I'm have set up OpenAS2, so I want now to set up the WebUI.
I have unzip the file, and run "./mvnw clean package", but I have this
error :
org.openas2.app.OpenAS2ServerTest: org.openas2.OpenAS2Exception: the
OpenAS2 loggers' log manager must be registered with the jvm argument
-Dorg.apache.commons.logging.Log=org.openas2.logging.Log
Is this application independent of OpenAS2 ?
Or I need to set up OpenAs2 inside the "src" folder before ?
Hello,
I have only unziped the WebUI and run the command line above.
So I have installed yarn and nodejs, then run command lines mentionned in the README.md.
The test server is running and I access the login page (LoginScreen.vue).
But now I looking for understand how to launch "https://127.0.0.1:443/api" ; it's the first time that an API is mentionned, and I don't find anaything in the OpenAS2 documentation.
Thanks.
--
It's difficult for a SysAdmin to understand how to set up all of this, your are experts and high skilled developpers so I imagine it's seems logical for you.
Last edit: Gabe 2020-03-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Gabe,
Agreed the documentation for the WebUI is lacking, we are working on that.
With the WebUI inclusion into OpenAS2 a REST API was added and exposed as a new Remote Control interface for OpenAS2.
This remote interface needs to be habilitated by adding the "org.openas2.cmd.processor.RestCommandProcessor" Command processor in to the config.xml file of your OpenAS2 Server installation.
The default configuration included in your latest download of OpenAS2 includes a basic configuration of this Command Processor but its disabled by default for security reasons. To enable it set to "true" the property "properties.restapi.command.processor.enabled" inside the "<properties>" tag of the same config file. </properties>
This default configuration will listen on Localhost on the port 8443 reusing the included SSL self-signed certificate for TLS/SSL encryption. Authentication for the API is very simple based on username/password. The default access credentials are "userID" as username and "pWd" as password. Make sure to change them for your production deployments.
The Login Screen presented on the WebUI request the REST API Endpoint Base URL, Username and Password credentials to access it.
So the first step is to enable the REST Command Processor, configure it and make sure you can run your OpenAS2 Server installation.
-J
Last edit: Javier Munoz 2020-03-25
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Is the self-signed certificate is in the "config/ssl_certs.jks" file ?
Because I have updated this keystore to add my own valide chain of SSL certificates.
Is there a way to have more logs for this REST API ?
Beacause when I try to sign in, I immediatly have this error "Error: Network Error", despite of OpenAS2 server is running at the same time :
The certificate is in config/ssl_certs.jks,
Is your own certificate loaded into it?
Is it self-signed as well or 3rd party CA signed?
Did you remove the Old OpenAS2 self-signed certificate?
Hello,
Many thanks for you explanations, the server is running now :
yarn run serveINFOS: Started listener bound to [localhost:8443]
Is the self-signed certificate is in the "config/ssl_certs.jks" file ?
Because I have updated this keystore to add my own valide chain of SSL
certificates.
Is there a way to have more logs for this REST API ?
Beacause when I try to sign in, I immediatly have this error "Error:
Network Error", despite of OpenAS2 server is running :
2020-03-27 11:42:36.371 FINE OpenAS2Server: OpenAS2 Server v2.10.0 started.
Hello,
Yes the keystore was cleaned before I add my wildcard certificate (3rd party CA signed), and the intermediate and the root certificates.
I have also checked that my new keystore password was the good one.
And I have already succesfully exchange thousand dummy files (encrypted and signed) between OpenAS2 and my other AS2 server.
Regards
Last edit: Gabe 2020-03-30
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
In order to better trace the issue. Could you open up the Chrome
Developer tools or the Firefox Dev Console and share your Javascript
Console logs with me?
Hello,
Yes the keystore was cleaned before I added my wildcard certificate (3rd
party CA signed), and the intermediate and the root certificates.
I have also checked that my new keystore password was the good one.
And I have already succesfully exchange thousand dummy files between
OpenAS2 and my other AS2 server.
Regards
Yes, it seems like.
The REST API included in OpenAS2 has an open CORS policy enabled since
its password protected.
From the log extract seems like you are hosting the WebUI application on
the custom test domain myserver.mydomain.com. The instructions provided on
the README.md file are for localhost testing and development. The error you
get is from the application trying to establish a Websocket connection to
the localhost environment for debugging.
Since you are not looking to develop the WebUI I would suggest you compile
for production and just host the static files on any webserver.
To compile the files execute: yarn run build
This will create a "dist" directory with the static compiled files.
And you can use any webserver like Apache, Nginx, PHP WebServer, Python
SimpleServer, etc; to host those static files.
Since you have Node.Js already installed you can use Connect and ServeStatic
with Node.js for this:
1.
