Reason why you get "RabbitMQ connection closed for inbound" INFO log in WSO2 ESB

This post is written based on WSO2 ESB 5.0.0


INFO LOG

INFO {org.wso2.carbon.inbound.endpoint.protocol.rabbitmq.RabbitMQConnectionConsumer} -  RabbitMQ connection closed for inbound RabbitInbound {org.wso2.carbon.inbound.endpoint.protocol.rabbitmq.RabbitMQConnectionConsumer}

Possible reasons for this log

colsedConnection() method[1] will be called when;

• the inbound endpoint is undeployed/redeployed 
• when server stop
• If ESB couldn't establish RabbitMQ connection

References

[1]. https://github.com/wso2/carbon-mediation/blob/80ce1edb7d065576df94bfe9a5f3df10cbab2f6a/components/inbound-endpoints/org.wso2.carbon.inbound.endpoint/src/main/java/org/wso2/carbon/inbound/endpoint/protocol/rabbitmq/RabbitMQConnectionConsumer.java#L332

How to configure reverse proxy?

I'm going to discuss two different reverse proxy configurations

Use case 01:

If someone wants to configure a reverse proxy service to hide URI of the actual backend API and allow client to invoke the particular resource URI using a different resource URI the configuration would be as follow. 

API URL that the user invokes
http://host:port/test/customer/v1/xyz

API URL exposed by the API Manager

http://host:port/customer/v1/xyz

Sample Nginx configuration

upstream apimworker{
      server 10.100.11.22:8280;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server{
      listen 8280;
      server_name gw.wrk.wso2.com;
      underscores_in_headers on;

       #chunked_transfer_encoding off;

location /test/customer {
       proxy_set_header X-Forwarded-Host $host;
       proxy_set_header X-Forwarded-Server $host;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_http_version 1.1;
       proxy_pass http://apimworker/customer/;
       proxy_redirect http://apimworker/customer/ http://gw.wrk.wso2.com:8280/customer/;

        }
}

In the sample Nginx configuration I have also configured load balancing configurations together with proxy redirect. See How Nginx process requests for information on request processing. 

Use case 02:

In this scenario when ever the client sends a URI that matches the URI pattern defined in the first location,  the particular URL is being rewritten (reconstructed) to match the actual backend URI. In the second location we have defined how actual URI begins. As the reconstructed URI matches the URI defined in the second location the request gets passes to the backend.

API URL that the user invokes

http://host:port/test/{path_parameter}/customer/search

API URL exposed by the API Manager

http://host:port/customer/search/v1

Sample Nginx configuration
server {
   listen       81;
   server_name  gateway.apim.com;

     location ~ /test/.*/customer/search.* {
     rewrite ^.*/(customer/search/)(.*)$ /$1v1/$2 last;
   }

     location  /customer/search {
     proxy_pass http://localhost:8000;
   }

Below I have listed a sample URL to identify how above configurations works.

API URL that the user invoke: 
http://gateway.apim.com:81/test/1/customer/search/xyz

API URL send to the backend by the reverse proxy:
http://localhost:8000/customer/search/xyz

How to Fix "com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection, message from server: "Too many connections" "

Reason for this error

This error occurs when number of concurrent connections used in the product exceeds the maximum number of connections defined in the database.

Fix

In MySQL, you can use below command to check the maximum number of concurrent connections.

mysql> show variables like 'max_connections';

+-----------------+-------+

| Variable_name   | Value |

+-----------------+-------+

| max_connections | 151   |

+-----------------+-------+

1 row in set (0.00 sec)

If you want to change the maximum number of concurrent connections in the database,

1. Open 'my.cnf' file located in /etc/mysql folder.
2. Change set the number of maximum concurrent connections you need to have to 'max_connections' property.
3. Restart mysql.

Error

 ERROR - TransactionManager Failed to start new registry transaction.

