Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Date 21112016
EUROPEAN COMMISSION DIGIT Connecting Europe Facility
Domibus 321
Administration Guide
Administration Guide - Domibus 321 Page 2 97
Document status
Status
Approved
Document Approver(s)
Approver Name Role
BACIU Cosmin Technical Office
Document Reviewers
Reviewer Name Role
BACIU Cosmin Technical Office
Summary of Changes
Version Date Created by Short Description of Changes
V11 15092016 EDELMAN Cedric Update of document for Domibus 32
V12 29092016 EDELMAN Ceacutedric Update based on 32 FR
V13 15112016 EDELMAN Ceacutedric Describe the JMX configuration on WebLogic + Update based on 321 release
Administration Guide - Domibus 321 Page 3 97
Table of Contents
1 INTRODUCTION 5
2 PURPOSE OF THIS GUIDE 6
3 CONVENTION 7
31 Example 1 Sample Oracle Statement 7
32 Example 2 Sample Configuration file 7
4 PREREQUISITES 8
41 Binaries repository 8
5 DOMIBUS DEPLOYMENT 9
51 Database Configuration 9
511 MySQL configuration 9
512 Oracle configuration 11
52 Domibus on WebLogic 1213 12
521 Single Server Deployment 12
522 Clustered Deployment 23
53 Domibus on Tomcat 33
531 Pre-Configured Single Server Deployment 33
532 Single Server Deployment 35
533 Clustered Deployment 37
54 Domibus on WildFly 41
541 Pre-Configured Single Server Deployment 41
542 Single Server Deployment 45
543 Clustered Deployment 50
6 DOMIBUS CONFIGURATION 53
61 Security Configuration 54
611 Policies 54
612 Certificates 54
62 Domibus Properties 55
7 PLUGIN MANAGEMENT 58
71 Default Plugins 58
711 JMS Plugin 58
712 WS Plugin 58
7121 Domibus authentication 58
7122 Enable the authentication in Domibus 59
72 Custom Plugin 60
721 Plugin registration 60
7211 Tomcat 60
7212 WebLogic 60
Administration Guide - Domibus 321 Page 4 97
7213 WildFly 60
73 PMode Configuration 61
731 Configuration 61
732 Adding a new participant 62
733 Example of a PMode file 62
734 Domibus pconf to ebMS3 PMode Mapping 65
735 Upload new Configuration 72
74 Administration Tools 74
741 Application Logging 74
7411 Administration Dashboard 74
7412 Domibus log file 76
7413 Logging properties 76
7414 Error Log page 77
742 Queue Monitoring 78
743 Configuration of the queues 84
7431 Tomcat 84
7432 WebLogic 84
7433 WildFly 84
744 Message Filtering 84
8 DATA ARCHIVING 86
8111 Whats archiving 86
8112 Data Retention Policy 86
8113 Data Extraction 86
9 TROUBLESHOOTING 87
91 Failed to obtain DB connection from datasource 87
92 Exception sending context initialized event to listener instance of class 88
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is defined 88
94 Cannot access Admin Console 88
95 Handshake Failure 88
10 ANNEX 1 ndash TLS CONFIGURATION 92
1011 TLS Configuration 92
10111 Transport Layer Security in Domibus 92
10112 Client side configuration 92
10113 Server side configuration 93
Administration Guide - Domibus 321 Page 5 97
1 INTRODUCTION
This Administration Guide is intended for Server Administrators who are in charge of the installation of an eDelivery Access Point
Administration Guide - Domibus 321 Page 6 97
2 PURPOSE OF THIS GUIDE
The purpose of this guide is to provide detailed information on how to deploy and configure Domibus 321 on WebLogic Tomcat and WildFly with MySQL or Oracle It also provides detailed descriptions of related Security Configurations (Policies Certificates) Message Filtering PMode Configuration Application Monitoring Registration of custom plugins JMS Monitoring Data Archiving Troubleshooting and TLS Configuration
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 2 97
Document status
Status
Approved
Document Approver(s)
Approver Name Role
BACIU Cosmin Technical Office
Document Reviewers
Reviewer Name Role
BACIU Cosmin Technical Office
Summary of Changes
Version Date Created by Short Description of Changes
V11 15092016 EDELMAN Cedric Update of document for Domibus 32
V12 29092016 EDELMAN Ceacutedric Update based on 32 FR
V13 15112016 EDELMAN Ceacutedric Describe the JMX configuration on WebLogic + Update based on 321 release
Administration Guide - Domibus 321 Page 3 97
Table of Contents
1 INTRODUCTION 5
2 PURPOSE OF THIS GUIDE 6
3 CONVENTION 7
31 Example 1 Sample Oracle Statement 7
32 Example 2 Sample Configuration file 7
4 PREREQUISITES 8
41 Binaries repository 8
5 DOMIBUS DEPLOYMENT 9
51 Database Configuration 9
511 MySQL configuration 9
512 Oracle configuration 11
52 Domibus on WebLogic 1213 12
521 Single Server Deployment 12
522 Clustered Deployment 23
53 Domibus on Tomcat 33
531 Pre-Configured Single Server Deployment 33
532 Single Server Deployment 35
533 Clustered Deployment 37
54 Domibus on WildFly 41
541 Pre-Configured Single Server Deployment 41
542 Single Server Deployment 45
543 Clustered Deployment 50
6 DOMIBUS CONFIGURATION 53
61 Security Configuration 54
611 Policies 54
612 Certificates 54
62 Domibus Properties 55
7 PLUGIN MANAGEMENT 58
71 Default Plugins 58
711 JMS Plugin 58
712 WS Plugin 58
7121 Domibus authentication 58
7122 Enable the authentication in Domibus 59
72 Custom Plugin 60
721 Plugin registration 60
7211 Tomcat 60
7212 WebLogic 60
Administration Guide - Domibus 321 Page 4 97
7213 WildFly 60
73 PMode Configuration 61
731 Configuration 61
732 Adding a new participant 62
733 Example of a PMode file 62
734 Domibus pconf to ebMS3 PMode Mapping 65
735 Upload new Configuration 72
74 Administration Tools 74
741 Application Logging 74
7411 Administration Dashboard 74
7412 Domibus log file 76
7413 Logging properties 76
7414 Error Log page 77
742 Queue Monitoring 78
743 Configuration of the queues 84
7431 Tomcat 84
7432 WebLogic 84
7433 WildFly 84
744 Message Filtering 84
8 DATA ARCHIVING 86
8111 Whats archiving 86
8112 Data Retention Policy 86
8113 Data Extraction 86
9 TROUBLESHOOTING 87
91 Failed to obtain DB connection from datasource 87
92 Exception sending context initialized event to listener instance of class 88
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is defined 88
94 Cannot access Admin Console 88
95 Handshake Failure 88
10 ANNEX 1 ndash TLS CONFIGURATION 92
1011 TLS Configuration 92
10111 Transport Layer Security in Domibus 92
10112 Client side configuration 92
10113 Server side configuration 93
Administration Guide - Domibus 321 Page 5 97
1 INTRODUCTION
This Administration Guide is intended for Server Administrators who are in charge of the installation of an eDelivery Access Point
Administration Guide - Domibus 321 Page 6 97
2 PURPOSE OF THIS GUIDE
The purpose of this guide is to provide detailed information on how to deploy and configure Domibus 321 on WebLogic Tomcat and WildFly with MySQL or Oracle It also provides detailed descriptions of related Security Configurations (Policies Certificates) Message Filtering PMode Configuration Application Monitoring Registration of custom plugins JMS Monitoring Data Archiving Troubleshooting and TLS Configuration
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 3 97
Table of Contents
1 INTRODUCTION 5
2 PURPOSE OF THIS GUIDE 6
3 CONVENTION 7
31 Example 1 Sample Oracle Statement 7
32 Example 2 Sample Configuration file 7
4 PREREQUISITES 8
41 Binaries repository 8
5 DOMIBUS DEPLOYMENT 9
51 Database Configuration 9
511 MySQL configuration 9
512 Oracle configuration 11
52 Domibus on WebLogic 1213 12
521 Single Server Deployment 12
522 Clustered Deployment 23
53 Domibus on Tomcat 33
531 Pre-Configured Single Server Deployment 33
532 Single Server Deployment 35
533 Clustered Deployment 37
54 Domibus on WildFly 41
541 Pre-Configured Single Server Deployment 41
542 Single Server Deployment 45
543 Clustered Deployment 50
6 DOMIBUS CONFIGURATION 53
61 Security Configuration 54
611 Policies 54
612 Certificates 54
62 Domibus Properties 55
7 PLUGIN MANAGEMENT 58
71 Default Plugins 58
711 JMS Plugin 58
712 WS Plugin 58
7121 Domibus authentication 58
7122 Enable the authentication in Domibus 59
72 Custom Plugin 60
721 Plugin registration 60
7211 Tomcat 60
7212 WebLogic 60
Administration Guide - Domibus 321 Page 4 97
7213 WildFly 60
73 PMode Configuration 61
731 Configuration 61
732 Adding a new participant 62
733 Example of a PMode file 62
734 Domibus pconf to ebMS3 PMode Mapping 65
735 Upload new Configuration 72
74 Administration Tools 74
741 Application Logging 74
7411 Administration Dashboard 74
7412 Domibus log file 76
7413 Logging properties 76
7414 Error Log page 77
742 Queue Monitoring 78
743 Configuration of the queues 84
7431 Tomcat 84
7432 WebLogic 84
7433 WildFly 84
744 Message Filtering 84
8 DATA ARCHIVING 86
8111 Whats archiving 86
8112 Data Retention Policy 86
8113 Data Extraction 86
9 TROUBLESHOOTING 87
91 Failed to obtain DB connection from datasource 87
92 Exception sending context initialized event to listener instance of class 88
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is defined 88
94 Cannot access Admin Console 88
95 Handshake Failure 88
10 ANNEX 1 ndash TLS CONFIGURATION 92
1011 TLS Configuration 92
10111 Transport Layer Security in Domibus 92
10112 Client side configuration 92
10113 Server side configuration 93
Administration Guide - Domibus 321 Page 5 97
1 INTRODUCTION
This Administration Guide is intended for Server Administrators who are in charge of the installation of an eDelivery Access Point
Administration Guide - Domibus 321 Page 6 97
2 PURPOSE OF THIS GUIDE
The purpose of this guide is to provide detailed information on how to deploy and configure Domibus 321 on WebLogic Tomcat and WildFly with MySQL or Oracle It also provides detailed descriptions of related Security Configurations (Policies Certificates) Message Filtering PMode Configuration Application Monitoring Registration of custom plugins JMS Monitoring Data Archiving Troubleshooting and TLS Configuration
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 4 97
7213 WildFly 60
73 PMode Configuration 61
731 Configuration 61
732 Adding a new participant 62
733 Example of a PMode file 62
734 Domibus pconf to ebMS3 PMode Mapping 65
735 Upload new Configuration 72
74 Administration Tools 74
741 Application Logging 74
7411 Administration Dashboard 74
7412 Domibus log file 76
7413 Logging properties 76
7414 Error Log page 77
742 Queue Monitoring 78
743 Configuration of the queues 84
7431 Tomcat 84
7432 WebLogic 84
7433 WildFly 84
744 Message Filtering 84
8 DATA ARCHIVING 86
8111 Whats archiving 86
8112 Data Retention Policy 86
8113 Data Extraction 86
9 TROUBLESHOOTING 87
91 Failed to obtain DB connection from datasource 87
92 Exception sending context initialized event to listener instance of class 88
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is defined 88
94 Cannot access Admin Console 88
95 Handshake Failure 88
10 ANNEX 1 ndash TLS CONFIGURATION 92
1011 TLS Configuration 92
10111 Transport Layer Security in Domibus 92
10112 Client side configuration 92
10113 Server side configuration 93
Administration Guide - Domibus 321 Page 5 97
1 INTRODUCTION
This Administration Guide is intended for Server Administrators who are in charge of the installation of an eDelivery Access Point
Administration Guide - Domibus 321 Page 6 97
2 PURPOSE OF THIS GUIDE
The purpose of this guide is to provide detailed information on how to deploy and configure Domibus 321 on WebLogic Tomcat and WildFly with MySQL or Oracle It also provides detailed descriptions of related Security Configurations (Policies Certificates) Message Filtering PMode Configuration Application Monitoring Registration of custom plugins JMS Monitoring Data Archiving Troubleshooting and TLS Configuration
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 5 97
1 INTRODUCTION
This Administration Guide is intended for Server Administrators who are in charge of the installation of an eDelivery Access Point
Administration Guide - Domibus 321 Page 6 97
2 PURPOSE OF THIS GUIDE
The purpose of this guide is to provide detailed information on how to deploy and configure Domibus 321 on WebLogic Tomcat and WildFly with MySQL or Oracle It also provides detailed descriptions of related Security Configurations (Policies Certificates) Message Filtering PMode Configuration Application Monitoring Registration of custom plugins JMS Monitoring Data Archiving Troubleshooting and TLS Configuration
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 6 97
2 PURPOSE OF THIS GUIDE
The purpose of this guide is to provide detailed information on how to deploy and configure Domibus 321 on WebLogic Tomcat and WildFly with MySQL or Oracle It also provides detailed descriptions of related Security Configurations (Policies Certificates) Message Filtering PMode Configuration Application Monitoring Registration of custom plugins JMS Monitoring Data Archiving Troubleshooting and TLS Configuration
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 7 97
3 CONVENTION
The Commands and Configuration files listed in this document usually contain a mix of reserved words (commands instructions and system related special words) and user defined words (chosen by the user) as well as comments and preferred values for certain variables The conventions used in this document to distinguish between them are the followings
Bold is used for reserved words and commands
