Apache Synapse ESB - Samples Setup

Synapse ships with a set of working examples that demonstrate some of the basic features and capabilities of Synapse. A set of sample clients and services are provided in addition to the sample configurations. Scripts are provided to execute the sample scenarios as explained below.

Prerequisites

To try out the samples you will need Java development kit version 1.5.x or later and Apache Ant version 1.6.5 or later. Ant can be downloaded from http://ant.apache.org . The JMS examples can be executed against an ActiveMQ installation by default (or another JMS provider with relevant configuration changes.)

Note*: The samples and the documentation assume that you are running Synapse in DEBUG mode. You can switch from the default INFO log messages to DEBUG log messages by changing the line "log4j.category.org.apache.synapse=INFO" as "log4j.category.org.apache.synapse=DEBUG" in the lib/log4j.properties file.

Understanding the Samples

Client Synapse Service
ant stockquote ./synapse.sh -sample <n> SimpleStockQuoteService
SecureStockQuoteService etc.

The above table depicts the interactions between the clients, Synapse and the services at a higher level. The Clients are able to send SOAP/REST or POX messages over transports such as HTTP/S or JMS with WS-Addressing, WS-Security or WS-Reliable messaging. They can send binary optimized content using MTOM or SwA or binary or plain text JMS messages. After mediation through Synapse, the requests are passed over to the sample services. The sample clients and services are explained below.

Using the Sample Clients

The sample clients can be executed from the samples/axis2Client directory through the provided ant script. Simply executing 'ant' displays the available clients and some of the sample options used to configure them. The sample clients available are listed below:

1. Stock Quote Client

This is a simple SOAP client that can send stock quote requests, and receive and display the last sale price for a stock symbol.

ant stockquote [-Dsymbol=IBM|MSFT|SUN|..]
  [-Dmode=quote | customquote | fullquote | placeorder | marketactivity]
  [-Dsoapver=soap11 | soap12]
  [-Daddurl=http://localhost:9000/services/SimpleStockQuoteService]
  [-Dtrpurl=http://localhost:8280] [-Dprxurl=http://localhost:8280]
  [-Dpolicy=../../repository/conf/sample/resources/policy/policy_1.xml]

The client is able to operate in the following modes, and send the payloads listed below as SOAP messages:

  • quote - send a quote request for a single stock as follows. The response contains the last sales price for the stock which will be displayed
    <m:getQuote xmlns:m="http://services.samples/xsd">
      <m:request>
        <m:symbol>IBM</m:symbol>
      </m:request>
    </m:getQuote>
  • customquote - send a quote request in a custom format. Synapse will transform this custom request to the standard stock quote request format and send it to the service. Upon receipt of the response, it will be transformed again to a custom response format and returned to the client, which will then display the last sales price.
    <m0:checkPriceRequest xmlns:m0="http://www.apache-synapse.org/test">
      <m0:Code>symbol</m0:Code>
    </m0:checkPriceRequest>
  • fullquote - get quote reports for the stock over a number of days (i.e. last 100 days of the year).
    <m:getFullQuote xmlns:m="http://services.samples/xsd">
      <m:request>
        <m:symbol>IBM</m:symbol>
      </m:request>
    </m:getFullQuote>
  • placeorder - place an order for stocks using a one way request
    <m:placeOrder xmlns:m="http://services.samples/xsd">
      <m:order>
        <m:price>3.141593E0</m:price>
        <m:quantity>4</m:quantity>
        <m:symbol>IBM</m:symbol>
      </m:order>
    </m:placeOrder>
  • marketactivity - get a market activity report for the day (i.e. quotes for multiple symbols)
    <m:getMarketActivity xmlns:m="http://services.samples/xsd">
      <m:request>
        <m:symbol>IBM</m:symbol>
        ...
        <m:symbol>MSFT</m:symbol>
      </m:request>
    </m:getMarketActivity>

Note : See samples/axis2Client/src/samples/common/StockQuoteHandler.java for sample responses expected by the clients.