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up.

at sun.reflect.GeneratedConstructorAccessor66.newInstance(Unknown Source)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)

at com.mysql.jdbc.Util.getInstance(Util.java:387)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:919)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:898)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:887)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:862)

at com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2164)

at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2089)

at com.mysql.jdbc.ConnectionImpl.(ConnectionImpl.java:795)

at com.mysql.jdbc.JDBC4Connection.(JDBC4Connection.java:44)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)

at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:400)

at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:327)

at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)

at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)

at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:701)

at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:635)

at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)

at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)

at org.wso2.carbon.registry.core.jdbc.dataaccess.JDBCTransactionManager.beginTransaction(JDBCTransactionManager.java:80)

at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.beginTransaction(EmbeddedRegistry.java:443)

at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.resourceExists(EmbeddedRegistry.java:631)

at org.wso2.carbon.registry.core.session.UserRegistry.resourceExistsInternal(UserRegistry.java:774)

at org.wso2.carbon.registry.core.session.UserRegistry.access$800(UserRegistry.java:61)

at org.wso2.carbon.registry.core.session.UserRegistry$9.run(UserRegistry.java:757)

at org.wso2.carbon.registry.core.session.UserRegistry$9.run(UserRegistry.java:754)

at java.security.AccessController.doPrivileged(Native Method)

at org.wso2.carbon.registry.core.session.UserRegistry.resourceExists(UserRegistry.java:754)

at org.wso2.carbon.registry.core.jdbc.handlers.builtin.MountHandler.get(MountHandler.java:392)

at org.wso2.carbon.registry.core.jdbc.handlers.HandlerManager.get(HandlerManager.java:2444)

at org.wso2.carbon.registry.core.jdbc.handlers.UserDefinedHandlerManager.get(UserDefinedHandlerManager.java:200)

at org.wso2.carbon.registry.core.jdbc.handlers.HandlerLifecycleManager.get(HandlerLifecycleManager.java:914)

at org.wso2.carbon.registry.core.jdbc.EmbeddedRegistry.get(EmbeddedRegistry.java:512)

at org.wso2.carbon.registry.core.caching.CacheBackedRegistry.get(CacheBackedRegistry.java:203)

at org.wso2.carbon.registry.core.session.UserRegistry.getInternal(UserRegistry.java:617)

at org.wso2.carbon.registry.core.session.UserRegistry.access$400(UserRegistry.java:61)

at org.wso2.carbon.registry.core.session.UserRegistry$5.run(UserRegistry.java:597)

at org.wso2.carbon.registry.core.session.UserRegistry$5.run(UserRegistry.java:594)

at java.security.AccessController.doPrivileged(Native Method)

at org.wso2.carbon.registry.core.session.UserRegistry.get(UserRegistry.java:594)

at org.wso2.carbon.registry.indexing.AsyncIndexer$IndexingTask.createIndexDocument(AsyncIndexer.java:242)

at org.wso2.carbon.registry.indexing.AsyncIndexer$IndexingTask.run(AsyncIndexer.java:210)

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)

at java.util.concurrent.FutureTask.run(FutureTask.java:262)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:745)

Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Data source rejected establishment of connection,  message from server: "Too many connections"

at sun.reflect.GeneratedConstructorAccessor66.newInstance(Unknown Source)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)

at com.mysql.jdbc.Util.getInstance(Util.java:387)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:919)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:898)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:887)

at com.mysql.jdbc.MysqlIO.doHandshake(MysqlIO.java:1038)

at com.mysql.jdbc.ConnectionImpl.coreConnect(ConnectionImpl.java:2254)

at com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2105)

... 44 more

[2017-05-08 11:20:47,779] ERROR - TransactionManager Failed to start new registry transaction.

com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Could not create connection to database server. Attempted reconnect 3 times. Giving up.

at sun.reflect.GeneratedConstructorAccessor66.newInstance(Unknown Source)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)

at com.mysql.jdbc.Util.getInstance(Util.java:387)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:919)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:898)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:887)

at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:862)

at com.mysql.jdbc.ConnectionImpl.connectWithRetries(ConnectionImpl.java:2164)

at com.mysql.jdbc.ConnectionImpl.createNewIO(ConnectionImpl.java:2089)

at com.mysql.jdbc.ConnectionImpl.(ConnectionImpl.java:795)

at com.mysql.jdbc.JDBC4Connection.(JDBC4Connection.java:44)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:526)

at com.mysql.jdbc.Util.handleNewInstance(Util.java:404)

at com.mysql.jdbc.ConnectionImpl.getInstance(ConnectionImpl.java:400)

at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:327)

A possible reason for getting ERROR - APIUtil Error occurred while executing SubscriberKeyMgtClient. java.lang.RuntimeException: Error occurred while calling token endpoint: HTTP error code : 302 in WSO2 API manager.