Normal italic together with a short description of the argument is used for user-defined names (chosen by yourself to designate items like users passwords database etc) Normally contains at least 2 words separated by _
Bold and Italic is used for advisable values which can be changed by the user depending on their infrastructure
Comments are sometimes added to describe the purpose of the commands usually enclosed in brackets ()
By default non-OS specific paths will be described using Linux patterns
31 Example 1 Sample Oracle Statement
create user edelivery_user identified by edelivery_password
grant all privileges to edelivery_user
(Where edelivery_user and edelivery_password are names chosen by the user)
32 Example 2 Sample Configuration file
jdbcdatasource0drivername=commysqljdbcDriver
jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema
jdbcdatasource0driverpassword=edelivery_password
jdbcdatasource0driverusername=edelivery_user
(Where
- edelivery_user domibus_schema and edelivery_password are names chosen by the user
- localhost3306 represents hostnameport parameters of the MySQL database)
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 8 97
4 PREREQUISITES
Please install the following software on the target system For further information and installation details we kindly advise you to refer to the software owners documentation
Java runtime environnement (JRE) version 7 or 8 httpwwworaclecomtechnetworkjavajavasedownloadsindexhtml
One of the supported Database Management Systems
o MySQL 56 or above
o Oracle 10g+
If you dont plan to deploy Domibus according to the Pre-Configured Single Server Deployment method you must also install one of the supported application servers unless you are intending
o WebLogic 12c
o WildFly 9
o Apache Tomcat 80x
All Domibus 321 installation resources including full distributions and documentation can be found on the Single Web Portal
httpseceuropaeucefdigitalwikix7E8ZAg
41 Binaries repository
All the Domibus 321 artefacts can be directly download from the Nexus repository of CEF1
1 httpseceuropaeucefdigitalartifactnexus-searchgav~eudomibus~domibus-MSH~321~~
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 9 97
5 DOMIBUS DEPLOYMENT
Remark
The variable cef_edelivery_path refering to the folder where the package is installed will be used later
in this document
51 Database Configuration
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-sql-scriptszip
A datasource must be configured to allow the application to access its Database
511 MySQL configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 (Optional) Storing messages in a database with payloads over 30 MB
Domibus temporarily stores the messages in the database They are not deleted before they are successfully transferred to the final recipient (see 73 PMode Configuration) Therefore it is required to increase the maximum allowed size of packets Update the default properties of myini (Windows) or mycnf (Linux)
o max_allowed_packet property
The maximum size of one packet or any generated or intermediate string or any parameter sent by the mysql_stmt_send_long_data() C API function max_allowed_packet=512M
o innodb_log_file_size property
Size of each log file in a log group You should set the combined size of log files to about 25-100 of your buffer pool size to avoid unneeded buffer pool flush activity on log file overwrite However note that larger logfile size will increase the time needed for the recovery process innodb_log_file_size=5120M
o Restart MySQL service (Windows)
MySQL service
4 (Optional) For storing messages in a file system instead of a database see 62 Domibus Properties
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 10 97
5 Execute the following MySQL commands in the command prompt
Remark
User defined names like root_password domibus_schema etc are in italic as described in the
Convention section
mysql -h localhost -u root_user --password=root_password -e drop schema if exists domibus_schemacreate schema domibus_schemaalter database domibus_schema charset=utf8 create user edelivery_userlocalhost identified by edelivery_passwordgrant all on domibus_schema to edelivery_userlocalhost
This creates a schema (domibus_schema) and a user (edelivery_user) having all the privileges on the schema
mysql -h localhost -u root_user --password=root_password domibus_schema lt mysql5innoDb-321ddl
This creates the required tables in domibus_schema
Remark
If you are using Windows make sure to have the parent directory of mysqlexe added to your
PATH variable
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 11 97
512 Oracle configuration
1 Unzip domibus-MSH-321-sql-scriptszip in cef_edelivery_pathsql-scripts
2 Open a command prompt and navigate to this directory cef_edelivery_pathsql-scripts
3 Open a command line session log in and execute the following commands
sqlplus sys as sysdba (password should be the one assigned during the Oracle installation ) =========================================================================== Once logged in Oracle create user edelivery_user identified by edelivery_password grant all privileges to edelivery_user connect edelivery_user show user (should return edelivery_user) oracle10g-321ddl (run the scripts with the sign from the location of the scripts) exit ===========================================================================
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 12 97
52 Domibus on WebLogic 1213
This section does not include the installation of WebLogic server 1213 It is assumed that the WebLogic Server is installed and a Domain is created Hereafter the domain location will be referred as DOMAIN_HOME (user defined name)
521 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Download and unzip domibus-MSH-321-weblogic-configurationzip in the directory DOMAIN_HOMEconfdomibus
2 Download the domibus-distribution-321-weblogicwar in the directory DOMAIN_HOMEconfdomibus
3 Configure your Keystore based on section 612 Certificates
4 Add the following lines in
o For Windows DOMAIN_HOMEbinsetDomainEnvcmd
Locate the set DOMAIN_HOME statement and add the following lines after hellip set DOMAIN_HOME Added for Domibus set EXTRA_JAVA_PROPERTIES=EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=DOMAIN_HOMEconfdomibus hellip
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 13 97
o For LinuxUnix DOMAIN_HOMEbinsetDomainEnvsh
Locate the export DOMAIN_HOME statement and add the following lines after hellip export DOMAIN_HOME Added for Domibus EXTRA_JAVA_PROPERTIES=$EXTRA_JAVA_PROPERTIES -Ddomibusconfiglocation=$DOMAIN_HOMEconfdomibus export EXTRA_JAVA_PROPERTIES hellip
5 Run the WebLogic Scripting Tool (WLST) in order to create the JMS resources and the Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME as a system environment variable to point to the WebLogic lsquowlserverrsquo directory as defined in the DOMAIN_HOMEbinSetDomainEnv[cmd|sh]
eg WL_HOME=wls12130wlserver
o Take the script WeblogicSingleServerproperties from domibus-distribution-32-weblogic-configurationzip under the scripts directory and copy the WeblogicSingleServerproperties file into the wslt-api-191 directory and adapt the following properties
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_name domainconnectpassword=weblogic_password domainname=my_domain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 14 97
Remark
MySQL configuration is commented by default To enable MySQL remove the comment () from the
lines below Dont forget to add the comment () for Oracle to disable it
For MySQL
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
o Adapt the property for location of the filestore persistentfilestore0location
eg
persistentfilestore0location=DOMAIN_HOMEfilestore
Remark
Make sure that the path for the filestore contains forward slashes ()
o Adapt if necessary the JMX security configuration
eg Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 15 97
o Start the WebLogic domain from within DOMAIN_HOME
For Windows startWebLogiccmd
For LinuxUnix startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows wlstapicmd scriptsimportpy --property WeblogicSingleServerproperties
For Linux wlstapish scriptsimportpy --property WeblogicSingleServerproperties
Expected Result
6 Activate the use of the authorization providers to protect the JMX access
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 16 97
7 The database dialect is pre-configured to use the Oracle database If you are using a MySQL database you should adapt the dialect in DOMAIN_HOMEconfdomibusdomibus-datasourcesxml as highlighted in the example below
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=showSql value=falsegt
ltproperty name=generateDdl value=falsegt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltproperty name=jpaPropertiesgt
ltpropsgt
ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt
ltprop key=hibernateformat_sqlgttrueltpropgt
ltprop
key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMT
TransactionFactoryltpropgt
ltprop
key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblog
icTransactionManagerLookupltpropgt
ltprop
key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminter
nalWeblogicJtaPlatformltpropgt
ltpropsgt
ltpropertygt
8 Install the WS Plugin For more details (see section 7212 WebLogic)
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 17 97
9 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to the location of the war file and click Next
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt
Administration Guide - Domibus 321 Page 18 97
o Choose Install this deployment as an application and click Next
o Select the following option and click Next
Administration Guide - Domibus 321 Page 19 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 20 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 21 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 22 97
10 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 23 97
522 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on WebLogic
Remark
In this section we assume that a Domain and a WebLogic Cluster is already setup
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-weblogicwar
domibus-MSH-321-weblogic-configurationzip
domibus-MSH-321-default-ws-pluginzip (optional)
domibus-MSH-321-default-jms-pluginzip (optional)
1 Follow steps 1 2 3 and 4 from section 521 Single Server Deployment
2 Run the WebLogic Scripting Tool (WLST) in order to create the necessary JMS resources and Database datasources from the command line
o Download the WLST Package from the following location httpseceuropaeucefdigitalartifactcontentrepositorieseDeliveryeueuropaecdigitipciswslt-api191wslt-api-191zip
o Configure the WSLT API tool
Unzip the wslt-api-191zip
Define the WL_HOME (SET or export command depending on your operating system) environment variable to point to the WebLogic wlserver directory
eg WL_HOME=wls12130wlserver
Administration Guide - Domibus 321 Page 24 97
o Take the script WeblogicClusterproperties from domibus-distribution-321-weblogic-configurationzip under the scripts directory and copy the WeblogicClusterproperties file into the wslt-api-191 directory and apply the following changes
Adapt the properties for connecting to the WebLogic domain
domainloadingtype=connect domainconnecturl=t3localhost7001 domainconnectusername=weblogic_user domainconnectpassword=weblogic_password domainname=mydomain1
Adapt the jdbcdatasource properties for the datasources
For Oracle database
jdbcdatasource0drivername=oraclejdbcxaclientOracleXADataSource jdbcdatasource0driverurl=jdbcoraclethin1270011521xe jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name
For MySQL database
Remark
MySQL configuration is commented by default To enable MySQL remove the
comment () from the lines below Dont forget to add the comment () for
Oracle to disable it
jdbcdatasource0drivername=commysqljdbcDriver jdbcdatasource0driverurl=jdbcmysqllocalhost3306domibus_schema jdbcdatasource0driverpassword=edelivery_password jdbcdatasource0driverusername=edelivery_username jdbcdatasource0targets=cluster_name jdbcdatasource0transactionprotocol=LoggingLastResource jdbcdatasource0poolconnectiontestonreservsql=SQL SELECT 1
Adapt the properties for target and location of the filestore
persistentfilestore0target=cluster_name persistentfilestore0location=DOMAIN_HOMEfilestores
Remark
If you are using Windows make sure that the path for the filestore content
forward slash ()
Adapt if necessary the JMX security configuration
eg
Policy configuration securitypolicies0mode = CREATE securitypolicies0resource = type=ltjmxgt operation=invoke application= mbeanType=weblogicmanagementruntimeJMSDestinationRuntimeMBean securitypolicies0realm = myrealm securitypolicies0authorizer = XACMLAuthorizer
Administration Guide - Domibus 321 Page 25 97
securitypolicies0expression= Rol(Admin)|Grp(Administrators)|Grp(JMSManagers) securitypoliciesitems = 1 Users configuration securityusers0realm=myrealm securityusers0name=jmsManager securityusers0password=jmsManager1 securityusers0comment= securityusers0authenticator=DefaultAuthenticator securityusersitems=1 Groups configuration securitygroups0realm=myrealm securitygroups0name=JMSManagers securitygroups0description= securitygroups0authenticator=DefaultAuthenticator securitygroupsitems=1 Groups Membership configuration securitygroupmember0user=jmsManager securitygroupmember0groups=JMSManagers securitygroupmember0realm=myrealm securitygroupmember0authenticator=DefaultAuthenticator securitygroupmemberitems=1
