Category Archives: Wildfly

External ActiveMQ with Wildfly 9.0.1

Target of this post is to configure a vanilla Wildfly 9.0.1 to use an external vanilla ActiveMQ 5.12.0. These are the latest releases on 2015-09-18. I got it running with following steps:

  1. Download Wildfly 9.0.1 if you don’t have it already: http://download.jboss.org/wildfly/9.0.1.Final/wildfly-9.0.1.Final.zip
  2. Download ActiveMQ 5.12.0 if you don’t have it already: http://www.apache.org/dyn/closer.cgi?path=/activemq/5.12.0/apache-activemq-5.12.0-bin.zip
  3. Download ActiveMQ Resource Adapter if you don’t have it already: https://repository.apache.org/content/repositories/releases/org/apache/activemq/activemq-rar/5.9.1/activemq-rar-5.9.1.rar
  4. Extract all the downloaded files. You can place Wildfly and ActiveMQ wherever you want. The resource adapter should go to $WILDFLY/modules/org/apache/activemq/main. All files in apache-activemq-5.12.0-bin.zip should go to this folder.
  5. Edit $WILDFLY/modules/org/apache/activemq/main/META-INF/ra.xml and remove the part marked with <!– NOTE disable the following property if you do not wish to deploy an embedded broker –>
  6. Add the file $WILDFLY/modules/org/apache/activemq/main/module.xml with this content
    <module xmlns="urn:jboss:module:1.1" name="org.apache.activemq" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <resources>
        <resource-root path="."/>
        <resource-root path="activemq-broker-5.9.1.jar"/>
        <resource-root path="activemq-client-5.9.1.jar"/>
        <resource-root path="activemq-jms-pool-5.9.1.jar"/>
        <resource-root path="activemq-kahadb-store-5.9.1.jar"/>
        <resource-root path="activemq-openwire-legacy-5.9.1.jar"/>
        <resource-root path="activemq-pool-5.9.1.jar"/>
        <resource-root path="activemq-protobuf-1.1.jar"/>
        <resource-root path="activemq-ra-5.9.1.jar"/>
        <resource-root path="activemq-spring-5.9.1.jar"/>
        <resource-root path="aopalliance-1.0.jar"/>
        <resource-root path="commons-pool-1.6.jar"/>
        <resource-root path="commons-logging-1.1.3.jar"/>
        <resource-root path="hawtbuf-1.9.jar"/>
        <resource-root path="spring-aop-3.2.5.RELEASE.jar"/>
        <resource-root path="spring-beans-3.2.5.RELEASE.jar"/>
        <resource-root path="spring-context-3.2.5.RELEASE.jar"/>
        <resource-root path="spring-core-3.2.5.RELEASE.jar"/>
        <resource-root path="spring-expression-3.2.5.RELEASE.jar"/>
        <resource-root path="xbean-spring-3.15.jar"/>
      </resources>
      <exports>
        <exclude path="org/springframework/**"/>
        <exclude path="org/apache/xbean/**"/>
        <exclude path="org/apache/commons/**"/>
        <exclude path="org/aopalliance/**"/>
        <exclude path="org/fusesource/**"/>
      </exports>
      <dependencies>
        <module name="javax.api"/>
        <module name="org.slf4j"/>
        <module name="javax.resource.api"/>
        <module name="javax.jms.api"/>
        <module name="javax.management.j2ee.api"/>
      </dependencies>
    </module>
  7. Edit $WILDFLY/standalone/configuration/standalone.xml and add the following parts:
    • Under urn:jboss:domain:ejb3:3.0 add
      <mdb>
        <resource-adapter-ref resource-adapter-name="activemq-rar.rar"/>
        <bean-instance-pool-ref pool-name="mdb-strict-max-pool"/>
      </mdb>
    • Under urn:jboss:domain:resource-adapters:3.0 add the resource adapter
      <resource-adapters>
          <resource-adapter id="activemq-rar.rar">
              <module slot="main" id="org.apache.activemq"/>
              <transaction-support>NoTransaction</transaction-support>
              <config-property name="ServerUrl">tcp://localhost:61616</config-property>
              <connection-definitions>
                  <connection-definition class-name="org.apache.activemq.ra.ActiveMQManagedConnectionFactory" jndi-name="java:/ConnectionFactory" enabled="true" use-java-context="true" pool-name="ConnectionFactory"/>
              </connection-definitions>
              <admin-objects>
                  <admin-object class-name="org.apache.activemq.command.ActiveMQQueue" jndi-name="queue/test-queue" use-java-context="true" pool-name="test_queue">
                      <config-property name="PhysicalName">testQueue</config-property>
                  </admin-object>
              </admin-objects>
          </resource-adapter>
      </resource-adapters>
  8. In your project you will need to activate javax.jms.api in your jboss-deployment-structure.xml file (placed in WEB-INF folder):
    <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1.1">
        <deployment>
            <dependencies>
                <module name="javax.jms.api" export="true"/>
            </dependencies>
        </deployment>
    </jboss-deployment-structure>
    
