DEH Installation Guide
DEH Installation Guide
ig
yr
Digital Engagement Hub op
C
Installation Guide
e
11.12
cl
na
16 April, 2021
Fi
ht
4.1.2 DB Installer Running Steps .................................................................................................. 9
4.2 Oracle DB Creation .............................................................................................................. 10
4.2.1 Prerequisites ..................................................................................................................... 10
rig
4.2.2 Adding Listener Entry before DB Installation ................................................................... 10
4.2.3 DB Installer Running ......................................................................................................... 11
4.3 PostgreSQL DB Creation .................................................................................................... 13
y
4.3.1 Prerequisites ..................................................................................................................... 13
op
4.3.2 DB Installer Running Steps ................................................................................................ 14
4.4 MSSQL DB Creation ............................................................................................................ 15
4.4.1 Prerequisites ..................................................................................................................... 16
C
4.4.2 DB Installer Running Steps ................................................................................................ 16
ht
5.6 X9Ware Tool for NACHA File Validation ........................................................................... 49
ig
6.1 Preface ................................................................................................................................... 50
6.2 4.2 Configuration Separation and Externalization ........................................................... 50
6.2.1 External Configurations .................................................................................................... 50
yr
6.3 Important Configurations ........................................................................................................ 57
6.4 Host Integration Setup ............................................................................................................ 58
7.2
op
7. Common Data Configurations .................................................................................. 59
7.1 Terminologies .......................................................................................................................... 59
Configuration ........................................................................................................................... 59
C
7.3 Customization.......................................................................................................................... 59
7.3.1 data-configuration.yml ..................................................................................................... 60
7.3.2 Multi-entity ....................................................................................................................... 61
e
ht
9.3.3 DB Setup for authentication MS ..................................................................................... 104
9.3.4 Running Microservice ..................................................................................................... 104
9.4 Directbanking MS ............................................................................................................... 107
ig
9.4.1 Introduction .................................................................................................................... 107
9.4.2 Pre-requisite ................................................................................................................... 107
yr
9.4.3 DB Setup for directbankingMS........................................................................................ 107
9.4.4 Running Microservice ..................................................................................................... 108
9.5
9.5.1
9.5.2
op
EnterpriseConsentManagementMS ................................................................................. 110
Introduction .................................................................................................................... 110
Pre-requisite applications ............................................................................................... 111
C
9.5.3 DB Setup ......................................................................................................................... 111
9.5.4 Updating Configuration Properties in Config Server ...................................................... 111
9.5.5 Running Microservice ..................................................................................................... 116
e
9.5.6 Configuring TrustStore for Third Party SSL certificates .................................................. 117
9.5.7 Database Driver setup .................................................................................................... 117
cl
10.Enabling Audit for REST API’s in EB/DEH and Microservices .............................. 119
na
ht
13.FEBA Deployment on Weblogic ................................................................... 137
13.1 Creation and Configuration for New WebLogic Domain ............................................... 137
ig
13.2 FEBA Deployment on Weblogic ....................................................................................... 142
13.2.1 Managed Server Creation ............................................................................................... 144
13.2.2 Enabling Server Logs through Admin Console ................................................................ 147
yr
13.2.3 Creation of a Data Source ............................................................................................... 150
13.2.4 Installation Packages....................................................................................................... 157
op
13.2.5 Types of Deployments .................................................................................................... 157
13.2.6 WAR Modifications to Make it Compatible with Weblogic ............................................ 158
13.2.7 Data Folder Configuration .............................................................................................. 164
C
13.2.8 WAR Deployment in Weblogic Post Modification .......................................................... 168
13.2.9 Setting FEBA SysPath in Server ....................................................................................... 172
13.2.10 Starting Managed Server ................................................................................................ 173
e
ht
From 11.5.3 onwards only WAR is delivered instead of EAR.
Note: This document contains deployment steps for standalone application as well as federated
application. Steps are same for both unless mentioned otherwise.
ig
yr
op
C
e
cl
na
Fi
2. Prerequisites
Refer BOM (Bill of Materials) for all the Mandatory and Options components list to be deployed before
starting installation.
ht
ig
yr
op
C
e
cl
na
Fi
The order in which the components should be brought up, while bringing the profile using the
installation document.
Traditional
ht
1. DB installation
2. DB installer Execution
ig
3. Redis setup
4. Vault server Setup
5. Config server setup
yr
6. Data setup /Data hydration
7. Batch setup
8. Cache Refresh
9.
10.
Application - DEH/MS/OAuth setup
HAProxy / Nginx – LB
op
C
e
cl
na
Fi
4.1.1 Prerequisites
Following installations and configurations have to be done
1. Python 2.4
ht
2. EDB Advanced Server 9.5
3. Add python to PATH environment variable
4. All the directories mentioned under TABLESPACE_NAMES have to be created with write
ig
access, before running the installer
5. Add edbplus.bat(PostgresPlus\9.5AS\edbplus) to PATH environment variable
6. Copy etc. folder which is present under EDB(PostgresPlus\9.5AS\edbplus) to
yr
EDBDBInstaller_EB\util\CREDB
7. EDB cluster should be present and DB server must be running before executing DB installer
EDBDBInstaller_EB\sql
cl
EDBDBInstaller_EB\util
EDBDBInstaller_EB\util\CREDB
na
3. The 'tables' directory will be having all the table creation scripts. The 'dbseed' directory will be
having all the table seed scripts. The 'sql' directory will be having the sequence creation script.
4. The 'CREDB' directory will be having the following files:
Fi
createdb.py
createdb.properties
BANKID.properties
5. Open the createdb.properties file. Values of below parameters must be given.
INSTALLER_DIR, DATABASE_NAME, DB_SU and DB_SU_PWD.
6. The other parameters in createdb.properties need not be modified but they would be useful in few
circumstances. They are given below:
a. BLANK_DB: If you want to create a blank DB without any tables, seed data and
sequences, please provide 'Y' here, else provide 'N'.
ht
7. Change the BANKID's (more than 1 BANKID for Multientity) which are all needed to be inserted to
the corresponding DB seed inserted with bankid '0'(Example:- DBS,01) in the
ig
EDBDBInstaller_EB/util/CREDB/BANKID.properties which instead replace the $BANK_ID in
ZZcreBank.sql file present in EDBDBInstaller_EB/dbseed to the corresponding BANK ID and insert
it.
yr
8. Now open the command prompt. Go to the CREDB directory. Run this:
python createdb.py
op
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the folder EDBDBInstaller_EB\util\CREDB. The tool will analyse all
the logs, and the logs which have errors will be alone kept here. Look at the log files and correct
them.
C
Note: Same steps mentioned above holds good for Unix machines as well with minor changes
e
4.2.1 Prerequisites
Following installations have to be done
1. Python 3.7.7 and add python PATH environment variable
Fi
ht
ig
5. Port number of DB will be identified with this entry in listener.ora file.
LISTENER12 =
yr
(ADDRESS_LIST =
(ADDRESS= (PROTOCOL= TCP) (Host= IP Address) (Port= Port Number))
)
DBInstaller\tables
na
DBInstaller\dbseed
DBInstaller\sqlScripts
DBInstaller\util
Fi
DBInstaller\data
DBInstaller\control
DBInstaller\log
3. The 'tables/oracle' directory will be having all the table creation scripts. The 'dbseed/oracle'
directory will be having all the table seed scripts. The 'dbseed/oracle/sequence' directory will be
having the sequence creation script.
ht
o validator.py
o validator_utility.py
o dbProperties.yaml
ig
5. Open the dbProperties.yaml file. Values for properties under common section should be given
yr
and under oracle section should be given .
op
a. INSTALLER_DIR : This directory is going to be the base directory of the database which
is going to be created (means this directory will be having the data files, log files, control files of the
DB.). So give the directory path in which the data, log, control directories to be created.
C
b. ORACLE_HOME: Give the Oracle Home Directory's path.
e
6. The values for the above 5 parameters must be given. The other parameters in
dbProperties.yaml need not be modified but they would be useful in few circumstances. They are
given below:
a. BLANK_DB: If you want to create a blank DB without any tables, seed data and
sequences, please provide 'Y' here, else provide 'N'.
b. CREATE_DB: If you want to create a fresh DB please provide 'Y' else provide 'N' for only
user creation.
d. TABLESPACE_NAMES: If you want to change the size of any tablespace, you can
change it.
e. The values for the parameters NEW_USER, NEW_USERPWD, DB_SU and
DB_SU_PWD need to be changed only when you would require the new value to be put.
ht
7. Change the BANK_ID (more than 1 BANKID for Multientity) in dbProperties.yaml which are all
ig
needed to be inserted to the corresponding DB seed inserted with bankid '0' (Example:- DBS,01)
which will replace the $BANK_ID in ZZcreBank.sql and ZZcreBank_A.sql file present in dbseed
directory
yr
8. Now open the command prompt. Go to the util directory. Run this:
python installer.py
op
To refresh DB, give CREATE_DB = ‘N’ in dbProperties.yaml and execute the below command:
python installer.py
C
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the DBInstaller\util\logs
e
Note: Same steps mentioned above holds good for Windows machines as well with minor
changes. Also refer ReadMe.txt file for the steps
cl
4.3.1 Prerequisites
1. Python 3.7.7
2. POSTGRESQL 10.13
3. Add python and PostgreSQL to PATH environment variable.
E.g.: For PostgreSQL (Unix): export PATH=/opt/postgresql-10.1/bin:$PATH$
For PostgreSQL (Windows): set PATH=C:\Program Files\PostgreSQL\10\bin
ht
5. POSTGRESQL should be present and DB server must be running before executing DB installer
ig
1. Copy the POSTGRESQL DB Installer to any Directory, for example: POSTGRESQLInstaller
2. The contents of DB Installer are:
yr
POSTGRESQLInstaller\tables
POSTGRESQLInstaller\dbseed
POSTGRESQLInstaller \sqlScripts
POSTGRESQLInstaller \util
POSTGRESQLInstaller \data
op
C
POSTGRESQLInstaller \control
POSTGRESQLInstaller \log
3. The 'tables/postgresql' directory will be having all the table creation scripts. The
e
'dbseed/postgresql' directory will be having all the table seed scripts. The
'dbseed/postgresql/sequence' directory will be having the sequence creation script.
cl
o common_functionality.py
o installer.py
o db_functionality.py
o
Fi
dbWrapper.py
o logger.py
o prop_val_schema.py
o property_reader.py
o utilities.py
o validator.py
o validator_ut ility.py
o dbProperties.yaml
5. Open the dbProperties.yaml file. Values of below parameters must be given.
INSTALLER_DIR: Specify the directory where the DBInstaller folder is present. Eg: For Unix
'/EBANK1/postgres/DBInstaller/DEH/DBInstaller_Unix_POSTGRESQL'
ht
'ECECUSER'
NEW_USERPWD: Specify the password which needs to be set for new user which will be
created
ig
CREATE_DB: Enter 'Y' if you want to create a new database for DEH. Enter 'N' and
mention the DEH database name as value for DATABASE_NAME, if you are running the db installer
yr
for microservices.
DB_HOST: Specify the host name here. Eg: localhost
DB_PORT:
TABLESPACE_NAMES: [ op
Specify the port number here. Eg: 5432
'MASTER','PARAM','TXN','HISTORY','WORKFLOW','IDX_MASTER','IDX_PARAM','IDX_TXN','IDX_
HISTORY','IDX_WORKFLOW']
C
TS_DIR: Specify tablespace directory name. Eg:
'/EBANK1/postgres/pg_dev_testing/OCHDB/dbs/'
e
BLANK_DB: If you want to create a blank DB without any tables, seed data and sequences,
please provide 'Y' here, else provide 'N'.
cl
7. Change the BANK_ID (more than 1 BANKID for Multientity) in dbProperties.yaml which are all
needed to be inserted to the corresponding DB seed inserted with bankid '0' (Example:- DBS,01)
which will replace the $BANK_ID in ZZcreBank.sql and ZZcreBank_A.sql file present in dbseed
directory
Fi
8. Now open the command prompt. Go to the util directory. Run this:
python installer.py
To refresh DB, give CREATE_DB = ‘N’ in dbProperties.yaml and execute the below command:
python installer.py
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the folder POSTGRESQLInstaller\util\logs
ht
5. SQLServer should be present and DB server must be running before executing DB installer
ig
1. Copy the MSSQL DB Installer to any Directory, for example: SQLServerInstaller
2. The contents of DB Installer are:
yr
SQLServerInstaller \tables
SQLServerInstaller \dbseed
SQLServerInstaller \sqlScripts
SQLServerInstaller \util
SQLServerInstaller \data
op
C
SQLServerInstaller \control
SQLServerInstaller \log
e
3. The 'tables/sqlserver directory will be having all the table creation scripts. The 'dbseed/sqlserver
directory will be having all the table seed scripts. The 'dbseed/sqlserver/sequence' directory will be
cl
o logging.conf
o common_functionality.py
o installer.py
o db_functionality.py
Fi
o dbWrapper.py
o logger.py
o prop_val_schema.py
o property_reader.py
o utilities.py
o validator.py
o validator_utility.py
o dbProperties.yaml
5. Open the dbProperties.yaml file. Values of below parameters must be given.
INSTALLER_DIR: Specify the directory where the DBInstaller folder is present.
Example: For Unix '/EBANK1/sqlserver/DBInstaller/DEH/SQLServerInstaller
ht
'ECECUSER'
NEW_USERPWD: Specify the password which needs to be set for new user which will be
created
ig
CREATE_DB: Enter 'Y' if you want to create a new database for DEH. Enter 'N' and
mention the DEH database name as value for DATABASE_NAME, if you are running the db installer
yr
for microservices.
DB_HOST: Specify the host name here. Eg: localhost
DB_PORT:
op
Specify the port number here. Eg: 5432
DATABASE_DIRNAME : Specify the directory where database will be created here.
DATABASE_LOGDIR: Specify the directory where log will be created.