Adapt the property for JMS Server eg
jmsserver0target=cluster_name
Adapt the property for JMS Module eg
jmsmodule0targets=cluster_name
o Start the WebLogic domain from within DOMAIN_HOME
bull For Windows
startWebLogiccmd
bull For LinuxUnix
startWebLogicsh
o Execute the following command from within the wlstapi-191bin directory
For Windows
wlstapicmd scriptsimportpy --property WeblogicClusterproperties
For LinuxUnix
wlstapish scriptsimportpy --property WeblogicClusterproperties
Administration Guide - Domibus 321 Page 26 97
Expected Result
3 Activate the use of the authorization providers to protect the JMX access
4 The database dialect is pre-configured to use the Oracle database If you are using the MySQL database you should adapt the dialect as highlighted in the text below in DOMAIN_HOMEconfdomibus-datasourcesxml file
ltproperty name=jpaVendorAdaptergt ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt ltproperty name=showSql value=falsegt ltproperty name=generateDdl value=falsegt ltproperty name=databasePlatform value=orghibernatedialectMySQL5InnoDBDialectgt ltbeangt ltpropertygt ltproperty name=jpaPropertiesgt ltpropsgt ltprop key=hibernateconnectiondriver_classgtcommysqljdbcDriverltpropgt ltprop key=hibernatedialectgtorghibernatedialectMySQL5InnoDBDialectltpropgt ltprop key=hibernateformat_sqlgttrueltpropgt ltprop key=transactionfactory_classgtorghibernateenginetransactioninternaljtaCMTTransactionFactoryltpropgt ltprop key=hibernatetransactionmanager_lookup_classgtorghibernatetransactionWeblogicTransactionManagerLookupltpropgt ltprop key=hibernatetransactionjtaplatformgtorghibernateservicejtaplatforminternalWeblogicJtaPlatformltpropgt ltpropsgt ltpropertygt
5 Install the WS plugin For more details refer to chapter 7212 WebLogic
Administration Guide - Domibus 321 Page 27 97
6 Deploy domibus-MSH-321-weblogicwar
o Click Install
o Navigate to location DOMAIN_HOMEconfdomibus where the domibus-MSH-321-weblogicwar file has been previously copied
o Select the domibus-MSH-321-weblogicwar file and click Next
Administration Guide - Domibus 321 Page 28 97
o Choose Install this deployment as an application and click Next
o Select your cluster for the deployment target and click Next
Administration Guide - Domibus 321 Page 29 97
o Select the following options and click Next
Administration Guide - Domibus 321 Page 30 97
o Select the following option and click Finish
Administration Guide - Domibus 321 Page 31 97
o Here is an overview of the resulting settings you can now click Save
The expected positive response to the deployment request should be the following
Administration Guide - Domibus 321 Page 32 97
7 Verify the installation by navigating into your browser to httplocalhost7001domibus-weblogichome
If you can access the page it means the deployment was successful
(by default User = admin Password = 123456)
Expected result
Administration Guide - Domibus 321 Page 33 97
53 Domibus on Tomcat
Remark
As Tomcat isnrsquot a full Java EE application server and doesnrsquot offer JMS capabilities by default
Domibus uses ActiveMQ as an in-memory JMS broker when deployed on a Tomcat servlet container
The configuration for the ActiveMQ JMS broker can be found in
cef_edelivery_pathdomibusinternalactivemqxml
531 Pre-Configured Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
1 Unzip the archive
o Unzip domibus-MSH-321-tomcat-fullzip to a location on your physical machine cef_edelivery_path
2 Prepare the database
o For MySQL database
Add MySQL JDBC driver (eg mysql-connector-java-5134jar) (available on MySQL official web site2) in the folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment
ltbean id=domibusJDBC-XADataSource helliphelliphellipgt ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtcommysqljdbcjdbc2optionalMysqlXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
ltprop key=portgtdb_portltpropgt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcmysqldb_hostdb_portdomibus_schemapinGlobalTxToPhysicalConnec
tion=trueltpropgt
ltpropsgt
2 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 34 97
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtselect 1ltvaluegt
ltpropertygt
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectMySQL5InnoDBDialectgt
ltbeangt
ltpropertygt
ltbeangt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
o For Oracle database
Add the Oracle JDBC driver (eg ojdbc7jar) (available on the Oracle official web site3) in folder cef_edelivery_pathdomibuslib
Edit the xml file cef_edelivery_pathconfdomibusdomibus-datasourcesxml and adjust the highlighted parts in the text below according to your environment ltbean id=domibusJDBC-XADataSource helliphelliphellipgt
ltproperty name=uniqueResourceNamegt
ltvaluegtdomibusJDBC-XAltvaluegt
ltpropertygt
ltproperty name=xaDataSourceClassNamegt
ltvaluegtoraclejdbcxaclientOracleXADataSourceltvaluegt
ltpropertygt
ltproperty name=xaPropertiesgt
ltpropsgt
ltprop key=serverNamegtdb_hostltpropgt
lt--prop key=portgtdb_portltprop--gt
ltprop key=usergtedelivery_userltpropgt
ltprop key=passwordgtedelivery_passwordltpropgt
ltprop
key=urlgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521XE
ltpropgt
ltpropsgt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltproperty name=testQuerygt
ltvaluegtSELECT 1 FROM DUALltvaluegt
ltpropertygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltbeangt
ltbean id=entityManagerFactory helliphellipgt
ltproperty name=jpaVendorAdaptergt
ltbean class=orgspringframeworkormjpavendorHibernateJpaVendorAdaptergt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltbeangt
ltpropertygt
ltbeangt
3 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 35 97
3 Configure your Keystore based on section 612 Certificates
4 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing the first command lines of cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
hellip
set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following
hellip
export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus hellip
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 36 97
532 Single Server Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-configurationzip
domibus-MSH-321-tomcatwar
We assume that an Apache Tomcat 80x is already installed and the installation location is now considered as your cef_edelivery_pathdomibus
1 Download and unzip the artefact domibus-MSH-321-tomcat-confiugurationzip into the directory
cef_edelivery_pathdomibusconfdomibus
2 Configure the MySQL or Oracle datasource as indicated in section 531 Pre-Configured Single Server
Deployment
3 Configure your Keystore based on section 612 Certificates Execute step 3 from section 531 Pre-Configured Single Server Deployment
4 Rename domibus-MSH-321-tomcatwar into domibuswar and deploy it to cef_edelivery_pathdomibus webapps
5 Launch the Domibus application
o For Windows
cd cef_edelivery_pathdomibusbin startupbat
o For LinuxUnix
cd cef_edelivery_path domibusbin chmod +x sh startupsh
7 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 37 97
533 Clustered Deployment
Diagram representing the Deployment of Domibus in a Cluster on Tomcat
Remark
In this section we assume that a JMS Broker and a Loadbalancer are configured separately
(eg httpd)
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-tomcat-fullzip
domibus-MSH-321-tomcatwar
1 Follow steps 1 2 3 and 4 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome
(by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
2 Single Server Deployment
Administration Guide - Domibus 321 Page 38 97
3 Set JVM parameters
Domibus expects a single JVM parameter $domibusconfiglocation pointing towards the cef_edelivery_pathdomibusconfdomibus folder
You can do this by editing cef_edelivery_pathdomibusbincatalinabat (Windows) or cef_edelivery_pathdomibusbincatalinash (Linux) Set CATALINA_HOME equal to the absolute path of the installation cef_edelivery_pathdomibus
Administration Guide - Domibus 321 Page 39 97
o For Windows Edit cef_edelivery_pathdomibusbincatalinabat by adding the following
Remark
your_node_id refers to the installed node in the cluster which starts normally at 01(then 02 etc)
hellip set CATALINA_HOME=cef_edelivery_pathdomibus set JAVA_OPTS=JAVA_OPTS -Dfileencoding=UTF-8 -Xms128m -Xmx1024m -XXPermSize=64m -XXMaxPermSize=256m set JAVA_OPTS=JAVA_OPTS -Ddomibusconfiglocation=CATALINA_HOMEconfdomibus set JAVA_OPTS=JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
o For LinuxUnix Edit cef_edelivery_pathdomibusbincatalinash by adding the following hellip export CATALINA_HOME=cef_edelivery_pathdomibus export JAVA_OPTS=$JAVA_OPTS ndashXms128m ndashXmx1024m -XXMaxPermSize=256m export JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$CATALINA_HOMEconfdomibus export JAVA_OPTS=$JAVA_OPTS -Ddomibusnodeid=your_node_id hellip
4 Integrate JMS Broker with Domibus nodes
o Modify cef_edelivery_pathdomibusconfdomibusinternalactivemqxml
Set the uri to the running JMS-broker
lttransportConnector uri=tcpyour_ipyour_port disableAsyncDispatch=truegt
o Modify cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml
Set the broker to the running JMS-broker
ltamqxaConnectionFactory id=xaJmsConnectionFactory brokerURL=tcpyour_ipyour_port userName=admin_username password=admin_passwordgt
Remove the highlighted parts below
ltbean id=domibusJMS-XAConnectionFactory
class=comatomikosjmsAtomikosConnectionFactoryBean init-method=init
destroy-method=close depends-on=brokergt
ltproperty name=uniqueResourceName value=domibusJMS-XAgt
ltproperty name=xaConnectionFactory ref=xaJmsConnectionFactorygt
ltproperty name=maxPoolSize value=20gt ltbeangt
lt-- lets create an ActiveMQ Broker --gt
ltbean id=broker
class=orgapacheactivemqxbeanBrokerFactoryBeangt ltproperty name=config
value=file$domibusconfiglocationinternalactivemqxmlgt ltbeangt
Administration Guide - Domibus 321 Page 40 97
5 Change parameters in cef_edelivery_pathdomibusconfdomibusdomibus-transactionsxml For clustered deployment
Uncomment the following lines ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactions$domibusnodeidlogltpropgt Comment the following line ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionsltpropgt ltpropgt$domibusworklocation$domibusconfiglocation
worktransactionslogltpropgt
6 Follow step 6 and 7 from the 6 Display the Domibus home page on your browser httplocalhost8080domibus-tomcathome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
7 Single Server Deployment
Administration Guide - Domibus 321 Page 41 97
54 Domibus on WildFly
541 Pre-Configured Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-fullzip
1 Download and unzip the domibus-MSH-321-wildfly-fullzip archive in your cef_edelivery_path location
2 Configure the MySQL database (Option 1)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmain if it does not exist Under this directory
Download and copy the MySQL jar driver (eg mysql-connector-java-5134jar) (Available on MySQL official web site4) in the folder
4 httpdownloadsmysqlcomarchivesc-j
Administration Guide - Domibus 321 Page 42 97
Create or edit the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml and copy the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg mysql-connector-java-5134jar
ltmodule xmlns=urnjbossmodule11 name=commysqlgt
ltresourcesgt
ltresource-root path=mysql-connector-java-5134jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section of the cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
ltsubsystem xmlns=urnjbossdomaindatasources30gt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdriversgt
ltdriver name=commysql module=commysqlgt
ltdriver-classgtcommysqljdbcDriverltdriver-classgt
ltxa-datasource-classgt
commysqljdbcjdbc2optionalMysqlXADataSource
ltxa-datasource-classgt
ltdrivergt
ltdriversgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltdatasourcesgt
helliphelliphelliphelliphelliphelliphelliphelliphelliphelliphellip
ltsubsystemgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the MysqlXADS datasource for MySQL
according to your environment
ltsubsystem xmlns=urnjbossdomaindatasources30gt ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryMysqlXADS enabled=true use-ccm=true statistics-
enabled=truegt
ltxa-datasource-property name=ServerNamegtdb_hostltxa-datasource-
propertygt
ltxa-datasource-property name=DatabaseNamegtdomibus_schemaltxa-
datasource-propertygt
ltxa-datasource-
classgtcommysqljdbcjdbc2optionalMysqlXADataSourceltxa-datasource-classgt
ltdrivergtcommysqlltdrivergt
ltsecuritygt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
ltsecuritygt
ltvalidationgt
Administration Guide - Domibus 321 Page 43 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLValidConnectionCheckergt
ltbackground-validationgttrueltbackground-validationgt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsmysqlMySQLExceptionSortergt
ltvalidationgt
ltxa-datasourcegt
ltsubsystemgt
3 Configure the Oracle Database (option 2)
o Drivers
Create the directory cef_edelivery_pathdomibusmodulessystemlayersbasecomoraclemain if it does not exist Under this directory