Intension is this blog post to helping out to trouble shoot below error [1] on your own.

A possible cause can be:

'oauth2.war' web application located in /repository/deployment/server/webapps folder is not deployed. 

[1] Error Stack Trace

[2017-05-08 11:39:22,161] ERROR - APIUtil Error occurred while executing SubscriberKeyMgtClient.

java.lang.RuntimeException: Error occurred while calling token endpoint: HTTP error code : 302

at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:367)

at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151)

at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118)

at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78)

at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54)

at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789)

at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36)

at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)

at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)

at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)

at org.jaggeryjs.rhino.store.modules.subscription.c2._c_anonymous_2(/store/modules/subscription/key.jag:39)

at org.jaggeryjs.rhino.store.modules.subscription.c2.call(/store/modules/subscription/key.jag)

at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)

at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)

at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)

at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)

at org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35)

at org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag)

at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)

at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)

at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)

at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588)

at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508)

at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)

at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)

at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)

at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)

at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)

at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)

at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)

at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)

at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)

at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)

at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)

at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

[2017-05-08 11:39:22,168] ERROR - ApplicationRegistrationSimpleWorkflowExecutor Error occurred when updating the status of the Application creation process

org.wso2.carbon.apimgt.api.APIManagementException: Error occurred while executing SubscriberKeyMgtClient.

at org.wso2.carbon.apimgt.impl.utils.APIUtil.handleException(APIUtil.java:1269)

at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:155)

at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.generateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:118)

at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.complete(ApplicationRegistrationSimpleWorkflowExecutor.java:78)

at org.wso2.carbon.apimgt.impl.workflow.ApplicationRegistrationSimpleWorkflowExecutor.execute(ApplicationRegistrationSimpleWorkflowExecutor.java:54)

at org.wso2.carbon.apimgt.impl.APIConsumerImpl.requestApprovalForApplicationRegistration(APIConsumerImpl.java:2789)

at org.wso2.carbon.apimgt.impl.UserAwareAPIConsumer.requestApprovalForApplicationRegistration(UserAwareAPIConsumer.java:36)

at org.wso2.carbon.apimgt.hostobjects.APIStoreHostObject.jsFunction_getApplicationKey(APIStoreHostObject.java:385)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.mozilla.javascript.MemberBox.invoke(MemberBox.java:126)

at org.mozilla.javascript.FunctionObject.call(FunctionObject.java:386)

at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)

at org.jaggeryjs.rhino.store.modules.subscription.c2._c_anonymous_2(/store/modules/subscription/key.jag:39)

at org.jaggeryjs.rhino.store.modules.subscription.c2.call(/store/modules/subscription/key.jag)

at org.mozilla.javascript.ScriptRuntime.applyOrCall(ScriptRuntime.java:2430)

at org.mozilla.javascript.BaseFunction.execIdCall(BaseFunction.java:269)

at org.mozilla.javascript.IdFunctionObject.call(IdFunctionObject.java:97)

at org.mozilla.javascript.optimizer.OptRuntime.call2(OptRuntime.java:42)

at org.jaggeryjs.rhino.store.modules.subscription.c0._c_anonymous_10(/store/modules/subscription/module.jag:35)

at org.jaggeryjs.rhino.store.modules.subscription.c0.call(/store/modules/subscription/module.jag)

at org.mozilla.javascript.optimizer.OptRuntime.callN(OptRuntime.java:52)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_anonymous_1(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:240)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.mozilla.javascript.optimizer.OptRuntime.call0(OptRuntime.java:23)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0._c_script_0(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag:3)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)

at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.call(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.jaggeryjs.rhino.store.site.blocks.subscription.subscription_add.ajax.c0.exec(/store/site/blocks/subscription/subscription-add/ajax/subscription-add.jag)