C
DB_FILEGROUPS: [
'MASTER','PARAM','TXN','HISTORY','WORKFLOW','IDX_MASTER','IDX_PARAM','IDX_TXN','IDX_
HISTORY','IDX_WORKFLOW']
e
BLANK_DB: If you want to create a blank DB without any tables, seed data and sequences,
please provide 'Y' here, else provide 'N'.
na
needed to be inserted to the corresponding DB seed inserted with bankid '0' (Example:- DBS,01)
which will replace the $BANK_ID in ZZcreBank.sql and ZZcreBank_A.sql file present in dbseed
directory
8. Now open the command prompt. Go to the util directory. Run this:
python installer.py
To refresh DB, give CREATE_DB = ‘N’ in dbProperties.yaml and execute the below command:
python installer.py
9. This would create the Database. Then it would create the tables, dbseeds, etc.
10. All logs will be formed inside the folder POSTGRESQLInstaller\util\logs
5.1.1 Terminologies
ht
• Backend – is the location where configurations are stored
• Profile – is an environment, Example – at, uat
ig
5.1.2 Supported Backends
• Git – for Production
•
yr
Filesystem – for Development
• Vault—for Production(Optional)
spring.config.location
• Git – application-git.yaml
op
Based on the backend chosen, configure the corresponding yaml file from externalconfig into JVM argument
C
• Filesystem – application-filesystem.yaml
• Vault – application-vault.yaml
Example:
e
-Dspring.config.location=file:///D:/Workspace/Experimental/WS/och-
configserver/application-git.yaml
cl
• Server.xml in the deployment needs to be configured with the required port number like below:
<Connector port="2020" protocol="HTTP/1.1"
na
connectionTimeout="20000"
redirectPort="8443" />
Note:
if file protocol is being used, it should contain three forward slash (‘/’), example
Fi
file:///D:/Workspace/application.yaml
ht
application-
git.yaml)
ig
(Applicable - only if
using application-
git.yaml)
yr
Spring.cloud.config.server.native.searchLocations Config Search Paths
(Applicable - only if
spring.cloud.config.server.vault.host
op using filesystem-
git.yaml)
Vault server
C
hostname
(Applicable -only if
using application-
vault.yaml)
e
using application-
vault.yaml)
na
ht
ig
yr
op
C
5.1.3.3.1 Multi-entity Setup
• Each application.json can be configured with multiple entities.
e
To add an entity add a child to properties object in application.json with enitity name.
• Multiple entities can be configured
• Entity specific can override any property from default properties.
na
Example:
{
“properties”:{
Fi
application.json
ht
$/EBanking Release 11.2/Master Documents/Release Notes/11.12/Technical
Docs/DEH11.12_Integrating_Vault_for_Config_Server.docx
ig
5.1.4 Client Configuration
5.1.4.1 Terminologies
yr
• Bootstrap property – properties required at bootstrap stage of the application, which required to
load and start the application. Loaded from system, environment and bootstrap.properties as
configured by bootstrap.properties.filepath bootstrap config with precedence System, Environment,
•
bootstrap.properties.
op
Application property – properties required for application.
config.server.url Config
server url
cl
config.server.service Client
na
Application
Name (Refer
to table
4.1.4.3 for
application
Fi
names)
config.server.profile Environmen
t name to
which the
application
should be
configured
(Example at,
uat, scrum)
config.server.credential.vault.token qXYDnbXFSKc/iBZwANvGRY7W1EiPqmvRqyjAC3xlbUk
ht
Vault server
= Encrypted
token
(Necessary
ig
Only when
Vault profile
is selected)
yr
5.1.4.3 Service Names for Application
Application Name
DEH
op Service Name
deh
C
Authentication authentication
Limits limits
e
Batch batch
5.2.1 Prerequisites
Node.js v 12.19.1 LTS
• node-gyp module installed
• Below are required if the database to be configured with OAuth server is Oracle
1. Oracle instant client v19.3
http://www.oracle.com/technetwork/database/features/instant-client/index-097480.html
2. Python 2.7 / 3.7.7
3. Visual Studio on Windows, GCC on Linux or Xcode on OS X.
4. Microsoft C++ v11 (at least)
• oAuth package (deliverable as a product deliverable)
ht
mongodb or oracle (whichever is not required).
OAuth can be installed in both Linux as well as in Windows Server
ig
Once the above environment is available, please follow the remaining steps.
Copy the OAUTH Server folder (product deliverable) to the location where the OAUTH Server needs
yr
to be setup.
5.2.2 Configuration
op
OAuth application can be started in development mode or production mode. Default is development
mode. For Production setup OAuth application needs to be started in Production mode. How to start
the oAuth application in production mode is detailed here
C
***From 119, separate configuration files need to be configured based on the environment in which
node is started i.e. development and production mode. Based on the environment, application will
load the respective json file.
e
paste in production.json. This step is to ensure the configuration file structure is same. Post that,
configurations can be done separately based on the environment.
Developer needs to configure the properties in the respective configuration file based on the mode
(development or production)
Fi
ht
be running in http
mode
ig
OAUTH server will
be running in https
mode
yr
“server.https.key” tls certificate key if new pem has to
be configured
format
which key is
encrypted
na
cryptographically
random number
having enough
entropy. These
keys are required to
sign the data during
Authorization code
grant type.
“agents.Xservice” / “agents.rest” PEM file and Https connection OAuth server has
pooling configuration to connect to
ht
different hosts. If
these hosts are on
https, then the
hosts tls certificate
ig
needs to be
configured in
OAuth server to
yr
have a successful
https connection.
Agent property
op here is meant to
configure
connection pooling
properties.
varied hosts, we
the
For
C
can have different
properties and
certificates. Hence
the agent
e
properties should
be configured in
cl
enabled, it will
periodically scan
the configured
tables and delete
the stale/expired
entries
5.2.2.2 Configure DB
Depending on the DB selected please follow below steps.
Database Property
Database.oracle "props" : {
ht
"user" : "ECECUSER",
"password" : "PASSWORD",
ig
"connectString" : "localhost/FEBADB",
"poolMin" : 1,
yr
"poolMax" : 5,
"poolTimeout": 300}
database.mssql “props": {
op "user": "ECECUSER",
"password": "PASSWORD",
C
"server": "LOCALHOST",
"database": "OCHDEVDB",
"port": 1443,
e
"pool": {
"min": 1,
cl
"max": 5,
"idleTimeoutMillis": 30000
na
}
}
Fi
database.postgresql "props": {
"user": "OAUTH_ADMIN",
"password": PASSWORD",
"connectString": "localhost:5432/OAUTHDB",
"poolMin": 1,
"poolMax": 5,
"poolTimeout": 300
}
The localhost name has to be changed to host name where database is installed.
IF ORACLE DB is selected, then following setup is required to compile the node oracle db.
PYTHON /usr/bin/python/Python27/python.exe
ht
System variable Value
ig
*** if oracle is already installed then this has to be the first
variable in the path
yr
VS120COMNTOOLS …./Microsoft Visual Studio 12.0/Common7/Tools/
*** this will be already configured when visual studio is installed
To add node-oracledb has generated modules for oracle db for respective OS, which can be referred
from here https://github.com/oracle/node-oracledb/releases
cl
na
MSSQL SERVER, Node module used in oAuth project for sql server integration is mssql : ^6.0.0 .
For more details: https://www.npmjs.com/package/mssql, https://github.com/tediousjs/node-
mssql#tedious
Fi
PostgreSQL database, node module used in oAuth is pg: ^7.10.0. Visit https://node-postgres.com/
, https://github.com/brianc/node-postgres-docs/blob/master/content/welcome.mdx for more information
and documentation.
Scripts required to created new database or migration scripts are made available as part of
release artifacts.
Delivered artifacts includes scripts for creating some clients for sanity purpose. It is advised to add to
new clients once installation is completed and delete the created clients Out of the Box. Refer to OAuth
functional document on how to add new clients.
ht
Navigate to OAuth folder→config folder →development.json or production.json
Example:
ig
Property value Explanation
yr
“hif.ocf.common.port” $och_port$ DEH port
“hif.ocf.common.path”
“hif.ocf.common.protocol”
op
$Och context path $
/Xservice
http/https
Context path of och should be
changed if required
C
“hif.ocf.common.agent” https agent name If https is configured, then agent
example XService needs to be configured. The agent
name is mapped to the agents
object in the same
e
“hif.ocf.rest.common.host”
na
$och_host$ DEH ip
/rest
ht
hif.ocf.usecase.utcml, hif.ocf.usecase.login.U
SER_PRINCIPAL
hif.ocf.usecase.generateOtp,
=”$virtual user id$”
ig
hif.ocf.usecase.validateOtp
hif.ocf.usecase.login.
Have common params like CORP_PRINCIPAL
yr
BANK_ID, USER_PRINCIPAL, =”$corp principal of
CORP_PRINCIPAL, virtual user$”
ACCESS_CODE. Please follow
the same rule for all the above
properties
op
hif.ocf.usecase.login.
ACCESS_CODE
=”$password of virtual
user$”
C
“hif.consentMS.common.protocol” http/https
e
running
ht
properties when configured properly.
Let’s say we have configured database as oracle and need to secure, database password and
ig
connection URL. The path to these properties in development.json or production.json is
“database.oracle.props.password”, “database.oracle.props.connectString”.
yr
In order to secure these, Navigate to OAuth Folder →config folder → configManager.js. In this file, we
can see an array called as sensitiveFields. We need to add the “database.oracle.props.password”,
“database.oracle.props.connectString” in the array and then restart the application (to be covered
next). After restart the property will be encrypted
For example:
op
database.oracle.props.password = "###encbb1e255fe6ce4e0b1851ad4890ce9067”.
C
Now if we want to change the value, replace this encrypted value with the actual value and restart the
OAuth Server.
Please note:
e
***In 119 release, changes were made to provide Bank an option to fetch sensitive credentials from a
different system, if required. So with every property definition is configmanager.js file, an adaptor name
na
is configured. By default all sensitive properties are configured with the default product adaptor with
default implementation. The adaptor implementation details are configured in a separate file called as
SecurityAdaptor.json(config folder).
With this enhancement, if the Bank thinks that the property value should not be picked from the
Fi
configuration file but from other system, then implementation team can introduce a new adaptor ,write
the implementation and configure against the property in configManager.
Environment Configuration
ht
5.2.4 Starting Node.js OAuth Server
After the above setup is completed open the command prompt and configure npm variables in the
prompt. Please note access to internet is required in the below steps
ig
SET NODE_PATH=”d:/EBANK1/Node.js {Configure the installation path of node}
SET NPM_PATH=d:/EBANKDB1/node/lib/node_modules/npm/bin {Configure the NPM PATH based
yr
on USER}
SET PATH=%NODE_PATH%;%NPM_PATH%;%PATH%;
op
For installation on OS other than windows use relevant command instead for SET. Example
C
export NODE_PATH=/EBANK1/Node.js
Proxy details needs to be updated in servers running behind a proxy, below proxy configurations have
e
to be done for downloading node modules (valid working proxy has to be provided)
cl
Suggestion: If bank has OAuth already configured in UAT or SIT, same setup can be copied to
production server, instead of repeating these steps.
If any package is not installed and error occurs install the individual packages using below command
Example: (if cookie-parser package is not available)
Once all the packages are installed without any error on the screen, copy the oauth2-server module
delivered by product inside the node_modules folder inside the Oauth setup path (eg:
D:\OAuth\DEV\AT\server\node_modules) and then oauth server can be started using following
command
>node oAuthServer.js
ht
With 11.11 release the oAuth server will have a root context /openauth for all the APIs. Please refer
to attached release document for more details:
ig
DEH11.11_317359_C
ontextBasedAPI_ReleaseNotes.docx
yr
With 11.10, the Multi-Entity changes have been incorporated in the DEH application, to do the configuration
for oAuth setup, refer to the document in the below path:
op
$/EBanking Release 11.2/Master Documents/Release Notes/11.10
Document Name: 11.10_DEH_MultiEntity_ReleaseNotes&Setup_document.docx
C
*** In 119, when the oAuth application is started for the first time, system will initialize itself as shown
below
e
cl
na
Fi
ht
complete path to key file.
Path of the private key needs to be configured because default product implementation is to fetch the
key from the configured path. Implementation team can change the implementation of
ig
(FetchKeyAdaptor.js) to fetch this key file from a different system if required.
Once the system initialization is completed and Private key file is configured properly. Launch the
yr
oAuth server again in command prompt
>node oAuthServer.js
The above step is required for developer instance. But in Production setups, it is strictly suggested to
use PM2 module. Details below
IF PM2 is used start and manage the Server, then we need to use the below command to export the
path of PM2 installation.
nodestart.txt
ht
2. Oracle DB issue (issue with tar for node-gyp rebuild)
ig
Copy the node-gyp from global (users) path to into your Node.js installed path node-modules.
1) Install the Microsoft Visual Studio Express and Python 2.7 or more.
yr
2) Install the node-gyp module using command (Note: Node.js is in /EBANK1 Partition run the
below command from command prompt from the path /EBANK1/Node.js/node_modules/npm)
Npm install node-gyp
op
3) Set the visual studio version that is installed for Node.js to use it for generating oracledb using
the below command.
C
@call npm config set msvs_version 2013 (if Microsoft Visual Studio 2013 is installed else give your
visual studio path)
4) Now npm install oracledb
e
PATH variable.
na
Note: All required configurations in development.json or production.json has to be done. Also, Linux
follows the same steps with changes in oracle installable as rpm instead of zip (for windows). PFB doc
that has installation steps in RHEL at high level.
Fi
Installation_rhel.do
cx
5.3 Redis
Redis is written in ANSI C and works in most POSIX systems like Linux, *BSD, OS X without external
dependencies. Linux and OS X are the two operating systems where Redis is developed and more
tested, and we recommend using Linux for deploying. There is no official support for Windows builds,
but Microsoft develops and maintains a Win-64 port of Redis.
For Linux and OS X, redis releases can be downloaded from following site.
https://redis.io/download
For Windows, redis binaries and MSI installer can be downloaded from following site.
Developers can go through the below URLs to get more idea about Redis.
https://redis.io/
https://redis.io/commands
ht
5.3.1.1 Redis Configuration
Configuration Changes:
ig
1. Extracting redis tar and executing make command.
yr
cd redis-5.0.5
make
is an optional step
4. Note that you must specify a directory here, not a file name.
dir "/EBPROF1/Redis_New/redis-5.0.5/src"
5. Following line contains the password for accessing this redis server from any client. Here
password is “foobared”. It should be long enough to prevent brute force attacks.
