos server.
I have two other applications that access a page of my application using iframe. What I access that I page, that's all I see in console:
1 Refused to display 'APP_URL' in a frame because it set 'X-Frame-Options' to 'deny'.
I know the reason behind this all and I want to allow my wildfly web-server to allow it from my 2 domains like this
X-Frame-Options: ALLOW-FROM https://example.com/
where can I configure this setting in wildfly? I know about apache server, it's done in httpd.conf file but I want to do this in wildfly.
I've configured the "SAMEORIGIN" option in wildlfy once. I suppose the "ALLOW-FROM" should be pretty similar.
You need to make this change in the undertow subsystem of Standalone.xml.
You should find the below settings in your xml.
<subsystem xmlns="urn:jboss:domain:undertow:1.0">
<buffer-caches>
<buffer-cache name="default" buffer-size="1024"
buffers-per-region="1024" max-regions="10" />
</buffer-caches>
<server name="default-server">
<http-listener name="default" socket-binding="http" />
<host name="default-host" alias="localhost">
<location name="/" handler="welcome-content" />
</host>
**<filter-ref name="xFrameOptions" />**
</server>
<servlet-container name="default"
default-buffer-cache="default" stack-trace-on-error="local-only">
<jsp-config />
<persistent-sessions />
</servlet-container>
<handlers>
<file name="welcome-content"
path="${jboss.home.dir}/welcome-content" directory-listing="true" />
</handlers>
**<filters>
<response-header name="xFrameOptions"
header-name="X-Frame-Options"
header-value="allow-from https://example.com/" />
</filters>**
</subsystem>
Make sure, you add the filter-reference and then use the reference to add the X-Frame-Options for response-header.
You can do this by manually editing the standalone.xml or by using jboss-cli.
Thanks,
Kamal
I have a new install of wso2 api manager v1.10.0. When using the default master-datasources.xml that uses the h2 database it works fine. I can click on the 'Deploy Sample API' button and the CalculatorAPI sample gets created properly. However, when I change master-datasources.xml to use MySql then trying to create the sample Calculator API hangs (the UI hangs at "Please Wait"). The CalculatorAPI is created but is not Published and the lifecycle cannot be changed to Published. The only change I made was to master-datasources.xml.
MySql and wso2AM are installed locally on Ubuntu Linux.
The data source configs for MySql I am using are:
<datasource>
<name>WSO2_CARBON_DB</name>
<description>The datasource used for registry and user manager</description>
<jndiConfig>
<name>jdbc/WSO2CarbonDB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/regdb</url>
<username>regadmin</username>
<password>regadmin</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>80</maxActive>
<maxWait>60000</maxWait>
<minIdle>5</minIdle>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
<datasource>
<name>WSO2AM_DB</name>
<description>The datasource used for API Manager database</description>
<jndiConfig>
<name>jdbc/WSO2AM_DB</name>
</jndiConfig>
<definition type="RDBMS">
<configuration>
<url>jdbc:mysql://localhost:3306/WSO2AM_DB</url>
<username>regadmin</username>
<password>regadmin</password>
<driverClassName>com.mysql.jdbc.Driver</driverClassName>
<maxActive>80</maxActive>
<maxWait>60000</maxWait>
<minIdle>5</minIdle>
<testOnBorrow>true</testOnBorrow>
<validationQuery>SELECT 1</validationQuery>
<validationInterval>30000</validationInterval>
</configuration>
</definition>
</datasource>
I ran the following commands in MySql to apply privileges:
GRANT ALL ON regdb.* TO regadmin#localhost IDENTIFIED BY "regadmin";
GRANT ALL ON WSO2AM_DB.* TO regadmin#localhost IDENTIFIED BY "regadmin";
FLUSH PRIVILEGES;
I started api manager with -Dsetup and it did create tables under both regdb and WSO2AM_DB.
The MySql jdbc driver is in repository/components/lib/mysql-connector-java-5.1.38.jar.
I checked all the logs and there are no errors. Any help will be appreciated.
I tried the same scenario using wso2 API manager 1.10 with MySQL but it works for me.
If you are still getting this error
Delete the API and disconnect your wifi or broadband connection for a while and try.
If you can see the API in CREATED mode. click on the API and go to lifecycle tab and change the status to PUBLISHED.
In my WCF service I am trying to to send data to the client using JSON over an SSL connection. I was able to secure the OData database source to my client using wsHttpBinding with a security mode of Transport. Why is webHttpBinding not able to do the same in order to use SSL? How would I configure an endpoint that needs to use JSON to use an SSL connection as well?
Essentially what is the difference between webHttpBinding and wsHttpBinding?
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="EndpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceBehavior" name="DataService4.DataService">
<endpoint address="" binding="webHttpBinding" contract="DataService4.IService" bindingConfiguration="TransportSecurity" behaviorConfiguration="EndpBehavior" />
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
I think this article will solve your problem.
Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL
The relevant part from http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html is this:
<bindings>
<webHttpBinding>
<binding>
<security mode="Transport" />
</binding>
</webHttpBinding>
</bindings>
but also remove exposing metadata if desired.
the details are documented in msdn here: https://msdn.microsoft.com/en-us/library/bb924478(v=vs.110).aspx
the relevant parts are:
Transport Security is provided using HTTPS. The service needs to be
configured with SSL certificates. The message is entirely secured
using HTTPS and the service is authenticated by the client using the
service’s SSL certificate. The client authentication is controlled
through the ClientCredentialType attribute of the transport of
webHttpBinding.
I have built a WCF REST web service (WCF Service Application) and when I debug with Visual Studio 2012, it will spin up the WCF Test Client app and try to add my web service. I am getting the following error:
Error: Cannot obtain Metadata from http://localhost:50925/Service1.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: http://localhost:50925/Service1.svc Metadata contains a reference that cannot be resolved: 'http://localhost:50925/Service1.svc'. Content Type application/soap+xml; charset=utf-8 was not supported by service
I have visited the MSDN document linked above and I believe I have set up my web.config correctly.
Web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="Service1" behaviorConfiguration="Service1Behavior">
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"> </endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I still continue to receive the same error message. I am new to WCF / VS 2012 and .Net 4.0, but I am fluent in VS2008 .Net 2.0.
WCF REST services do not expose metadata, which is why you were getting that message (see more details in this blog post). If you're using the WCF Test Client, it's talking to a SOAP service (endpoint), not a REST one.
If you want to enable a RESTful endpoint, you can define the service element in configuration and define an endpoint inside of it which uses the webHttpBinding, and the endpoint also needs a behaviorConfiguration pointing to an endpoint behavior with the <webHttp/> behavior.
As it turns out I created a new WCF project and looked at what was going on here. VS2012/.Net 4.0 does not like the service configurations with endpoints defined. Here is my new web.config that works fine. I will need to look into why this is but at least it answers my question.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>