at org.jaggeryjs.scriptengine.engine.RhinoEngine.execScript(RhinoEngine.java:567)

at org.jaggeryjs.scriptengine.engine.RhinoEngine.exec(RhinoEngine.java:273)

at org.jaggeryjs.jaggery.core.manager.WebAppManager.exec(WebAppManager.java:588)

at org.jaggeryjs.jaggery.core.manager.WebAppManager.execute(WebAppManager.java:508)

at org.jaggeryjs.jaggery.core.JaggeryServlet.doPost(JaggeryServlet.java:29)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:747)

at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:485)

at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:377)

at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:337)

at org.jaggeryjs.jaggery.core.JaggeryFilter.doFilter(JaggeryFilter.java:21)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.wso2.carbon.ui.filters.cache.ContentTypeBasedCachePreventionFilter.doFilter(ContentTypeBasedCachePreventionFilter.java:53)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilter(HttpHeaderSecurityFilter.java:120)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInvocation(CompositeValve.java:99)

at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke(CarbonTomcatValve.java:47)

at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:57)

at org.wso2.carbon.event.receiver.core.internal.tenantmgt.TenantLazyLoaderValve.invoke(TenantLazyLoaderValve.java:48)

at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invokeValves(TomcatValveContainer.java:47)

at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(CompositeValve.java:62)

at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetectionValve.invoke(CarbonStuckThreadDetectionValve.java:159)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:958)

at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve.invoke(CarbonContextCreatorValve.java:57)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:452)

at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1087)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1756)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1715)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

Caused by: java.lang.RuntimeException: Error occurred while calling token endpoint: HTTP error code : 302

at org.wso2.carbon.apimgt.impl.AMDefaultKeyManagerImpl.getNewApplicationAccessToken(AMDefaultKeyManagerImpl.java:367)

at org.wso2.carbon.apimgt.impl.workflow.AbstractApplicationRegistrationWorkflowExecutor.dogenerateKeysForApplication(AbstractApplicationRegistrationWorkflowExecutor.java:151)

... 77 more

How to fix ERROR - Driver Connection error: org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "192.168.48.111", user "root", database "apim210_reg", SSL off

Background 

I wanted to access Postgres from a remote machine. When I tried to connect to Postgres given connection information as :5432/ I got a connection refuse. In order to fix it I followed below steps. 

1. Opened postgresql.conf file.

2. modified 'listen_address' to access all ip addresses  (listen_addresses = '*')

3. Restarted Postgres server.

Then when I tried to connect to Postgres database from my application on the remote machine I got below error.

Error

[2017-04-21 05:33:25,799] ERROR - Driver Connection error: 

org.postgresql.util.PSQLException: FATAL: no pg_hba.conf entry for host "192.168.48.111", user "root", database "apim210_reg", SSL off

at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:438)

at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:222)

at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)

at org.postgresql.jdbc.PgConnection.(PgConnection.java:194)

at org.postgresql.Driver.makeConnection(Driver.java:431)

at org.postgresql.Driver.connect(Driver.java:247)

at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)

at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)

at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:701)

at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:635)

at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)

at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:127)

at org.wso2.carbon.user.core.util.DatabaseUtil.getDBConnection(DatabaseUtil.java:565)

at org.wso2.carbon.user.core.util.UserCoreUtil.isExistingDomain(UserCoreUtil.java:973)

at org.wso2.carbon.user.core.util.UserCoreUtil.persistDomain(UserCoreUtil.java:827)

at org.wso2.carbon.user.core.common.AbstractUserStoreManager.persistDomain(AbstractUserStoreManager.java:4064)

at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.(JDBCUserStoreManager.java:280)

at org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager.(JDBCUserStoreManager.java:222)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:423)

at org.wso2.carbon.user.core.common.DefaultRealm.createObjectWithOptions(DefaultRealm.java:355)

at org.wso2.carbon.user.core.common.DefaultRealm.initializeObjects(DefaultRealm.java:222)

at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:127)

at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:263)

at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:100)

at org.wso2.carbon.user.core.common.DefaultRealmService.(DefaultRealmService.java:113)

at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68)

at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)

at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)

at java.security.AccessController.doPrivileged(Native Method)

at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)

at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)

at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)

at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)

at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)

at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)

at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)

at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)

at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)

at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)

at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)

at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)

at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)