Download and copy the Oracle jar driver (eg ojdbc7jar) (Available on the Oracle official web site5) in the folder
Copy the file cef_edelivery_pathdomibusmodulessystemlayersbasecommysqlmainmodulexml then copy it in the folder recently created
Edit modulexml by copying the following module configuration Make sure to put the name of the driver you are using as an argument of resource-root element eg ojdbc7jar
ltmodule xmlns=urnjbossmodule11 name=comoraclegt
ltresourcesgt
ltresource-root path=ojdbc7jargt
ltresourcesgt
ltdependenciesgt
ltmodule name=javaxapigt
ltmodule name=javaxtransactionapigt
ltdependenciesgt
ltmodulegt
Add your DBMS driver metadata to the Drivers section in cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml (Only change the items described below while replacing MYSQL configuration in the process)
ltxa-datasource jndi-name=javajdbccipaeDeliveryDs pool-
name=eDeliveryOracleXADS enabled=true use-ccm=truegt
ltxa-datasource-property
name=URLgtjdbcoraclethinedelivery_useredelivery_passwordlocalhost1521db
1
ltdrivergtcomoracleltdrivergt
ltuser-namegtedelivery_userltuser-namegt
ltpasswordgtedelivery_passwordltpasswordgt
o Datasources
Add the datasources as indicated below to cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
Remark
Please make sure you modify the connection details for the eDeliveryOracleXADS datasource for
Oracle according to your environment
5 httpwwworaclecomtechnetworkdatabasefeaturesjdbcdefault-2280470html
Administration Guide - Domibus 321 Page 44 97
ltvalid-connection-checker class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleValidConnectionChecker
gt
ltexception-sorter class-
name=orgjbossjcaadaptersjdbcextensionsoracleOracleExceptionSortergt
ltdriver name=comoracle module=comoraclegt
ltxa-datasource-
classgtoraclejdbcxaclientOracleXADataSourceltxa-datasource-classgt
Edit the configuration file cef_edelivery_pathdomibusconfdomibusdomibus-datasourcesxml and configure the datasources as indicated below
Remark
Configure the database dialect as it is by default pre-configured for MySQL
ltproperty name=showSql value=truegt
ltproperty name=generateDdl value=truegt
ltproperty name=databasePlatform
value=orghibernatedialectOracle10gDialectgt
ltprop
key=hibernateconnectiondriver_classgtoraclejdbcdriverOracleDriverltpropgt
ltprop
key=hibernatedialectgtorghibernatedialectOracle10gDialectltpropgt
4 Configure your Keystore based on section 612 Certificates
5 Run the standalone server
o For Windows under cef_edelivery_pathdomibusbin
o standalonebat --server-config=standalone-fullxml
o For LinuxUnix under cef_edelivery_pathdomibusbin
standalonesh --server-config=standalone-fullxml
6 Display the Domibus home page on your browser httplocalhost8080domibus-wildflyhome (by default User = admin Password = 123456)
If you can access the page it means the deployment was successful
Expected result
Administration Guide - Domibus 321 Page 45 97
542 Single Server Deployment
In this section we assume that WildFly is installed at the location cef_edelivery_pathdomibus
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildflywar
domibus-MSH-321-wildfly-configurationzip
1 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
2 Configure the environment variables under cef_edelivery_pathdomibusbinstandaloneconf
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=$JBOSS_HOMEconfdomibus helliphelliphelliphelliphelliphellip
3 Download and unzip domibus-MSH-321-wildfly-configurationzip in the directory cef_edelivery_pathdomibusconfdomibus
4 Configure your Keystore based on section 612 Certificates
5 Configure the JMS resources
Configure the JMS resources in the configuration file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml by adding the jms-connection-factories and jms-queues ltsubsystem xmlns=urnjbossdomainmessaging30gt
lthornetq-servergt
ltjmx-management-enabledgttrueltjmx-management-enabledgt
ltjms-connection-factoriesgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltconnection-factory name=edeliveryConnectionFactorygt
ltconnectorsgt
ltconnector-ref connector-name=in-vmgt
ltconnectorsgt
ltentriesgt
ltentry name=javajmsConnectionFactorygt
ltentriesgt
ltcompress-large-messagesgtfalse
ltcompress-large-messagesgt
ltfailover-on-initial-connectiongtfalse
ltfailover-on-initial-connectiongt
ltuse-global-poolsgttrueltuse-global-poolsgt
ltconnection-factorygt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-connection-factoriesgt
ltjms-destinationsgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-queue name=DomibusBusinessMessageOutQueuegt
ltentry name=javajmsdomibusbackendjmsoutQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageOutQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendJmsQueuegt
Administration Guide - Domibus 321 Page 46 97
ltentry name=javajmsdomibusnotificationjmsgt
ltentry name=javajmsqueueDomibusNotifyBackendJmsQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyConsumerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyConsumergt
ltentry name=javajmsqueueDomibusErrorNotifyConsumerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusErrorNotifyProducerQueuegt
ltentry name=javajmsdomibusbackendjmserrorNotifyProducergt
ltentry name=javajmsqueueDomibusErrorNotifyProducerQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusBusinessMessageInQueuegt
ltentry name=javajmsdomibusbackendjmsinQueuegt
ltentry name=javajmsqueueDomibusBusinessMessageInQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusPluginToBackendQueuegt
ltentry name=javajmsdomibusbackendjmsreplyQueuegt
ltentry name=javajmsqueueDomibusPluginToBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusSendMessageQueuegt
ltentry name=javajmsdomibusinternaldispatchqueuegt
ltentry name=javajmsqueueDomibusSendMessageQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendWebServiceQueuegt
ltentry name=javajmsdomibusnotificationwebservicegt
ltentry name=javajmsqueueDomibusNotifyBackendWebServiceQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusUnknownReceiverQueuegt
ltentry name=javajmsdomibusinternalnotificationunknowngt
ltentry name=javajmsqueueDomibusUnknownReceiverQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DomibusNotifyBackendQueuegt
ltentry name=javajmsdomibusinternalnotificationqueuegt
ltentry name=javajmsqueueDomibusNotifyBackendQueuegt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-queue name=DLQgt
ltentry name=javajmsdomibus DLQgt
ltentry name=javajmsqueueDLQgt
ltdurablegttrueltdurablegt
ltjms-queuegt
ltjms-topic name=DomibusClusterCommandTopicgt
ltentry name=javajmsdomibusinternalcommandgt
ltentry name=javajmstopicDomibusClusterCommandTopicgt
ltjms-topicgt
helliphelliphelliphelliphelliphelliphelliphelliphellip
ltjms-destinationsgt
lthornetq-servergt
ltsubsystemgt
Remark
Please note also the JMX management has to be enabled so the JMS resources can be monitored in
the JMS Monitoring screen
Administration Guide - Domibus 321 Page 47 97
6 Connect to the Admin Console of WildFly at httplocalhost9990
7 Click on Deployments in the console menu then click on Add
Administration Guide - Domibus 321 Page 48 97
8 Select Upload a new deployment then click Next
Administration Guide - Domibus 321 Page 49 97
9 Browse to the location of the domibus-distribution-321-wildflywar file select it and click Next
10 The deployment is successful when the name of the war file appears in the Deployment column
Expected Result
Administration Guide - Domibus 321 Page 50 97
543 Clustered Deployment
For this step you will have to use the following resources (see section 41 Binaries repository for the download location)
domibus-MSH-321-wildfly-configurationzip
domibus-MSH-321-wildflywar
In this section we assume that the setup of WildFly 9 in domain mode has already been done and that the cluster has been enabled as described in the official documentation For more details on how to perform an installation of Wildfly 9 in domain mode please refer to the official documentation6
Diagram representing the Deployment of Domibus in a Cluster on WildFly
In order to install Domibus in a WildFly cluster please follow the steps below
1 Download and unzip domibus-MSH-321-wildfly-configurationzip in a shared location that is accessible by all the nodes from the cluster We will refer to this directory as cef_shared_edelivery_pathdomibus
2 Follow steps 2 (MySQL) or 3 (Oracle) from the section 541 Pre-Configured Single Server Deployment
Remarks
o This step needs to be performed on all the nodes from the cluster
o In the following 2 steps we will edit the profile full-ha from the configuration file
domainconfigurationdomainxml located in the master node
o Configure the JMS queues and topics as indicated in 542 point 5 Configure the JMS resources Configure the database dialect as indicated in 541 point 3 Remark
o Configure the database dialect in the cef_shared_edelivery_pathconfdomibusdomibus-datasourcesxml
6 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 51 97
3 Configure the environment variables in the file bindomainconf
Remark
bindomainconf is located in each WildFly node The environment variable setting needs to be
performed in every node from the cluster
helliphelliphelliphelliphelliphellip
JAVA_OPTS=-Xms128m ndashXmx1024m -XXMaxPermSize=256m -javanetpreferIPv4Stack=true JAVA_OPTS=$JAVA_OPTS -Ddomibusconfiglocation=cef_shared_edelivery_pathconfdomibus helliphelliphelliphelliphelliphellip
4 Deploy the domibus-MSH-321-wildflywar to the cluster We will use the WildFly Administration console for performing the deployment We will deploy the application on the other-server-group cluster which is configured step by step in the official documentation7
7 httpsdocsjbossorgauthordisplayWFLY9WildFly+9+Cluster+Howto
Administration Guide - Domibus 321 Page 52 97
Administration Guide - Domibus 321 Page 53 97
6 DOMIBUS CONFIGURATION
Domibus application has one main webservice
servicesmsh The Message Service Handler is the URL of your AS4 Access Point endpoint This interface has to be exposed on the internet and should be reachable by your correspondent Access Point(s)
Domibus has also one optional webservice
servicesbackend The URL of the backend webservice This interface should ONLY be exposed to your backend client(s) within your internal network This uses the default WS plugin (712 WS Plugin)
Message Service Handler diagram
Administration Guide - Domibus 321 Page 54 97
61 Security Configuration
611 Policies
Domibus uses a security policy which mandatory to be fully conformant with the e-SENS AS4 profile It is used for the configuration of WS-Security The policy is referenced in the PMode configuration file in section 73 PMode Configuration The policy definition can be found under cef_edelivery_pathdomibusconfdomibuspolicieseDeliveryPolicyxml For more information related to the AS4 e-SENS profile please refer to httpwikidsunipigrdisplayESENSPR+-+AS4
612 Certificates
Domibus Access Point uses certificates for the encryption for the signature of the AS4 messages and for establishing trust with other Access Points The certificates need to be configured in the keystore and truststore JKS files defined in domibus-securityxml configuration file The keystore contains the certificate of the Access Point which includes its private and public keys The truststore contains the public keys of the trusted Access Points Modify the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml as defined in the box below
ltproperty name=password_storegt ltutilmapgtltentry value=your_privatekey_password key=your_keystore_aliasgt ltutilmapgt ltpropertygt hellip lt-- The password used to load the keystore --gt ltprop key=orgapachewssecuritycryptomerlinkeystorepasswordgtyour_keystore_passwordltpropgt lt-- The keystore alias to use for decryption and signing --gt ltprop key=orgapachewssecuritycryptomerlinkeystorealiasgtyour_keystore_aliasltpropgt hellip lt-- The password used to load the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorepasswordgt your_trustore_passwordltpropgt hellip lt-- The location of the keystore --gt ltprop key=orgapachewssecuritycryptomerlinfilegt$domibusconfiglocationkeystoresyour_keystorejksltpropgt hellip
lt-- The location of the truststore --gt ltprop key=orgapachewssecuritycryptomerlintruststorefilegt$domibusconfiglocationkeystoresyour_truststorejksltpropgt
Create if not present a folder cef_edelivery_pathdomibusconfdomibuskeystores
Administration Guide - Domibus 321 Page 55 97
Get your key pair from an external provider (Self-signed certificates should only be used for testing purposes not production) If you are interested in using the CEF Public Key Infrastructure Solution see the related documentation at CEF Public Key Infrastructure (PKI) Service Offering Document
Create if not present the public and private keys containers (eg truststorejks and keystorejks)
Import your private key into your keystore
Remarks
o Your private key and your keystore should always stay secret Please never share them
o The keystore alias has to be the same as the party ID defined in the 73 PMode Configuration It is
strongly recommended to put your key pair (private and public key) and the public key of the other
participants you trust in two separate containers