Install connect and serve-static with NPM
$ npm install connect serve-static
2.
Create server.js file with this content:
var connect = require('connect');var serveStatic = require('serve-static');
connect().use(serveStatic(__dirname)).listen(8080, function(){
console.log('Server running on 8080...');});
[HMR] Waiting for update signal from WDS... log.js:24is_logged Object { username: Getter & Setter, password: Getter & Setter, server: Getter & Setter, … }App.vue:29Password fields present on an unsecured page (http://). This represents a security risk allowing the theft of login credentials. myserver.mydomain.com:8080Blocking a multi-origin query (Cross-Origin Request) : the "Same Origin" policy does not allow access to the remote resource located at http://localhost:8080/sockjs-node/info?t=1585649737000. Reason: failure of the CORS request.
Hello,
How can I update the source code to allow ".mydommain.com" in the CORS policy ?
Maybe I need to access "http://myserver.mydomain.com:8443/api" instead of 127.0.0.1 .
Regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
SSL certificates are mapped to domain names so you will need to access it using the same domain name as is on the certificate.
For localhost testing you can try modifying the /etc/hosts (or equivalent if you are on MS Windows) and add the certificates domain there. It will only work if accessing the seerver from the same machine as the OpenAS2 server is running on. However, the trusted chain lookup may do DNS lookup of the actual IP of the host name which may make that unworkable.
If you have access to your DNS settings then temporarily modify the DNS to point to your test machine if that is feasible.
If you are using a wildcard SSL certificate then map DNS to something like openas2.mydomain.com and map that to your publicly accessible test machine.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
My DNS is set up, I can access my server using the domain name.
My question is on the login screen of the API REST, it's default parameter is "https://127.0.0.1:8443/api".
Maybe I should use my domain instead ? I have try to change it in the "config.xml" in "baseuri" line, but the CORS error still appears. So maybe I should update the source code and run the compilator again ?
My certificates added in "ssl_certs.jks" seems working, I have positive responses with openssl and curl on both servers launched by OpenAS2 and node.
Regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, you can do that. Since the certificate is set to the domain name, and
you are using SSL in the config.xml base uri, the URL parameter on the
login should also match.
-J
Hello,
My DNS is set up, I can access my server using the domain name.
My question is on the login screen of the API REST, it's default parameter
is "https://127.0.0.1:8443/api".
Maybe I should use my domain instead ? I have try to change it in the
"config.xml" in "baseuri" line, but the CORS error still appears. So maybe
I should update the source code and run the compilator again ?
My certificates added in "ssl_certs.jks" seems working, I have positive
responses with openssl and curl on both servers launched by OpenAS2
and node.
curl https://myserver.mydomain.com:8443 -vv
Connected to myserver.mydomain.com (111.11.111.11) port 8443 (#0)
Server certificate:
subject: CN=*.mydomain.com
GET / HTTP/1.1
Certificate chain
0 s:/CN=*.mydomain.com
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Server certificate
-----BEGIN CERTIFICATE-----
(...)
But when I try to access the api there is this log of OpenAS2 :
FINE RestCommandProcessor: API Response: 401{Content-Type=[application/json]}
org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor aroundWriteTo
GRAVE: MessageBodyWriter not found for media type=application/json, type=class org.openas2.cmd.CommandResult, genericType=class org.openas2.cmd.CommandResult.
FINE RestCommandProcessor: API Response: 500{}
Regards.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
API Response 401 corresponds the status "Unauthorized".
Make sure you have the correct username/password.
API response 500 corresponds to the status "Internal Server Error".
According to the log you are missing a MediaBodyWriter for JSON.
That most likely is a J2EE package that could be missing from your
installation (JAXB).
Oracle removed the J2EE packages from their download for Java 9+
curl https://myserver.mydomain.com:8443 -vv
Connected to myserver.mydomain.com (111.11.111.11) port 8443 (#0)
Server certificate:
subject: CN=*.mydomain.com
GET / HTTP/1.1
Certificate chain
0 s:/CN=*.mydomain.com
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Server certificate
-----BEGIN CERTIFICATE-----
(...)
But when I try to access the api there is this log of OpenAS2 :
FINE RestCommandProcessor: API Response: 401{Content-Type= [application/json]}
org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor
aroundWriteTo
GRAVE: MessageBodyWriter not found for media type=application/json,
type=class org.openas2.cmd.CommandResult, genericType=class
org.openas2.cmd.CommandResult.
FINE RestCommandProcessor: API Response: 500{}
Also please list the packages you have on your Server installation.