Fix

1. Open 'pg_hba.conf' file. (In this file you can define how the access should be given to databases 

    for particular database users etc) 

2. Add below entry in order to allow all IP'S and all usernames to connect to all databases and save.

host    all             all             0.0.0.0/0               md5

3. Login as postgres user 

E.g 

$ sudo -i -u postgres

4. Restart Postgres server

E.g

$ /etc/init.d/postgresql restart

How public-private certificates are used in federation and brokered authentication scenarios with WSO2 Identity Server

When configuring SAML2 SSO federation and brokered authentication using WSO2 Identity Server (IS), configuration related to certificates and the usage of them can be confusing.

In this blog post I'm going to explain how the certificates should be configured and why.

Configuring Certificates.

How the certificates should be configured in the application, service provider (SP) configuration, Identity provider (IDP) configuration and WSO2 IS is depicted in below diagram. 

1. Application should contain the public certificate of WSO2 IS.
2. Public certificate of the application should be specified in SP configuration in WSO2 IS.
3. Public certificates of the application and the external IDP should be added into the 'Client-trustore.jks in WSO2 IS which is located in /repository/resources/security folder.
4. Public certificate of the external IDP should be specified in IDP configuration in WSO2 IS.
5. External IDP should contain the public certificate of the WSO2 IS.

Message flow of federated and brokered authentication.

Note: I have considered the message flow when request and response signing are enabled.

 1. Service provider (SP) application sends a signed authentication request to WSO2 IS.

• When signing the authentication request, the private key of the application is used.
• In order to WSO2 IS to verify the signature, public certificate of the application should be specified in the SP configuration which represents the application in WSO2 IS.

 2. Once authentication request sent by the application is verified, WSO2 IS sends a signed   

     authentication request to external IDP. 

• When signing the authentication request, the private key of the WSO2 IS is used.
• In order to External IDP to verify the signature, public certificate of WSO2 IS should be specified in external IDP side.

3. After verifying the validity of the signature and authenticating the user, external IDP sends a 

    signed SAML response to WSO2 IS.

• When signing the SAML response private key of the external IDP is used.
• In order to WSO2 IS to verify the signature, public certificate of the external IDP should be specified in the IDP configuration which represents the external IDP in WSO2 IS.

4. Based on the SAML response received, WSO2 IS builds a SAML response according to the 

    specified SP configuration and sends a signed SAML response to the application.

• When signing the SAML response private key of WSO2 IS is used.
• In order to application to verify the signature, public certificate of the WSO2 IS should be exported into its trust store.

Note:

In the above explanation, I focused only on the certificate usage for signing. In addition to this public certificates are also used for encryption (assertion encryption). 

You can also check How to add a certificate as a trusted certificated to a Java KeyStore (JKS file) to know how encryption works and how to import public certificates into the trust store. 

How to add a certificate as a trusted certificated to a Java KeyStore (JKS file)?

1. What is Asymmetric Cryptography?

Asymmetric cryptography is used for secured communication. Public and private keys are the main parts of asymmetric cryptography. 

2. How it works? 

For an example, say server A wants to securely send a message to server B.  In order to do that Server B has to generate a public private key pair and share the public key with server A. When sending the message, server B encrypts it using public key of server A. Speciality of using the public key of server B for the encryption is that it can only be decrypted using the private key of server B. Once the server B receives the message it uses his private key to decrypt the message. 

Refer to: [1] to learn more on how asymmetric (public key) encryption works.

3. What is a Java KeyStore?

As per the above example it is clear that private key should be store very securely. You can think of the keyStore as a safe that you can store your keys. KeyStore as well as public-private key pair should be protected using a password.  

4. How to add a certificate as a trusted certificated to a Java KeyStore?

Lets take the above example;

Step 01

Server B wants to generate a key pair given the key pair alias as 'serverb' and add it into the created keyStore given the name 'serverbkeystore.jks'.