62 Domibus Properties
Edit cef_edelivery_pathconfdomibusdomibus-configurationxml and set
Configuration Property Default value Purpose
domibusmshmessageidsuffix domibuseu
This Property is used to generate the random Message id with a fixed suffix which is set by default to domibuseu The resulting format will be UUID$domibusmshmessageidsuffix This property is mandatory
domibusmshretrycron 05 It is the retry cron job to send the messages It is set by default to every 5 seconds This property is mandatory
domibusmshretrytolerance 10000 Timeout tolerance for retry messages Should be set to double of the retry worker execution interval This property is mandatory
domibusdispatchebmserrorunrecoverableretry true This property should be set to true if Domibus needs to retry sending the failed messages This property is mandatory
domibussmlzone accedeliverytecheceuropaeu Set the SMLZone if Domibus needs to be used under Dynamic discovery model This property is only mandatory if an SML is used
domibusbackendjmsInQueue domibusbackendjmsinQueue This queue is the entry point for messages to be sent by the sending MSH This property is only mandatory if the JMS plugin is used
domibusdeploymentclustered false If true the quartz scheduler jobs are clustered This property is mandatory it should be set to true if the deployment of Domibus is done in a cluster
Administration Guide - Domibus 321 Page 56 97
domibusattachmentstoragelocation -
It is possible to configure Domibus to save the message payloads on the file system instead of the database This setting is recommended when exchanging payloads bigger than 30MB In order to enable the file system storage please add the following property to cef_edelivery_pathconfdomibusdomibus-configurationxml domibusattachmentstoragelocation= your_file_system_location where your_file_system_location is the location on the file system where the payloads will be saved
Remark
In a cluster configuration the file system storage needs
to be accessible by all the nodes from the cluster
domibusjmxuser jmsManager WebLogic specific The user that will be used to access the queues via JMX
domibusjmxpassword jmaManager1 WebLogic specific The associated password of the configured domibusjmxuser
Administration Guide - Domibus 321 Page 57 97
Configuration Property Default value Purpose
Proxy Settings In case your Access Point has to use a proxy server you can configure it with these properties
domibusproxyenabled false truefalse depending on whether you need to use proxy or not
domibusproxyhttphost - Host name of the proxy server
domibusproxyhttpport - Port of Proxy server
domibusproxyuser - Username for authentication on the proxy server
domibusproxypassword - Password
domibusproxynonProxyHosts - Indicates the hosts that should be accessed without going through the proxy
Administration Guide - Domibus 321 Page 58 97
7 PLUGIN MANAGEMENT
This section describes the different types of plugins and their registration process
71 Default Plugins
Domibus comes with two default plugins The two Interface Control Documents (ICD) describe these two plugins (JMS and WS)8
711 JMS Plugin
For the JMS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-jms-pluginzip
712 WS Plugin
For the WS plugin you will have to use the following resource (see section 41 Binaries repository for the download location)
domibus-MSH-321-default-ws-pluginzip
7121 Domibus authentication
The default web service plugin for Domibus 32 includes an example of how to implement authentication
and authorization By default this feature is disabled to insure backwards compatibility with older versions
of Domibus
The documentation below answers the question how to enable and use the authentication in the WS
plugin
The default WS plugin supports
- Basic Authentication
- X509Certificates Authentication
- Blue Coat Authentication
Remark
Blue Coat is the name of the reverse proxy at the commission It forwards the re-quest in HTTP with
the certificate details inside the request (ldquoClient-Certrdquo header key)
Basic Authentication takes precedence on both http and https
X509Certificates is expected on https when no Basic Authentication was found
Blue Coat certificates are expected on http when no Basic Authentication was found
8 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 59 97
For convenience reasons the WS plugin uses exactly the same database as configured for Domibus core to
store the userspasswords and certificate ids To learn more about the authentication read the plugin
cookbook 9
There are two default users already inserted in the database (make sure you already ran the migration scripts)
admin and user both with 123456 as password
admin has the role ROLE_ADMIN and user has the role ROLE_USER
Roles
ROLE_ADMIN has the right to call
- sendMessage with any value for originalSender property
- downloadMessage (any message among messages notified to this plugin)
- listPendingMessages will list all pending messages for this plugin
- getMessageStatus and getMessageErrors
ROLE_USER has the right to call
- sendMessage with originalSender equal to the originalUser
- downloadMessage only if finalRecipient equals the originalUser
- listPendingMessages only messages with finalRecipient equal to the origi-nalUser
7122 Enable the authentication in Domibus
To enable the authentication at Domibus levelthe following steps must be configured
1 In confdomibusdomibus-configurationxml and set the property
ldquodomibusauthunsecureLoginAllowedrdquo to false
ltutilpropertiesgt
hellip
lt-- To disable unsecureLogin set this to false --gt
ltprop key=domibusauthunsecureLoginAllowedgtfalseltpropgt
ltutilpropertiesgt
2 The application server must be configured to allow https requests and pass the authentication
credentials to Domibus
9 httpseceuropaeucefdigitalwikixcTIEAg
Administration Guide - Domibus 321 Page 60 97
72 Custom Plugin
Users can develop their own plugins Please refer to the Plugin Cookbook10 for more details
721 Plugin registration
Remark
Please refer to section 744 Message Filtering for the routing of the specific plugin after registering
the plugin on your specific Application Server
7211 Tomcat
Remark
CATALINA_HOME is the folder where the Tomcat is installed
1 Stop Tomcat server
2 Copy the custom plugin jar file to the plugins folder CATALINA_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to CATALINA_HOMEconfdomibuspluginsconfig
4 Start Tomcat server
7212 WebLogic
Remark
DOMAIN_HOME is the folder corresponding to the WebLogic domain
1 Stop the WebLogic server
2 Copy the custom plugin jar file to the plugins folder DOMAIN_HOMEconfdomibuspluginslib
3 Copy the custom plugin XML configuration file to DOMAIN_HOMEconfdomibuspluginsconfig
4 Start the WebLogic server
7213 WildFly
In order to install a custom plugin please follow the steps
1 Stop the WildFly server
2 Copy the custom plugin jar file to the plugins folder cef_edelivery_path confdomibuspluginslib
3 Copy the custom plugin XML configuration file to cef_edelivery_path confdomibuspluginsconfig
4 Start the WildFly server
10
A Plugin Cookbook is available in the Documentation section of the Domibuss Release page of the CEF Digital Single
Web Portal httpseceuropaeucefdigitalwikidisplayCEFDIGITALDomibus+-+v32
Administration Guide - Domibus 321 Page 61 97
73 PMode Configuration
Processing Modes (PModes) are used to configure Access Points The PMode parameters are loaded into the Access Point via an XML file
The following features described in the PMode file are Security Reliability Transport Business Collaborations Error Reporting Message Exchange Patterns (MEPs) and Message Partition Channels (MPCs)
As different messages maybe subject to various types of processing or as different business domains may have several requirements Access Points commonly support several PModes Some PMode parameters are mandatory others are optional For more information please refer to the Access Point Component Offering Document
731 Configuration
In Domibus PMode are XML files you can create one or edit the existing PMode files cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name1xml and cef_edelivery_pathdomibusconfpmodesdomibus-gw-sample-pmode-party_id_name2xml by replacing party_id_name1 with your hostname and party_id_name2 with your correspondents hostname in the name of the files and in the files themselves as shown below The partyID must match the alias of the certificate in the keystore and the endpoint must be the external access link to your own instance
Remark
This step could be managed by a PMode Configuration Manager known by your Business Owner
ltparty name=party_id_name2
endpoint=http
party_id_name2_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name2 partyIdType=partyTypeUrngt
ltpartygt
ltparty name=party_id_name1
endpoint=http
party_id_name1_hostname8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=party_id_name1 partyIdType=partyTypeUrngt
ltpartygt PMode view
Administration Guide - Domibus 321 Page 62 97
732 Adding a new participant
If a new participants Access Point is joining your network you need to edit your PMode accordingly and to re-upload it
Add a new_party element
ltparty name=new_party_name
endpoint=httpnew_party_msh
allowChunking=falsegt
ltidentifier partyId=new_party_id partyIdType=partyTypeUrngt
ltpartygt
Add your new_party_name as initiator
The party with the role of initiator will be the sender of the messages ltinitiatorPartiesgt
hellip
ltinitiatorParty name=new_party_namegt
ltinitiatorPartiesgt
Add your new_party_name as responder
The party with the role of responder will be the receiver of the messages ltresponderPartiesgt
hellip
ltresponderParty name=new_party_namegt
ltresponderPartiesgt
733 Sample PMode file
Processing modes (PModes) describe how messages are exchanged between AS4 partners (in this case Access Points blue_gw and red_gw) These files contain the identifiers of each AS4 Access Point (identified as parties in the PMode file below)
Sender Identifier and Receiver Identifier represent the organizations that send and receive the business documents They are both used in the authorization process (PMode) Therefore adding modifying or deleting a participant implies modifying the corresponding PMode files
Here is an example of the content of a PMode XML file
Remark
In this setup we have allowed each party (blue_gw or red_gw) to initiate the process If only blue_gw
is supposed to send messages we need to put only blue_gw in ltinitiatorPartiesgt and red_gw in
ltresponderPartiesgt
ltxml version=10 encoding=UTF-8gt
ltdbconfiguration xmlnsdb=httpdomibuseuconfiguration party=blue_gwgt
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
Administration Guide - Domibus 321 Page 63 97
ltmpcsgt
ltbusinessProcessesgt
ltrolesgt
ltrole name=defaultInitiatorRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704initiatorgt
ltrole name=defaultResponderRole
value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704respondergt
ltrolesgt
ltpartiesgt
ltpartyIdTypesgt
ltpartyIdType name=partyTypeUrn
value=urnoasisnamestcebcorepartyid-typeunregisteredgt
ltpartyIdTypesgt
ltparty name=red_gw
endpoint=httpltred_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-red
partyIdType=partyTypeUrngt
ltpartygt
ltparty name=blue_gw
endpoint=httpltblue_hostnamegt8080domibusservicesmsh
allowChunking=falsegt
ltidentifier partyId=domibus-blue
partyIdType=partyTypeUrngt
ltpartygt
ltpartiesgt
ltmepsgt
ltmep name=oneway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704oneWaygt
ltmep name=twoway value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704twoWaygt
ltbinding name=push value=httpdocsoasis-openorgebxml-
msgebmsv30nscore200704pushgt
ltbinding name=pushAndPush value=httpdocsoasis-
openorgebxml-msgebmsv30nscore200704push-and-pushgt
ltmepsgt
ltpropertiesgt
ltproperty name=originalSenderProperty
key=originalSender
datatype=string
required=truegt
ltproperty name=finalRecipientProperty
key=finalRecipient
datatype=string
required=truegt
ltpropertySet name=ecodexPropertySetgt
ltpropertyRef property=finalRecipientPropertygt
ltpropertyRef property=originalSenderPropertygt
ltpropertySetgt
ltpropertiesgt
ltpayloadProfilesgt
ltpayload name=businessContentPayload
cid=cidmessage
required=true
mimeType=textxmlgt
ltpayload name=businessContentAttachment
cid=cidattachment
Administration Guide - Domibus 321 Page 64 97
required=false
mimeType=applicationoctet-streamgt
ltpayloadProfile name=MessageProfile
maxSize=40894464gt
ltattachment name=businessContentPayloadgt
ltattachment name=businessContentAttachmentgt
ltpayloadProfilegt
ltpayloadProfilesgt
ltsecuritiesgt
ltsecurity name=eDeliveryPolicy
policy=eDeliveryPolicyxml
signatureMethod=RSA_SHA256 gt
ltsecurity name=noSigNoEnc
policy=doNothingPolicyxml
signatureMethod=RSA_SHA256gt
ltsecurity name=eSensPolicy
policy=eSensPolicyxml
signatureMethod=RSA_SHA256gt
ltsecuritiesgt
lterrorHandlingsgt
lterrorHandling name=demoErrorHandling
errorAsResponse=true
businessErrorNotifyProducer=false
businessErrorNotifyConsumer=false
deliveryFailureNotifyProducer=falsegt
lterrorHandlingsgt
ltagreementsgt
ltagreement name=agreement1 value=A1 type=gt
ltagreement name=agreement2 value=A2 type=gt
ltagreement name=agreement3 value=A3 type=gt
