WSO2 ESB 4.9.0无法在启用安全保管库的情况下启动
[英]WSO2 ESB 4.9.0 fails to start with security vault enabled
问题描述
I'm using wso2esb 4.9.0 and try to configure the security vault to encrypt passwords, following what is described in the official guide 
我正在使用wso2esb 4.9.0,并尝试按照官方指南中的说明配置安全性库以加密密码
I modified (commented out) lines in file secret-conf.properties and specified secret providers classes. 我修改了(注释掉)文件secret-conf.properties中的行并指定了秘密提供程序类。 I let the default values (especially password and JKS for testing) 我让默认值(尤其是用于测试的密码和JKS)
I run tool ciphertool from bin folder Passwords in cipher-text.properties have been encrypted and references in configuration files have been modified with attribute svns:secretAlias="[cipher-text.key]" 我从bin文件夹运行工具ciphertool。cipher-text.properties中的密码已加密,并且配置文件中的引用已使用svns属性修改:secretAlias =“ [cipher-text.key]”
I restarted the server, entered the store/key password, and got the following error : 我重新启动服务器,输入商店/密钥密码,并收到以下错误:
org.h2.jdbc.JdbcSQLException: Wrong user name or password [8004-140]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:327)
at org.h2.message.DbException.get(DbException.java:167)
at org.h2.message.DbException.get(DbException.java:144)
at org.h2.message.DbException.get(DbException.java:133)
at org.h2.engine.Engine.validateUserAndPassword(Engine.java:277)
at org.h2.engine.Engine.getSession(Engine.java:133)
at org.h2.engine.Session.createSession(Session.java:122)
at org.h2.engine.SessionRemote.connectEmbeddedOrServer(SessionRemote.java:241)
at org.h2.engine.SessionRemote.createSession(SessionRemote.java:219)
at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:111)
at org.h2.jdbc.JdbcConnection.<init>(JdbcConnection.java:95)
at org.h2.Driver.connect(Driver.java:73)
at org.apache.tomcat.jdbc.pool.PooledConnection.connectUsingDriver(PooledConnection.java:278)
at org.apache.tomcat.jdbc.pool.PooledConnection.connect(PooledConnection.java:182)
at org.apache.tomcat.jdbc.pool.ConnectionPool.createConnection(ConnectionPool.java:701)
at org.apache.tomcat.jdbc.pool.ConnectionPool.borrowConnection(ConnectionPool.java:635)
at org.apache.tomcat.jdbc.pool.ConnectionPool.getConnection(ConnectionPool.java:188)
at org.apache.tomcat.jdbc.pool.DataSourceProxy.getConnection(DataSourceProxy.java:128)
at org.wso2.carbon.user.core.claim.dao.ClaimDAO.getDialectCount(ClaimDAO.java:158)
at org.wso2.carbon.user.core.common.DefaultRealm.populateProfileAndClaimMaps(DefaultRealm.java:429)
at org.wso2.carbon.user.core.common.DefaultRealm.init(DefaultRealm.java:105)
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:230)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:109)
at org.wso2.carbon.user.core.internal.Activator.startDeploy(Activator.java:68)
at org.wso2.carbon.user.core.internal.BundleCheckActivator.start(BundleCheckActivator.java:61)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl$1.run(BundleContextImpl.java:711)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.startActivator(BundleContextImpl.java:702)
at org.eclipse.osgi.framework.internal.core.BundleContextImpl.start(BundleContextImpl.java:683)
at org.eclipse.osgi.framework.internal.core.BundleHost.startWorker(BundleHost.java:381)
at org.eclipse.osgi.framework.internal.core.AbstractBundle.resume(AbstractBundle.java:390)
at org.eclipse.osgi.framework.internal.core.Framework.resumeBundle(Framework.java:1176)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:559)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.resumeBundles(StartLevelManager.java:544)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.incFWSL(StartLevelManager.java:457)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.doSetStartLevel(StartLevelManager.java:243)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:438)
at org.eclipse.osgi.framework.internal.core.StartLevelManager.dispatchEvent(StartLevelManager.java:1)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:230)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:340)
[2016-08-31 12:11:46,829] ERROR - Activator Cannot start User Manager Core bundle
org.wso2.carbon.user.core.UserStoreException: Cannot initialize the realm.
at org.wso2.carbon.user.core.common.DefaultRealmService.initializeRealm(DefaultRealmService.java:240)
at org.wso2.carbon.user.core.common.DefaultRealmService.<init>(DefaultRealmService.java:96)
I checked both files ./repository/conf/datasources/master-datasources.xml and ./repository/conf/security/cipher-text.properties, the ciper key matches. 我检查了两个文件./repository/conf/datasources/master-datasources.xml和./repository/conf/security/cipher-text.properties,密码密钥匹配。
Can you tell me what i've missed ? 你能告诉我我错过了什么吗?
1 个解决方案
解决方案1
0 2016-09-12 05:57:03
In-order to enable secure vault , you need to execute ./cipher-tool.sh (for linux and for windows, it is cipher-tool.bat) with the parameter -Dconfigure which will encrypt the values in cipher-text.properties, add the alias to each conf file using the xpath mentioned in cipher-tool.properies and create the secret-conf.properties file. 为了启用安全保险库 ,您需要使用参数-Dconfigure执行./cipher-tool.sh(对于linux和Windows,它是cipher-tool.bat),它将对cipher-text.properties中的值进行加密。 ,使用cipher-tool.properies中提到的xpath将别名添加到每个conf文件,并创建secret-conf.properties文件。 The newly created secret-conf.properties will contain the values for secretRepositories.file.location, etc... 新创建的secret-conf.properties将包含secretRepositories.file.location等的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.