WSO2 ESB 4.9.0 无法在启用安全保险库的情况下启动

Posted

技术标签:

【中文标题】WSO2 ESB 4.9.0 无法在启用安全保险库的情况下启动【英文标题】:WSO2 ESB 4.9.0 fails to start with security vault enabled 【发布时间】:2016-08-31 11:23:25 【问题描述】:

我正在使用 wso2esb 4.9.0 并尝试按照official guide 中的描述配置安全保险库来加密密码

我修改(注释掉)文件 secret-conf.properties 中的行并指定了秘密提供者类。 我让默认值(尤其是用于测试的密码和 JKS)

我从 bin 文件夹运行工具 ciphertool cipher-text.properties 中的密码已加密 并且配置文件中的引用已修改为属性 svns:secretAlias="[cipher-text.key]"

我重新启动服务器,输入存储/密钥密码,并得到以下错误:

org.h2.jdbc.JdbcSQLException: Wrong user name or password [8004-140]
    at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
    at org.h2.message.DbException.get(DbException.java:167)
    at org.h2.message.DbException.get(DbException.java:144)
    at org.h2.message.DbException.get(DbException.java:133)
    at org.h2.engine.Engine.validateUserAndPassword(Engine.java:277)
    at org.h2.engine.Engine.getSession(Engine.java:133)
    at org.h2.engine.Session.createSession(Session.java:122)
    at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:241)
    at org.h2.engine.SessionRemote.createSession(SessionRemote.java:219)
    at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:111)
    at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:95)
    at org.h2.Driver.connect(Driver.java:73)
    at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
    at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
    at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:701)
    at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:635)
    at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)
    at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)
    at org.wso2.carbon.user.core.claim.dao.ClaimDAO.getDialectCount(ClaimDAO.java:158)
    at org.wso2.carbon.user.core.common.DefaultRealm.populateProfileAndClaimMaps(DefaultRealm.java:429)
    at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:105)
    at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109)
    at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68)
    at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
    at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
    at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
    at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
    at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
    at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
    at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
    at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
[2016-08-31 12:11:46,829] ERROR - Activator Cannot start User Manager Core bundle
org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm.
    at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:240)
    at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96)

我检查了两个文件 ./repository/conf/datasources/master-datasources.xml 和 ./repository/conf/security/cipher-text.properties,密码密钥匹配。

你能告诉我我错过了什么吗?

【问题讨论】:

经过几个小时的测试,我终于成功让wso2 esb启动了。我必须更新文件 secret-conf.properties 文件并更改属性secretRepositories.file.location 的值,路径必须包括文件夹,即repository/conf/security/cipher-text.properties,而不是仅cipher-text.properties。铅解决了 【参考方案1】:

为了enable secure vault,您需要使用参数-Dconfigure执行./cipher-tool.sh(对于linux和windows,它是cipher-tool.bat),它将加密cipher-中的值text.properties,使用 cipher-tool.properies 中提到的 xpath 将别名添加到每个 conf 文件并创建 secret-conf.properties 文件。新创建的 secret-conf.properties 将包含 secretRepositories.file.location 等的值...

【讨论】:

以上是关于WSO2 ESB 4.9.0 无法在启用安全保险库的情况下启动的主要内容,如果未能解决你的问题,请参考以下文章

无法在目录WSO2 ESB中发送文件

WSO2 ESB调用SOAP端点无法执行操作

在 WSO2ESB 类调解器中进行策略交集

在WSO2 ESB.Hi中部署自定义介体时出现问题

WSO2 ESB 无法将完整的 JSON 数据转换为 XML

WSO2 ESB PayloadFactory 中介器中的 JSON 格式