Smart Client Mode:

The 'addurl' property sets the WS-Addressing EPR, and the 'trpurl' sets a transport URL for a message. Thus by specifying both of these properties, the client can operate in the 'smart client' mode, where the addressing EPR can specify the ultimate receiver, while the transport URL set to Synapse will ensure that any necessary mediation takes place before the message is delivered to the ultimate receiver.

e.g: ant stockquote -Daddurl=<addressingEPR> -Dtrpurl=<synapse>

Gateway / Dumb Client Mode:

By specifying only a transport URL, the client operates in the 'dumb client' mode, where it sends the message to Synapse and depends on the Synapse rules for proper mediation and routing of the message to the ultimate destination.

e.g: ant stockquote -Dtrpurl=<synapse>

Proxy Client Mode:

In this mode, the client uses the 'prxurl' as a HTTP proxy to send the request. Thus by setting the 'prxurl' to Synapse, the client can ensure that the message will reach Synapse for mediation. The client can optionally set a WS-Addressing EPR if required.

e.g: ant stockquote -Dprxurl=<synapse> [-Daddurl=<addressingEPR>]

Specifying a policy

By specifying a WS-Policy using the 'policy' property, QoS aspects such as WS-Security can be enforced on the request. The policy can specify details such as timestamps, signatures and encryption. See Apache Axis2 and Apache Rampart documentation for more information.

2. Generic JMS Client

The JMS client is able to send plain text, plain binary content or POX content by directly publishing a JMS message to the specified destination. The JMS destination name should be specified with the 'jms_dest' property. The 'jms_type' property can specify 'text', 'binary' or 'pox' to specify the type of message payload.

The plain text payload for a 'text' message can be specified through the 'payload' property. For binary messages, the 'payload' property will contain the path to the binary file. For POX messages, the 'payload' property will hold a stock symbol name to be used within the POX request for stock order placement request.

e.g:

ant jmsclient -Djms_type=text -Djms_dest=dynamicQueues/JMSTextProxy -Djms_payload="24.34 100 IBM"
ant jmsclient -Djms_type=pox -Djms_dest=dynamicQueues/JMSPoxProxy -Djms_payload=MSFT
ant jmsclient -Djms_type=binary -Djms_dest=dynamicQueues/JMSFileUploadProxy
                     -Djms_payload=./../../repository/conf/sample/resources/mtom/asf-logo.gif

Note: The JMS client assumes the existence of a default ActiveMQ (4.1.0 or above) installation on the local machine.

3. MTOM / SwA Client

The MTOM / SwA client is able to send a binary image file as a MTOM or SwA optimized message, and receive the same file again through the response and save it as a temporary file. The 'opt_mode' can specify 'mtom' or 'swa' respectively for the above mentioned optimizations. Optionally the path to a custom file can be specified through the 'opt_file' property, and the destination address can be changed through the 'opt_url' property if required.

e.g. ant optimizeclient -Dopt_mode=[mtom | swa]

Starting the Sample Services

The sample services ship with a pre-configured Axis2 server and demonstrates in-only and in-out SOAP/REST or POX messaging over HTTP/S and JMS transports, using WS-Addressing, WS-Security and WS-Reliable Messaging and handling of binary content using MTOM and SwA.

The sample services can be found in the samples/axis2Server/src directory and can be built and deployed using ant from within each service directory

user@host:/tmp/synapse-1.1/samples/axis2Server/src/SimpleStockQuoteService$ ant
Buildfile: build.xml
...
build-service:
   ....
      [jar] Building jar: /tmp/synapse-1.1/samples/axis2Server/repository/services/SimpleStockQuoteService.aar

BUILD SUCCESSFUL
Total time: 3 seconds

To start the Axis2 server, go to the samples/axis2Server directory and execute the axis2server.sh or axis2server.bat script. This starts the Axis2 server with the HTTP transport listener on port 9000 and HTTPS on 9002 respectively. To enable JMS transport, you will need to setup and start a JMS provider. An ActiveMQ 4.0.1 or later JMS server on the local machine is supported by default, and can be easily enabled by uncommenting the JMS transport from the repository/conf/axis2.xml

Sample services

1. SimpleStockQuoteService

This service has four operations, getQuote (in-out), getFullQuote(in-out), getMarketActivity(in-out) and placeOrder (in-only). The getQuote operation will generate a sample stock quote for a given symbol. The getFullQuote operation will generate a history of stock quotes for the symbol for a number of days, and the getMarketActivity operation returns stock quotes for a list of given symbols. The placeOrder operation will accept a one way message for an order.