7. Commands like CONFIG, FLUSHALL should be renamed into an unguessable name, so that
normal clients are limited to a specified set of commands. This feature is available as a
statement that can be used inside the redis configuration file. For example:
rename-command FLUSHDB FLUSHDB123 ***here FLUSHDB123 is just the sample. This
ht
needs to be changed to a random value with enough entropy. Same for all the below
commands
ig
rename-command FLUSHALL FLUSHALL123
rename-command KEYS KEYS123
yr
rename-command CONFIG CONFIG123
rename-command SHUTDOWN SHUTDOWN123
rename-command BGREWRITEAOF BGREWRITEAOF123
rename-command BGSAVE BGSAVE123
rename-command SAVE SAVE123
op
C
rename-command SPOP SPOP123
rename-command SREM SREM123
e
On Linux, following command can be used to start REDIS server. The redis.conf file contains port
number on which this server instance is running and the password required for connecting to server.
pathToRedis : /home/projadmin/redis5.0.5/redis-5.0.5/redis.conf
ht
DISTRIBUTED_PASSWORD Password that is configured on redis server
ig
DISTRIBUTED_CACHE REDIS indicates the cache type. For redis cache
the value will be REDIS
yr
DISTRIBUTED_TIMEOUT 0 value is set to 0 which means, any
connection that has been initialized to redis
will be kept by redis even if the connection
initialized by the client is down
The below mentioned configurations needs to be done in redis.conf which comes with redis
installable.
ht
ig
Redis Configurations:
1. protected-mode yes
yr
By default, protected mode is enabled. You can disable it only if you are sure you want clients from
other hosts to connect to Redis even if no authentication is configured.
2. requirepass <<master-password>>
op
Require clients to issue AUTH <<master-password>> before processing any other commands.
3. masterauth <<master-password>>
C
If the master is password protected (using the "requirepass" configuration directive) it is possible
to tell the slave to authenticate before starting the replication synchronization process, otherwise
the master will refuse the slave request.
e
Note: This is required only for slave and not for master instance.
4. dbfilename “dump.rdb”
cl
5. dir ./
The DB will be written inside this directory, with the filename specified above using the 'dbfilename’
configuration directive. This can be changed if the DB dump needs to be saved in some other
directory.
Fi
6. replicaof<masterip> <masterport>
Note: This is required only for slave and not for master instance.
7. maxclients 10000
By default, this limit is set to 10000 clients, however if the Redis server is not able to configure the
process file limit to allow for the specified limit the max number of allowed clients is set to the
current file limit minus 32. Once the limit is reached Redis will close all the new connections
sending an error 'max number of clients reached'.
8. maxmemory <bytes>
9. maxmemory-policy noeviction
By default, max memory policy is set to noeviction if it was not configured to some other max
memory policy. It doesn’t evict anything, just return an error on write operations.
ht
New line: notify-keyspace-events "AKE"
ig
for Redis for version 3.2. But for version 5.0.5 even sentinel support rename commands. So
configuring the same renamed commands in sentinel.conf will make the rename command work in
HA mode.
yr
Sample configurations to be made in sentinel.conf below
op
sentinel rename-command mymaster CONFIG CONFIG123 ***here CONFIG123 is just the sample.This needs
to be of same value as the value configured against rename-command config command in redis.conf file. The same
instructions stands for below commands as well
C
sentinel rename-command mymaster SPOP SPOP123
For Example, If a master is running on port number 6381 and the same needs to be configured in
redis.conf of the master redis instance.
Command for Starting Master Redis Instance: nohup ./redis-server ./redis-master/redis.conf &
Similarly, if the slaves are running on port numbers 6382,6383 and the same needs to be configured
in redis.conf of the slave redis instances.
ht
Commands for Starting Slave Redis Instances:
ig
Slave 2 running on port number 6383: nohup ./redis-server ./redis-slave2/redis.conf &
yr
Sentinel Configurations:
All the below mentioned configurations needs to be done in sentinel.conf file of Redis installable and
which will be passed while starting sentinel.
1. protected-mode no op
Uncomment following sentinel configuration file by removing “#” at the start of the line.
C
2. sentinel monitor < master-name > <ip> <port> <quorum>
The quorum is the number of Sentinels that need to agree about the fact the master is not
e
reachable, in order for really mark the slave as failing, and eventually start a fail over procedure if
possible.
cl
However, the quorum is only used to detect the failure. In order to actually perform a failover, one
of the Sentinels need to be elected leader for the failover and be authorized to proceed. This only
happens with the vote of the majority of the Sentinel processes.
na
ip is the IP Address of the Redis Master instance and port is the port number on which Redis
Master instance is running.
master-name is the name given to Master instance and tells sentinel to monitor this master.
Fi
authpass: Used to authenticate with the master and slaves and useful if there is a password set in
the Redis instances to monitor.
Note: Master password is also used for slaves, so it is not possible to set a different password in
masters and slaves instances if you want to be able to monitor these instances with Sentinel.
parallel-syncs: Sets the number of slaves that can be reconfigured to use the new master after a
failover at the same time. The lower the number, the more time it will take for the failover process
to complete, however if the slaves are configured to serve old data, you may not want all the slaves
The maximum time a failover in progress waits for all the slaves to be reconfigured as slaves of
the new master. However even after this time the slaves will be reconfigured by the Sentinels
anyway.
ht
1. sentinel down-after-milliseconds <master-name> <milliseconds>
ig
Command to start a redis-sentinel instance is as follows:
yr
< pathToRedis>/redis-server <pathToRedisConfigFile>/sentinel.conf –-sentinel.conf
For Example, suppose there are 3 sentinels running and commands for starting the 3 sentinels is
shown below:
op
Sentinel 1: nohup ./redis-server ./sentinel1/sentinel.conf --sentinel&
ht
STRY_MASTER_NAME Master instance in the sentinel
configurations. The same master-name
has to be provided in the EB/OCH
ig
configurations as well and configuration of
master-name is mentioned below in the
Sentinel Configurations section
yr
5.3.3 Troubleshooting
1. How to access Redis server using Redis client for debugging purpose?
op
The following command is used to connect to redis-server using redis-client. The same setup
which is used to start the server instance is used to start a client.
Command Description
na
For more information regarding installation and various commands refer https://redis.io.
The following command is used to connect to sentinel using redis-client. The same setup which is
used to start the server instance is used to start a client.
For Example, on Linux machine, following command can be used to start REDIS client and
connect to Sentinel.
5.4 Graylog
5.4.1 Integration for Logging
ht
log4j.xml file is configured with Graylog appender which is provided by log4j-gelf-1.3.2 library.
Graylog provides attributes attributes in the appender configuration to specify the protocol, as
GelfAppender supports TCP and UDP, queue-size, buffer-size, filters which needs to be configured in
ig
EB/OCH for integrating with graylog server hosted.
yr
<Gelf name="gelf" graylogHost="udp:192.168.99.100" graylogPort="12203"
ignoreExceptions="false" extractStackTrace="true">
</Gelf>
In the above configuration graylogHost will be the host on which graylog server is running and also
the protocol on which the graylog Port where logs need to be sent to, graylogPort is the port where
logs need to be sent. These configurations need to be changed as per how we expose the ports at
graylog server end for reporting.
As per above example configuration graylog server is hosted on 192.168.99.100 and the port for which
we want the logs to be sent on graylog server is 12203 which is a UDP protocol port.
ht
.
.
ig
<Params name="DW_METRIC_GRAYLOG_REPORTER">
<Param name="GRAYLOG_METRICS_PERSIST_DB_HOST" value="<graylog-host>" />
yr
<Param name="GRAYLOG_METRICS_PERSIST_DB_PORT" value="<graylog-port>" />
<Param name="SOURCE" value="<source-of-metric-data>" />
</Params>
.
cl
.
<Param name="DW_METRIC_ELASTIC_REPORTER"
na
value="com.infosys.feba.framework.common.metrics.reporters.FebaDropWizardElasticRepor
ter"
enable="Y" />
Fi
.
.
<Params name="DW_METRIC_ELASTIC_REPORTER_CONFIG">
<Param name="ELASTIC_METRICS_REPORT_FREQ" value="10" />
<Param name="ELASTIC_METRICS_PERSIST_DB_HOST" value="elastic-host" />
<Param name="ELASTIC_METRICS_PERSIST_DB_PORT" value="9200" />
</Params>
ht
value="com.infosys.feba.framework.common.metrics.reporters.FebaDropWizardGraphiteRep
orter"
ig
enable="Y" />
.
yr
.
<Params name="DW_METRIC_GRAPHITE_REPORTER_CONFIG">
op
<Param name="DISABLE_DISPLAY_SPL_CHARS_IN_URL" value="Y"/>
<Param name="GRAPHITE_METRICS_REPORT_FREQ" value="5" />
<Param name="GRAPHITE_HOST" value="fmbzorro" />
C
<Param name="GRAPHITE_PORT" value="2003" />
<Param name="PREFIX_IN_GRAPHITE" value="och.microservices" />
</Params>
e
graphite UI. By default, it is suggested to have the value as ‘Y’ so that special characters are
disabled so that graphite can resolve the rendering properly.
na
5.5.1 HAProxy
HAProxy can be downloaded from http://www.haproxy.org/#down. For 2.0.17 version of HAProxy, we
need to compile the executable, from the sources provided in the same link under version 2.0.17.
Once the download or build is completed, the admin can create a user group as ha-proxy and
configure a user in this group. The same user can be used to start ha-proxy. The main template file
where configuration has to be done for ha-proxy ends with .cfg for example haproxy.cfg file.
ht
HAProxy runs only in Unix environment.
The steps to install it from the source is explained below:
Steps to make and install
ig
$ tar xzvf ~/haproxy-2.0.17.tar.gz -C ~/
$ cd ~/haproxy-2.0.14
$ make clean
yr
$ sudo make -j $(nproc) TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1
$ sudo make install
Create a symbolic link for the binary to allow you to run HAProxy commands as a normal user.
$ sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
cl
If you want to add the proxy as a service to the system, copy the haproxy.init file from the examples
na
to your /etc/init.d directory. Change the file permissions to make the script executable and then
reload the systemd daemon.
$ sudo cp ~/haproxy-2.0.17/examples/haproxy.init /etc/init.d/haproxy
$ sudo chmod 755 /etc/init.d/haproxy
Fi
For general usage, it is also recommended to add a new user for HAProxy to be run
under.
Please refer to the deliverable loadbalancerConfig.zip from Deliverables for the HAProxy
sample configuration file.
Copy the content from the deliverable for HAProxy loadbalancer config file and make the
necessary changes of the IP and port for corresponding service in the file and create a file
on the haproxy server with the command below and paste the content:
$ sudo vi /etc/haproxy/haproxy.cfg
ht
$ sudo systemctl restart haproxy
ig
5.5.2 NGINX
NGINX (1.18.0) can be downloaded from following website http://nginx.org/en/download.html
yr
Installation steps below for Linux server:
The method described below is based on compiling Nginx from source. Alternatively Admin can help
to install via package manager also.
Download the nginx tar file and extract the tar file:
e
# useradd nginx
na
Configure:
# ./configure --help ( You will get help regarding configure such as modules to be
Fi
installed )
–prefix= for specifing the directory which we want to install nginx. Here we used /opt/nginx/
# make
# make install
Please refer to the deliverable loadbalancerConfig.zip from Deliverables for the HAProxy
sample configuration file. We can remove the /opt/nginx/conf/nginx.conf and use the one from
ht
the deliverable with changing the IP and Port as per the installation.
ig
Start Nginx server:
Nginx executable is located under /opt/nginx/sbin directory. Just call this executable to
yr
start the nginx server.
cd /opt/nginx/sbin
./nginx
op
C
Once you start this, you’ll see the nginx “master process” and “worker process” if you do ps.
e
cd /opt/nginx/sbin
Fi
./nginx -s stop
# ./nginx -v
To debug issues, view the error.log and access.log files located under /usr/local/nginx/logs
# ls /opt/nginx/logs/
access.log
error.log
nginx.pid
ht
5.6 X9Ware Tool for NACHA File Validation
X9WareSDK tool APIs are integrated in product to validate NACHA rules.
ig
This feature will enable system to validate a ACH NACHA file at upload time and
display file content to user in readable format.
This jar is a licensed jar and separate license needs to be bought for this.
yr
Please visit https://x9ware.com/ for purchasing license for x9ware tool.
Jar Name: X9WareSDK-R4.02-2019.10.04.jar
op
C
e
cl
na
Fi
ht
6.2.1 External Configurations
6.2.1.1 Configuring Basic Properties in Product
The configuration for basic properties needs to be done by taking the properties from the “profileconfig”
ig
folder in the “automation” project in GIT repository.
We will be maintaining profile specific properties for the same in this project. Such as at, scrum, idi
etc.,
yr
6.2.1.2 Configuring Sensitive Properties in Product
From 119, it is not mandatory to configure the required properties in DEH. Suppose bank wants to
op
configure Sensitive properties like Database Password, API key etc. in other key management
system then this is made achievable in DEH. Detailed steps to understand this feature is mentioned
in feature document FNEB11.9_CredentialConfigurationFramework.docs. Old utility to generate
encrypted data for secure property values has been made obsolete. For properties to be configured
C
securely out-of-box, product is providing a new utility.
.
cl
Find below attached demo batch/shell file (copied to text format) for reference.
Fi
SecurePropertyGen SecurePropertyGen
erationUtility.sh.txt erationUtility.bat.txt
Recommendation
AdapterConfig.xml → AdapterConfig → Secrets → Secret → symmetric-keysize → 256
Run.bat/.sh File and follow the below instructions
ht
ig
yr
op
C
e
cl
na
The above process will generate two keys in the configured path
-DKEY_BASE_LOCATION=$Path where key should be generated$\keys (this is specified in the arguments
before running the tool)
Fi
KeysConfig.xml
ht
By-default in Product, this file is placed in the file-system and the path of this key needs to be configured as
below
ig
extension →security →AdapterConfig.xml→Secrets→ Secret
name="FETCH_ASYMMETRIC_KEY_ENCRYPTION_KEY"> → configuration name="path"
value="$MASTER_PRIVATE_KEY_PATH$"/> Replace $MASTER_PRIVATE_KEY_PATH$ with the path where
yr
generated Private key is placed.
AdapterConfig.xml
<Secrets>
op
C
<Secret name="FETCH_ASYMMETRIC_KEY_ENCRYPTION_KEY">
<configurations>
<configuration name="path" value="$path$\\RsaPrivateKey.key " />
e
</configurations>
</Secret>
cl
</Secrets>
*** It is very important to understand that the default implementation in adaptor
na
ht
ig
yr
op
C
6.2.1.2.3 Encrypting Property values
ht
ig
yr
op
*** This is a manual process and needs to be done by the implementation team for each sensitive property
which is configured with an adaptor.
C
Key generation and configuration needs to be mandatorily done freshly during every stage i.e. Development
→ UAT → Production. It is strongly suggested that keys generated for Development area should be different
than the keys generated for Production.
e
For encryption to happen, Application needs RSA public key. For decryption process, RSA private key needs to
be available.
na
ht
ig
yr
op
C
6.2.1.3 HIF Files Changes
we have locked all the HIF files other than Host and Request Resolver files. If the
e
customization team has to updated any HIF file, they will create a new Custom file
corresponding to the HIF file. The new Custom file entry has to be added in
cl
extension/hif/config/EB_HIF.xml file as part of fileNames attribute in the end. The custom file
entry will override the existing file entry. In host file, they are allowed to update the value as
these will be changed always. If customization team needs to add any new Host, they have
na
***From 119, changes are made how Sensitive fields be configured in HIF files. Refer to
data/security/SecureConfig.xml → <Config type="hif"> for all the configuration whose value
must be encrypted.
EB_HIF.xml HIF_10219_Host.xml
ht
customization. These properties should be overridden in Custom
file.
ii. External:
1. Property Name must start with Custom_
ig
2. Property must be added to external configuration JSON file.
yr
i. Properties which are not in encrypted file can be modified.
ii. Properties which are in external configuration JSON files can be modified.
iii. The Property Which are not in external Configuration JSON file, but entry is
op
present in ExternalConfig.xml, then those properties can be modified
through any of the two new files. 1) CustomExternalProp.properties 2)
CustomExternalXmlProp.xml
C
2. Development team:
a. Introduce new property file:
i. Internal: Property file name should be added in
e
build/resource/data/encryptedFileList.txt
ii. External: Property file should be not encrypted (If all the property can be
cl
customized).
iii. If some of the property is related to product and some can be
externalized/customized, then the property file should be encrypted and the
na
Note: If during customization, if any property needs to be customized which is not in allowed
List. Then the implementation team has to come back to product to make the property allowed
to be customized.
ht
"<Property Name> is a Mandatory Property, Value
If any Mandatory Property is Blank cannot be empty"
If Any Mandatory Property is not updated and it has "<Property Name> is a Mandatory Property, Must be a
ig
still its default value $<Value>$ proper value"
If New Property is added and it does not start with <Property Name> - not Allowed to modify or not starting
Custom_ . with custom_"
yr
If a New file is added which does not starts with
Custom prefix. <File Name> - should start with custom
ii. License configurations are as per Bank ID. As per the Current License, it will
work for Bank ID 'DBS'. If the Bankid is other than 'DBS', LicenseGenerator
e
b. Config Server:
Fi
c. extension/EB_HIF.xml:
i. HIF_FILENAMES - Change the entry fileNames to use correct host configuration
ii. Depending upon the host configured for HIF_FILENAMES, please make host
changes in the same file.
ht
copy only required transformers based on the Message files configured for HIF_FILENAMES
folder. This is a one-time activity. Need to be automated for daily deployment.
ig
2. Transformers directory in data.zip for DEH and DEHAdmin contains only utils by default.
As highlighted in the below screen shot
yr
Note: Old path is data\hif\product\transformer - New path is data\hif\host\default\transformer.
op
C
e
cl
na
Fi
ht
files from data and extension directory to create final file which application loads.
7.2 Configuration
ig
All the following configurations are JVM arguments whose value is directory path
yr
• extension Directory - FEBA_EXTENSION_DIRECTORY
• merge Directory - FEBA_MERGE_DIRECTORY
Ex: -DFEBA_SYS_PATH=D:/deh/WorkingDirectory/data
op
-DFEBA_EXTENSION_DIRECTORY=D:/deh/WorkingDirectory/extension
-DFEBA_MERGE_DIRECTORY=D:/deh/WorkingDirectory/merge
C
7.3 Customization
e
cl
na
Fi
ht
Name Possible Values Description
ig
file {File or directory Path} file or directory path relative to
data directory
(Ex: BatchConfig.xml)
yr
include {File name Pattern} If the value for field file is
directory, then this field is
ht
enabled for multi entity.
7.3.2 Multi-entity
ig
• profileDetails.xml should be created under extension directory.
• Profile/Entity directories should be created under extension directory.
yr
• Refer to previous section on how to check whether file is allowed for multi-entity or not.
op
C
e
cl
na
Fi
In WAS JRE we need to update the security policy jars (local_policy.jar, US_export_policy.jar) to unrestricted
jars. Example WAS location for security jars: /WAS/WAS9/WebSphere/AppServer/java/8.0/jre/lib/security
ht
Above mentioned jars need to be replaced with unrestricted jars. The jar can be downloaded from IBM site.
ig
By-default product recommends generating RSA key-pair of size 4096 and AES key-pair of size 256 bits. But
the Java version 8, supports only 128 bits by default for AES, that is the sole reason the default value of AES
key size is 128 in
yr
Data folder → externalconfig folder → SecurityAdaptor.json →ENCRYPTDECRYPT
→ProductKeyGenerationAdapter →symmetric-keysize → 128
op
We strongly recommend the implementation to change this to 256 after consulting with Bank
and downloading the required java security unrestricted policy jars for the respective
java.
Recommendation
C
SecurityAdaptor.json →ENCRYPTDECRYPT →ProductKeyGenerationAdapter →symmetric-keysize →
256
e
8.2 Deployment
In case of windows server, ensure that profile is unshared before proceeding with deployment.
cl
Generally, profile folder on the windows server machine might be shared with a specific user group or
everyone. If anybody has opened and using the files present in the profile folder structure it will cause
na
deployment to fail or result in error. Therefore, the profile folder should be unshared before starting
deployment process.
ht
ig
8.2.1.2 Starting the server
yr
op
C
e
from the server itself (for windows). The profile admin console URL is:
http://<server>:<admin console port>/admin (remote)
na
On hitting the URL, the below screen will come up. You can proceed with login by clicking on Log In.
User ID is not required in case of insecure logon. In case of secure logon, key in the user name and
password that was configured in security settings, during the creation of the profile.
ht
ig
The following screen will come up on logging into the console.
yr
op
C
e
cl
na
Fi
ht
the old application from WAS console.
In case you already have a FEBAApp EAR or FEBAWeb WAR installed, you need to uninstall it before
proceeding with the new deployment.
ig
1. Click on Applications-> Web Sphere enterprise applications
2. Check on the already deployed application and click uninstall
yr
op
C
e
cl
na
Fi
ht
ig
yr
op
C
4. Last step in uninstall is to save your change. Click on Save.
e
cl
na
Fi
Add the following custom property to enable annotation scanning only for selected packages in order
ht
to speed up server startup under the following path.
ig
Machine → Custom Properties.
yr
Add the following custom property:
com.ibm.ws.amm.scan.context.include.packages = com.infosys.ebanking.interceptor.xservice.soap
op
The value should be a comma separated list of packages to be scanned for annotations. The sub
packages are automatically scanned when a package is given.
When this custom property is added, WAS only scans the specified packages for annotations instead
C
of scanning all the libraries. Currently, only packages containing SOAP web services need to be
scanned for annotations in the application.
For REST services, the annotation processing is done by Jersey.
e
cl
na
Fi
Add the below custom property to match the behavior of SSLContext.getInstance(“TLS”) in the IBM
ht
SDK with the Oracle implementation. This is needed for OCH to successfully establish handshake
with micro services through https.
ig
Go to Servers → WebSphere Application Servers → server1 → Process Definitions → Java Virtual
Machine → Custom Properties.
yr
Add the following custom property:
com.ibm.jsse2.overrideDefaultTLS = true
op
C
e
cl
na
Fi
ht
ig
yr
op
4. Select the WAR from where it is present, either in your local or in the remote machine, and click
next
C
/
e
cl
na
Fi
ht
ig
yr
op
6. Uncheck Create MBeans for Resources in the next screen, and click on next
C
e
cl
na
Fi
ht
ig
yr
8. Modify the context root if needed
op
C
e
cl
na
Fi
ht
ig
yr
10. Click finish in next screen. On clicking finish, installation of the application will commence.
op
C
e
cl
na
Fi
ht
ig
yr
op
12. Once the configuration has been saved, the installed application will be listed out. The application
will be in the stopped state. Click on the installed application.
C
e
cl
na
Fi
ht
ig
yr
op
14. Select “Single class loader for application”, and click apply. Save the configuration when prompted.
C
e
cl
na
Fi
ht
ig
yr
op
16. In the page that follows, by default all fields except “Override Session Management” will be
disabled. Check “Override Session Management”. On checking this field, all fields in Session
Management will get enabled. Uncheck “Enable Cookies” and check “Enable URL Rewriting”.
C
Apply and save the configuration.
e
cl
na
Fi
ht
ig
yr
op
C
e
*Note: This is merely a workaround and not the final solution. This defect will be fixed by the Archie
team in near future by raising it with the EMMA team. Since the solution is not available as on date of
cl
preparation of the document, this work around has been included. The final solution will be added in
future revisions of the doc. Furthermore, it is the sole responsibility of the reader to ensure they are
na
ht
ig
yr
Apply and save the configuration.
Select New.
ht
ig
yr
op
3. In the following screen, choose “Select existing JDBC Provider” and choose Oracle JDBC Driver
and click next.
C
e
cl
na
Fi
Example: jdbc:oracle:thin:@SERVER_NAME:LISTENER_PORT:DBSID
ht
ig
yr
op
5. In the next screen, click on Global J2C Authentication Alias
C
e
cl
na
Fi
6. In the next screen choose new, in the screen that follows the clicking on new, enter the DB write
user name and password, click apply and save the configuration.
ht
ig
yr
7.
op
8. Go back to Setup security aliases setup screen and click next. In the screen that follows click
finish, and save the configuration when prompted.
C
e
cl
na
Fi
9. On clicking save, the newly created data source will be displayed. Click on the newly created
FEBAV5 data source.
ht
ig
yr
op
10. In the screen that follows: scroll down to security settings, and choose the alias you had entered
C
for your DB. Click Apply and save the configuration.
e
cl
na
Fi
11. Finally, the settings need to be tested to ensure proper connectivity. Check the FEBAV5 data
source and click on test connection. The connection should be successful.
ht
ig
yr
12. System and Application Logs
op
System logs can be referred from the <ProfileHome>/logs/server1 folder.
C
Application logs can be referred from the <ProfileHome>/Workdir/log folder
1. Shared Library for REST APIs (This section is applicable only to Standalone full EAR and
cl
OCH EAR)
na
We need to make below changes from WAS admin console post deployment to support REST
services.
a. Custom JVM Argument
Fi
ht
ig
yr
b. Shared library
➢ Below are the libraries on which the rest services are dependent on. This might change
when new REST functionalities are to be added. Please check the versions of the
na
corresponding jars in WAR and provide the correct jar name in following paths. All these
jars are present in the deployed WAR. So accordingly the path prefix should also be
changed as per the location of the deployed WAR. In below example, all libraries are
Fi
present at
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib
ht
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-annotations-2.9.6.jar
ig
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-core-2.9.6.jar
yr
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-databind-2.9.6.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-jaxrs-base-2.9.6.jar
op
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jackson-jaxrs-json-provider-2.9.6.jar
C
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/javassist-3.18.2-GA.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
e
INF/lib/javax.annotation-api-1.2.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
cl
INF/lib/javax.inject-2.4.0-b12.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
na
INF/lib/javax.ws.rs-api-2.0.1.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-client-2.18.jar
Fi
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-common-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-container-servlet-core-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-container-servlet-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-declarative-linking-2.18.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/jersey-entity-filtering-2.18.jar
ht
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/slf4j-api-1.7.25.jar
ig
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-annotations-1.5.8.jar
yr
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-core-1.5.8.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-hibernate-validations-1.5.8.jar
op
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-jaxrs-1.5.8.jar
C
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-jersey2-jaxrs-1.5.8.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
e
INF/lib/swagger-models-1.5.8.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
cl
INF/lib/swagger-parser-1.0.19.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
na
INF/lib/validation-api-1.1.0.Final.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/mimepull-1.9.6.jar
Fi
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/log4j-1.2.17.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/log4j-api-2.11.0.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/log4j-core-2.11.0.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/logstash-gelf-1.11.1.jar
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/slf4j-ext-1.6.3.jar
ht
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/org.eclipse.persistence.core-2.6.2.jar
ig
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/org.eclipse.persistence.moxy-2.6.2.jar
yr
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
INF/lib/swagger-codegen-2.1.6.jar
%PROFILE_PATH%/workdir/data/log4j.properties
INF/classes/
B. Check the checkbox under class loading
op
%PROFILE_PATH%/installedApps/%NODE_CELL%/FEBAWeb_war.ear/FEBAWeb.war/WEB-
C
e
cl
na
Fi
ht
ig
yr
D. Shared Library References can be attached to the WAR in any of the two ways:
•
•
Manual Configuration
op
Automatic Configuration using the Deployment Script
Manual Configuration:
C
i)Go to Applications → WebSphere Enterprise applications → Click on FEBAWeb_war → References
→ Shared library References
e
cl
na
Fi
ii) Check the checkbox for FEBAWeb_war and click on button “Reference shared library”.
ht
ig
yr
op
iii) Move above created RESTLibrary to right and click on OK. SAVE
C
e
cl
na
Fi
ht
ig
yr
v) Restart the profile.
RESTLibrary ]]]' );
cl
AdminConfig.save();
exit;
na
SharedLinkLib.py
Fi
Sharedlibrary_linkage.bat
iii)Add the below lines in the Execute.bat to call the .bat file in FULLBUILD and PARTIAL BUILD
Execute.bat
ht
Swagger provides the documentation for the API’s exposed through REST.
Swagger war need to be deployed manually. It will be provided along with the main EAR.
ig
i) Go to Applications → Application Types → WebSphere Enterprise Applications → Click
yr
on Install
op
C
e
cl
na
ii) Choose the war file from the location and click on next.
Fi
ht
ig
yr
iii) Select the Fast Path and click Next
op
C
e
cl
na
Fi
iv) Uncheck the “Create MBeans for resources” and click Next
ht
ig
yr
op
C
v) Click Next and Proceed for the below screen. Select swagger API module and click next.
e
cl
na
Fi
ht
vi) Add the context root as “/document portal” and click next
ig
yr
op
C
e
cl
ht
ig
yr
x) Click on save. op
C
e
cl
na
ht
ig
yr
Xii) After Successful Deployment following Screen will appear.
op
C
e
cl
na
http://SERVERNAME:PORTNUM/documentportal/swagger.html
Here, SERVERNAME and PORTNUM should be changed to host and port of profile where we
have deployed Swagger War.
On this page, there is an input textbox where URL for REST should be provided.
http:// SERVERNAME:PORTNUM/corp/rest
Here the host and port should be changed to host and port of Standalone/OCH application.
And, then click on the Explore button to get details of REST APIs.
If you want to load the REST APIs details on load of this html without having to enter the url in
input textbox, then you can do following change in the swagger.html in deployed Swagger War.
ht
url = "http://SERVER_NAME:PORTNUM/corp/rest";
Here, the SERVER_NAME and PORTNUM should be changed to host and port of
Standalone/OCH application.
ig
xiv) How to download the swagger documentation for OCH Rest API’s for offline reference.
yr
URL: swagger.io
Tools -> swagger-codegen
Click on download
op
Click on download button next to Codegen - > will take you to github.
C
From Prerequisites
You can get jar from http://central.maven.org/maven2/io/swagger/swagger-codegen-
cli/2.3.1/swagger-codegen-cli-2.3.1.jar
e
Now Refer to the section “Common Data Folder Configuration” in the document for the
further steps.
With this, all steps required for installing the WAR have been completed. The server requires
a restart for the data folder changes to take effect. On restart, under ideal conditions, the
FEBAWeb_war should start up.
ht
ig
yr
8.6 Database Seeds Required op
C
For OAuth setup following query is to be run on database. This is not present in database by default.
ClientSecretGenerationUtil.java
-DFEBA_SYS_PATH="<<Workspace_path>>\WorkingDirectory\data"
-DPRODUCT_BOOTSTRAP_FILE=<<WorkingDirectory>>\data\BootstrapFile.properties
-DAPPLICATION_CONFIGURATION_FILE="BankAway.properties"
-DFICLIENT_APP_PATH="<<Workspace_path>>\WorkingDirectory"
ht
Component Versi URL Home Page from where the file can be downloaded
ig
on
yr
(jquery.blockUI.js) 0
FEBAWeb.war\scripts\ria\ajaxfeatures\j
query.blockUI.js
FEBAWeb.war\WEB-INF\lib
(ojdbc8.jar)
https://www.oracle.com/database/technologies/appde
v/jdbc-ucp-19c-downloads.html
FEBAWeb.war\WEB-INF\lib
Fi
Note:
ht
ig
yr
op
C
e
cl
na
Fi
ht
We strongly recommend the implementation to change this to 256 after consulting with Bank
and downloading the required java security unrestricted policy jars for the respective
java.
ig
Recommendation
extension → security → AdapterConfig.xml → EncryptDecrypt → <Secret
yr
name="ProductKeyGenerationAdapter"> →symmetric-keysize → 256
op
The above guideline is applicable to all the microservices
Component Version URL Home Page from where the file can be downloaded
na
Ojdbc8.jar 8
https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19c-
downloads.html
circuitbreaker.jar
9.2.2 Pre-requisite
OCH application and db should be deployed and up.
ht
Tables in limits microservice need to be created in a separate schema in OCH application database.
Limits microservice will connect only to this schema.
ig
Run the sql scripts provided with limits microservice for creation on required tables and sequences in
new schema. Replace ‘$BANK_ID$’ with required bank id in the sql file.
yr
This script creates a new schema ‘limits_admin’ in db.
op Limits_Admin.sql
C
Note: All appropriate configuration changes has to be done in EnvConfig.properties file. Any additions
in future also should be added in this file. PFA file that has the properties listed.
e
cl
Limits_env_props.xl
s
na
Note – if service registry is used, host and port of the load balancer should be configured instead of
host and port of machine on which microservice is running in all configurations.
1. Download tomcat binary and Copy och-limits-119.war into tomcat’s catalinabase/webapps folder
on host machine on which limits microservice needs to be run. Rename the war to limits.war
2. Copy data folder specific to limits ms to any path on host machine on which limits microservice
needs to be run.
3. Update below JNDI configuration inside tomcat\config\context.xml
<Context>
…
<Resource
name="FEBAV5"
auth="Container"
type="javax.sql.DataSource"
testWhileIdle="true"
ht
jmxEnabled="true"
username="<DB User Name>"
password="<DB Encrypted Password>"
maxTotal="-1"
ig
maxIdle="20"
maxWaitMillis="10000"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@XX.73.15.X:15XX:EYDBXXXX"
yr
factory="com.infosys.feba.framework.commontran.TomcatDataSourceFactory"
/>
</Context>
auth - Specify whether the web Application code signs on to the corresponding resource manager programmatically,
op
or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute
must be Application or Container
name - The name of the resource to be created, relative to the java:comp/env context.
type - The fully qualified Java class name expected by the web application when it performs a lookup for this resource.
maxTotal – maximum number of required db connections, set it to -1 to have infinite connections
C
initialSize – initial set of active connections
maxWaitMillis - Maximum time to wait for a database connection to become available in ms, in this example 10
seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely
factory – the class required to initialize connection pool configuration in Datasource
e
testWhileIdle: (boolean) The indication of whether objects will be validated by the idle object evictor (if any). If an
object fails to validate, it will be dropped from the pool.
cl
testOnBorrow: (boolean) The indication of whether objects will be validated before being borrowed from the pool. If
the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. Default value
is false
na
testOnReturn: (boolean) The indication of whether objects will be validated before being returned to the pool. The
default value is false.
validationQuery: (String) The SQL query that will be used to validate connections from this pool before returning them
to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default
Fi
value is null. If not specified, connections will be validation by the isValid() method. Example values are SELECT
1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)
validationInterval: (long) avoid excess validation, only run validation at most at this frequency - time in milliseconds. If
a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
The default value is 3000 (3 seconds).
timeBetweenEvictionRunsMillis: (int) The number of milliseconds to sleep between runs of the idle connection
validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle,
abandoned connections, and how often we validate idle connections. This value will be overridden by maxAge if the
latter is non-zero and lower. The default value is 5000 (5 seconds).
minIdle: (int) The minimum number of established connections that should be kept in the pool at all times. The
connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10
maxWait: (int) The maximum number of milliseconds that the pool will wait (when there are no available connections)
for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)
removeAbandoned: (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout.
If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than
the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a
connection. The default value is false.
logAbandoned: (boolean) Flag to log stack traces for application code which abandoned a Connection. Logging of
abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The
default value is false.
ht
minEvictableIdleTimeMillis: (int) The minimum amount of time an object may sit idle in the pool before it is eligible for
eviction. The default value is 60000 (60 seconds).
jmxEnabled: (boolean) Register the pool with JMX or not. The default value is true.
ig
username: (String) The connection username to be passed to our JDBC driver to establish a connection.
password: (String) The connection password to be passed to our JDBC driver to establish a connection. The Password
yr
should be an encrypted password.
driverClassName: (String) The fully qualified Java class name of the JDBC driver to be used.
op
4. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting multiple
microservices on same host machine, unqiue port for each microservice is mandatory. If you plan
C
to host each microservice in a different host then you can use the same port. Based on your
requirement you need to update the host/port in tomcat\config\server.xml. HTTP port &
Shutdown port is required to be exposed, this document will have instructions to enable http
port,shutdown port and disable ajp port.
e
Deploy the swagger war provided with OCH application (additional deployment for microservice)
on any profile and change the url inside swagger.html
In index_swagger.html url to be replaced as shown below
ht
$(function () {
var url = window.location.search.match(/url=([^&]+)/);
if (url && url.length > 1) {
ig
url = decodeURIComponent(url[1]);
} else {
yr
url = " http://SERVER_NAME:PORTNUM/corp/rest/swagger.json";
}
Here, SERVER_NAME: host server name on which microservice is running
given in tomcat/conf/server.xml
9.3 Authentication MS
op
PORTNUM: port on which microservice is available i.e. same as application connectors port
C
9.3.1 Introduction
This section has steps to run the authentication micro-service.
e
9.3.2 Pre-requisite
OCH application and db should be deployed and up
cl
Run the sql scripts provided with authentication microservice for creation on required tables and
sequences in new schema. Replace ‘$BANK_ID$’ with required bank id in the sql file.
This script creates a new schema ‘AUTH_USER’ in db.
authuser.sql
ht
testWhileIdle="true"
testOnBorrow="false"
testOnReturn="false"
validationQuery="SELECT 1 FROM DUAL"
validationInterval="30000"
ig
timeBetweenEvictionRunsMillis="30000"
maxActive="100"
minIdle="10"
yr
initialSize="10"
removeAbandonedTimeout="3000"
removeAbandoned="true"
logAbandoned="false"
minEvictableIdleTimeMillis="30000"
jmxEnabled="true"
username="<DB User Name>"
password="<DB Encrypted Password>"
maxTotal="-1"
maxIdle="20"
op
C
maxWaitMillis="10000"
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@XX.73.15.X:15XX:EYDBXXXX"
factory="com.infosys.feba.framework.commontran.TomcatDataSourceFactory"
/>
e
</Context>
auth - Specify whether the web Application code signs on to the corresponding resource manager programmatically,
or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute
cl
testWhileIdle: (boolean) The indication of whether objects will be validated by the idle object evictor (if any). If an
object fails to validate, it will be dropped from the pool.
testOnBorrow: (boolean) The indication of whether objects will be validated before being borrowed from the pool. If
the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. Default value
is false
testOnReturn: (boolean) The indication of whether objects will be validated before being returned to the pool. The
default value is false.
validationQuery: (String) The SQL query that will be used to validate connections from this pool before returning them
to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default
value is null. If not specified, connections will be validation by the isValid() method. Example values are SELECT
1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)
validationInterval: (long) avoid excess validation, only run validation at most at this frequency - time in milliseconds. If
a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
The default value is 3000 (3 seconds).
minIdle: (int) The minimum number of established connections that should be kept in the pool at all times. The
connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10
maxWait: (int) The maximum number of milliseconds that the pool will wait (when there are no available connections)
for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)
removeAbandonedTimeout: (int) Timeout in seconds before an abandoned (in use) connection can be removed. The
ht
default value is 60 (60 seconds). The value should be set to the longest running query your applications might have.
removeAbandoned: (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout.
If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than
ig
the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a
connection. The default value is false.
logAbandoned: (boolean) Flag to log stack traces for application code which abandoned a Connection. Logging of
yr
abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The
default value is false.
minEvictableIdleTimeMillis: (int) The minimum amount of time an object may sit idle in the pool before it is eligible for
op
eviction. The default value is 60000 (60 seconds).
jmxEnabled: (boolean) Register the pool with JMX or not. The default value is true.
username: (String) The connection username to be passed to our JDBC driver to establish a connection.
C
password: (String) The connection password to be passed to our JDBC driver to establish a connection. The Password
should be an encrypted password.
driverClassName: (String) The fully qualified Java class name of the JDBC driver to be used.
e
4. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting multiple microservices
on same host machine, unqiue port for each microservice is mandatory. If you plan to host each
na
microservice in a different host then you can use the same port. Based on your requirement you need to
update the host/port in tomcat\config\server.xml. HTTP port & Shutdown port is required to be exposed,
this document will have instructions to enable http port,shutdown port and disable ajp port.
Shutdown port configuration
Fi
ht
ig
7. To view swagger documentation of apis exposed in microservice
Deploy the swagger war provided with OCH application (additional deployment for microservice)
yr
on any profile and change the url inside swagger.html
$(function () { op
In index_swagger.html url to be replaced as shown below
}
cl
9.4 Directbanking MS
9.4.1 Introduction
Fi
9.4.2 Pre-requisite
OCH, OAuth and AUTHMS applications and database should be deployed and up.
ht
directbanking microservice needs to be run.
3. Update below JNDI configuration inside tomcat\context.xml
<Context>
ig
…
<Resource
name="FEBAV5"
auth="Container"
yr
type="javax.sql.DataSource"
testWhileIdle="true"
testWhileIdle="true"
testOnBorrow="false"
testOnReturn="false"
validationQuery="SELECT 1 FROM DUAL"
validationInterval="30000"
timeBetweenEvictionRunsMillis="30000"
maxActive="100"
op
C
minIdle="10"
initialSize="10"
removeAbandonedTimeout="3000"
removeAbandoned="true"
logAbandoned="false"
minEvictableIdleTimeMillis="30000"
e
jmxEnabled="true"
username="<DB User Name>"
cl
driverClassName="oracle.jdbc.driver.OracleDriver"
url="jdbc:oracle:thin:@XX.73.15.X:15XX:EYDBXXXX"
factory="com.infosys.feba.framework.commontran.TomcatDataSourceFactory"
/>
</Context>
auth - Specify whether the web Application code signs on to the corresponding resource manager programmatically,
Fi
or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute
must be Application or Container
name - The name of the resource to be created, relative to the java:comp/env context.
type - The fully qualified Java class name expected by the web application when it performs a lookup for this resource.
maxTotal – maximum number of required db connections, set it to -1 to have infinite connections
initialSize – initial set of active connections
maxWaitMillis - Maximum time to wait for a database connection to become available in ms, in this example 10
seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely
factory – the class required to initialize connection pool configuration in Datasource
testWhileIdle: (boolean) The indication of whether objects will be validated by the idle object evictor (if any). If an
object fails to validate, it will be dropped from the pool.
testOnBorrow: (boolean) The indication of whether objects will be validated before being borrowed from the pool. If
the object fails to validate, it will be dropped from the pool, and we will attempt to borrow another. Default value
is false
validationQuery: (String) The SQL query that will be used to validate connections from this pool before returning them
to the caller. If specified, this query does not have to return any data, it just can't throw a SQLException. The default
value is null. If not specified, connections will be validation by the isValid() method. Example values are SELECT
1(mysql), select 1 from dual(oracle), SELECT 1(MS Sql Server)
validationInterval: (long) avoid excess validation, only run validation at most at this frequency - time in milliseconds. If
a connection is due for validation, but has been validated previously within this interval, it will not be validated again.
The default value is 3000 (3 seconds).
ht
timeBetweenEvictionRunsMillis: (int) The number of milliseconds to sleep between runs of the idle connection
validation/cleaner thread. This value should not be set under 1 second. It dictates how often we check for idle,
abandoned connections, and how often we validate idle connections. This value will be overridden by maxAge if the
ig
latter is non-zero and lower. The default value is 5000 (5 seconds).
minIdle: (int) The minimum number of established connections that should be kept in the pool at all times. The
connection pool can shrink below this number if validation queries fail. Default value is derived from initialSize:10
yr
maxWait: (int) The maximum number of milliseconds that the pool will wait (when there are no available connections)
for a connection to be returned before throwing an exception. Default value is 30000 (30 seconds)
removeAbandonedTimeout: (int) Timeout in seconds before an abandoned (in use) connection can be removed. The
op
default value is 60 (60 seconds). The value should be set to the longest running query your applications might have.
removeAbandoned: (boolean) Flag to remove abandoned connections if they exceed the removeAbandonedTimeout.
If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than
the removeAbandonedTimeout Setting this to true can recover db connections from applications that fail to close a
C
connection. The default value is false.
logAbandoned: (boolean) Flag to log stack traces for application code which abandoned a Connection. Logging of
abandoned Connections adds overhead for every Connection borrow because a stack trace has to be generated. The
e
minEvictableIdleTimeMillis: (int) The minimum amount of time an object may sit idle in the pool before it is eligible for
cl
jmxEnabled: (boolean) Register the pool with JMX or not. The default value is true.
na
username: (String) The connection username to be passed to our JDBC driver to establish a connection.
password: (String) The connection password to be passed to our JDBC driver to establish a connection. The Password
should be an encrypted password.
driverClassName: (String) The fully qualified Java class name of the JDBC driver to be used.
Fi
4. By default, tomcat uses 3 ports for its services 8080, 8443, 8009. If you are hosting
multiple microservices on same host machine, unqiue port for each microservice is
mandatory. If you plan to host each microservice in a different host then you can use the
same port. Based on your requirement you need to update the host/port in
tomcat\config\server.xml. HTTP port & Shutdown port is required to be exposed, this
document will have instructions to enable http port,shutdown port and disable ajp port.
Shutdown port configuration
ht
of Resource name property set in context.xml for example java:/comp/env/FEBAV5
DRIVER_CLASS value should contain the database driver chosen to use for example
if oracle database is planned to use then value should be oracle.jdbc.driver.OracleDriver
ig
DB_PWD_SEED value should contain encrypted password
DB_USER_ID value should contain userid dedicated for using with a particular
yr
microservice
6. Execute below script to start microservice
op
7. To view swagger documentation of apis exposed in microservice
C
Deploy the swagger war provided with OCH application (additional deployment for
microservice) on any profile and change the url inside swagger.html
In index_swagger.html url to be replaced as shown below
e
$(function () {
cl
url = decodeURIComponent(url[1]);
} else {
url = " http://SERVERNAME:PORTNUM/corp/rest/swagger.json";
Fi
}
Here, SERVERNAME: host server name on which microservice is running
PORTNUM: port on which microservice is available i.e. same as application connectors
port given in tomcat/conf/server.xml
9.5 EnterpriseConsentManagementMS
9.5.1 Introduction
This section has steps to run the Enterprise Consent Management micro-service.
9.5.3 DB Setup
Run DB installer for Enterprise Consent Management to setup a separate Database with all
necessary tables
ht
Please refer to Unified DB Installer Documentation for details on configurations and execution
ig
External Configuration properties can be configured via Config Server.
1. Copy the contents enterprise-consent-externalconfig.zip (available as part of deliverables) to
yr
each of the profile folders present in the Config Server’s Backend directory (refer to Config Server’s
Backend Setup) .
Final Config Server’s Backend Directory Structure
/{profile}
/{service}
/application.json
/application.json
op
(dev, prod, at)
(deh, authentication, limits, consentmanagement)
(service specific properties)
(common properties)
C
/enterprise-consent-management-ms
/application.properties
2. Modify the application.properties for each profile to update the properties (refer the table below)
e
cl
{cipher}AQAw9wV8TAT9kY Encrypte
lxjnR….. d
password
. Prefix
with
{cipher}.
Generate
ht
in
classpath
ig
Enabli cache.enable Y To
ng disable
Applic Caching
yr
ation make
Cache this N
Redis
Mode
cache.redis.mode
op standalone (OR)
sentinel
Possible
Values -
standalo
ne ,
sentinel
C
Redis spring.redis.host <REDIS_HOST> 10.73.15.45 Configur
Stand e this set
alone for Redis
e
standalo
ne mode
cl
Prefix
with
{cipher}.
Generate
with
encrypt
tool
ht
password
Prefix
with
{cipher}.
ig
Generate
with
encrypt
yr
tool
Applicati
on cache
TTL
na
on cache
TTL
ht
for CDR (
in
seconds )
ig
Token service.framework.security.token <token-type> jwt,opaque Type of
Valid -type token
yr
ation validatio
n
(Comma
op seperate
d).
Atleast
one
needs to
C
be
provided.
token
validatio
n)
na
Valid n URL
ation
URL
ht
certificat
es of
External
Servers
ig
need to
be
validated
yr
JCE consent.security.jce.provider default (or) Use
Provi bouncycastle “bouncyc
der
op astle” ito
support
PS256
algorith
C
m in JDK
versions
that do
not
e
support
it.
cl
OpenJDK
8u265 do
not need
na
this
ht
Dkey.alias=<key_alias> -Dkeystore.location=<key_location> ConsentMS_SecurePropertyTool.jar
encrypt
Example
ig
java -jar -Dkeystore.password=changeme -Dkey.password=changeme -Dkey.alias=consentkey -
Dkeystore.location=D:\\Workspace\\TestWS\\encryptor-tool\\src\\main\\resources\\server.jks
yr
PlatformMS_SecurePropertyTool.jar encrypt
op
C
e
cl
na
Fi
Enter the value to be encrypt (Text entered will not be displayed on screen). The encrypted value
will be displayed.
For updating Config Server property values, prefix the encrypted value with {cipher}
Multiple values can be encrypted with the Tool.
(Press q to quit the tool)
ht
spring.profiles.active <CONFIG_PROFILE> prod Ensure that the profile is
also present in config
server
ig
spring.cloud.config.labe <BANK_ID> DBS Optional. For Multientity
l support in Consent MS.
Ensure that folder with
yr
same bankid is available in
the repo
ms/data
ht
microservices on same host machine, unqiue port for each microservice is mandatory. If you
plan to host each microservice in a different host then you can use the same port. Based on your
requirement you need to update the host/port in tomcat\config\server.xml. HTTP port &
ig
Shutdown port is required to be exposed, this document will have instructions to enable http
port,shutdown port and disable ajp port.
yr
Shutdown port configuration
-->
enterprise-consent-st
art.sh
ht
$OCH_SCHEMA_NAME$.NXT_ADTT_SRL_NO$BANK_ID$ =
com.infosys.feba.framework.sql.sequence.oracle.SequenceGeneratorImplForOracle, SEQT
ig
10.2 Service level Audit configuration
yr
In few cases, same service name has been used at both OCH and microservice level. Hence during
audit, entries will be made in the table twice one at OCH layer and one at microservice layer.
To handle this scenario, a new configuration property has been introduced to support service level
microservice areas.
PFB the sample entry,
op
audit in “microServicesConfig.properties”. This property will be present in both OCH and all
C
IS_DISABLE_SERVICE_AUDIT=RMAUTHENTICATIONSERVICE.AUTHENTICATEANDSIGNO
N|AUTHSCHEMEMAINTENANCESERVICE.CREATE
e
Service name along with method name should be added pipe separated.
cl
Sample Scenarios:
1. Same service is present at both OCH and microservice side
na
a. Making an entry in the OCH property file alone – audit will not happen for those services
at OCH side, but audit will happen at microservice level.
b. Making an entry in the microservice property file alone – audit will not happen for those
services at microservice side, but will happen at OCH level.
Fi
c. Making an entry for same service at both property files – audit will not happen at both sides.
ht
password="changeit" />
</trustManagers>
</sslContextParameters>
ig
<bean id="authmsssl" class="org.apache.camel.component.http.HttpComponent">
<property name="camelContext" ref="camelContext"/>
yr
<property name="sslContextParameters" ref="mySslContextParameters"/>
<property name="connectionsPerRoute" value="10"/>
</bean>
op
<bean id="http" class="org.apache.camel.component.http.HttpComponent">
<property name="camelContext" ref="camelContext"/>
</bean>
C
Note:
1. The above changes need to be done in DEH/MS applications wherever it is required in order to
e
microservice say Auth/Limits is deployed and 8443 is application SSL port on which
microservice is running.
b. Normal http support as http://<ServerAddress>:<ServerPort>
Fi
Example: http://bl4ul26k:8096/ where bl4ul26k is the server name where some microservice
say Auth/Limits is deployed and 8096 is application http port.
3. D:/Certificates/truststore/cacerts.jks is the jks path where it is generated. If we need to connect
to some application using camel generate the trustore for that server where the application is
deployed.
4. The trustore path can be modified accordingly with the jks certificate for the generated trustore.
5. The password needs to be provided with the one which is used during generation of trustore
jks.
Note: Generation of trustore jks for TLS/SSL support is provided in the Generation of server
digital certificates.
ht
11.3 Generation of Server Digital Certificates
Generate keystore:
ig
keytool -genkey -alias localhost -keyalg RSA -keypass changeit -storepass changeit -
keystore keystore.jks
yr
Note:
1. Give the server name instead of localhost where drop wizard application is deployed.
op
2. Keypass password and storepass password was given as changeit.
12.1 Deployment
Deployment steps are listed below
ht
12.1.1 Installation Steps
To install Jboss server, download JBOSS EAP from official JBOSS site and unzip the jboss-
ig
eap zip file.
yr
op
C
e
cl
na
Fi
ht
12.1.4 Porting FEBA
12.1.4.1 FEBA WAR extraction and deployment
ig
Deploy the ear in exploded format.
Extract the FEBAWeb.war. All the components will be extracted to FEBAWeb folder and rename the
yr
FEBAWeb folder as FEBAWeb.war.
o jar –xvf FEBAWeb.war (before this copy the WAR in to the current
o
o
folder)
op
The folder FEBAWeb.war is the exploded format.
Place FEBAWeb.war folder and file in
<JBOSS_HOME>/standalone/deployments
C
https://access.redhat.com/site/solutions/170313
e
cl
na
Fi
a) Create the data source configuration as mentioned in this section 11.1.5 Resource Configuration
for V5.
b) In <%JBOSS_HOME%>\bin\standalone.conf make the following changes. Also add configurations
from Client Configuration.
ht
if [ "x$JAVA_OPTS" = "x" ]; then
ig
JAVA_OPTS="-Xms512m -Xmx1400m -XX:MaxPermSize=256m -XX:-UseGCOverheadLimit -
Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -
Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -
yr
Dsun.lang.ClassLoader.allowArraySyntax=true -
DFEBA_SYS_PATH=%PROFILE_PATH%/workdir/data -DPRODUCT_BOOTSTRAP_FILE=
%PROFILE_PATH%/workdir/data/BootstrapFile.properties -
-DFEBA_MERGE_DIRECTORY=%PROFILE_PATH%/workdir/merge op
DFEBA_EXTENSION_DIRECTORY=%PROFILE_PATH%/workdir/extension
-DAPPLICATION_CONFIGURATION_FILE=BankAway.properties DARMLOG_LEVEL=SEVERE -
C
XX:-UseSplitVerifier "
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=$JBOSS_MODULES_SYSTEM_PKGS
-Djava.awt.headless=true" JAVA_OPTS="$JAVA_OPTS -
e
Djboss.server.default.config=standalone.xml"
cl
DAPPLICATION_CONFIGURATION_FILE=BankAway.properties -
DFEBA_SYS_PATH=%PROFILE_PATH%/workdir/data -
DFEBA_EXTENSION_DIRECTORY=%PROFILE_PATH%/workdir/extension
-DFEBA_MERGE_DIRECTORY=%PROFILE_PATH%/workdir/merge -
DPRODUCT_BOOTSTRAP_FILE=%PROFILE_PATH%/workdir/data/BootstrapFile.properties
-Dconfig.server.url=$CONFIGSERVER_URL"
-Dconfig.server.service=$MS_PROFILE_NAME"
-Dconfig.server.profile=$MS_MODULE"
-Dconfig.server.credential.type=basic"
-Dconfig.server.credential.basic.username=configuser"
Note: For JDK 11, do not use -XX:-UseSplitVerifier as its not supported.
ht
d) Modify the context root in jboss-web.xml under WEB-INF folder if needed
<?xml version="1.0"?>
ig
<jboss-web>
<context-root>/deh</context-root>
</jboss-web>
yr
12.1.4.2 Deployment Along with Starting Jboss Server
op
Create a text file and name it as FEBAWeb.war.dodeploy and place FEBAWeb.war.dodeploy file
in <JBOSS_HOME>/standalone/deployments
C
Note: While deploying the ear, jboss will automatically create the FEBAWeb.war.deploying file.
Once the ear successfully deployed, it will override the FEBAWeb.war.dodeploy file into
FEBAWeb.war.deployed. If ear got failed, it will override this file as FEBAWeb.war.failed.
e
Following changes are required in JBoss EAP 6.x/7.1.0 for database connection.
ht
<module name="javax.api"/>
<module name="javax.transaction.api"/>
ig
<module name="javax.servlet.api" optional="true"/>
</dependencies>
yr
</module>
%JBOSS_HOME%modules/com/sqlserver/main. op
Note: If we are using the SQL DB, we would have to place the sql jar(sqljdbc4.jar) inside
If we are using the EDB DB, we would have to place the sql jar(sqljdbc4.jar) inside
C
%JBOSS_HOME%modules/com/edb/main.
edb-jdbc17.jar
e
And we need to mention the same jar name inside module.xml in resource-root-path tag.
cl
datasource configurations.
<datasources>
<datasource jndi-name="java:jboss/FEBAV5" pool-name="FEBAV5"
enabled="true">
<connection-url>
jdbc:oracle:thin:@%DBSERVER%: %LISTRENERPORT%:%DBSID%
</connection-url>
<driver>oracle</driver>
<security>
<user-name>ECECUSER</user-name>
<password>actual password</password>
</security>
</datasource>
For Jboss 7.1.0 in above config version of datasource will be having version 5.0 instead
of 1.1 as <subsystem xmlns="urn:jboss:domain:datasources:5.0">
Note: If we are using the SQL DB/EDB changes have to be done to have the appropriate
ht
driver.
ig
d) To make the service available from all remote clients make the following changes in
standalone.xml file
yr
<interface name="public">
<any-ipv4-address/>
</interface>
<socket-binding
op
name="management-http"
port="${jboss.management.http.port:9990}"/>
interface="public"
C
The driver name under drivers and driver tag should be same and jndi name should be
prefixed with java:jboss/.
e
<pool>
<min-pool-size>60</min-pool-size>
<max-pool-size>200</max-pool-size>
</pool> </datasource>
Fi
Eg:
<param name="File"
value=" %PROFILE_PATH%\workdir\log\DBS_FEBA_fatal.log"/>
ht
<Param name="MAX_THREADS_PER_USER"/>
<Param name="PARALLELIZATION_WAIT_TIME"/>
• These properties can be externalized in Config Server application.json file
ig
• Example :
{
"WORK_MANAGER": "java:jboss/ee/concurrency/executor/default",
yr
"DEFAULT_HIF_PARALLELIZER":
"com.infosys.feba.framework.hif.parallelization.ManagedHIFParallelizer",
•
•
•
}
<JBOSS_HOME>\standalone\deployments\FEBAWeb.war\WEB-INF\wsdl\Servicerequest.wsdl
cl
2) FMFProcessFormMTR_INITIATEResponse
Servicerequest.wsdl
If this change is not done in code, then during deployment, you will get error.
ERROR
Caused by: org.apache.ws.commons.schema.XmlSchemaException: An imported schema was
announced to have the namespace
c) Application flow: Not able to restrict account access for following combination - Inquiry
NO, Transact ALL, Authorize ALL
ht
Error:
java.lang.IllegalStateException: JBWEB002004: More than the maximum number of request
parameters (GET plus POST) for a single request (512) were detected. Any parameters beyond this
ig
limit have been ignored. To change this limit, set the maxParameterCount attribute on the Connector.
At org.apache.tomcat.util.http.Parameters.addParameter(Parameters.java:184)
yr
at org.apache.tomcat.util.http.Parameters.processParameters(Parameters.java:360)
Add the following in standalone.xml to resolve this error.
<server xmlns="urn:jboss:domain:1.3">
...
<system-properties>
op
C
<property name="org.apache.tomcat.util.http.Parameters.MAX_COUNT" value="1000"/>
</system-properties>
...
e
<profile>
cl
ht
Download JBoss EWS 2.0.1 for windows from RedHat site.
ig
For installation, just extract the zip file
yr
op
C
e
cl
<VirtualHost 10.10.10.10:6666>
<Directory />
Order deny,allow
ht
Allow from all
</Directory>
ig
<Location /mod_cluster-manager>
SetHandler mod_cluster-manager
yr
Order deny,allow
Allow from all
</Location>
KeepAliveTimeout 60
ManagerBalancerName mycluster
op
C
ServerAdvertise On
EnableMCPMReceive On
e
</VirtualHost>
cl
na
10.10.10.10 is the web server ip address and 6666 should be some unique port number.
Fi
Listen 10.10.10.10:6666
Add the proxy-list attribute in the standalone-ha.xml to include httpd's mod_cluster listen
ip set above
<mod-cluster-config advertise-socket="modcluster" connector="ajp" proxy-
list="10.10.10.10:6666">
ht
Eg: standalone.bat –b 0.0.0.0 -server-config=standalone_ha.xml
ig
➢ Since we are using standalone_ha.xml configuration file, all the configuration related to
FEBA application mentioned above (like DB, port etc) needs to be applied in this
yr
standalone_ha.xml file.
op
https://access.redhat.com/site/solutions/283263
http://10.10.10.10:6666/corp/AuthenticationController?FORMSGROUP_ID__=AuthenticationFG&__
START_TRAN_FLAG__=Y&FG_BUTTONS__=LOAD&ACTION.LOAD=Y&AuthenticationFG.LOGIN
_FLAG=1&BANK_ID=DBS
JBOSS_HOME\standalone\configuration\ standalone.xml
Changes:
▪ Change Connection Url, Driver Class, Security tags to SQL
• <connection-url>jdbc:sqlserver://fintestvm-
ht
06;DatabaseName=DB11010;instanceName=SQL2012</connection-
url>
ig
• <driver-class>com.microsoft.sqlserver.jdbc.SQLServerDriver</driver-
class>
yr
• <security>
<user-name>ECECUSER</user-name>
<Password>%ACTUAL_Password%</password>
</security>
op
Note: Need to provide Normal Password (not encrypted) for SQL / Oracle
C
File Upload
Open the below file and made following Changes.
e
JBOSS_HOME\standalone\configuration\ standalone.xml
cl
This is required for file uploads of huge MBs. max-post-size attribute should be configured with byte
range which is equal to or greater than the PRPM FU_MAX_UPLOAD_SIZE configured value.
<http-listener name=”default” socket-binding=”http” redirect-socket=”https” enable-http2=”true” max-post-
Fi
size=”104857600”/>
Same to be added for https listener also.
JBOSS_HOME\modules\com\oracle\main
• Place the sqljdbc4.jar in the path
• Open module.xml and give the same jar name ex:
ht
<module name="javax.transaction.api"/>
<module name="javax.servlet.api" optional="true"/>
ig
</dependencies>
</module>
yr
Notes:
•
•
file. op
We need to give complete path instead of relative path in the <<Bank_ID>>_log4j.xml
Attached File will show the sample Log for Successful deployment.
C
COMMON DATA FOLDER CONFIGURATIONS:
e
1.In BankAway.properties:
cl
The Landing page entries should be changed accordingly for the bank id to be used. For example,
LANDING_PAGE_DBS_001 entries are for bank id DBS and language id 001.
na
So if bank id is different then, this entry should be updated accordingly. There are multiple entries like
this for every language id.
3.License configurations are as per Bank ID. As per the Current License, it will work for Bank
Fi
ID 'DBS'. If the BankId is other than 'DBS', LicenseGenerator needs to be executed corresponding to
new BankId to generate the license file and it is to be kept in data/lic folder.
In Data Folder, the below files are available in lic Folder.
LicenseBackup.dat
4. extension\hif\config\EB_HIF.xml (only applicable to Standalone and OCH profile):
Change the entry fileNames to use correct host configuration.
<hostConfig hostName="EBANKING_EXPOSED_SERVICES_OAUTH">
<routeConfigList>
<routeConfig routeName="XML/HTTP">
<routerClassName>com.infosys.feba.framework.hif.protocol.XServiceHandler</routerClassN
ame>
ht
<responseConverter>com.infosys.feba.framework.hif.processor.XMLHostResponseConverte
r</responseConverter>
<propertyConfig>
ig
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVER_NAME:PORTNUM/corp/XService"/> --
yr
Mention the URL of the profile in which configuration is done
<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile
<property name="ACCESSCODE" value="c"/>
<routerClassName>com.infosys.feba.framework.hif.protocol.XServiceHandler</routerClassN
ame>
cl
<responseConverter>com.infosys.feba.framework.hif.processor.XMLHostResponseConverte
r</responseConverter>
na
<propertyConfig>
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVERNAME:PORTNUM/corp/XService"/> --
Fi
<Service><ServiceName>InqFWService</ServiceName> <Framework>Inquiry</Framework>
<EventId>AMPINQ</EventId><BeanId>authenticationRemoteServiceBean</BeanId></Servi
ce>
ht
Note:
Some jars and JS files mentioned below have been externalized. After WAR is extracted and copied
ig
before staring they have to be placed in appropriate location by refreshing the WAR. The download
URL is also mentioned below:
yr
1. Sqljdbc4.jar: https://www.microsoft.com/en-in/download/details.aspx?id=11774
2. Ojdbc8.jar: https://www.oracle.com/database/technologies/appdev/jdbc-ucp-19c-downloads.html
op
3. jquery.dynatable.js: http://github.com/alfajango/jquery-dynatable/
4. jquery.blockUI.js: http://www.malsup.com/jquery/block/
C
Jars files to be patched in the lib folder.
e
ht
ig
yr
op
Step2: Click on Getting Started with WebLogic Server 10.3.4 (Server version may change
depending on the installed WebLogic Server)
C
e
cl
na
Fi
Step3: Select the Create a new WebLogic domain radio button and click on Next button.
ht
ig
yr
op
C
Step4: Select the Generate domain configured automatically to support. Select Radio button and
e
ht
ig
yr
op
C
Step6: Configure the Administrator UserName and Password and click On Next button
e
cl
na
Fi
Step7: Configure the server start mode and JDK and click on Next button.
ht
ig
yr
op
C
Step8: Check the Administration Server and click on Next to change the Administration settings.
e
cl
na
Fi
Step9: Change the port Number and Name of the server if required and click on [Next] button.
ht
ig
yr
op
Step 10: Click on [create] button to create the new domain.
C
e
cl
na
Fi
Step 11: Click on [Done] button for the new domain configuration.
ht
ig
yr
op
C
e
WebLogic Domain
For UNIX: ./startweblogic.sh for getting the admin console for the very first time
You can also start the Admin server for Weblogic Domain though below Navigation
Fi
ht
ig
yr
op
C
e
cl
na
Fi
Step 2: Login to the Admin console using the User Id and Password given while creating the
Domain
ht
ig
yr
op
C
13.2.1 Managed Server Creation
e
cl
na
Fi
Step 1: Click on Environment Side Bar link and then click on Servers link in the Main page
ht
ig
yr
op
C
Step 2: Click on New button for creating a new server
e
cl
na
Fi
ht
ig
yr
op
C
e
cl
na
ListenAddress=$IP_ADDRESS_OF_DEPLOYED_MACHINE$
In Weblogic console, we need to make the similar config like below, make sure the “Type” is
“Plain”
ht
ig
yr
The Above screen is displayed after creation of the server “server1”
ht
ig
yr
op
C
e
Save the above configurations and click on the Advanced button which is just on top of the Save
cl
button in the same logging Tab as shown in the above screen shot
na
be checked
ht
ig
yr
op
C
In Message destination(s), below changes are to be made as shown in the next screen shot
and then save the changes
Severity level: should be changed from Trace to Notice
e
ht
ig
yr
op
C
e
cl
na
Fi
ht
ig
yr
op
Step 2: Specify the data source name and JNDI name. Select the database type and the
appropriate database Driver for Oracle from the drop down and click [Next] button.
C
e
cl
na
Fi
ht
ig
yr
Step 4: click on [Next] to proceed.
op
C
e
cl
na
Fi
Step 9: Specify the database name, server name, port, username and password. Then click on
[Next] to proceed.
ht
ig
yr
op
Step 5: Click [Test Configuration] to test the data source configuration. The succeeded message
will be appeared if the configuration is correct. Then click [Finish] button.
C
e
cl
na
Fi
ht
ig
yr
Step 6: Select the target server and click [Finish] button
op
C
e
cl
na
Fi
ht
ig
yr
op
Click on server, and click on server start, and modify the VM arguments,
C
Add below arguments under server start tab . Also add configurations from Client Configuration.
e
-DFEBA_SYS_PATH="<<Workspace_path>>\WorkingDirectory\data"
cl
-DFEBA_EXTENSION_DIRECTORY=="<<Workspace_path>>\WorkingDirectory\extension”
-DFEBA_MERGE_DIRECTORY=="<<Workspace_path>>\WorkingDirectory\merge”
na
-DPRODUCT_BOOTSTRAP_FILE=<<WorkingDirectory>>\data\BootstrapFile.properties
-DAPPLICATION_CONFIGURATION_FILE="BankAway.properties"
-DFICLIENT_APP_PATH="<<Workspace_path>>\WorkingDirectory"
Fi
ht
Case -1: For Weblogic Server 10.3.5 and earlier versions below change in code is required.
ig
In Weblogic Server 10.3.5 and earlier versions
javax.sql.DataSource.getConnection(X,Y) method used in
yr
ConnectionManagerDSImpl.java was not supported
(javax.sql.DataSource.getConnection() method was supported with out arguments).
So, we need to change the getConnection() method signature by removing UserId,
to
op
Password arguments in ConnectionManagerDSImpl.java
from dbConnection = ds.getConnection(UserId, Password);
dbConnection = ds.getConnection();
C
Case -2: For Weblogic Server 10.3.6 and Later versions
javax.sql.DataSource.getConnection(X,Y) method is supported and so no code
changes are required only below changes in Admin console and Database are
e
required.
cl
highlighted in the below screenshot and click on Save button to save the changes.
Fi
ht
ig
yr
op
C
2. Provide authorization to connect for ECECUSER user in database by runing the
below script in the db.
The name of OCH WAR will be FEBWeb.war. Please make sure that you take the correct WAR for
deployment based on your requirement.
na
From 11.5.3, FEBWeb.war present under two locations DEH and ModularDEH directories.
DEH → contains RM screens and api’s for consumer and corporate
ModularDEH → Contains only api’s for consumer and corporate.
Fi
Build scripts changes are done for generation of WEBLOGIC specific WAR. Weblogic WAR can be
deployed in 2 forms as shown below
Option-1: Deployment of weblogic specific WAR ( FEBWeb .war) from the build as it is.
➢ Get Latest FEBA war (generated after successful build with current set up available with
BAMA team and in latest Build setup as well).
➢ Deploy the WAR by following the steps mentioned in section 11.2.8 WAR Deployment.
➢ The problem with this type of Deployment is for applying any patches, we need to put the
respective patch (either JSP or jar) directly inside the zipped WAR which is further
present in EAR. Since the WAR and EAR files are zipped putting the patches inside them
is time consuming and sometimes if the Ear size is too large there are chances of EAR
getting corrupted/ as well.
ht
Option-2: Deployment of extracted WAR.
➢ We need to extract the WAR (FEBAWeb.war) which we got from the Build setup.
ig
➢ Need to extract the WAR (FEBAWeb.war) file as well inside the EAR
yr
➢ Now deploy the extracted WAR by following the same procedure mentioned in section
11.2.8 WAR Deployment.
➢ Do the Data folder configurations as mentioned in section 11.2.7 for making data folder
compatible with Weblogic.
op
➢ Applying patches is fairly simple compared to normal WAR deployment as we can directly
C
place the jars or JSP patches inside the WAR folders. No chance of corrupting the WAR
file.
e
The changes mentioned in this section are not required to be done explicitly if we take the Weblogic
specific WAR generated from the build.
na
All these changes are available in the build setup for generating the Weblogic Specific WAR.
ht
ig
yr
op
C
Step 2: Place weblogic.xml file in the FEBAweb\WEB-INF\ directory. weblogic.xml should have the
below content inside it. Modify context-root if needed.
e
weblogic.xml content
cl
ht
<servlet>
<servlet-name>gesture</servlet-name>
ig
<servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
<init-param>
yr
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.infosys.ebanking.rest.common.v1.GestureResourceConfiguration</param-
value>
</init-param>
<init-param>
op
C
<param-name>jersey.config.server.response.setStatusOverSendError</param-name>
<param-value>true</param-value>
</init-param> -->
e
<!-- <init-param>
cl
<param-name>uri</param-name>
<param-value>/gesture/</param-value>
na
</init-param>
<init-param>
<param-name>jersey.config.server.provider.scanning.recursive</param-name>
Fi
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>jersey.config.disableMetainfServicesLookup</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
ht
ig
yr
op
C
Wllog4j.jar You will find in the wlserver_10.3\server\lib directory,
e
N>B--- It may different for each version of weblogic, so copy it from your weblogic installation path
cl
only.
..\Oracle\Middleware\wlserver_10.3\server\lib
na
Fi
ht
ig
yr
op
C
e
Step 5: Place this jar files inside the domain \lib directory,
cl
na
Fi
ht
Step 6: Give the Absolute log path in DBS_log4j.xml
ig
yr
op
C
e
cl
na
Fi
ht
ig
yr
op
C
e
Now Refer to the section “Common Data Folder Configuration” in the document for the further steps.
na
ht
ig
yr
Also Update BOOTSTRAP_ADDRESS field value your host name and port number as shown below
op
Replacing IIOP://localhost:2809 with IIOP://chnmct210406d:8001/
C
e
cl
na
Fi
Step 3: In Weblogic, it is observed that the paths like “.../../../” is not being recognized. So, we have
to give the Absolute paths instead of these paths in all the files where ever such paths are being used.
Step 4: In Log4j.xml file,
Before change:
<param name="File" value=".\\log\\$BANK_ID$_FEBA_fatal.log"/>
As shown in the above line, the highlighted path has to be replaced with the Absolute path as shown
in the below line similarly in all such places it has to be absolute paths
After change:
For the routeName "StubbedFI" and "DBStubbedFI", the stub path should be changed
ht
to absolute paths
Before change:
ig
<property name="MessageFormat" value="XML"/>
<property name="RequestPath" value="./stub/request"/>
yr
<property name="ResponsePath" value="./stub/response"/>
<property name="XSDPath" value="./stub/xsd"/>
<property name="SERVICE_REQUEST_VERSION" value="10.4"/>
op
In the above code, ./ Should be replaced with Absolute paths as shown below
C
After change:
<property name="MessageFormat" value="XML"/>
e
<property name="RequestPath"
value="..\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\stub\request"/>
cl
<property name="ResponsePath"
value="..\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\stub\response"/>
na
<property name="XSDPath"
value="..\Oracle\Middleware\user_projects\domains\FEBA\WorkingDir\stub\xsd"/>
<property name="SERVICE_REQUEST_VERSION" value="10.4"/>
Fi
Step 5: In workdir\extension\PRPM.xml:
Modify the below parameter:
<Param name = "SERVERNAME" value = "WEBLOGIC" />
Step 6: In BankAway.properties:
If the database password is using single encryption mechanism, then the change the below
parameter to N. (Ex: if password is vkgadm i.e. plain password without encryption, this parameter
Also, landing page entries should be changed accordingly for the bank id to be used. For example,
LANDING_PAGE_DBS_001 entries are for bank id DBS and language id 001.
So if bank id is different then, this entry should be updated accordingly. There are multiple entries
like this for every language id.
ht
Step 8: License configurations are as per Bank ID. As per the Current License, it will work for Bank
ID
ig
'DBS'. If the BankId is other than 'DBS', LicenseGenerator needs to be executed corresponding to
new BankId to generate the license file and it is to be kept in data/lic folder.
yr
In Data Folder, the below files are available in lic Folder.
LicenseBackup.dat
op
Step 9: extension\hif\config\EB_HIF.xml (only applicable to Standalone and OCH profile):
Change the entry fileNames to use correct host configuration.
C
Step 10: Depending upon the host configured in the EB_HIF.xml, please make following
configuration changes in the respective Host file.
e
For example, if we are using 10219 Host configured in Step10, then make changes in below tags in
\extension\hif\config\HIF_10219_Host.xml.
cl
<hostConfig hostName="EBANKING_EXPOSED_SERVICES_OAUTH">
na
<routeConfigList>
<routeConfig routeName="XML/HTTP">
<routerClassName>com.infosys.feba.framework.hif.protocol.
XServiceHandler</routerClassName>
Fi
<responseConverter>com.infosys.feba.framework.hif.processor.
XMLHostResponseConverter</responseConverter>
<propertyConfig>
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVER_NAME:PORTNUM/corp/XService"/> --
Mention the URL of the profile in which configuration is done
<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile
<property name="ACCESSCODE" value="c"/> -- Encrypted password for the virtual user
<property name="APP_SERVER_JSESSION_VARIABLE" value=";jsessionid="/>
</properties>
<hostConfig hostName="EBANKING_EXPOSED_SERVICES">
<routeConfigList>
<routeConfig routeName="XML/HTTP">
<routerClassName>com.infosys.feba.framework.hif.protocol.XServiceHandler</routerClassN
ame>
<responseConverter>com.infosys.feba.framework.hif.processor.XMLHostResponseConverte
r</responseConverter>
<propertyConfig>
ht
<properties>
<property name="MessageFormat" value="XML"/>
<property name="URL" value="http://SERVERNAME:PORTNUM/corp/XService"/> --
ig
Mention the URL of the profile in which configuration is done
<property name="State" value="N"/>
<property name="USERNAME" value="DBS.VIRUSR"/> -- Working virtual for the profile
yr
<property name="ACCESSCODE" value="c"/> -- Encrypted password for the virtual user
<property name="APP_SERVER_JSESSION_VARIABLE" value=";jsessionid="/>
</properties>
This is used for calling remote services in the EB/OCH application to authentication micro-
cl
<Service> <ServiceName>InqFWService</ServiceName>
<Framework>Inquiry</Framework> <EventId>AMPINQ</EventId>
Fi
<BeanId>authenticationRemoteServiceBean</BeanId> </Service>
ht
ig
yr
op
C
e
Step 2: Select the radio button for the Exploded EAR and click on Next button
cl
na
Fi
ht
ig
yr
op
C
Step 3: Select the first radio button (Install this deployment as an application) and click on Next
button.
e
cl
na
Fi
ht
ig
yr
op
Step 4: Select the first (DD Only: Use only the roles and policies that are defined in the deployment
descriptors) and last (I will make the deployment accessible from the following location) radio buttons
C
and click on Next button
e
cl
na
Fi
ht
ig
yr
op
C
e
cl
log4j-api-2.11.0.jar
log4j-1.2.17.jar
And place those jars in /Oracle/Middleware/Oracle_Home/user_projects/domains/$domain$/lib
Fi
ht
ig
yr
op
C
13.2.10 Starting Managed Server
Step 1: Go to servers under environment in domain structure panel, through weblogic admin
console.
e
Step 2: click on lock & edit, and click on control tab in summary of server panel.
cl
Step 3: Select the server, and click on to start the server. Now the server will be started.
ht
ig
yr
green Tick
op
Step 5: Similarly, you can verify the Status of the Deployed WAR under Deployments link of Admin
console. State will be Active after the Managed Server is started and Health will be shown as OK with
Mark
C
e
cl
na
Fi
set JAVA_HOME=../Oracle/Middleware/jrockit_160_24_D1.1.2-4
ht
ig
yr
op
Step 2: In …\domains\first_domain\bin\startManagedWebLogic.cmd, add the below yellow
highlighted entry for enabling Verbose.
C
set JAVA_OPTIONS=%JAVA_OPTIONS% -Xverbose:class -
Xverboselog=verboseclass.log
set "JAVA_OPTIONS=%JAVA_OPTIONS% Dweblogic.log.Log4jLoggingEnabled=true"
e
cl
na
Fi
1. We were getting JAXB.properties file not found post deployment while starting the
server. So have to comment out the jaxb.properties file call in AppEventUtil.java.
ht
Or
2. Do the below changes
1. Inside \WEB-INF\weblogic.xml, below code is to be commented
ig
<!--
<container-descriptor>
<prefer-web-inf-classes>true</prefer-web-inf-classes>
yr
</container-descriptor>
-->
op
2. JSP Compilation issue while loading few jsp’s as it could not parse few expressions (like
initiate issuance cheques and Initiate Issuance Others JSP’s)
C
e
cl
na
Till now we came across the below 2 such instances and hence modified accordingly in
feba_taglib.tld file
1. For the tag with name “caption”, expression was not allowed for “linkstyle” attribute as
rtexprvalue was not set to true (usage InitiateIssuanceChequeRecurring.jsp and
InitiateIssuanceOthersRecurring.jsp files).
<attribute>
<name>linkstyle</name>
<required>false</required>
<attribute>
<name>name</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
ht
</attribute>
ig
Source for this info: http://www.coderanch.com/t/292029/JSP/java/rtexprvalue-false-good
yr
3. After Deploying the Web –Services Enabled WAR (by doing changes in web.xml file)
op
while starting the Managed Server, getting the below error as in attached logs.
ht
Exception in thread "[STANDBY] ExecuteThread: '7' for queue: 'weblogic.kernel.D
fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
ig
Exception in thread "[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.De
fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
yr
Exception in thread "[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.De
ault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
op
Exception in thread "[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.De
ault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
Exception in thread "[STANDBY] ExecuteThread: '0' for queue: 'weblogic.kernel.D
C
fault (self-tuning)'" java.lang.OutOfMemoryError: PermGen space
Exception in thread "ExecuteThread: '0' for queue: 'weblogic.socket.Muxer'" jav
e
Solution: Increasing the heap size should resolve the issue. Increase PermSize to
512m and MaxPermSize to 1024m in setDomainEnv.cmd (As highlighted below)
na
set MEM_PERM_SIZE_64BIT=-XX:PermSize=512m
set MEM_PERM_SIZE_32BIT=-XX:PermSize=512m
Fi
if "%JAVA_USE_64BIT%"=="true" (
set MEM_PERM_SIZE=%MEM_PERM_SIZE_64BIT%
) else (
set MEM_PERM_SIZE=%MEM_PERM_SIZE_32BIT%
)
set MEM_MAX_PERM_SIZE_64BIT=-XX:MaxPermSize=1024m
set MEM_MAX_PERM_SIZE_32BIT=-XX:MaxPermSize=1024m
if "%JAVA_USE_64BIT%"=="true" (
set MEM_MAX_PERM_SIZE=%MEM_MAX_PERM_SIZE_64BIT%
ht
<SEVERE> <Fatal error in NodeManager server>
weblogic.nodemanager.common.ConfigException: Identity key store file not found:
ig
/data/profile/WEBLOGIC/domain/security/DemoIdentity.jks
2. Able to start the WebLogic server only through putty but not through console
yr
3. Ojdbc8 jar is missing in lib of WAR. Added same manually in both lib of WAR and lib of weblogic
server domain
4. Changes made in JSON properties:
i.
ii.
"NAME": "DATA_SOURCE",
"VALUE": "FEBAV5",
op
"NAME": "JAVASCRIPT_ENCRYPTION_ALGORITHM",
"VALUE": "RSA/ECB/NoPadding",
C
iii. "NAME": "JAVASCRIPT_ENCRYPTION_SECURITY_PROVIDER",
"VALUE": "SunJCE",
iv. "NAME": "DRIVER_CLASS",
"VALUE": "oracle.jdbc.OracleDriver",
e
v. "NAME": "INITIAL_CONTEXT_FACTORY",
cl
"VALUE": "weblogic.jndi.WLInitialContextFactory",
vi. "NAME": "SERVERNAME",
na
"VALUE": "WEBLOGIC",
vii. "NAME": "WORK_MANAGER",
"VALUE": "",
Fi
ht
BatchConfig.xml
ig
3) LIB folder:
yr
The lib folder of the deployed EAR
BATCHFILES.zip
op
C
The JAVA_PATH is to be set in sh file
Data
Extension
na
Merge
Lib
Log
Fi
Stub
Reports
SchedulerInitializer.sh
ScheduleInsertUtility.sh
Refer to Client Configuration and Common Data Configurations for list of all JVM arguments to be
passed
ht
ig
yr
op
C
e
cl
na
Fi
ht
command export PATH=ORACLE_HOME/bin:$PATH
Ques 4: ORA-01127: database name 'ORA1127DB' exceeds size limit of 8.
ig
Ans: Changed the DB instance name from ORA1127DB to ORA112DB. Db Name should not have
exceeded from characters more than 8.
yr
Ques.5: sqlplus command is not successfully executed for the user and after running credb.py file it
shows error as ORACLE instance is already created.
Ans: Delete file init_DB_NAME.ora and config_DBNAME.ora from oracle_home\dbs path. DB_NAME
will be ORACLE_SID name given in. properties file.
op
Ques. 6: During execution of installer error found in logs as sequence does not exist, table or view
does not exist?
C
Ans: In table creation scripts, we have drop script for table and synonyms before the creation script.
So this error can be ignored.
Ques. 7: Python Error
e
Ans:
cl
ht
ig
yr
op
C
e
cl
na
Fi
ht
ig
yr
op
C
e
cl
na
Fi