Key tool command [2]

keytool -genkey -alias serverb -keystore serverbkeystore.jks 

Output

Enter keystore password:  

Re-enter new password: 

What is your first and last name?

  [Unknown]:  serverb.com

What is the name of your organizational unit?

  [Unknown]:  qa

What is the name of your organization?

  [Unknown]:  wso2

What is the name of your City or Locality?

  [Unknown]:  colombo

What is the name of your State or Province?

  [Unknown]:  western

What is the two-letter country code for this unit?

  [Unknown]:  lk

Is CN=serverb.com, OU=qa, O=wso2, L=colombo, ST=western, C=lk correct?

  [no]:  yes

Enter key password for

(RETURN if same as keystore password):

Step 02

List keys in the key store. 

Notice that 'Entry type' of the key pair with private key is marked as 'PrivateKeyEntry' whereas public certificates are marked as 'trustedCertEntry'.

Key tool command

keytool -list -v -keystore serverbkeystore.jks

Output

Keystore type: JKS

Keystore provider: SUN

Your keystore contains 2 entries

Alias name: verisignclass3g3ca

Creation date: Mar 11, 2017

Entry type: trustedCertEntry

Owner: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number: 9b7e0649a33e62b9d5ee90487129ef57

Valid from: Fri Oct 01 06:00:00 IST 1999 until: Thu Jul 17 05:29:59 IST 2036

Certificate fingerprints:

MD5:  CD:68:B6:A7:C7:C4:CE:75:E0:1D:4F:57:44:61:92:09

SHA1: 13:2D:0D:45:53:4B:69:97:CD:B2:D5:C3:39:E2:55:76:60:9B:5C:C6

SHA256: EB:04:CF:5E:B1:F3:9A:FA:76:2F:2B:B1:20:F2:96:CB:A5:20:C1:B9:7D:B1:58:95:65:B8:1C:B9:A1:7B:72:44

Signature algorithm name: SHA1withRSA

Version: 1

*******************************************

*******************************************

Alias name: serverb

Creation date: Mar 11, 2017

Entry type: PrivateKeyEntry

Certificate chain length: 1

Certificate[1]:

Owner: CN=serverb.com, OU=qa, O=wso2, L=colombo, ST=western, C=lk

Issuer: CN=serverb.com, OU=qa, O=wso2, L=colombo, ST=western, C=lk

Serial number: 3f06ea7a

Valid from: Sat Mar 11 20:59:07 IST 2017 until: Fri Jun 09 20:59:07 IST 2017

Certificate fingerprints:

MD5:  29:63:1F:2F:83:19:5B:D3:CF:65:45:15:63:3E:26:B6

SHA1: 94:C8:F2:28:AB:71:D7:2E:9F:7A:9C:90:9E:51:B2:C9:19:FC:C9:AE

SHA256: 3A:0E:F5:C0:A7:10:0F:19:47:95:29:C3:0A:9B:A8:39:56:74:9C:26:0B:A6:F6:63:74:CA:CB:FE:D4:32:3E:D8

Signature algorithm name: SHA1withDSA

Version: 3

Extensions: 

#1: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 2C F1 24 27 05 A5 AB 16   3A 33 CC 3F E4 CF EC 1E  ,.$'....:3.?....

0010: 63 35 74 CF                                        c5t.

]

]

*******************************************

*******************************************

Step 03

Export the certificate to a file before importing it into the keyStore of server A.

Note : when exporting you must use the same alias which is being used in the private key. When importing you can use any alias of your choice.

Key tool command

keytool -export -keystore serverbkeystore.jks -alias serverb -file serverb.cert

Output

A file containing certificate should be created with the name 'serverb.cert' 

Step 04

Import the certificate into the keyStore of server A.

Key tool command

keytool -import -keystore serverakeystore.jks -alias serverb.com -file serverb.cert

Output

"Certificate was added to keystore" will be printed if the certificate is being added successfully. You can also list keys in server A keyStore to verify.

References

[1]. https://www.youtube.com/watch?v=E5FEqGYLL0o for more information.

[2]. https://docs.oracle.com/javase/tutorial/security/toolsign/step3.html