2. SecureStockQuoteService

This service is a clone of the SimpleStockQuoteService, but has WS-Security enabled and an attached security policy for signing and encryption of messages.

3. MTOMSwASampleService

This service has three operations uploadFileUsingMTOM(in-out), uploadFileUsingSwA(in-out) and oneWayUploadUsingMTOM(in-only) and demonstrates the use of MTOM and SwA. The uploadFileUsingMTOM and uploadFileUsingSwA operations accept a binary image from the SOAP request as MTOM and SwA, and returns this image back again as the response, while the oneWayUploadUsingMTOM saves the request message to disk.

Starting Sample Synapse Configurations

To start Synapse with the sample default configuration, execute the synapse.bat or synapse.sh script found in the /bin directory. This starts up an instance of Synapse using the Synapse and Axis2 configuration files located in the repository/conf directory. The repository/conf/samples directory contains the sample configurations available as synapse_sample_<n>.xml files. To start a specific sample configuration of Synapse, use the '-sample <n>' switch as follows:

synapse.bat -sample <n>
synapse.sh -sample <n>

Setting up the JMS Listener

The samples used in this guide assumes the existence of a local ActiveMQ (4.1.0 or higher) installation properly installed and started up. You also need to copy the following client JAR files into the Synapse 'lib' folder to support ActiveMQ. These files are found in the 'lib' directory of the ActiveMQ installation.

  • activeio-core-3.x.x.jar
  • activemq-core-4.x.x.jar
  • geronimo-j2ee-management_1.0_spec-1.0.jar

To enable the JMS transport, you need to uncomment the JMS transport listener configuration. If you are using a JMS provider other than ActiveMQ this configuration should be updated to reflect your environment. Once uncommented, the default configuration should be as follows. To enable JMS for Synapse, the repository/conf/axis2.xml must be updated, while to enable JMS support for the sample Axis2 server the samples/axis2Server/repository/conf/axis2.xml file must be updated.

    <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment (e.g. ActiveMQ)-->
    <transportReceiver name="jms" class="org.apache.synapse.transport.jms.JMSListener">
        <parameter name="myTopicConnectionFactory" locked="false">
                <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
                <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
                <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">TopicConnectionFactory</parameter>
        </parameter>

        <parameter name="myQueueConnectionFactory" locked="false">
                <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
                <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
                <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
        </parameter>

        <parameter name="default" locked="false">
                <parameter name="java.naming.factory.initial" locked="false">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>
                <parameter name="java.naming.provider.url" locked="false">tcp://localhost:61616</parameter>
                <parameter name="transport.jms.ConnectionFactoryJNDIName" locked="false">QueueConnectionFactory</parameter>
        </parameter>
    </transportReceiver>

If you are using ActiveMQ, you can use the Ant script in samples/util to set up Synapse (i.e. copying the required JAR files and modifying axis2.xml ) in an automated way. In order to do this, change into the samples/util directory and execute the following command:

ant setupActiveMQ -Dactivemq.home=<ActiveMQ home directory>

Note that if the environment variable ACTIVEMQ_HOME is defined, you can omit the -Dactivemq.home option. If you also want to set up ActiveMQ for the sample Axis2 server, issue the following command:

ant setupActiveMQ -Daxis2.xml=..\axis2Server\repository\conf\axis2.xml

Configure Synapse for AMQP Transport

The samples used in this guide assumes the existence of a local QPid (1.0-M2 or higher) installation properly installed and started up. You also need to copy the following client JAR files into the Synapse 'lib' folder to support AMQP. These files are found in the 'lib' directory of the QPid installation.

