WSO2 ESB 4.9.0 无法在启用安全保险库的情况下启动

Posted 2023-02-25

【中文标题】WSO2 ESB 4.9.0 无法在启用安全保险库的情况下启动

【英文标题】：WSO2 ESB 4.9.0 fails to start with security vault enabled

【发布时间】：2016-08-31 11:23:25

【问题描述】：

我正在使用 wso2esb 4.9.0 并尝试按照official guide 中的描述配置安全保险库来加密密码

我修改（注释掉）文件 secret-conf.properties 中的行并指定了秘密提供者类。 我让默认值（尤其是用于测试的密码和 JKS）

我从 bin 文件夹运行工具 ciphertool cipher-text.properties 中的密码已加密 并且配置文件中的引用已修改为属性 svns:secretAlias="[cipher-text.key]"

我重新启动服务器，输入存储/密钥密码，并得到以下错误：

org.h2.jdbc.JdbcSQLException: Wrong user name or password [8004-140]
    at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
    at org.h2.message.DbException.get(DbException.java:167)
    at org.h2.message.DbException.get(DbException.java:144)
    at org.h2.message.DbException.get(DbException.java:133)
    at org.h2.engine.Engine.validateUserAndPassword(Engine.java:277)
    at org.h2.engine.Engine.getSession(Engine.java:133)
    at org.h2.engine.Session.createSession(Session.java:122)
    at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:241)
    at org.h2.engine.SessionRemote.createSession(SessionRemote.java:219)
    at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:111)
    at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:95)
    at org.h2.Driver.connect(Driver.java:73)
    at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
    at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
    at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:701)
    at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:635)
    at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)
    at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)
    at org.wso2.carbon.user.core.claim.dao.ClaimDAO.getDialectCount(ClaimDAO.java:158)
    at org.wso2.carbon.user.core.common.DefaultRealm.populateProfileAndClaimMaps(DefaultRealm.java:429)
    at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:105)
    at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109)
    at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68)
    at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
    at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
    at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
    at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
    at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
    at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
[2016-08-31 12:11:46,829] ERROR - Activator Cannot start User Manager Core bundle
org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm.
    at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:240)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96)

我检查了两个文件 ./repository/conf/datasources/master-datasources.xml 和 ./repository/conf/security/cipher-text.properties，密码密钥匹配。

你能告诉我我错过了什么吗？

【问题讨论】：

经过几个小时的测试，我终于成功让wso2 esb启动了。我必须更新文件 secret-conf.properties 文件并更改属性secretRepositories.file.location 的值，路径必须包括文件夹，即repository/conf/security/cipher-text.properties，而不是仅cipher-text.properties。铅解决了

【参考方案1】：

为了enable secure vault，您需要使用参数-Dconfigure执行./cipher-tool.sh（对于linux和windows，它是cipher-tool.bat），它将加密cipher-中的值text.properties，使用 cipher-tool.properies 中提到的 xpath 将别名添加到每个 conf 文件并创建 secret-conf.properties 文件。新创建的 secret-conf.properties 将包含 secretRepositories.file.location 等的值...