ltagreementsgt
ltservicesgt
ltservice name=testService1 value=bdxnoprocess type=tc1gt
ltservicesgt
ltactionsgt
ltaction name=tc1Action value=TC1Leg1gt
ltaction name=tc2Action value=TC2Leg1gt
ltactionsgt
ltas4gt
ltreceptionAwareness name=receptionAwareness
retry=124CONSTANT duplicateDetection=truegt
ltreliability name=AS4Reliability nonRepudiation=true
replyPattern=responsegt
ltreliability name=noReliability nonRepudiation=false
replyPattern=responsegt
ltas4gt
ltlegConfigurationsgt
ltlegConfiguration name=pushTestcase1tc1Action
service=testService1
action=tc1Action
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eDeliveryPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfiguration name=pushTestcase1tc2Action
service=testService1
action=tc2Action
Administration Guide - Domibus 321 Page 65 97
defaultMpc=defaultMpc
reliability=AS4Reliability
security=eSensPolicy
receptionAwareness=receptionAwareness
propertySet=ecodexPropertySet
payloadProfile=MessageProfile
errorHandling=demoErrorHandling
compressPayloads=truegt
ltlegConfigurationsgt
ltprocess name=tc1Process
agreement=
mep=oneway
binding=push
initiatorRole=defaultInitiatorRole
responderRole=defaultResponderRolegt
ltinitiatorPartiesgt
ltinitiatorParty name=blue_gwgt
ltinitiatorParty name=red_gwgt
ltinitiatorPartiesgt
ltresponderPartiesgt
ltresponderParty name=blue_gwgt
ltresponderParty name=red_gwgt
ltresponderPartiesgt
ltlegsgt
ltleg name=pushTestcase1tc1Actiongt
ltleg name=pushTestcase1tc2Actiongt
ltlegsgt
ltprocessgt
ltbusinessProcessesgt
ltdbconfigurationgt
734 Domibus pconf to ebMS3 PMode Mapping
The following table provides additional information concerning the Domibus PMode configuration files
Domibus pconf EbMS3 Specification
[ebMS3CORE] [AS4-
Profile]
Description
MPCs - Container which defines the
different MPCs (Message Partition
Channels)
Administration Guide - Domibus 321 Page 66 97
MPC PMode[1]BusinessInfoMP
C The value of this
parameter is the identifier of
the MPC (Message Partition
Channel) to which the
message is assigned It maps
to the attribute Messaging
UserMessage
Message Partition Channel allows
the partition of the flow of
messages from a Sending MSH to a
Receiving MSH into several flows
each of which is controlled
separately An MPC also allows
merging flows from several
Sending MSHs into a unique flow
that will be treated as such by a
Receiving MSH
The value of this parameter is the
identifier of the MPC to which the
message is assigned
MessageRetentionDownloaded - Retention interval for messages
already delivered to the backend
MessageRetentionUnDownloaded - Retention interval for messages not
yet delivered to the backend
Parties - Container which defines the
different PartyIdTypes Party and
Endpoint
PartyIdTypes maps to the attribute
MessagingUserMessage
PartyInfo
Message Unit bundling happens
when the Messaging element
contains multiple child elements or
Units (either User Message Units or
Signal Message Units)
Party ID maps to the element
MessagingUserMessage
PartyInfo
The ebCore Party ID type can
simply be used as an identifier
format and therefore as a
convention for values to be used in
configuration and ndash as such ndash does
not require any specific solution
building block
Endpoint maps to
PMode[1]ProtocolAddress
The endpoint is a party attribute
that contains the link to the MSH
The value of this parameter
represents the address (endpoint
URL) of the Receiver MSH (or
Receiver Party) to which Messages
under this PMode leg are to be sent
Note that a URL generally
determines the transport protocol
(eg if the endpoint is an email
address then the transport protocol
must be SMTP if the address
scheme is http then the transport
protocol must be HTTP)
AS4 - Container
Administration Guide - Domibus 321 Page 67 97
Reliability [Nonrepudiation]
[ReplyPattern]
Nonrepudiation maps to
PMode[1]SecuritySendRe
ceiptNonRepudiation
ReplyPattern maps to
PMode[1]SecuritySendRe
ceiptReplyPattern
PMode[1]SecuritySendReceiptNo
nRepudiation value = lsquotrue (to be
used for non-repudiation of receipt)
value = false (to be used simply for
reception awareness)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoResponsersquo
(sending receipts on the HTTP
response or back-channel)
PMode[1]SecuritySendReceiptRe
plyPattern value = lsquoCallbackrsquo
(sending receipts use a separate
connection)
ReceptionAwareness
[retryTimeout] [retryCount]
[strategy] [duplicateDetection]
retryTimeout maps to
PMode[1]ReceptionAware
nessRetry=true
PMode[1]ReceptionAwaren
essRetryParameters
retryCount maps to
PMode[1]ReceptionAware
nessRetryParameters
strategy maps to
PMode[1]ReceptionAware
nessRetryParameters
duplicateDetection maps to
PMode[1]ReceptionAware
nessDuplicateDetection
These parameters are stored in a
composite string
bull retryTimeout defines timeout in
seconds
bull retryCount is the total number of
retries
bull strategy defines the frequency of
retries The only strategy available
as of now is CONSTANT
bull duplicateDetection allows to
check duplicates when receiving
twice the same message The only
duplicateDetection available as of
now is TRUE
Securities - Container
Security - Container
Policy PMode[1]Security NOT
including
PMode[1]SecurityX509Sig
natureAlgorithm
The parameter in the pconf file
defines the name of a WS-
SecurityPolicy file
SignatureMethod PMode[1]SecurityX509Sig
natureAlgorithm
This parameter is not supported by
WS-SecurityPolicy and therefore it
is defined separately
BusinessProcessConfiguration - Container
Agreements maps to ebMessaging
UserMessage
CollaborationInfo
AgreementRef
This OPTIONAL element occurs
zero times or once The
AgreementRef element is a string
that identifies the entity or artifact
governing the exchange of
messages between the parties
Actions - Container
Administration Guide - Domibus 321 Page 68 97
Action maps to Messaging
UserMessage
CollaborationInfoAction
This REQUIRED element occurs
once The element is a string
identifying an operation or an
activity within a Service that may
support several of these
Services - Container
ServiceTypes Type maps to Messaging
UserMessage
CollaborationInfo
Service[type]
This REQUIRED element occurs
once It is a string identifying the
service that acts on the message and
it is specified by the designer of the
service
MEP [Legs] - An ebMS MEP defines a typical
choreography of ebMS User
Messages which are all related
through the use of the referencing
feature (RefToMessageId) Each
message of an MEP Access Point
refers to a previous message of the
same Access Point unless it is the
first one to occur Messages are
associated with a label (eg request
reply) that precisely identifies their
direction between the parties
involved and their role in the
choreography
Bindings - Container
Binding - The previous definition of ebMS
MEP is quite abstract and ignores
any binding consideration to the
transport protocol This is
intentional so that application level
MEPs can be mapped to ebMS
MEPs independently from the
transport protocol to be used
Roles - Container
Administration Guide - Domibus 321 Page 69 97
Role maps to
PModeInitiatorRole or
PModeResponderRole depending on where this is
used In ebMS3 message this
defines the content of the
following element
bull For Initiator
MessagingUserMessagePa
rtyInfoFromRole bull For Responder
MessagingUserMessagePa
rtyInfoToRole
The required role element occurs
once and identifies the authorized
role (fromAuthorizedRole or
toAuthorizedRole) of the Party
sending the message (when present
as a child of the From element) or
receiving the message (when
present as a child of the To
element) The value of the role
element is a non-empty string with
a default value of httpdocsoasis-
openorgebxml-
msgebmsv30nscore200704defa
ultRole
Other possible values are subject to
partner agreement
Processes - Container
PayloadProfiles - Container
Payloads - Container
Payload maps to
PMode[1]BusinessInfoPay
loadProfile
This parameter allows specifying
some constraint or profile on the
payload It specifies a list of
payload parts
A payload part is a data structure
that consists of five properties
1 name (or Content-ID) that
is the part identifier and
can be used as an index in
the notation
PayloadProfile
2 MIME data type (textxml
applicationpdf etc)
3 name of the applicable
XML Schema file if the
MIME data type is
textxml
4 maximum size in kilobytes
5 Boolean string indicating
whether the part is
expected or optional
within the User message
The message payload(s) must
match this profile
ErrorHandlings - Container
ErrorHandling - Container
Administration Guide - Domibus 321 Page 70 97
ErrorAsResponse maps to
PMode[1]ErrorHandling
ReportAsResponse
This Boolean parameter indicates
(if true) that errors generated from
receiving a message in error are
sent over the back-channel of the
underlying protocol associated with
the message in error If false such
errors are not sent over the back-
channel
ProcessErrorNotifyProducer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Producer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Sending MSH during
processing of the User Message to
be sent
ProcessErrorNotifyConsumer maps to
PMode[1]ErrorHandling
ReportProcessErrorNotify
Producer
This Boolean parameter indicates
whether (if true) the Consumer
(applicationparty) of a User
Message matching this PMode
should be notified when an error
occurs in the Receiving MSH
during processing of the received
User message
DeliveryFailureNotifyProducer maps to
PMode[1]ErrorHandling
ReportDeliveryFailuresNo
tifyProducer
When sending a message with this
reliability requirement (Submit
invocation) one of the two
following outcomes shall occur
- The Receiving MSH successfully
delivers (Deliver invocation) the
message to the Consumer
- The Sending MSH notifies (Notify
invocation) the Producer of a
delivery failure
Legs - Container
Administration Guide - Domibus 321 Page 71 97
Leg - Because messages in the same MEP
may be subject to different
requirements - eg the reliability
security and error reporting of a
response may not be the same as for
a request ndash the PMode will be
divided into legs Each user
message label in an ebMS MEP is
associated with a PMode leg Each
PMode leg has a full set of
parameters for the six categories
above (except for General
Parameters) even though in many
cases parameters will have the same
value across the MEP legs Signal
messages that implement transport
channel bindings (such as
PullRequest) are also controlled by
the same categories of parameters
except for BusinessInfo group
Process - In Process everything is plugged
together
Domibus pconf to ebMS3 mapping
Administration Guide - Domibus 321 Page 72 97
735 Upload new Configuration
Upload the PMode file on both Access Points
Remark
In case the configuration is updated on one Access Point all access points are informed about this
change (via jms topic)
a To update the PMode configuration andor Truststore connect to the administration dashboard using your credentials (by default User = admin Password = 123456) to httplocalhost8080domibushome
Login to administration dashboard
b Click on the Configuration upload tab
Configuration upload
Administration Guide - Domibus 321 Page 73 97
c Select the PMode file that has been edited by pressing Browsehellip then Press here to upload the Pmode xml file
Remark
Each time a PMode is updated the truststore is reloaded into the access point from the
filesystem
d Select the Truststore file that needs to be uploaded by pressing Browsehellip then Press here to
upload the truststore jks file
PMode uploading
Administration Guide - Domibus 321 Page 74 97
74 Administration Tools
741 Application Logging
7411 Administration Dashboard
It is recommended to change the passwords for the default users which have access to the Domibus Administration page admin and user
In order to change the password please use a BCrypt strong hashing algorithm to generate your custom password You can use an online BCrypt password generator (eg httpswwwbcrypt-generatorcom)
Once you have the hashed password please modify the passwords for the default users (admin and user) in the file cef_edelivery_pathdomibusconfdomibusdomibus-securityxml
ltsecauthentication-managergt
ltsecauthentication-providergt
ltsecpassword-encoder ref=bcryptEncodergt
ltsecuser-servicegt
ltsecuser name=user password=your_custom_user_password
authorities=ROLE_USERgt
ltsecuser name=admin password=your_custom_admin_password
authorities=ROLE_USERROLE_ADMINgt
ltsecuser-servicegt
ltsecauthentication-providergt
ltsecauthentication-managergt
Domibus administration dashboard includes a message logging page that gives the administrator information related to sent messages received messages and their status (SENT RECEIVED FAILED ACKNOWLEDGEhellip)
The following state machines illustrates the evolution of the processing of a messages according to the encountered events
State machine of Corner 2 (sending access point)
Administration Guide - Domibus 321 Page 75 97
State machine of Corner 3 (receiving access point)
Remark
The administration dashboard is reachable via the URL
httpyour_serveryour_port_numberdomibushome (Tomcat)
httpyour_serveryour_port_numberdomibus-wildflyhome (WildFly)