  • qpid-client-1.0-incubating-M2.jar
  • qpid-common-1.0-incubating-M2.jar
  • geronimo-jms_1.1_spec-1.0.jar
  • slf4j-api-1.4.0.jar **
  • slf4j-log4j12-1.4.0.jar **

** To configure FIX (Quickfix/J 1.3) with AMQP (QPid-1.0-M2) copy the sl4j-* libraries comes with QPid and ignore the sl4j-* libraries with Quickfix/J.

To enable the AMQP over JMS transport, you need to uncomment the JMS transport listener configuration. To enable AMQP over JMS for synapse, the repository/conf/axis2.xml must be updated, while to enable JMS support for the sample Axis2 server the samples/axis2Server/repository/conf/axis2.xml file must be updated.

    <!--Uncomment this and configure as appropriate for JMS transport support, after setting up your JMS environment -->
        <transportReceiver name="jms" class="org.apache.synapse.transport.jms.JMSListener">
        </transportReceiver>

        <transportSender name="jms" class="org.apache.synapse.transport.jms.JMSSender">
        </transportReceiver>

Locate and edit the AMQP connection settings file for the message consumer, this fle is usually named direct.properties.

            java.naming.factory.initial = org.apache.qpid.jndi.PropertiesFileInitialContextFactory
            # register some connection factories
            # connectionfactory.[jndiname] = [ConnectionURL]
            connectionfactory.qpidConnectionfactory = amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'
            # Register an AMQP destination in JNDI
            # destination.[jniName] = [BindingURL]
            destination.directQueue = direct://amq.direct//QpidStockQuoteService?routingkey='QpidStockQuoteService'
            destination.replyQueue = direct://amq.direct//replyQueue?routingkey='replyQueue'

Locate and edit the AMQP connection settings file for Synapse, this fle is usually named con.properties.

            #initial context factory
            #java.naming.factory.initial =org.apache.qpid.jndi.PropertiesFileInitialContextFactory
            # register some connection factories
            # connectionfactory.[jndiname] = [ConnectionURL]
            connectionfactory.qpidConnectionfactory=amqp://guest:guest@clientid/test?brokerlist='tcp://localhost:5672'
            # Register an AMQP destination in JNDI
            # destination.[jndiName] = [BindingURL]
            destination.directQueue=direct://amq.direct//QpidStockQuoteService

Setting up Mail Transport Sender

To enable the mail transport for samples, you need to uncomment the mail transport sender configuration in the repository/conf/axis2.xml. Uncomment the MailTransportSender sample configuration and make sure it points to a valid SMTP configuration for any actual scenarios.

    <transportSender name="mailto" class="org.apache.synapse.transport.mail.MailTransportSender">
        <parameter name="mail.smtp.host">smtp.gmail.com</parameter>
        <parameter name="mail.smtp.port">587</parameter>
        <parameter name="mail.smtp.starttls.enable">true</parameter>
        <parameter name="mail.smtp.auth">true</parameter>
        <parameter name="mail.smtp.user">synapse.demo.0</parameter>
        <parameter name="mail.smtp.password">mailpassword</parameter>
        <parameter name="mail.smtp.from">synapse.demo.0@gmail.com</parameter>
    </transportSender>

Configuring Synapse for the FIX Transport

Configuring Synapse for FIX Samples

In order to configure Synapse to run the FIX samples given in this guide you will need to to enable the FIX transport as described in the transport documentation . In addition you will need to create some FIX configuration files as specified below.

The FileStorePath property in the following two files should point to two directories in your local file system. Once the samples are executed, Synapse will create FIX message stores in these two directories.

