We are in final few steps of WSO2 ESB / Data services implementation. We are trying to pass the Information Security review of our WSO2 ESB implementation. We are using 4.0.3 EAB with 3.2.2 DSS feature. Information security group has objected for following things in default WSO2 ESB QPID / AMQP server listening to 5672 / 8672 ports. Can we disable the default message broker so that QPID will not start. If we disable, will it affect any other functionality? We are NOT using message brokers / any JMS related applications, mainly Data Services. How to block JMX console being started? The JMX console starts at 11111 / 9999 be default. We have already disabled Admin UI, however is there any way where I can turn the logging levels for individual loggers with out Admin UI and WITHOUT re- starting the ESB?

Reputation: 121

How can I disable features WSO2 ESB 4.0.3?

We are in final few steps of WSO2 ESB / Data services implementation.

We are trying to pass the Information Security review of our WSO2 ESB implementation. We are using 4.0.3 EAB with 3.2.2 DSS feature.

Information security group has objected for following things in default WSO2 ESB

QPID / AMQP server listening to 5672 / 8672 ports. Can we disable the default message broker so that QPID will not start. If we disable, will it affect any other functionality? We are NOT using message brokers / any JMS related applications, mainly Data Services.
How to block JMX console being started? The JMX console starts at 11111 / 9999 be default.
We have already disabled Admin UI, however is there any way where I can turn the logging levels for individual loggers with out Admin UI and WITHOUT re- starting the ESB?

Upvotes: 0

Answers (3)

Ishara

Reputation: 141

You can disable QPID server listening on 8672 TLS port with the following configuration change. Go to /repository/conf/advanced/qpid-config.xml file and change the entry as below.

<broker> 
<connector>
    <!-- To enable SSL edit the keystorePath and keystorePassword
     and set enabled to true.To disasble Non-SSL port set sslOnly to true -->
    <ssl>
        **<enabled>false</enabled>**
        <sslOnly>false</sslOnly>
        <keystorePath>repository/resources/security/wso2carbon.jks</keystorePath>
        <keystorePassword>wso2carbon</keystorePassword>
    </ssl>

After that QPID Broker will not be starting on TLS port. However regarding disabling the Qpid Server in 5672 TCP port, ESB 4.0.3 version comes with an embedded QPID broker which is tightly coupled with other ESB components. Therefore unfortunately it is not possible to detach the broker from the ESB with a configuration setting.This is changed after ESB 4.5.x versions where the embedded Qpid broker is no longer shipped with ESB, therefore if it is possible, you can upgrade the ESB version in order to meet this requirement.

Upvotes: 0

Manisha Eleperuma

Reputation: 1179

If the admin console was enabled, then you can configure the logging from the UI. Since you have disabled the admin console, then you can configure the loggers using the lgo4j.properties file in CARBON_HOME/repository/conf. But then you have to restart the server.

There is no other way to configure logging without restarting.

Upvotes: 0

Lakmali Erandi Baminiwatta

Reputation: 2295

Can stop starting jmx server through CARBON_HOME/repository/conf/etc/jmx.xml by setting,

<StartRMIServer>false</StartRMIServer>

Upvotes: 0

How can I disable features WSO2 ESB 4.0.3?

Answers (3)

Related Questions