The following articles were authored by Chintana

Running a Java process as a service

By on February 15, 2012
This entry is filed under carbon, wso2.

There are many open source projects out there that’s using Java Service Wrapper to run a process as a Windows service and as a daemon process in Linux. To make money of the excellent project they decided to screw everyone over and change to an atrocious licensing scheme. The crippled down community edition now doesn’t support 64bit Windows. Probably many other such nonsensical terms.

So, if you’re looking for alternatives there are several other nice projects out there. YAJSW is super easy to configure and use no native code.

You can generate a config file from a running Java process by giving the process ID. Found that it’s easy to start from here and then tweak the system paths according to your setup.

Following wrapper.conf file can be used to start any WSO2 Carbon product as a service in Windows. In the following configuration I’ve hard coded the working dir but that can easily be set to take from an environment variable just like the JVM path. I’ve removed comments from wrapper.conf for brevity.

wrapper.working.dir=C:\\test\\wso2greg-4.1.1

wrapper.java.app.mainclass= org.wso2.carbon.bootstrap.Bootstrap

wrapper.console.loglevel=INFO

wrapper.console.title="WSO2 G-Reg"

wrapper.ntservice.name="WSO2GREG"

wrapper.ntservice.displayname="WSO2 GREG"

wrapper.ntservice.description="Governance Registry"

wrapper.daemon.run_level_dir=${if (new File('\/etc\/rc0.d').exists()) return '\/etc\/rcX.d' else return '\/etc\/init.d\/rcX.d'}

wrapper.tray = true

wrapper.tray.port = 15002

wrapper.on_exit.0=SHUTDOWN
wrapper.on_exit.default=RESTART

wrapper.filter.trigger.0=Exception
wrapper.filter.script.0=scripts\/trayMessage.gv
wrapper.filter.script.0.args=Exception

placeHolderSoGenPropsComeHere=
wrapper.java.command = ${JAVA_HOME}\\bin\\java
wrapper.java.classpath.1 = .\\lib
wrapper.java.classpath.2 = ${JAVA_HOME}\\lib\\tools.jar
wrapper.java.classpath.3 = .\\bin\\org.wso2.carbon.bootstrap-3.2.2.jar
wrapper.java.classpath.4 = .\\lib\\endorsed
wrapper.app.parameter.1 = RUN
wrapper.app.parameter.2 = -Dcarbon.registry.root=\/
wrapper.app.parameter.3 = -Dcarbon.home=c:\\test\\wso2greg-4.1.1
wrapper.app.parameter.4 = -Dwso2.server.standalone=true
wrapper.app.parameter.5 = -Djava.command=${JAVA_HOME}\\bin\\java
wrapper.app.parameter.8 = -Dcarbon.xbootclasspath=;.\\lib\\xboot\\org.wso2.carbon.xboot-3.2.0.jar
wrapper.app.parameter.9 = -Djava.io.tmpdir=.\\bin\\..\\tmp
wrapper.app.parameter.10 = -Dwso2.carbon.xml=.\\bin\\..\\repository\\conf\\carbon.xml
wrapper.app.parameter.11 = -Dwso2.registry.xml=.\\bin\\..\\repository\\conf\\registry.xml
wrapper.app.parameter.12 = -Dwso2.user.mgt.xml=.\\bin\\..\\repository\\conf\\user-mgt.xml
wrapper.app.parameter.13 = -Dwso2.transports.xml=.\\bin\\..\\repository\\conf\\mgt-transports.xml
wrapper.app.parameter.14 = -Djava.util.logging.config.file=.\\bin\\..\\lib\\log4j.properties
wrapper.app.parameter.15 = -Dcarbon.config.dir.path=.\\bin\\..\\repository\\conf
wrapper.app.parameter.16 = -Dcarbon.logs.path=.\\bin\\..\\repository\\logs
wrapper.app.parameter.17 = -Dcomponents.repo=.\\bin\\..\\repository\\components
wrapper.app.parameter.18 = -Dcom.atomikos.icatch.file=.\\bin\\..\\lib\\transactions.properties
wrapper.app.parameter.19 = -Dcom.atomikos.icatch.hide_init_file_path=true
wrapper.app.parameter.20 = -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true
wrapper.app.parameter.21 = -Dcom.sun.jndi.ldap.connect.pool.authentication=simple
wrapper.app.parameter.22 = -Dcom.sun.jndi.ldap.connect.pool.timeout=3000
wrapper.app.parameter.23 = -Dcarbon.classpath=.\\lib;${JAVA_HOME}\\lib\\tools.jar;;.\\bin\\org.wso2.carbon.bootstrap-3.2.2.jar;
wrapper.java.additional.1 = -Xbootclasspath\/a:;.\\lib\\xboot\\org.wso2.carbon.xboot-3.2.0.jar
wrapper.java.additional.2 = -Xms256m
wrapper.java.additional.3 = -Xmx512m
wrapper.java.additional.4 = -XX:MaxPermSize=256m
wrapper.java.additional.5 = -Dimpl.prefix=Carbon
wrapper.java.additional.6 = -Dcom.sun.management.jmxremote
wrapper.java.additional.7 = -Djava.endorsed.dirs=.\\lib\\endorsed;

Testing Cassandra write performance

By on November 30, 2011
This entry is filed under cassandra, performance.