Put the following entries in a file called fix-synapse.cfg

[default]
FileStorePath=examples/target/data/synapse-acceptor
ConnectionType=acceptor
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ValidOrderTypes=1,2,F
SenderCompID=SYNAPSE
TargetCompID=BANZAI
UseDataDictionary=Y
DefaultMarketPrice=12.30

[session]
BeginString=FIX.4.0
SocketAcceptPort=9876

Put the following entries in a file called synapse-sender.cfg

[default]
FileStorePath=examples/target/data/synapse-initiator
SocketConnectHost=localhost
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ReconnectInterval=5
SenderCompID=SYNAPSE
TargetCompID=EXEC
ConnectionType=initiator

[session]
BeginString=FIX.4.0
SocketConnectPort=19876

Configuring Sample FIX Applications

Locate and edit the FIX configuration file of Executor to be as follows. This file is usually named executor.cfg

[default]
FileStorePath=examples/target/data/executor
ConnectionType=acceptor
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ValidOrderTypes=1,2,F
SenderCompID=EXEC
TargetCompID=SYNAPSE
UseDataDictionary=Y
DefaultMarketPrice=12.30

[session]
BeginString=FIX.4.0
SocketAcceptPort=19876

Locate and edit the FIX configuration file of Banzai to be as follows. This file is usually named banzai.cfg

[default]
FileStorePath=examples/target/data/banzai
ConnectionType=initiator
SenderCompID=BANZAI
TargetCompID=SYNAPSE
SocketConnectHost=localhost
StartTime=00:00:00
EndTime=00:00:00
HeartBtInt=30
ReconnectInterval=5

[session]
BeginString=FIX.4.0
SocketConnectPort=9876

The FileStorePath property in the above two files should point to two directories in your local file system.

If you are using a binary distribution of Quickfix/J, the two samples and their default configuration files are all packed to a single jar file called quickfixj-examples.jar. You can extract the jar file, replace the modified configuration files and pack them to a jar file again under the same name. You can pass the new configuration file as a command line parameter too, in that case you don't need to modify the quickfixj-examples.jar. You can copy the config files from $SYNAPSE_HOME/repository/conf/sample/resources/fix folder to $QFJ_HOME/etc folder. Execute the sample apps from $QFJ_HOME/bin, ./banzai.sh/bat ../etc/banzai.cfg executor.sh/bat ../etc/executor.sh.

For more information regarding the FIX sample applications please refer the Example Applications section in the Quickfix/J documentation. For more information on configuring Quickfix/J applications refer the Configuring Quickfix/J section of the Quickfix/J documentation.

Setting up the TCP Transport

To enable the TCP transport for samples first you need to download the Axis2 TCP transport jar and copy it to the lib directory of Synapse. This library can be downloaded from the WS-Commons Transports website. Then open up the axis2.xml file and uncomment the TCP transport receiver and sender configurations:

    <transportReceiver name="tcp" class="org.apache.axis2.transport.tcp.TCPServer">
	    <parameter name="port">6060</parameter>
    </transportReceiver>

    <transportSender name="tcp" class="org.apache.axis2.transport.tcp.TCPTransportSender"/>

If you wish to use the sample Axis2 client to send TCP messages, you have to uncomment the TCP transport sender configuration in the samples/axis2Client/client_repo/conf/axis2.xml file.

Setting up the UDP Transport

To enable the UDP transport for samples first you need to download the Axis2 UDP transport jar and copy it to the lib directory of Synapse. This library can be downloaded from the WS-Commons Transports website. Then open up the axis2.xml file and uncomment the UDP transport receiver and sender configurations:

    <transportReceiver name="udp" class="org.apache.axis2.transport.udp.UDPListener"/>

    <transportSender name="udp" class="org.apache.axis2.transport.udp.UDPSender"/>

If you wish to use the sample Axis2 client to send UDP messages, you have to uncomment the UDP transport sender configuration in the samples/axis2Client/client_repo/conf/axis2.xml file.

Configuring Synapse for Script Mediator Support

The Synapse Script Mediator is a Synapse extension, and thus all prerequisites are not bundled by default with the Synapse distribution. Before you use some script mediators you may need to manually add the required jar files to the Synapse lib directory, and optionally perform other installation tasks as may be required by the individual scripting language. This is explained in the following sections.

