In wso2/wso2mi Docker image currently using ENV JAVA_VERSION=jdk-11.0.10+9, is this possible to downgrade or upgrade this Java version?
Why am I looking for this?
I am facing a weird problem with ENV JAVA_VERSION=jdk-11.0.10+9 in my application our SOAP web services throwing
{
"httpCode": 502,
"userMessage": "Invalid response from remote host",
"developerMessage": "The creation time is ahead of the current time.",
"details": {
"detail": "wsse:InvalidSecurityToken"
},
"errorCode": "S:Sender",
"timeStamp": 1624875331996,
"transactionId": "CIP-urn:uuid:b813c0a1-da6a-4dfe-8647-7237f39de941"
}
While same code is working fine when we are using lower[1.2.0-centos7] version of wso2/wso2mi so I want to test wso2/wso2mi with different Java version .
Not sure if this code doing some magic for different java version .
private void addSecurityHeader(MessageContext mc, String username, String password) throws Exception {
SecureRandom rand = SecureRandom.getInstance("SHA1PRNG");
rand.setSeed(System.currentTimeMillis());
byte[] nonceBytes = new byte[16];
rand.nextBytes(nonceBytes);
String createdDate = DateTimeFormatter.ISO_OFFSET_DATE_TIME.withZone(ZoneId.of("UTC")).format(Instant.now());
byte[] createdDateBytes = createdDate.getBytes();
ByteArrayOutputStream stream = new ByteArrayOutputStream();
stream.write(nonceBytes);
stream.write(createdDateBytes);
stream.write(password.getBytes(StandardCharsets.UTF_8));
MessageDigest md = MessageDigest.getInstance("SHA-1");
byte[] passwordDigest = md.digest(stream.toByteArray());
SOAPEnvelope envelope = mc.getEnvelope();
OMFactory factory = envelope.getOMFactory();
OMNamespace securityNamespace = factory.createOMNamespace(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
SOAPHeaderBlock securityBlock = envelope.getHeader().addHeaderBlock("Security", securityNamespace);
securityBlock.setMustUnderstand(true);
OMElement usernameTokenElement = factory.createOMElement("UsernameToken", securityNamespace);
OMNamespace namespaceWSU = factory.createOMNamespace(
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
OMAttribute attribute = factory.createOMAttribute("Id", namespaceWSU, "SOAI_req_SOAI");
usernameTokenElement.addAttribute(attribute);
securityBlock.addChild(usernameTokenElement);
OMElement usernameElement = factory.createOMElement("Username", securityNamespace);
usernameElement.setText(username);
usernameTokenElement.addChild(usernameElement);
OMElement passwordElement = factory.createOMElement("Password", securityNamespace);
attribute = factory.createOMAttribute("Type", null,
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
passwordElement.addAttribute(attribute);
passwordElement.setText(new String(Base64.encodeBase64(passwordDigest), StandardCharsets.UTF_8));
usernameTokenElement.addChild(passwordElement);
OMElement nonceElement = factory.createOMElement("Nonce", securityNamespace);
attribute = factory.createOMAttribute("EncodingType", null,
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
nonceElement.addAttribute(attribute);
nonceElement.setText(new String(Base64.encodeBase64(nonceBytes), StandardCharsets.UTF_8));
usernameTokenElement.addChild(nonceElement);
OMElement createdElement = factory.createOMElement("Created", securityNamespace);
createdElement.setText(createdDate);
usernameTokenElement.addChild(createdElement);
}
Edit 1
So what i tried we are using our own Docker file to create image and here is the contents
FROM wso2/wso2mi:4.0.0
FROM adoptopenjdk/openjdk8:jdk8u232-b09-slim
COPY /lib/* $WSO2_SERVER_HOME/lib/
COPY /carFiles/api_common-20.11.0-SNAPSHOT.car $WSO2_SERVER_HOME/repository/deployment/server/carbonapps/
COPY /carFiles/api_impl-20.11.0-SNAPSHOT.car $WSO2_SERVER_HOME/repository/deployment/server/carbonapps/
COPY /carFiles/api-20.11.0-SNAPSHOT.car $WSO2_SERVER_HOME/repository/deployment/server/carbonapps/
After this build will be use to deploy into the Docker+Kubernetes Environment.
We can't change the Java version in runtime. Hence, we have to build a new image with the required Java version. You can either use the existing Dockerfile and modify it to build an image from the scratch or you can build a new image on top of the wso2/wso2mi and change the Java version in it.
For reference, here is the Dockerfile used to build the wso2/wso2mi images.
Given below is a sample Dockerfile and the steps used to build the image with Java 8 locally
Update the existing CentOS Dockerfile with Java 8 base image
FROM adoptopenjdk/openjdk8:x86_64-centos-jre8u242-b08
Download and place the wso2mi-4.0.0 in the same directory where the Dockerfile is placed. Rename the wso2mi-4.0.0 to wso2mi
Execute the following command to build the image
docker build -t <tag-name> . --build-arg MICROESB_VERSION=4.0.0
Once it is built, start a container locally to verify everything is working. Then, push the image to a private/public Docker repository and refer that in the K8s to pull it
docker run -d --name <container-name> <image-name>
Additionally, you can perform the exec command to go inside the container and verify the Java version
docker exec -it <container-name> sh
As you are using the existing wso2/wso2mi image to build your own image, you can follow a similar approach as following to install and configure the Java 8.
The given approach downloads the Java 8 binary from GitHub and configures the JAVA_HOME and PATH environment variables. Find a sample Dockerfile below
FROM wso2/wso2mi:4.0.0
# FROM adoptopenjdk/openjdk8:jdk8u232-b09-slim
# Perform COPY artifacts
COPY /lib/* $WSO2_SERVER_HOME/lib/
...
# Download and configure Java 8
RUN \
wget -O jdk8.tar.gz https://github.com/AdoptOpenJDK/openjdk8-binaries/releases/download/jdk8u292-b10/OpenJDK8U-jdk_x64_linux_hotspot_8u292b10.tar.gz; \
mkdir -p ${WORKING_DIRECTORY}/openjdk-8; \
cd ${WORKING_DIRECTORY}/openjdk-8; \
tar -xf ${WORKING_DIRECTORY}/jdk8.tar.gz --strip-components=1; \
export PATH=${WORKING_DIRECTORY}/openjdk-8/bin:$PATH; \
rm ${WORKING_DIRECTORY}/jdk8.tar.gz;
ENV JAVA_HOME=${WORKING_DIRECTORY}/openjdk-8 \
PATH=${WORKING_DIRECTORY}/openjdk-8/bin:$PATH