The following dependencies were included in the POM.XML to address that
situation:
<dependency>
<groupid>javax.xml.bind</groupid>
<artifactid>jaxb-api</artifactid>
<version>2.2.11</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-core</artifactid>
<version>2.2.11</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-impl</artifactid>
<version>2.2.11</version>
</dependency>
<dependency>
<groupid>javax.activation</groupid>
<artifactid>activation</artifactid>
<version>1.1.1</version>
</dependency>
API Response 401 corresponds the status "Unauthorized".
Make sure you have the correct username/password.
API response 500 corresponds to the status "Internal Server Error".
According to the log you are missing a MediaBodyWriter for JSON.
That most likely is a J2EE package that could be missing from your
installation (JAXB).
Oracle removed the J2EE packages from their download for Java 9+
curl https://myserver.mydomain.com:8443 -vv
Connected to myserver.mydomain.com (111.11.111.11) port 8443 (#0)
Server certificate:
subject: CN=*.mydomain.com
GET / HTTP/1.1
Certificate chain
0 s:/CN=*.mydomain.com
1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=RapidSSL RSA CA 2018
2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
Server certificate
-----BEGIN CERTIFICATE-----
(...)
But when I try to access the api there is this log of OpenAS2 :
FINE RestCommandProcessor: API Response: 401{Content-Type= [application/json]}
org.glassfish.jersey.message.internal.WriterInterceptorExecutor$TerminalWriterInterceptor
aroundWriteTo
GRAVE: MessageBodyWriter not found for media type=application/json,
type=class org.openas2.cmd.CommandResult, genericType=class
org.openas2.cmd.CommandResult.
FINE RestCommandProcessor: API Response: 500{}
Hello,
I'm have set up OpenAS2, so I want now to set up the WebUI.
I have unzip the file, and run "./mvnw clean package", but I have this
error :
Is this application independent of OpenAS2 ?
Or I need to set up OpenAs2 inside the "src" folder before ?
Thanks,
Best Regards
Hi Gabe,
Could you share the console logs and the configuration files you are using?
Is this error happening on a new installation or an upgrade?
Hello,
I have only unziped the WebUI and run the command line above.
So I have installed yarn and nodejs, then run command lines mentionned in the README.md.
The test server is running and I access the login page (LoginScreen.vue).
But now I looking for understand how to launch "https://127.0.0.1:443/api" ; it's the first time that an API is mentionned, and I don't find anaything in the OpenAS2 documentation.
Thanks.
--
It's difficult for a SysAdmin to understand how to set up all of this, your are experts and high skilled developpers so I imagine it's seems logical for you.
Last edit: Gabe 2020-03-25
Hi Gabe,
Agreed the documentation for the WebUI is lacking, we are working on that.
With the WebUI inclusion into OpenAS2 a REST API was added and exposed as a new Remote Control interface for OpenAS2.
This remote interface needs to be habilitated by adding the "org.openas2.cmd.processor.RestCommandProcessor" Command processor in to the config.xml file of your OpenAS2 Server installation.
The default configuration included in your latest download of OpenAS2 includes a basic configuration of this Command Processor but its disabled by default for security reasons. To enable it set to "true" the property "properties.restapi.command.processor.enabled" inside the "<properties>" tag of the same config file. </properties>
This default configuration will listen on Localhost on the port 8443 reusing the included SSL self-signed certificate for TLS/SSL encryption. Authentication for the API is very simple based on username/password. The default access credentials are "userID" as username and "pWd" as password. Make sure to change them for your production deployments.
The Login Screen presented on the WebUI request the REST API Endpoint Base URL, Username and Password credentials to access it.
So the first step is to enable the REST Command Processor, configure it and make sure you can run your OpenAS2 Server installation.
-J
Last edit: Javier Munoz 2020-03-25
Hello,
Many thanks for your explanations, the server is running now :
Is the self-signed certificate is in the "config/ssl_certs.jks" file ?
Because I have updated this keystore to add my own valide chain of SSL certificates.
Is there a way to have more logs for this REST API ?
Beacause when I try to sign in, I immediatly have this error "Error: Network Error", despite of OpenAS2 server is running at the same time :
Regards
Last edit: Gabe 2020-03-27
The certificate is in config/ssl_certs.jks,
Is your own certificate loaded into it?
Is it self-signed as well or 3rd party CA signed?
Did you remove the Old OpenAS2 self-signed certificate?
Regards, J
On Fri, Mar 27, 2020 at 7:18 AM Gabe gabesource@users.sourceforge.net
wrote:
Hello,
Yes the keystore was cleaned before I add my wildcard certificate (3rd party CA signed), and the intermediate and the root certificates.
I have also checked that my new keystore password was the good one.
And I have already succesfully exchange thousand dummy files (encrypted and signed) between OpenAS2 and my other AS2 server.
Regards
Last edit: Gabe 2020-03-30
Hi,
In order to better trace the issue. Could you open up the Chrome
Developer tools or the Firefox Dev Console and share your Javascript
Console logs with me?