JavaScript Support

The JavaScript/E4X support is enabled by default and comes ready-to-use with the Synapse distribution.

Ruby Support

For Ruby support you need to download the 'jruby-complete.jar' from the Maven repository for JRuby, and copy it into the 'lib' folder of Synapse . The JRuby JAR can be downloaded from here .

Configuring Synapse for JSON Support

JSON is a lightweight data-interchange format. It can be used as an alternative to XML or SOAP. To enable the JSON support in Synapse, following two jar files should be deployed into the 'lib' directory of Synapse.

Having deployed the necessary libraries you should now register the JSON message builder and formatter with Synapse. Open up 'repository/conf/axis2.xml' file of Synapse and add the following two entries under the 'messageBuilders' and 'messageFormatters' sections respectively.

      <messageBuilder contentType="application/json"
                         class="org.apache.axis2.json.JSONOMBuilder"/>

      <messageFormatter contentType="application/json"
                         class="org.apache.axis2.json.JSONMessageFormatter"/>
    

If you are planning to run sample 440, you should also add the above two entries to the 'samples/axis2Client/client_repo/conf/axis2.xml' file.

Setting up Derby database server

You can download Apache Derby distribution from http://db.apache.org/derby/

  1. Set up and start the Derby network server
  2. Create and open a connection to the database using the Derby client driver
     CONNECT 'jdbc:derby://localhost:1527/synapsedb;user=synapse;password=synapse;create=true';
  3. Create a table using the following statement
     CREATE table company(name varchar(10), id varchar(10), price double);
  4. Inserts some data using following statements
     INSERT into company values ('IBM','c1',0.0);
     INSERT into company values ('SUN','c2',0.0);
     INSERT into company values ('MSFT','c3',0.0);

When using Derby, you need to add derby.jar, derbyclient.jar and derbynet.jar to the classpath. This can be done by putting the above three jars into the Synapse lib directory. For testing these samples Derby 10.1.1.0 binary distribution was used.

You can use any other database product instead of Derby. Then you have to change the database connection details accordingly. Also you have to copy the required database driver jars to the Synapse classpath.

Setting Up MySQL database server

You can use a MySQL installation to try out certain database mediator samples. You can download MySQL distribution from http://dev.mysql.com/downloads/

  1. Set up and start the MySQL server
  2. Create a sample databasae
     DROP DATABASE IF EXISTS synapsedb;
     CREATE DATABASE synapsedb;
  3. Create a table in the sample database
     USE synapsedb; 
     DROP TABLE IF EXISTS company;
     CREATE table company(name varchar(10), id varchar(10), price double);
  4. Inserts some data using following statements
     INSERT into company values ('IBM','c1',3.7563);
     INSERT into company values ('SUN','c2',3.8349);
     INSERT into company values ('MSFT','c3',3.2938);
  5. Create a Stored Procedures
     DROP PROCEDURE If EXISTS getCompany;
     CREATE PROCEDURE getCompany(compName VARCHAR(10)) SELECT name, id, price FROM company WHERE name = compName;
    
     DROP PROCEDURE If EXISTS updateCompany;
     CREATE PROCEDURE updateCompany(compPrice DOUBLE,compName VARCHAR(10)) UPDATE company SET price = compPrice WHERE name = compName;
    

When using MySQL, you need to add mysql-connector-java.jar to the Synapse classpath. This can be done by putting the above mentioned jar into the Synapse lib directory. For testing the samples MySQL-5.0.75 distribution and mysql-connector-java-5.1.12-bin.jar was used.

You can use any other database product instead of MySQL. Then you have to change the database connection details accordingly. Also you have to copy the required database driver jars to the Synapse classpath.

Key Stores Configurations

This configuration is to be used in any location that needs key stores. This is currently used for creating https URL connections and configuring secret manager. This configuration can be specified on synapse.properties. Following shows a sample.

