1 # Portl Widget Microservice
3 For security, the server listens only on localhost (127.0.0.1) and requires HTTP Basic
4 Authentication. Because no network traffic is accepted or processed (packets never leave
5 the host). Currently, the server uses a self signed certificate - details below.
11 3. Connectivity to AT&T Maven Central
16 2. A Mysql database using the same database as the Portal
20 Use maven to build and package the microservice into a jar using this command:
26 All configuration parameters are entered in a file called application.properties. A version with default values can be found in the top level of this project.
28 Details about the database are configured in this file. The default entries for the database configuration are shown here:
30 spring.datasource.url=jdbc:mariadb:failover://{db_host:db_port/{portal_db}
31 spring.datasource.username={username}
32 spring.datasource.password=ENC({encrypted_password})
34 The HTTP server's username and password are configured in this file. Only one username/password is used to secure the REST endpoint. The default entries for the server are shown here:
36 security.user.name={basic_auth_username}
37 security.user.password=ENC({encrypted_basic_auth_password})
39 When you package the application into a jar file and launch the microservice using that jar, the configuration file must be in the current working directory where you launch the service.
41 ## Generating Encrypted Passwords
43 Use the following command to generate an encrypted password for the database and the
44 micro service. The entire command must be entered on one line; the command shown
45 below uses backslashes to break lines for readability:
47 java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar \
48 org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI \
49 algorithm=PBEWithMD5AndDES \
50 input='YourPasswordHere' \
51 password='EncryptionKey'
53 Note, 'YourPasswordHere' is the actual database password, as supplied in the 'password'
54 parameter. The value 'EncryptionKey' is used to encrypt the input, and must be supplied
55 at run time in one of two ways:
57 * On the command line with a JVM argument "-Djasypt.encryptor.password". Here's an example
58 of using maven with the Spring-Boot goal:
60 mvn -Djasypt.encryptor.password=EncryptionKey spring-boot:run
62 Here's an example of using java and the jar file:
64 java -jar dbc-microservice.jar -Djasypt.encryptor.password=EncryptionKey
66 * In the application.properties file using the key jasypt.encryptor.password. For example:
68 jasypt.encryptor.password=EncryptionKey
72 Check the configuration properties in file src/main/resources/application.properties. Then launch the microservice for development and testing like this:
74 mvn clean spring-boot:run
78 Ensure a valid configuration is present in file application.properties in the current working directory. Then launch the microservice for production like this:
80 widget-service.sh start
84 This micro service supports the following methods. All can be accessed with a web browser
85 or a REST client such as Postman.
87 ## Generating Encrypted Passwords
89 Use the following command to generate an encrypted password for the database and the
90 micro service. The entire command must be entered on one line; the command shown
91 below uses backslashes to break lines for readability:
93 java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar \
94 org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI \
95 algorithm=PBEWithMD5AndDES \
96 input='YourPasswordHere' \
97 password='EncryptionKey'
99 Note, 'YourPasswordHere' is the actual database password, as supplied in the 'password'
100 parameter. The value 'EncryptionKey' is used to encrypt the input, and must be supplied
101 at run time in one of two ways:
103 * On the command line with a JVM argument "-Djasypt.encryptor.password". Here's an example
104 of using maven with the Spring-Boot goal:
106 mvn -Djasypt.encryptor.password=EncryptionKey spring-boot:run
108 Here's an example of using java and the jar file:
110 java -jar dbc-microservice.jar -Djasypt.encryptor.password=EncryptionKey
112 * In the application.properties file using the key jasypt.encryptor.password. For example:
114 jasypt.encryptor.password=EncryptionKey
118 ### Release 1702, February 2017
120 #### Consul Release Notes
122 Build 1702.3.48, 5 Feb 2017
123 - DE264319 - Corrected spelling for output file from 'consule.out' to 'consul.out' - Please do not miss re-deploying consul build. Widget-ms build is not enough (or required) for this bug fix to be validated.
