System profile use case
In this use case, you will see how to change the settings of your STS via a profile created with the Provisioning Service. As in this use case, you will only use resources and placeholders, you will be able to apply this profile to both Talend Runtime Container and Apache Tomcat.
The resources in use in this use case are:
-
org.talend.esb.job.client.sts.cfg
-
clientKeystore.properties
-
clientstore.jks
They will replace the default configuration files of your container when you will apply the profile to it.
The content of the org.talend.esb.job.client.sts.cfg is as follows:
#STS endpoint configuration
#sts.wsdl.location = http://localhost:8080/SecurityTokenService/UT?wsdl
sts.wsdl.location = #{STSEndpointUT}
sts.x509.wsdl.location = #{STSEndpointX509}
sts.namespace = http://docs.oasis-open.org/ws-sx/ws-trust/200512/
sts.service.name = SecurityTokenService
sts.endpoint.name = UT_Port
sts.x509.endpoint.name = X509_Port
sts.allow.renewing = false
#STS properties configuration
ws-security.sts.token.username = myclientkey
ws-security.sts.token.usecert = true
ws-security.is-bsp-compliant = false
ws-security.sts.token.properties = #{clientKSproperties}
security.encryption.username = mystskey
security.encryption.properties = #{clientKSproperties}
The content of the clientKeystore.properties is as follows:
org.apache.ws.security.crypto.merlin.keystore.type = jks
org.apache.ws.security.crypto.merlin.keystore.password = #{KSpwd}
org.apache.ws.security.crypto.merlin.keystore.alias = #{KSalias}
org.apache.ws.security.crypto.merlin.keystore.file = #{KSfile}
The values defined with the #{} syntax correspond to the placeholders you will create in the profile, and they will be replaced dynamically by the values you will define in the profile.
-
Create a profile with the resources and placeholders needed for your STS settings:
tprovision:profile-create InfraProfile infra
-
Add the resource:
tprovision:resource-create InfraProfile c:/Temp/org.talend.esb.job.client.sts.cfg
-
Add the resource:
tprovision:resource-create InfraProfile c:/Temp/clientKeystore.properties etc/keystores/clientKeystore.properties
-
Add the resource:
tprovision:resource-create InfraProfile c:/Temp/clientstore.jks etc/keystores/clientstore.jks
-
Add the placeholder:
tprovision:placeholder-create infra STSEndpointUT http://localhost:8040/services/SecurityTokenService/UT?wsdl
-
Add the placeholder:
tprovision:placeholder-create infra STSEndpointX509 http://localhost:8040/services/SecurityTokenService/X509?wsdl
-
Add the placeholder:
tprovision:placeholder-create infra clientKSproperties file:\${tesb.home}/etc/keystores/clientKeystore.properties
-
Add the placeholder:
tprovision:placeholder-create infra KSpwd cspass
-
Add the placeholder:
tprovision:placeholder-create infra KSalias myclientkey
-
Add the placeholder:
tprovision:placeholder-create infra KSfile ./etc/keystores/clientstore.jks
-
Release the placeholder:
tprovision:placeholders-release infra 1.0
-
Release the profile:
tprovision:profile-release InfraProfile 1.0 infra 1.0
-
Now that the new InfraProfile profile has been released, you can apply it to the container to apply the STS settings defined in the profile, it will automatically replace the configuration files by the resources you added to the profile and the placeholders defined in those resources will be replaced by their new value defined as well in the profile.
To apply this configuration profile to the container:
-
Type in the following command in its console:
tprovision-agent:apply-profiles InfraProfile 1.0
The creation of the profile described above, performed directly in the Talend Runtime Container can be performed as well from the Provisioning page of the Talend Administration Center. For more information, see the Talend Administration Center User Guide.
To apply this configuration profile in Tomcat:
-
Go to the Provisioning agent deployed in Apache Tomcat: http://localhost:8080/provisioning-web-agent-/web-agent
-
In the Provisioning Web agent user interface:
In the Lookup Profile area, in the Profile name field, type in InfraProfile to look up for that profile, and in the Version field, type in the 1.0 version you just released. Click Lookup.
-
The InfraProfile you looked up is listed:
Click Apply to apply it.
-
InfraProfile version 1.0 is applied in Tomcat.
-