KeyStores configurations

# KeyStores configurations

        keystore.identity.location=lib/identity.jks
        keystore.identity.type=JKS
        keystore.identity.alias=synapse
        keystore.identity.store.password=password
        keystore.identity.key.password=password
        #keystore.identity.parameters=enableHostnameVerifier=false;keyStoreCertificateFilePath=/home/esb.cer

        keystore.trust.location=lib/trust.jks
        keystore.trust.type=JKS
        keystore.trust.alias=synapse
        keystore.trust.store.password=password
        #keystore.trust.parameters=enableHostnameVerifier=false;keyStoreCertificateFilePath=/home/esb.cer

    

Note: In the case where use for configuring key store for secret manager, the passwords in the above configurations act as only just alias. There are some mechanisms that can be used to provide actual password for these aliases. Those are described under Securing Password.

Securing Password

All secrets are managed using Secret Manager. Secret Manager keeps any number of secret repositories. Those are arranged in a cascade manger. Secrets can be accessed by providing alias for those. Key Stores needed for Secret Manager and secret repositories need to be configured according to theKey Stores Configurations. In this case, all the passwords in the key store configuration contains only alias to refer actual password. For example keystore.identity.storePassword=password Here password is an alias and to be used to get actual password In order to resolve above passwords (i.e. to get actual passwords); it is needed to provide a password provider for each keystore. This can be done by adding property called secretProvider= any implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler Example

        keystore.identity.store.secretProvider=org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler
    

The password provider should be an implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler.Synapse ships three implementations that can be used for this purpose.

  • org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler
  • org.apache.synapse.securevault.secret.handler.JlineSecretCallbackHandler
  • org.apache.synapse.securevault.secret.handler.HardCodedSecretCallbackHandler
  • org.apache.synapse.securevault.secret.handler.JBossEncryptionSecretCallbackHandler

When use org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler , It is needed to use a JMX Console. Then , using JMX Console need to access the MBean SecretsProvider and add passwords for following keys. Therese is method to add secret in SecretsProvider MBean.

  • identity.store.pass
  • trust.store.pass
  • identity.key.pass
Note: These keys are only meaningful to SecretManager. There is a ServerManager MBean that can be used to start synapse.

Secret repository can be configured using synape.properties.

Secret repositories

secretRepositories=file

        secretRepositories.file.provider=org.apache.synapse.securevault.secret.repository.FileBaseSecretRepositoryProvider
        secretRepositories.file.location=cipher-text.properties

    

Currently, there is only one secret repository and it is FileBaseSecretRepository. It use cipher-text.properties to keep secrets. A sample file is shown bellow.

Sample cipher-text.properties

aliases=synapse

        # configuration per each plaintext
        synapse.secret=EsY65tztE9R5b9pErVxLp8Br5d3ol6vRdWAkYHdc7XkZteGf37VJ+iNlCenqxYSEto0vcjpcmmzwf7K2wd9u3KQtVGKEoNLSe2LYZtrm3tKmGd6PX9YpdN72ml3JISNXPJ69yybFi6DVUIJfE5MFOd7gswWfCnkmZ3eJ6M1nuiI=
        synapse.secret.algorithm=RSA
        synapse.secret.alias=synapse
        synapse.secret.keystore=identity


    

To run synapse with secret manager, it is needed to set deployment mode into production and this can be done using wrapper.conf. There is an inline document on that configuration about where to set this value.

Setting up Synapse DataSources

Definition of the reusable database connection pool or datasources can be done using synapse.properties file. It is possible to configure any number of datasources. Currently only two types of datasources are supported and those are based on Apache DBCP datasources: BasicDataSource and PerUserPoolDataSource. Following configuration includes both two definitions. This configuration is related with sample 363.

Configuration is somewhat similar to the log4j appender configuration.