  9. Now you should be able to write your MDB like this
    import javax.ejb.ActivationConfigProperty;
    import javax.ejb.MessageDriven;
    import javax.jms.Message;
    import javax.jms.MessageListener;
    
    @MessageDriven(activationConfig = {
        @ActivationConfigProperty(propertyName = "acknowledgeMode", propertyValue = "Auto-acknowledge"),
        @ActivationConfigProperty(propertyName = "destination", propertyValue = "queue/test-queue"),
        @ActivationConfigProperty(propertyName = "destinationType", propertyValue = "javax.jms.Queue"),
    })
    public class TestMDB implements MessageListener {
        @Override
        public void onMessage(Message msg) {
            // do something
        }
    }
  10. You will find the ActiveMQ management gui under http://localhost:8161/admin/. The default credentials are admin/admin.

JBAS010153: Node identifier property is set to the default value

I got the following warning on startup of EAP 6.4.2:

WARN  [org.jboss.as.txn] (ServerService Thread Pool — 46) JBAS010153: Node identifier property is set to the default value. Please make sure it is unique.

To get rid of this you have to add a node-identifier attribute in the transactions subsystem. Here is my actual config after adding the attribute:

<subsystem xmlns="urn:jboss:domain:transactions:1.5">
  <core-environment node-identifier="eap6">
    <process-id>
      <uuid/>
    </process-id>
  </core-environment>
  <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
  <coordinator-environment default-timeout="300"/>
</subsystem>

The default standalone.xml has no node-identifier=”SOME_ID” entry and that’s the reason for this warning.

SSL in Wildfly 8.2.0

Since wildfly uses undertow the configuration of SSL has changed. You can follow these steps to get SSL running:

  • Create a keystore with keys:
cd $WILDFLY_HOME/standalone/configuration
keytool -genkey -alias localhost -keyalg RSA -keystore keystore.jks -keysize 4096

You need to replace “localhost” with your domain name.

NOTE: Your browser will complain that the connection is unsecure because we have no officially signed certificate. Look for a tutorial to create a keypair and a certificate sign request (csr) that you have to send to a certification authority (ca).

  • Configure the SslRealm:
<management>
  <security-realms>
...
    <security-realm name="SslRealm">
      <server-identities>
        <ssl>
          <keystore path="keystore.jks" relative-to="jboss.server.config.dir" keystore-password="changeme"/>
        </ssl>
      </server-identities>
    </security-realm>
...
  </security-realms>
...
  •  And add a listener:
<subsystem xmlns="urn:jboss:domain:undertow:1.2">
  <buffer-cache name="default"/>
  <server name="default-server">
    <http-listener name="default" socket-binding="http"/>
    <https-listener name="default-ssl" socket-binding="https" security-realm="SslRealm"/>

Now you should be able to access your wildfly under https://localhost:8433/.

Widlfly 8.2.0 – JBAS010153: Node identifier is set to the default value

In the latest version of Wildfly (8.2.0) there is a warning looking like

[org.jboss.as.txn] (ServerService Thread Pool -- 46) JBAS010153: Node identifier property is set to the default value. Please make sure it is unique.