httpyour_serveryour_port_numberdomibus-weblogichome (WebLogic)
Administration Guide - Domibus 321 Page 76 97
7412 Domibus log file
The file cef_edelivery_pathdomibuslogsdomibuslog contains errors encountered by the application The file contains information related to internal errors thrown if the application fails to process an incoming or an outgoing message
Remark
The response of the application to your clients request might also contain information about the
errors encountered depending on the root cause of the issue (eg if the header of the request is not
compliant with your PMode the message error will be included in the soap response On the other
hand if the error is related to the security protocol the information will be included in Domibuslog
only)
7413 Logging properties
It is possible to modify the configuration of the logs by editing the logging properties in the file cef_edelivery_pathdomibusconfdomibuslog4jproperties
Administration Guide - Domibus 321 Page 77 97
In the example below you can see the contents of the log4jproperties file
In red these parameters can be edited to modify the location of the log file and the layout
In green these parameters can be edited to change the level of logging (3 levels definied INFO WARN and ERROR)
7414 Error Log page
This option lists all the error logs related to Message Transfers and includes the ErrorSignalMessageId ErrorDetail and Timestamp The messages can be sorted by clicking on the up and down arrows which helps to search for specific messages
Administration Guide - Domibus 321 Page 78 97
742 Queue Monitoring
Domibus uses JMS queues to handle the messages
Destination
type
JNDI name Comment Description
Queue jmsdomibusinternaldispatchqueue No
redelivery because
redelivery of MSH
messages
is handled
via ebMS3AS4
This queue is used for
scheduling messages for
sending via the MSH
Queue jmsdomibusinternalnotificationunknown Notifications about received
messages (by the MSH) that
do not match any backend
routing criteria will be sent
to this queue In production
environment this queue
should be monitored in order
to handle those messages
manually
Topic jmsdomibusinternalcommand This topic is used for
sending commands to all
nodes in a cluster For
example it is used after a
PMode was uploaded in
order to notify all nodes to
update their PMode cache
(in case caching is enabled)
Queue jmsdomibusbackendjmsreplyQueue This queue is used for
sending replies back to the
sender of a message Replies
contain a correlationId
ebMS3 messageId (if
possible) error messages (if
available)
Queue jmsdomibusbackendjmsoutQueue Messages received by the
MSH (that match the routing
criteria for the JMS plugin)
will be sent to this queue
Queue jmsdomibusbackendjmsinQueue This queue is the entry point
for messages to be sent by
the sending MSH
Queue jmsdomibusbackendjmserrorNotifyConsumer This queue is used to inform
the receiver of a message
that an error occurred during
the processing of a received
message
Queue jmsdomibusbackendjmserrorNotifyProducer This queue is used to inform
the sender of a message that
an error occurred during the
processing of a message to
be sent
Administration Guide - Domibus 321 Page 79 97
Queue jmsdomibusnotificationjms
Used for sending
notifications to the
configured JMS plugin
Queue jmsdomibusinternalnotificationqueue
This queue is used to notify
the configured plugin about
the status of the message to
be sent
Queue jmsdomibusnotificationwebservice Used for sending
notifications to the
configured WS plugin
Queue jmsdomibusDLQ This is the Dead Letter
Queue of the application
The messages from other
queues that reached the retry
limit are redirected to this
queue
All these queues can be monitored and managed using the JMS Monitoring page
In the Source field we have all the queues listed along with the number of messages pending in each queue If a queue is used internally by the application core its name will start with [internal] A regular expression is used to identify all the internal queues The value for this regular expression can be adapted in the property domibusjmsinternalQueueexpression from the file cef_edelivery_pathconfdomibusdomibus-configurationxml
In the JMS Monitoring page the following operations can be performed
1 Inspecting and filtering the messages from a queue based on the following fields
a Source the source queue of the messages
b Period time interval that will filter the messages based on the send date
c JMS type the JMS header JMSType
d Selector the JMS message selector expression
Remark
For more info on the JMS message headers and on the JMS message selector please check the official
documentation httpsdocsoraclecomcdE19798-01821-1841bncesindexhtml
Administration Guide - Domibus 321 Page 80 97
2 Move message
a Move a message from the DLQ to the original queue
- Select a JMS message from the DLQ and press the Move button
- The message details are displayed and the original queue where the message came from is
pre-selected
- Press the Move button and the message will be move to the original queue
Administration Guide - Domibus 321 Page 81 97
b Move multiple messages from the DLQ to the original queue
- Select multiple JMS message from the DLQ and press the Move button
- The messages ID are displayed in the Id field and all the available queues are displayed for
selection in a drop down list in the destination field
- Select the destination queue from the dropdown list and press move All the previously
selected JMS messages will be moved to the selected destination queue
Remark
Please make sure that all the selected messages came from the same source queue Use the filtering
capabilities to ensure this
Administration Guide - Domibus 321 Page 82 97
3 Delete message
a Delete a message from a queue
- Select a JMS message from the source queue and press the Remove button
- The message details are displayed
- Press the Remove button to remove it
Administration Guide - Domibus 321 Page 83 97
b Delete multiple messages from a queue
- Select multiple JMS message from the source queue and press the Remove button
- The messages ID to be removed are displayed
- Press the Remove button to remove them
Administration Guide - Domibus 321 Page 84 97
743 Configuration of the queues
Queues should be configured appropriately and accordind to the backend system needs and re-delivery policy
7431 Tomcat
Domibus uses ActiveMQ as JMS broker The various queues are configured in the cef_edelivery_pathconfdomibusinternalactivemqxml file
Please see ActiveMQ redelivery policy and configure the parameters below
ltredeliveryPlugin fallbackToDeadLetter=true
sendToDlqIfMaxRetriesExceeded=truegt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicy queue=sendMessageQueue
maximumRedeliveries=0gt
ltredeliveryPolicy queue=
maximumRedeliveries=10 redeliveryDelay=300000gt
ltredeliveryPolicyEntriesgt
ltredeliveryPolicyMapgt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
ltredeliveryPolicyMapgt
ltredeliveryPlugingt
7432 WebLogic
Please use the admin console of WebLogic to configure the re-delivery limit and delay
7433 WildFly
Please use the admin console of WildFly to configure the re-delivery limit and delay
744 Message Filtering
In case there are multiple plugins registered Domibus will route the incoming message to the first plugin in the list
In the configuration above the incoming message will be routed to the backendWebservice (default name of the default WS Plugin) A plugin can be configured to treat a subset of incoming messages according to 4 criteria action service to and from
Plugins must be configured properly to ensure that these criteria will ensure that all messages are treated and that not more than one plug-in can consume the same message
Administration Guide - Domibus 321 Page 85 97
There are four fields that are available for the plugin to perform the match against an incoming message received by Domibus (Action Service From To) The following parameters can be set in the wanted filtering configuration
eg
Action TC1Leg1
Service bdxnoprocess
From domibus-party_id_name1urnoasisnamestcebcorepartyid-typeunregistered
To domibus-party_id_name2urnoasisnamestcebcorepartyid-typeunregistered
That information can be found in the incoming message received by Domibus (eg see below)
ltnsPartyInfogt ltnsFromgt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name1ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704initiatorltnsRolegt ltnsFromgt ltnsTogt ltnsPartyId type=urnoasisnamestcebcorepartyid-typeunregisteredgtparty_id_name2ltnsPartyIdgt ltnsRolegthttpdocsoasis-openorgebxml-msgebmsv30nscore200704responderltnsRolegt ltnsTogt ltnsPartyInfogt ltnsCollaborationInfogt ltnsService type=tc1gtbdxnoprocessltnsServicegt ltnsActiongtTC1Leg1ltnsActiongt ltnsCollaborationInfogt
Administration Guide - Domibus 321 Page 86 97
8 DATA ARCHIVING
8111 Whats archiving
Data archiving is the method of moving message that have been processed successfully or unsuccessfully by the access point to an external storage location for long-term retention
Archiving data involves older data that have been processed at the communication level by the access points but that is still significant to the business and may be needed for future reference or data that must be retained for legal constraints
Data archives are indexed and searchable to allow easy retrieval
It is not recommended to use Domibus as an archiving solution Nevertheless if it is really needed to keep the data it is possible to set the Data Retention Policy so the data can be extracted from the database through the webservices or by an external archiving tool
8112 Data Retention Policy
A data retention policy is a businesss established procedure for continuous information storage for operational legal or compliance reasons
The data retention policy needs to be defined based on the business needs and constraints
In Domibus the data retention policy can be found here in the PMode file
ltmpcsgt
ltmpc name=defaultMpc
qualifiedName=httpdocsoasis-openorgebxml-msgebmsv30nscore200704defaultMPC
enabled=true
default=true
retention_downloaded=0
retention_undownloaded=14400gt
ltmpcsgt
In the sample PMode configuration of Domibus the data retention policy is set to 14400 seconds (4 hours) if the message is not downloaded This means that if the message is not downloaded it will be deleted then only the metadata containing the information of the receiver and the acknowledgement
The data retention policy is also set to 0 seconds if the message is downloaded This means that the message will be instantaneously deleted as soon as it is downloaded Those two parameters can be configured to meet the needs of the business
8113 Data Extraction
In order to keep the metadata and the payload of the message for a defined amount of time that exceeds the one set in the PMode it is recommended to extract it As long as the retention worker does not delete it data can be extracted through the webservices or through an external archiving tool
For more information please refer to the Data Model provided in the Domibus Software Architecture Document
Administration Guide - Domibus 321 Page 87 97
9 TROUBLESHOOTING
91 Failed to obtain DB connection from datasource
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name orgspringframeworkschedulingquartzSchedulerFactoryBean0 defined in ServletContext resource [WEB-INFmsh-configxml] Invocation of init method failed nested exception is orgquartzJobPersistenceException Failed to obtain DB connection from datasource springTxDataSourceorgspringframeworkschedulingquartzSchedulerFactoryBean0 comatomikosjdbcAtomikosSQLException Failed to grow the connection pool [See nested exception comatomikosjdbcAtomikosSQLException Failed to grow the connection pool] at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactoryinitializeBean(AbstractAutowireCapableBeanFactoryjava1578) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorydoCreateBean(AbstractAutowireCapableBeanFactoryjava545) at orgspringframeworkbeansfactorysupportAbstractAutowireCapableBeanFactorycreateBean(AbstractAutowireCapableBeanFactoryjava482) at orgspringframeworkbeansfactorysupportAbstractBeanFactory$1getObject(AbstractBeanFactoryjava305) at orgspringframeworkbeansfactorysupportDefaultSingletonBeanRegistrygetSingleton(DefaultSingletonBeanRegistryjava230) at orgspringframeworkbeansfactorysupportAbstractBeanFactorydoGetBean(AbstractBeanFactoryjava301) SEVERE One or more listeners failed to start Full details will be found in the appropriate container log file May 11 2016 101243 AM orgapachecatalinautilSessionIdGeneratorBase createSecureRandom INFO Creation of SecureRandom instance for session ID generation using [SHA1PRNG] took [13256] milliseconds May 11 2016 101243 AM orgapachecatalinacoreStandardContext startInternal SEVERE Context [domibus] startup failed due to previous errors May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Closing Spring root WebApplicationContext May 11 2016 101243 AM orgapachecatalinacoreApplicationContext log INFO Shutting down log4j
Solution Setup the password properly in the domibus-datasourcesxml
Administration Guide - Domibus 321 Page 88 97
92 Exception sending context initialized event to listener instance of class