125 #### Widget-ms Release Notes
128 - Def 143148 - fixed the defect, common widgets work on Firefox version 45
129 - Def 142432 - Widget-ms: InputStream is not getting closed in file StorageServiceImpl.java
132 - St 164888 allow partner applications to trigger a new app tab through portal
133 - St 164847 CCD Widgets
134 - Def 141951 Fixed the issue for inappropriate location of framework-template.js file
135 - Def 141352 Widget Onboarding Page, download icon is not clickable in FF 45 version, Revise widget upload service temporary storage to /tmp
136 - St 164902 One copy of framework.js hidden in the Portal instead of being part of the widgets
137 - St 164905 Download the widget
138 - St 164711 Widget Personalization: Allow user to define his/her own parameters on widgets
139 - St 164863 Widgets to use service onboarding feature
142 - MariaDB connector / failover fix
144 Build 1702.3.79, 10 Feb 2017
145 - Updated application.properties to correct database schema name from dbca to portal
146 - US799260 appended complete hostname to widget certificate for irvine
147 - US799260 appended complete hostname to consul config.json file in prod1 and prod2
148 - US799260 fixed the bar chart issue on devn1, the bar chart shows up on devn1 Home Page
150 Build 1702.3.78, 9 Feb 2017
151 - US799260 fixed the firefox compatibility issue; and y-scales issue in bar chart
152 - US799260 Added the three new widgets in dashboard-widgets folder; removed all testing logs in all widgets; fixed a bug in widget-test
154 Build 1702.3.75, 07 Feb 2017
155 DE267061 - Removed a hardcoded intance of loginId used in the query.
157 Build 1702.3.73, 06 Feb 2017
158 DE267061 - Fixed - user should only see widgets that were uploaded against app/roles that they have OR if they were uploaded by checking All Users checkbox.
159 Build 1702.3.71, 5 Feb 2017
160 - Important Note: Copied all these build notes from Portal WebApp to here (widget-ms) - in order not to confuse folks, we have removed Portal's build numbers for these notes. Going forward, will add widget-ms's own build number. Also note that we've changed the version series in POM.xml from 1702.0 to 1702.3 in pom.xml - Although Jenkins/SWM overrides and doesn't care about maven's versioning, but did this to synch with what Portal Web App POM.
161 - DE261560 Portal App: Widgets MS logs are not getting rolled over
162 - DE261655 Unable to delete standard widgets
163 - DE262487 EP-Portal App: News widget not adapting when tile size is changed by user
164 - DE257516 Common widgets reload in a single tab
165 - DE262505 Upload Duplicate Widget Issue
166 - DE262610 Widget Microservice logging is not following EELF guidelines
167 - DE262800 Issues with widget name this requires database modifications
168 - DE263090 Issues with widget roles
169 - US799260 BE now 'discovers' widget-service using Consul. If consul is not running, it fallbacks to the current implemenation which is https://localhost and the port of your choosing in system.properties - Ex: localhost:8082
170 - US799260 Fix delete feature for the three special widgets news, events, resources widget can have spaces in its name
171 - US799260 Widget feature:
172 + Add the editing feature in widgetOnboarding page
173 + Move widget catalog and onboarding to new directories
174 - US811188 Log / Audit widgets logging in DB
175 - US818934 Allow basic authentication
176 - US814730 Make news / Events and Resources as widgets
177 - US827836 Portal Widget Framework
185 ### Create self signed certificate
187 1. Create a self signed certificate for the microservice
188 keytool -genkey -alias widget-microservice -storetype PKCS12 -keyalg RSA -keystore widget-keystore.p12
190 ### Import into client's trust store
192 1. Export certificate from microservice's keystore - default password is 'microservice'
193 keytool -exportcert -keystore widget-keystore.p12 -alias widget-microservice -file widget-cert.cer
195 2. Import the exported certificate of microservice from step 1 and import it into Portal JRE's cacerts file. The location of this file is %JRE%/lib/secuirty/cacerts.
197 keytool -import -trustcacerts -keystore "C:\Program Files\Java\jre1.8.0_91\lib\security\cacerts" -noprompt -alias widget-microservice -file widget-cert.cer
201 keytool -import -trustcacerts -keystore /usr/local/add-on/jdk1.8.0_60/jre/lib/security/ -noprompt -alias widget-microservice -file widget-cert.cer
203 ### Runing on http (not https)
205 If the intent is to run this microservice without https i.e run on plain http, comment out (put a leading #) infront of all properties in 'Certificate Properties' section of application.properties - these properties are
207 server.ssl.key-store=classpath:widget-keystore.p12
208 server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)
209 server.ssl.keyStoreType=PKCS12
210 server.ssl.keyAlias=widget-microservice
212 ## Running service in docker
214 a). Build docker image: mvn docker:build
215 b). Run the service in docker: docker run -p <port>:<port-in> -t <image-name>
216 c). Check running docker containers: docker ps
218 ## Migration Instruction
219 1. Due to changes in the existing tables, the user will have to remove all the existing widgets in 1702 release
220 2. Re-upload the latest version of widgets under dashboard-widgets folder