With below tests I was trying to measure Cassandra write performance. First off this is probably not a good performance comparison for a number of reasons. Main one being I was running this on my laptop. If you ran this on server grade hardware with a tuned Cassandra setup you probably would get higher numbers. That being said, this was done to get a general idea about write performance in Cassandra ‘cos “You can’t do much without measuring”.

My setup was,

  • Cassandra running in a VirtualBox VM with default parameters. Only the data directories were changed
  • VM was running Kubuntu 11.04
  • JDK 1.6.0_27
  • JVM was not warmed up before carrying out the test. I started Cassandra with an empty keyspace for each case
  • I was testing the code hosted here

Here’s how the three column families look like.

REGData column family,

PropertyIndex column family,

TagIndex column family,

Here are the results,

The graphs looks very similar. However Cassandra 1.0.2 is has faster write speeds. Here are the raw data. T in the graph represent number of tags and P number of properties.

Sudden spike in write speed increase is a bit scary. That can be due to I/O bottleneck in the machine. At that point my disk started grinding heavily. During the time of the tests, I didn’t do any other disk intensive tasks. On server grade hardware with a few fast disks results might be different. Radically even.

Creating a signed message with .Net WCF

By on November 13, 2011
This entry is filed under .net, security, wcf, ws-security.

A step by step guide to create a signed message with .Net WCF and consume a service secured service written in Java. Service can be implemented in any language as long as it support standard WS-Security standards. In order to have a service running in minutes and applying security I’ll be using WSO2 ESB.

  1. Certificates. We’ll be using two certificates for signing. We’ll create a private/public keypair in the client side and import the client’s public key to server. Likewise, we’ll import server’s public key to the machine running the client.
  2. First let’s create a key pair to be used in the client, 
    makecert -r -pe -n "CN=mycert" -sky exchange -sv mycert.pvk mycert.cer

    This will create a private and public key pair. Next we need to import this into Windows certificate store. In order to do that we need to convert our key pair to PFX format which includes both the private and the public key,

    pvk2pfx -pvk mycert.pvk -spc mycert.cer -pfx mycert.pfx

    Now, run mmc and add a certificate snap-in for the Local Computer. Browse into Trusted People and import mycert.pfx. Just click next when it asks for the private key password.

  3. We have set the certificates for the client. Next we have to extract server’s public key and import it into Windows certificate store. Since I’m going to use WSO2 ESB for the server side, we need to extract the public key from the Java keystore that’s being used by the ESB. Browse to <ESB HOME>\repository\resources\security and give the following command. Java needs to be in your PATH. When prompted type “wso2carbon” as the keystore password. 
    keytool -keystore wso2carbon.jks -export -alias localhost -file localhost.cer

    Import localhost.cer into Trusted People just like before.

  4. Now we need to import the client’s public key to the server. Start the ESB by double clicking wso2server.bat. Browse into https://localhost:9443 and login with admin/admin. Click Configure -> Key Stores.

    Click Import Cert

    and browse and select mycert.cer we just created and click Import.

  5. We’re done setting up certificates. Let’s create a simple secure service. Luckily ESB ships an echo service which when you send a message, echoes it back. Click Main -> List (under Web Services).

    Here you see a list of web services. In front of the echo service you’ll see a link saying “Unsecured”.

    Click it and select “yes” from the drop down to apply security for the echo service.

    Here you’ll see a list of pre-configured security scenarios. We’ll be using number 2, Non-Repudiation under Basic Scenarios. Select it and click Next.

    Select wso2carbon.jks as a trusted keystore and click Finish. Echo service is secured now.

  6. We created and setup certificates and now have a secured service. Open up Visual Studio and create a new console application. You can create any kind of project but I’d prefer to create console apps for testing these type of scenarios.
  7. Add a Service Reference to your project. WSDL file for the service is located at http://localhost:8280/services/echo?wsdl
  8. For the binding that you’ll be using you have to configure security, 
    <security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificateDuplex"
    requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="true"
    keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt"
    messageSecurityVersion="Default" requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true"
    replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
    replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
    sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
    timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
    maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
    negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
    sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
    reconnectTransportOnFailure="true" maxPendingSessions="128"
    maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap />
</security>
  9. Your actual service should looks like this, 
    static void Main(string[] args)
{
    svc.echoPortTypeClient echo = new svc.echoPortTypeClient("echoHttpSoap11Endpoint");

    echo.ClientCredentials.ServiceCertificate.SetDefaultCertificate(
       System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
       System.Security.Cryptography.X509Certificates.StoreName.TrustedPeople,
       System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "localhost");

    echo.ClientCredentials.ClientCertificate.SetCertificate(
        System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine,
        System.Security.Cryptography.X509Certificates.StoreName.TrustedPeople,
        System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName, "mycert");

    System.Console.WriteLine(echo.echoString("hello"));
    System.Console.ReadLine();
}

    Note that we set the correct service and client certificates. As you can see I’m using an HTTP endpoint. This is useful to test the messages going through a tool like TCPMon. When you have the scenario working you can just switch to the HTTPS endpoint.

Useful references,

Older Entries »