To get rid of this you have to change the standalone.xml file.  Change this part

<subsystem xmlns="urn:jboss:domain:transactions:2.0">
  <core-environment>
    <process-id>
      <uuid/>
    </process-id>
  </core-environment>
  <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
</subsystem>

to look like this

<subsystem xmlns="urn:jboss:domain:transactions:2.0">
  <core-environment node-identifier="wildfly1">
    <process-id>
      <uuid/>
    </process-id>
  </core-environment>
  <recovery-environment socket-binding="txn-recovery-environment" status-socket-binding="txn-status-manager"/>
</subsystem>

Of course you can use any value as identifier and “wildfly1” is just an example. Make sure not to use more than 23 characters.

Encrypted Database Passwords in JBoss

JBoss provides a simple mechanism to encrypt database passwords with blowfish. So the standalone.xml does not include our database passwords in plaintext anymore.

First you have to encrypt your password with org.picketbox.datasource.security.SecureIdentityLoginModule. This class includes a main method so you can run it with a single argument which has to be your plaintext password. The result will look like this:

Encoded password: 1ab234cf321cca

The class is included in jboss modules.

Then create a security-domain in your standalone.xml file:

<security-domain name="databaseSecure" cache-type="default">
  <authentication>
    <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
      <module-option name="username" value="username"/>
      <module-option name="password" value="1ab234cf321cca"/>
    </login-module>
  </authentication>
</security-domain>

Or with cli:

/subsystem=security/security-domain=databaseSecure:add(cache-type=default)  
/subsystem=security/security-domain=databaseSecure/authentication=classic:add(login-modules=[{"code"=>"org.picketbox.datasource.security.SecureIdentityLoginModule", "flag"=>"required", "module-options"=>[("username"=>"username"), ("password"=>"1ab234cf321cca")]}])

 

The last step is to replace the username+password part of your datasource with a security-domain element. This would look like this in its simplest way:

<datasource jndi-name="java:jboss/datasources/mypgDS" pool-name="MypgDS" enabled="true" use-java-context="true">
  <connection-url>jdbc:postgresql:db1</connection-url>
  <driver>postgresql</driver>
  <security>
    <security-domain>databaseSecure</security-domain>
  </security>
</datasource>

After theses changes start your application server.

ATTENTION! The passphrase that is used for the Blowfish algorithm is hardcoded in the login module. To make this secure you have to change the password in that component. Change the source and recompile or create an extension and overwrite all necessary parts and add it as a new module.

Disable Deployment-Scanner in JBoss

Look for the deployment-scanner config in your standalone.xml and configure the scan interval to -1 to allow deployment onyl from shell or at startup. Here is the relevant part:

<subsystem xmlns="urn:jboss:domain:deployment-scanner:1.1">
  <deployment-scanner path="deployments" relative-to="jboss.server.base.dir" scan-interval="-1"/>
</subsystem>

Or with cli:

/subsystem=deployment-scanner/scanner=default:write-attribute(name=scan-interval, value=-1)

 

Make your webapplication log debug messages under jboss

I often catch myself writing info-messages because jboss is configured to info-mode by default. By adding the following few lines you can make your application use debug mode:

<subsystem xmlns="urn:jboss:domain:logging:2.0">
  ...
  <!-- add begin -->
  <console-handler name="DEBUGCONSOLE">
    <level name="DEBUG" />
    <formatter>
      <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%F:%L)  %s%E%n" />
    </formatter>
  </console-handler>
  <logger category="pm.mbo" use-parent-handlers="false">
    <level name="DEBUG" />
    <handlers>
      <handler name="DEBUGCONSOLE" />
    </handlers>
  </logger>
  <!-- add end -->
  ...
</subsystem>

Of course you have to change the category (your package name) in the logger. The snippet is from Wildfly 8.1. But it is the same approach for JBoss AS 7+.

Get rid of Wildfly/JBoss headers “Server” and “X-Powered-By”

If you don’t want to send these headers with every response you have to disable them in your configuration file (standalone.xml).

I just removed the following lines from my undertow subsystem (urn:jboss:domain:undertow:1.1):

<filter-ref name="server-header"/>
<filter-ref name="x-powered-by-header"/>
...
<response-header name="server-header" header-name="Server" header-value="WildFly/8"/>
<response-header name="x-powered-by-header" header-name="X-Powered-By" header-value="Undertow/1"/>

After a server restart the headers were gone.