Regards, J
On Mon, Mar 30, 2020 at 3:43 AM Gabe gabesource@users.sourceforge.net
wrote:
Hello,
It seems Firefox is blocking :
Regards
Yes, it seems like.
The REST API included in OpenAS2 has an open CORS policy enabled since
its password protected.
From the log extract seems like you are hosting the WebUI application on
the custom test domain myserver.mydomain.com. The instructions provided on
the README.md file are for localhost testing and development. The error you
get is from the application trying to establish a Websocket connection to
the localhost environment for debugging.
Since you are not looking to develop the WebUI I would suggest you compile
for production and just host the static files on any webserver.
To compile the files execute: yarn run build
This will create a "dist" directory with the static compiled files.
And you can use any webserver like Apache, Nginx, PHP WebServer, Python
SimpleServer, etc; to host those static files.
Since you have Node.Js already installed you can use Connect and ServeStatic
with Node.js for this:
1.
Install connect and serve-static with NPM
$ npm install connect serve-static
2.
Create server.js file with this content:
var connect = require('connect');var serveStatic = require('serve-static');
connect().use(serveStatic(__dirname)).listen(8080, function(){
console.log('Server running on 8080...');});
3.
Run with Node.js
$ node server.js
Then can now go to http://myserver.mydomain.com:8080/
-J
On Tue, Mar 31, 2020 at 6:24 AM Gabe gabesource@users.sourceforge.net
wrote:
Hello,
Many thanks for your explanations.
Unfortunately I have the same error :
To try I have changed "https://127.0.0.1:8443/api" by "https://myserver.mydomain.com:8443/api but no success.
Other point when I run compilation I have these errors :
But when I run again all is fine :
Regards
Hello,
How can I update the source code to allow ".mydommain.com" in the CORS policy ?
Maybe I need to access "http://myserver.mydomain.com:8443/api" instead of 127.0.0.1 .
Regards.
SSL certificates are mapped to domain names so you will need to access it using the same domain name as is on the certificate.
For localhost testing you can try modifying the /etc/hosts (or equivalent if you are on MS Windows) and add the certificates domain there. It will only work if accessing the seerver from the same machine as the OpenAS2 server is running on. However, the trusted chain lookup may do DNS lookup of the actual IP of the host name which may make that unworkable.
If you have access to your DNS settings then temporarily modify the DNS to point to your test machine if that is feasible.
If you are using a wildcard SSL certificate then map DNS to something like openas2.mydomain.com and map that to your publicly accessible test machine.
Hello,
My DNS is set up, I can access my server using the domain name.
My question is on the login screen of the API REST, it's default parameter is "https://127.0.0.1:8443/api".
Maybe I should use my domain instead ? I have try to change it in the "config.xml" in "baseuri" line, but the CORS error still appears. So maybe I should update the source code and run the compilator again ?
My certificates added in "ssl_certs.jks" seems working, I have positive responses with openssl and curl on both servers launched by OpenAS2 and node.
Regards.
Yes, you can do that. Since the certificate is set to the domain name, and
you are using SSL in the config.xml base uri, the URL parameter on the
login should also match.
-J
On Tue, Apr 7, 2020 at 9:36 AM Gabe gabesource@users.sourceforge.net
wrote:
Hello,
There is something I'm doing wrong because the CORS error still appears.
When launcged the OpenAS2 server print :
The connection the port 8443 works :
And by this way too :
But when I try to access the api there is this log of OpenAS2 :
Regards.
API Response 401 corresponds the status "Unauthorized".
Make sure you have the correct username/password.
API response 500 corresponds to the status "Internal Server Error".
According to the log you are missing a MediaBodyWriter for JSON.
That most likely is a J2EE package that could be missing from your
installation (JAXB).
Oracle removed the J2EE packages from their download for Java 9+
Which Java version are you using?
On Wed, Apr 8, 2020 at 8:42 AM Gabe gabesource@users.sourceforge.net
wrote:
Also please list the packages you have on your Server installation.
The following dependencies were included in the POM.XML to address that
situation:
<dependency>
<groupid>javax.xml.bind</groupid>
<artifactid>jaxb-api</artifactid>
<version>2.2.11</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-core</artifactid>
<version>2.2.11</version>
</dependency>
<dependency>
<groupid>com.sun.xml.bind</groupid>
<artifactid>jaxb-impl</artifactid>
<version>2.2.11</version>
</dependency>
<dependency>
<groupid>javax.activation</groupid>
<artifactid>activation</artifactid>
<version>1.1.1</version>
</dependency>
On Wed, Apr 8, 2020 at 11:39 AM Javier Munoz msn2wolf@gmail.com wrote: