Friday, November 25, 2016

Disabling API Console/Swagger tools menu available from store console for anonymous/logged in users

If you need to disable the API Console/Swagger from the Store UI for anonymous users/logged in users, you can try out the below methods.

There is no straightforward configuration readily available with API Manager to do this. However, by doing a minor config change, this is possible. What you actually need to do is change the code of the block.jag which resides under wso2am-1.8.0/repository/deployment/server/jaggeryapps/store/site/blocks/api/api-info folder.

Method 1

Assuming you want the API Console (RESTClient) to be disable for anonymous users only, this can be done by changing/adding the below lines of code to the block.jag.

Step 1
Change the below code of line from

var showConsole=true;

var showConsole=false;

Step 2
Then add the below lines of code right after the line _var showConsole=false;_


Method 2

If you need this feature to be completely invisible for anonymous and logged in users, all you have to do is change the below code.
Change the parameter from

var showConsole=true;

var showConsole=false;

Once the above changes are done, restart the API manager server and you will notice that the RESTClient tool is visible only to logged in users/not visible at all for anyone.

Wednesday, November 9, 2016

How to create custom references(usedBy, ownedBy, etc) that can be used to associate artifacts in WSO2 Governance Registry 5.3.0 onward

This support was available from G-Reg 5.3.0 onward. For more information, refer [1].

1. Added a new rxt with the below config.

<artifactType hasNamespace="true" iconSet="10" pluralLabel="Tests" shortName="tests"
singularLabel="Test" type="application/vnd.wso2-tests+xml">
                <column name="Name">
                    <data href="@{storagePath}" type="path" value="details_name"/>
            <table name="Details">
                <field required="true" type="text">
                <field required="true" type="text">
                <field required="true" type="text">
                <field required="true" type="text">
2. From the publisher, added a new artifact of type tests (I've added a test artifact by the name Test3)
3. Added the below config to the <G-REG_HOME</repository/conf/governance.xml file;
<tests reverseAssociation ="tests" iconClass="fw-globe">tests</tests>
so that the <Association type="soapservice"> looks like what's given below.

        <Association type="soapservice">
            <security reverseAssociation ="secures" iconClass="fw-security">policy</security>
            <ownedBy reverseAssociation ="owns" iconClass="fw-user">soapservice,restservice,wsdl</ownedBy>
            <usedBy reverseAssociation ="depends" iconClass="fw-globe">soapservice,restservice,wsdl</usedBy>
            <depends reverseAssociation ="usedBy" iconClass="fw-store">soapservice,restservice,wsdl,endpoint</depends>
            <contacts reverseAssociation ="refers" iconClass="fw-globe">contacts</contacts>
            <tests reverseAssociation ="tests" iconClass="fw-globe">tests</tests>

4. From the publisher, try to select the added test type artifact for your SOAP service. I typed in the name Test3 and it would list to be selected and added as an association for the SOAP Service.

Note that as mentioned in our documentation when doing the above, you need to add the values you defined as short name in the RXT file of the artifact, within the <Association type> element, to define the association types enabled for that particular asset type

[1] -

Tuesday, June 28, 2016

How to list admin services used by WSO2 carbon based servers

We are given admin services by WSO2 products to perform various tasks but there is no documentation on the list of the services that are being provided. Therefore to list all these admin services, all you have to do is start the server with -DosgiConsole and type in the command listAdminServices in the osgi console.

This is clearly explained in the stack overflow question at [1].

[1] -

Monday, May 23, 2016

[WSO2 Governance Registry] - How to analyse the history of registry resources

Assume that you are working on a setup where you need to analyse the history of registry resources. One might want to know what type of operations have been done to the resource throughout it’s lifetime. This is possible from a simple DB query.

select * from REG_LOG where REG_PATH=‘resource_name’;

i.e. select * from REG_LOG where REG_PATH='/_system/governance/apimgt/statistics/ga-config.xml';

As an example, assume I want to find out the actions taken on the resource ga-config.xml. So when I query the table REG_LOG, below is the result I would receive.

When you look at the above result set, you would notice that the column REG_ACTION shows different values in each row. The actions that represents these values are configured in the class For example, REG_ACTION=10 means that the resource have been moved from it’s current location. REG_ACTION=7 means that it has been deleted from the system. Likewise, when you go through [1], you can find out the rest of the actions which you can take on these registry resources.

Therefore as explained above, by going through the REG_LOG of the registry database table, you can audit the actions taken on each and every resource.

[1] -

Friday, October 30, 2015

Working with PostgreSQL 9.3 & WSO2 products

As you all know, WSO2 products support a wide range of RDBMs. In this post, I will explain how you can install PostgreSQL 9.3 on your Linux machine and what commands you have to run to create users/databases and grant permission for databases etc. In the latter part of the post, I will briefly explain on the configuration that needs to be done to connect WSO2 products to a PostgreSQL database.
Installing PostgreSQL

You can install using the apt-get command on Linux as below.

Step 1 - To get information on the newest versions of packages and dependencies
sudo apt-get update

Step 2 - To install PostgreSQL v9.3

sudo apt-get install postgresql-9.3 

Configure PostgreSQL password

To setup a password to login to PostgreSQL, issue the below commands.

sudo -u postgres psql template1

ALTER USER postgres with encrypted password 'postgres';

Note: To quit from the console, press Ctrl + D

Additional configuration for PostgreSQL

Step 1 - Configure md5 Authentication

1. Open the pg_hba.conf

sudo vim /etc/postgresql/9.3/main/pg_hba.conf

2. Find the below line

local all postgres

and change it to

local all postgres md5

Step 2 - Enable TCP/IP connections

1.  Open the postgresql.conf file

sudo vim /etc/postgresql/9.3/main/postgresql.conf

2. Locate the line and uncomment it

#listen_addresses = 'localhost'

Creating a user, a database and then granting permission for the database.

Step 1 - Creating a Linux user


Note: Give the password as 'apim'

Step 2 - Login as super user

sudo su - postgres

If successfully logged in, you should get a prompt as below


Step 3 - Then connect to the database serve

psql -d template1 -U postgres

Step 4 - Create a user


Step 5 - Create a database


Step 6 - Grant permission for the user to the database


Now that you have created the user, database and granted permission, you can provide these credentials and try to connect your WSO2 server with this newly created database.

Configuring WSO2 Products with PostgreSQL

Step 1 - Configuring master-datasources.xml

Open the master-datasources.xml of the product you have selected and provide the configuration as below

            <description>The datasource used for API Manager database</description>
            <definition type="RDBMS">
                    <validationQuery>SELECT 1</validationQuery>

Step 2 - Downloading the correct DB driver

You have to download the correct database driver from the PostgreSQL site.  Once downloaded, drop it to $CARBON_HOME/repository/component/lib.

Step 3 - Starting up the server

Now start up the server using the -Dsetup command and it will create the relevant tables in the database.

Friday, August 14, 2015

Enabing E-mail User Login for WSO2 Products

This post explains different ways e-mail login can be enabled and how users/tenants can login to WSO2 products.


Users, tenants and their e-mail addresses that will be used for this scenario are as follows.

Super Admin User Name - admin
A user of Super Admin - adminUser
Email of Super Admin user -
Email of a user of Super Admin -
Tenant Domain -
Tenant Admin -
Tenant User -
Tenant Admin Email -
Tenant User Email -

How to create tenants

When creating tenants, you have to give the tenant Admin Username as something like & not as admin

Scenario 1

Configuration that needs to be done




For JDBC User Stores

<Property name="UsernameWithEmailJavaScriptRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>

For LDAP based User Stores

<Property name="UserNameSearchFilter">(&(objectClass=person)(|(mail=?)(uid=?)))</Property>

& Comment  out the following

<!--Property name="UserDNPattern">uid={0},ou=Users,dc=wso2,dc=org</Property-->

So when you do the above configuration, you can login from the following types of users

- admin
- adminUser

You cannot login as


Senario 2 - Without configuring  EnableEmailUserName property in carbon.xml

Configuration that needs to be done




Same as in Scenario 1 above

You should be able to login from the below users/email addresses

- admin
- adminUser

Cannot login from


To create users with email addresses, you need to change the following properties of the LDAP user store configuration.

<Property name="UserNameAttribute">mail</Property>
<Property name="UsernameJavaRegEx">[a-zA-Z0-9@._-|//]{3,30}$</Property>
<Property name="UserNameSearchFilter">(&(objectClass=person)(mail=?))</Property>

After configuring your server with the above configs, you should be able to add users with email addresses as well as with uids.
For more information, go through the detailed blog written by Asela Pathberiya.

Tuesday, July 21, 2015

Common SVN related issues faced with WSO2 products and how they can be solved

Issue 1

TID: [0] [ESB] [2015-07-21 14:49:55,145] ERROR {org.wso2.carbon.deployment.synchronizer.subversion.SVNBasedArtifactRepository} -  Error while attempting to create the directory: http://xx.xx.xx.xx/svn/wso2/-1234 {org.wso2.carbon.deployment.synchronizer.subversion.SVNBasedArtifactRepository}
org.tigris.subversion.svnclientadapter.SVNClientException: org.tigris.subversion.javahl.ClientException: svn: authentication cancelled
    at org.tigris.subversion.svnclientadapter.javahl.AbstractJhlClientAdapter.mkdir(
    at org.wso2.carbon.deployment.synchronizer.subversion.SVNBasedArtifactRepository.checkRemoteDirectory(

Reason : The user is not authenticated to write to the provided SVN location i.e.:- http://xx.xx.xx.xx/svn/wso2/ . When you see this type of an error, verify the credentials you have given under the svn configuration in the carbon.xml


Issue 2

TID: [0] [ESB] [2015-07-21 14:56:49,089] ERROR {org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask} -  Deployment synchronization commit for tenant -1234 failed {org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask}
java.lang.RuntimeException: org.wso2.carbon.deployment.synchronizer.DeploymentSynchronizerException: A repository synchronizer has not been engaged for the file path: /home/wso2/products/wso2esb-4.9.0/repository/deployment/server/
    at org.wso2.carbon.deployment.synchronizer.internal.DeploymentSynchronizerServiceImpl.commit(
    at org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.deploymentSyncCommit(
    at java.util.concurrent.Executors$
    at java.util.concurrent.FutureTask.runAndReset(
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(
    at java.util.concurrent.ScheduledThreadPoolExecutor$

(I) SVN version mismatch between local server and the SVN server (Carbon 4.2.0 products support SVN 1.6 only.

Solution - Use the SVN kit jar 1.6 in Carbon server


(II) If you have configured your server with a different SVN version than what's in the SVN server and even if you use the correct svnkit jar at the Carbon server side later, the issue will not get resolved

Solution - Remove all the .svn files under $CARBON_HOME/repository/deployment/server folder

(III) A similar issue can be observed when the SVN server is not reachable.

Issue 3

[2015-08-28 11:22:27,406] ERROR {org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask} - Deployment synchronization update for tenant -1234 failed java.lang.RuntimeException: org.wso2.carbon.deployment.synchronizer.DeploymentSynchronizerException: No Repository found for type svn at org.wso2.carbon.deployment.synchronizer.internal.DeploymentSynchronizerServiceImpl.update( at org.wso2.carbon.core.deployment.CarbonDeploymentSchedulerTask.deploymentSyncUpdate( at at java.util.concurrent.Executors$ at java.util.concurrent.FutureTask.runAndReset( at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301( at java.util.concurrent.ScheduledThreadPoolExecutor$ at java.util.concurrent.ThreadPoolExecutor.runWorker( at java.util.concurrent.ThreadPoolExecutor$ at Caused by: org.wso2.carbon.deployment.synchronizer.DeploymentSynchronizerException: No Repository found for type svn at org.wso2.carbon.deployment.synchronizer.repository.CarbonRepositoryUtils.getDeploymentSyncConfigurationFromConf( at org.wso2.carbon.deployment.synchronizer.repository.CarbonRepositoryUtils.getActiveSynchronizerConfiguration( at org.wso2.carbon.deployment.synchronizer.internal.DeploymentSynchronizerServiceImpl.update( ... 9 more 


You will notice this issue when the svn kit (i.e. for latest versions of Carbon i.e. 4.4.x the jar version would be svnkit-all-1.8.7.wso2v1.jar) jar is not available in $CARBON_HOME/repository/components/dropins folder

Sometimes dropping the svn-kit-all-1.8.7.wso2v1.jar would not solve the problem. In such situations, verify whether the trilead-ssh2-1.0.0-build215.jar is also available under $CARBON_HOME/repository/components/lib folder.