SEVERE Exception sending context initialized event to listener instance of class orgspringframeworkwebcontextContextLoaderListener orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name entityManagerFactory defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Cannot resolve reference to bean domibusJDBC-XADataSource while setting bean property dataSource nested exception is orgspringframeworkbeansfactoryBeanCreationException Error creating bean with name domibusJDBC-XADataSource defined in URL [filehomeedeliverydomibusf1confdomibusdomibus-datasourcesxml] Invocation of init method failed nested exception is comatomikosjdbcAtomikosSQLException The class commysqljdbcjdbc2optionalMysqlXADataSource specified by property xaDataSourceClassName could not be found in the classpath Please make sure the spelling is correct and that the required jar(s) are in the classpath
Solution Add MySQL connector in domibuslib folder
93 Neither the JAVA_HOME nor the JRE_HOME environment variable is
defined
Neither the JAVA_HOME nor the JRE_HOME environment variable is defined At least one of these environment variable is needed to run this program
Solution Set JAVA_HOME variable orand JRE_HOME
94 Cannot access Admin Console
httpyour_serveryour_port_numberdomibushome No SEVER errors in logs but no admin option in browser under
Solution Check if the firewall is open for port_no (eg 8080)
95 Handshake Failure
Full stack trace below
orgapachecxfinterceptorFault Could not write attachments at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava74) at orgapachecxfphasePhaseInterceptorChaindoIntercept(PhaseInterceptorChainjava308) at orgapachecxfendpointClientImpldoInvoke(ClientImpljava514) at orgapachecxfendpointClientImplinvoke(ClientImpljava423) at orgapachecxfendpointClientImplinvoke(ClientImpljava324) at orgapachecxfendpointClientImplinvoke(ClientImpljava277) at orgapachecxfendpointClientImplinvokeWrapped(ClientImpljava312)
Administration Guide - Domibus 321 Page 89 97
at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava327) at orgapachecxfjaxwsDispatchImplinvoke(DispatchImpljava246) at eudomibusebms3senderMSHDispatcherdispatch(MSHDispatcherjava126) at eudomibusebms3senderMSHDispatcher$$FastClassBySpringCGLIB$$105974a1invoke(ltgeneratedgt) at orgspringframeworkcglibproxyMethodProxyinvoke(MethodProxyjava204) at orgspringframeworkaopframeworkCglibAopProxy$CglibMethodInvocationinvokeJoinpoint(CglibAopProxyjava717) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179) at orgspringframeworkaopframeworkCglibAopProxy$DynamicAdvisedInterceptorintercept(CglibAopProxyjava653) at eudomibusebms3senderMSHDispatcher$$EnhancerBySpringCGLIB$$da53e95adispatch(ltgeneratedgt) at eudomibusebms3senderMessageSendersendUserMessage(MessageSenderjava116) at eudomibusebms3senderMessageSenderonMessage(MessageSenderjava195) at sunreflectNativeMethodAccessorImplinvoke0(Native Method) at sunreflectNativeMethodAccessorImplinvoke(NativeMethodAccessorImpljava57) at sunreflectDelegatingMethodAccessorImplinvoke(DelegatingMethodAccessorImpljava43) at javalangreflectMethodinvoke(Methodjava606) at orgspringframeworkaopsupportAopUtilsinvokeJoinpointUsingReflection(AopUtilsjava302) at orgspringframeworkaopframeworkReflectiveMethodInvocationinvokeJoinpoint(ReflectiveMethodInvocationjava190) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava157) at orgspringframeworktransactioninterceptorTransactionInterceptor$1proceedWithInvocation(TransactionInterceptorjava99) at orgspringframeworktransactioninterceptorTransactionAspectSupportinvokeWithinTransaction(TransactionAspectSupportjava281) at orgspringframeworktransactioninterceptorTransactionInterceptorinvoke(TransactionInterceptorjava96) at orgspringframeworkaopframeworkReflectiveMethodInvocationproceed(ReflectiveMethodInvocationjava179)
Administration Guide - Domibus 321 Page 90 97
at orgspringframeworkaopframeworkJdkDynamicAopProxyinvoke(JdkDynamicAopProxyjava207) at comsunproxy$Proxy163onMessage(Unknown Source) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoInvokeListener(AbstractMessageListenerContainerjava746) at orgspringframeworkjmslistenerAbstractMessageListenerContainerinvokeListener(AbstractMessageListenerContainerjava684) at orgspringframeworkjmslistenerAbstractMessageListenerContainerdoExecuteListener(AbstractMessageListenerContainerjava651) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerdoReceiveAndExecute(AbstractPollingMessageListenerContainerjava315) at orgspringframeworkjmslistenerAbstractPollingMessageListenerContainerreceiveAndExecute(AbstractPollingMessageListenerContainerjava233) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerinvokeListener(DefaultMessageListenerContainerjava1150) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerexecuteOngoingLoop(DefaultMessageListenerContainerjava1142) at orgspringframeworkjmslistenerDefaultMessageListenerContainer$AsyncMessageListenerInvokerrun(DefaultMessageListenerContainerjava1039) at javalangThreadrun(Threadjava745) Caused by javaxnetsslSSLHandshakeException Received fatal alert handshake_failure at sunsecuritysslAlertsgetSSLException(Alertsjava192) at sunsecuritysslAlertsgetSSLException(Alertsjava154) at sunsecuritysslSSLSocketImplrecvAlert(SSLSocketImpljava1979) at sunsecuritysslSSLSocketImplreadRecord(SSLSocketImpljava1086) at sunsecuritysslSSLSocketImplperformInitialHandshake(SSLSocketImpljava1332) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1359) at sunsecuritysslSSLSocketImplstartHandshake(SSLSocketImpljava1343) at sunnetwwwprotocolhttpsHttpsClientafterConnect(HttpsClientjava563) at sunnetwwwprotocolhttpsAbstractDelegateHttpsURLConnectionconnect(AbstractDelegateHttpsURLConnectionjava185) at sunnetwwwprotocolhttpHttpURLConnectiongetOutputStream(HttpURLConnectionjava1092) at sunnetwwwprotocolhttpsHttpsURLConnectionImplgetOutputStream(HttpsURLConnectionImpljava250) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamsetupWrappedStream(URLConnectionHTTPConduitjava236) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamhandleHeadersTrustCaching(HTTPConduitjava1302) at orgapachecxftransporthttpHTTPConduit$WrappedOutputStreamonFirstWrite(HTTPConduitjava1262) at orgapachecxftransporthttpURLConnectionHTTPConduit$URLConnectionWrappedOutputStreamonFirstWrite(URLConnectionHTTPConduitjava267) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava47)
Administration Guide - Domibus 321 Page 91 97
at orgapachecxfioAbstractThresholdOutputStreamwrite(AbstractThresholdOutputStreamjava69) at orgapachecxfioAbstractWrappedOutputStreamwrite(AbstractWrappedOutputStreamjava60) at orgapachecxfioCacheAndWriteOutputStreamwrite(CacheAndWriteOutputStreamjava89) at orgapachecxfattachmentAttachmentSerializerwriteProlog(AttachmentSerializerjava172) at orgapachecxfinterceptorAttachmentOutInterceptorhandleMessage(AttachmentOutInterceptorjava72) 43 more
Solution If you receive this error then itrsquos likely that you configured the client with TLSv11 while the server
only accepts TLSv12
Administration Guide - Domibus 321 Page 92 97
10 ANNEX 1 ndash TLS CONFIGURATION
1011 TLS Configuration
10111 Transport Layer Security in Domibus
One way of implementing TLS for AS4 e-Sens is to use the TLS in the Domibus Message Handler (MSH) described below otherwise this would have to be handled at a higher level (eg Application Server Proxy etchellip)
To enable secure communication at the transport layer (TLS) between a sending and a receiving MSH (Access Point) both the client and the server need to be configured accordingly
The client is used in the initiator MSH to send the request and is therefore configured via CXF while the server is configured at containerapplication server level
10112 Client side configuration
The tlsClientParameters are configured in cef_edelivery_pathconfdomibusclientauthenticationxml file
lthttp-conftlsClientParameters disableCNCheck=true secureSocketProtocol=TLSv12 xmlnshttp-conf=httpcxfapacheorgtransportshttpconfiguration xmlnssecurity=httpcxfapacheorgconfigurationsecuritygt ltsecuritytrustManagersgt ltsecuritykeyStore type=JKS password=your_trustore_password file=$domibusconfiglocationkeystoresyour_trustore_ssljksgt ltsecuritytrustManagersgt ltsecuritykeyManagers keyPassword=your_keystore_passwordgt ltsecuritykeyStore type=JKS password=your_keystore_password file=$domibusconfiglocationkeystoresyour_keystore_ssljksgt ltsecuritykeyManagersgt lthttp-conftlsClientParametersgt
Remark
your_trustore_ssl and your_keystore_ssl are used at the transport layer (SSL) while your_trustore and
your_keystore described in section 612 Certificates are used by Domibus to encrypt and sign (WS-
Security)
Administration Guide - Domibus 321 Page 93 97
When the clientauthenticationxml file is present and the endpoint of the receiving MSH is https the TLS parameters are added via the CXF framework to the send request
The version of the TLS must be specified by setting secureSocketProtocol=TLSv12
If you use self-signed certificates you need to set disableCNCheck=true
The attribute disableCNCheck specifies if JSSE should omit checking if the host name specified in the URL matches that of the Common Name (CN) on the servers certificate Default is false this attribute should not be set to true during production use11
Remark
TLSv12 is mandatory for AS4 e-Sens Profile
10113 Server side configuration
101131 Tomcat 8
In Serverxml add a new connector having SSLEnabled attribute set to true
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password clientAuth=false sslProtocol=TLS gt
The keystore jks location and password must be specified otherwise the default one will be considered TLS version can also be specified
The above connector has clientAuth=false this means that only the server has to authenticate himself (ONE WAY SSL)
To configure TWO WAY SSL which is optional based on the AS4 e-Sens Profile set clientAuth=true and provide the location of the your_truststore_ssljks so that the server can verify the client in Serverxml
ltConnector SSLEnabled=true protocol=orgapachecoyotehttp11Http11Protocol port=8443 maxThreads=200 scheme=https secure=true keystoreFile=$domibusconfiglocationkeystoresyour_keystore_ssljks keystorePass=your_keystore_password truststoreFile=$domibusconfiglocationkeystoresyour_truststore_ssljks truststorePass=your_trustore_password clientAuth=true sslProtocol=TLS gt
11
httpsaccessredhatcomdocumentationen-
USRed_Hat_JBoss_Fuse60htmlXML_Configuration_Referencefilescxf-http-conf-2_7_0_xsd_Element_http-
conf_tlsClientParametershtml
Administration Guide - Domibus 321 Page 94 97
101132 WebLogic
1 Specify the use of SSL on default port 7002
Go to Servers select server name Configuration General then click on Client Cert Proxy Enabled
2 Add keystore and truststore
Go to Servers select server name Configuration Keystores and SSL tabs and use Custom Identity and Custom Trust then set keystore and trustore jks
To disable basic authentication at Weblogic level
By default WebLogic performs its own basic authentication check before passing the request to Domibus Instead we want basic authentication to be performed by Domibus so we disable it at application server level
In DOMAIN_HOMEconfigconfigxml add
ltenforce-valid-basic-auth-credentialsgtfalseltenforce-valid-basic-auth-credentialsgt
Administration Guide - Domibus 321 Page 95 97
101133 Wildfly 9
In file cef_edelivery_pathdomibusstandaloneconfigurationstandalone-fullxml
add the keystore and trustore jks to the ApplicationRealm
ltsecurity-realm name=ApplicationRealmgt ltserver-identitiesgt ltsslgt ltkeystore path=confdomibuskeystoresgateway_keystorejks relative-to=jbossserverbasedir keystore-password=test123 alias=blue_gw key-password=test123gt ltsslgt ltserver-identitiesgt ltauthenticationgt lttruststore path=confdomibuskeystoresgateway_truststorejks relative-to=jbossserverbasedir keystore-password=test123 gt hellip ltauthenticationgt
add https-listener to default-server
ltsubsystem xmlns=urnjbossdomainundertow20gt ltbuffer-cache name=defaultgt ltserver name=default-servergt lthttp-listener name=default socket-binding=http redirect-socket=httpsgt lthttps-listener name=default_https socket-binding=https security-realm=ApplicationRealm verify-client=ldquoREQUIREDgt
Administration Guide - Domibus 321 Page 96 97
101134 Configure Basic and Certificates authentication in SoapUI
Go to File Preferences HTTP Settings and check Adds authentication information to outgoing requests
Go to File Preferences SSL Settings and add the KeyStore KeyStore Password and check the requires client authentication
Administration Guide - Domibus 321 Page 97 97
To pass Basic Authentication in the Auth tab click Add New Authorization and select Basic Enter user and password (eg Username = admin Password = 123456)
101135 PMode update
If you enable HTTPS then your PMode Configuration Manager needs to make sure that all other endpoint PModes are modified accordingly
With the SSL connector configured as above the MSH endpoint is now httpsyour_domibus_host8443domibusservicesmsh
The PMode needs to be updated accordingly and uploaded via the Admin Console
Example
ltparty name=party_id_name1
endpoint=https your_domibus_host8443domibusservicesmsh allowChunking=falsegt