It requires two databases, follow the above specified (Setting up Derby Database server) steps to create the two databases 'jdbc:derby://localhost:1527/lookupdb', 'jdbc:derby://localhost:1527/reportdb' using the user name and password as 'synapse'. Fill in the data for those two databases as per described in the above section

synapse.properties configuration

#datasources
synapse.datasources=lookupds,reportds
synapse.datasources.icFactory=com.sun.jndi.rmi.registry.RegistryContextFactory
synapse.datasources.providerUrl=rmi://localhost:2199
synapse.datasources.providerPort=2199

synapse.datasources.lookupds.type=BasicDataSource
synapse.datasources.lookupds.driverClassName=org.apache.derby.jdbc.ClientDriver
synapse.datasources.lookupds.url=jdbc:derby://localhost:1527/lookupdb;create=false
synapse.datasources.lookupds.username=synapse
synapse.datasources.lookupds.password=synapse
synapse.datasources.lookupds.dsName=lookupdb
synapse.datasources.lookupds.maxActive=100
synapse.datasources.lookupds.maxIdle=20
synapse.datasources.lookupds.maxWait=10000

synapse.datasources.reportds.type=PerUserPoolDataSource
synapse.datasources.reportds.cpdsadapter.factory=org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
synapse.datasources.reportds.cpdsadapter.className=org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS
synapse.datasources.reportds.cpdsadapter.name=cpds
synapse.datasources.reportds.dsName=reportdb
synapse.datasources.reportds.driverClassName=org.apache.derby.jdbc.ClientDriver
synapse.datasources.reportds.url=jdbc:derby://localhost:1527/reportdb;create=false
synapse.datasources.reportds.username=synapse
synapse.datasources.reportds.password=synapse
synapse.datasources.reportds.maxActive=100
synapse.datasources.reportds.maxIdle=20
synapse.datasources.reportds.maxWait=10000

To secure data sources password, it is need to use secret manager. Please first refer that document before reading this. If the secret manager is used, then passwords that have been specified are considered as aliases and those are used for picking actual passwords. To get password securely, it is needed to set the password provider for each data source. The password provider should be an implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler. There are few options but it is recommended to use org.apache.synapse.securevault.secret.handler.SecretManagerSecretCallbackHandler in this case (i.e. securing data source password).

A sample configuration for above lookupds data source to use password provider

    synapse.datasources.lookupds.secretProvider=org.apache.synapse.securevault.secret.handler.SecretManagerSecretCallbackHandler

Using CipherTool

This is a simple tool for encrypting and decrypting simple texts such as passwords. The arguments that are inputs to this tool with their meanings are shown bellow.

  • keystore If keys are in a store , it's location
  • storepass Password for access keyStore
  • keypass To get private key
  • alias Alias to identify key owner
  • storetype Type of keyStore , Default is JKS
  • keyfile If key is in a file
  • opmode encrypt or decrypt , Default is encrypt
  • algorithm encrypt or decrypt algorithm , Default is RSA
  • source Either cipher or plain text as an in-lined form
  • outencode Currently base64 and use for encode result
  • inencode Currently base64 and use to decode input
  • trusted Is KeyStore a trusted store? If presents this, consider as a trusted store

The required scripts ( ciphertool.bat and ciphertool.sh) are available in bin directory.

A simple encrypting sample

ciphertool.bat -source synapse -keystore lib\trust.jks -storepass password -alias synapse -outencode base64 -trusted

ciphertool.bat -source synapse -keystore lib\trust.jks -storepass password -alias synapse -outencode base64 -trusted
        Using SYNAPSE_HOME: C:\Project\apache\synapse\trunck2\modules\distribution\target\synapse-2.0.0
        Using JAVA_HOME: C:\Program Files\Java\jdk1.5.0_14
        Output : VbwH1pePwf4XmUtCdIvO0MA/EZPl8YK+E0kGkMpFd7CbWKpR2h1evTv902zoVorbJbHsVDNXfuvUUGmQAptUl4GknAm4bgZsgQ/pbsRbXivRkNzg9JVqw3FzWkR2uN2ZCHSacC4IdUwOjSDOTQ+kH7se
        58kt2xqJSax2a9pdL1w=